Chromebook Trades Camera for WiFi Freedom

There are a number of companies now providing turn-key computers that meet the Free Software Foundation’s criteria for their “Respects Your Freedom” certification. This means, in a general sense, that the computer is guaranteed not to spy on you or otherwise do anything else you didn’t explicitly ask it to. Unfortunately these machines often have a hefty premium tacked on, making it an unpleasant decision between privacy and performance.

Freedom-loving hacker [SolidHal] writes in to tell us about his quest to create a FSF-compliant laptop without breaking the bank. Based on a cheap Asus C201 Chromebook, his custom machine checks off all the appropriate boxes. The operating system was easy enough with an install of Debian, and the bootloader was rid of any Intel Management Engine shenanigans with a healthy dose of Libreboot. But there was one problem: the permanently installed WiFi hardware that required proprietary firmware. To remedy the issue, he decided to install an internal USB Wi-Fi adapter that has the FSF seal of approval.

As the Chromebook obviously doesn’t have an internal USB port, this was easier said than done. But as [SolidHal] is not the kind of guy who would want his laptop taking pictures of him in the first place, he had the idea to take the internal USB connection used by the integrated webcam and use that. He pulled the webcam out, studied the wiring, and determined which wires corresponded to the normal USB pinout.

The FSF approved ThinkPenguin Wi-Fi adapter he chose is exceptionally small, so it was easy enough to tuck it inside some empty space inside of the Chromebook. [SolidHal] just needed to solder it to the old webcam connection, and wrap it up in Kapton tape to prevent any possible shorts. The signal probably isn’t great considering the antenna is stuck inside the machine with all the noisy components, but it’s a trade-off for having a fully free and open source driver. But as already established, sometimes these are the kind of tough choices you have to make when walking in the righteous footsteps of Saint Ignucius.

Internal laptop modifications like this one remind us of the Ye Olden Days of Hackaday, when Eee PC modifications were all the rage and we still ran black and white pictures “taped” to the screen. Ah, the memories.

Flash your Libre Firmware with a Libre Programmer

Whether or not you personally agree with all the ideals of the Free Software Foundation (FSF), you’ve got to give them credit: they don’t mess around. They started by laying the groundwork for a free and open source operating system, then once that dream was realized, started pushing the idea of replacing proprietary BIOS firmware with an open alternative such as Libreboot. But apparently, even that’s not enough, as there’s still more freedom to be had. We’re playing 4D Libre Chess now, folks.

To flash your libre boot firmware on your libre OS running computer without any proprietary funny business, you’re going to need a libre chip programmer. Luckily, the FSF has just awarded the Zerocat Chipflasher their “Respects Your Freedom” certification, meaning every element of the product is released under a free license for your hacking enjoyment. According to the FSF, this is a major milestone towards their goal of providing users a truly free and open source computer, from the browser all the way down to the BIOS.

Of course, you don’t need to be Richard Stallman to appreciate a fully open chip programmer. With the software, wiring diagrams, and PCB files available on the Chipflasher’s website, the project is an excellent educational reference. Is also means that with a clone the Chipflasher’s Git repository, you’re well on the way to spinning up your own build of the device.

Given the roughly $350 USD price tag on the first generation Zerocat Chipflasher, it seems fairly likely we’ll be seeing some DIY builds of this device before too long. Not that we want to deprive Zerocat commercial success for this very neat piece of gear, but for many it’s a mighty steep price; even if you do get all the Freedoms.

It may use a device of slightly more nebulous morality than the Zerocat Chipflasher, but our own [Bryan Cockfield] documented the saga of getting Libreboot installed on a Thinkpad X200 if you’d like to know more about the high stakes world of BIOS replacement. Whatever it takes to get that Intel Management Engine off your penguin-powered box.

Hackaday Links: April 9, 2017

[Federico Musto], one of the Arduinos in the Arduino vs. Arduino saga (which finally came to an end last September) may have fabricated his academic record. This news comes from Wired, providing documents from the registrars at MIT and NYU stating [Musto] never attended these institutions. Since this story came out, [Musto] has edited his LinkedIn, listing his only academic credential as a kindergarten in Torino, Italy.

[shininglaser] built a tinnitus machine. What’s a tinnitus machine? It’s a device that, when activated, produces this sound: eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee. [shininglaser] built this tinnitus machine out of a pair of speakers, a cardboard box, a few batteries, and some sort of board with an epoxy-coated blob. We have no idea what the circuit looks like, but you could do this with any normal signal pulsing at around 15-18kHz (address pins on a CPU for bonus nerd cred) or a simple 555 timer.

This is a hackers bar. This bar in Roppongi, Tokyo is, “a place where you can enjoy live programming and business making…. The term ‘hacker’ is applied to someone who possesses top skills and knowledge to provide innovative and quick solutions even to the most difficult tasks.” It appears they have daily events/talks for JavaScript, Python, R, and Swift.

Captain Crunch needs our help. He’s facing some serious surgery, and even if it’s successful, there’s going to be a lot of stuff insurance doesn’t cover.

We can use Libreboot again. A few months ago, the Libreboot project left the GNU project after an issue with an employee at the Free Software Foundation. Hackaday chose not to report on this only because the accusations levied against the FSF were hearsay. I should emphasize this: the only reason we chose not to report on this is because the accusations were hearsay. Now the Libreboot project is under more democratic management and they’re working on the Thinkpad X220, the greatest Thinkpad of all time. Neat.

Here’s a quick and easy tip to get metal fume fever. Build a foundry out of a galvanized trash can! No, don’t worry about that galvanized coating, it’ll burn off. Oh, he’s doing this indoors. What’s carbon monoxide? Why am I sleepy?

33C3: If You Can’t Trust Your Computer, Who Can You Trust?

It’s a sign of the times: the first day of the 33rd Chaos Communications Congress (33C3) included two talks related to assuring that your own computer wasn’t being turned against you. The two talks are respectively practical and idealistic, realizable today and a work that’s still in the idea stage.

In the first talk, [Trammell Hudson] presented his Heads open-source firmware bootloader and minimal Linux for laptops and servers. The name is a gag: the Tails Linux distribution lets you operate without leaving any trace, while Heads lets you run a system that you can be reasonably sure is secure.

It uses coreboot, kexec, and QubesOS, cutting off BIOS-based hacking tools at the root. If you’re worried about sketchy BIOS rootkits, this is a solution. (And if you think that this is paranoia, you haven’t been following the news in the last few years, and probably need to watch this talk.) [Trammell]’s Heads distribution is a collection of the best tools currently available, and it’s something you can do now, although it’s not going to be easy.

Carrying out the ideas fleshed out in the second talk is even harder — in fact, impossible at the moment. But that’s not to say that it’s not a neat idea. [Jaseg] starts out with the premise that the CPU itself is not to be trusted. Again, this is sadly not so far-fetched these days. Non-open blobs of firmware abound, and if you’re really concerned with the privacy of your communications, you don’t want the CPU (or Intel’s management engine) to get its hands on your plaintext.

[Jaseg]’s solution is to interpose a device, probably made with a reasonably powerful FPGA and running open-source, inspectable code, between the CPU and the screen and keyboard. For critical text, like e-mail for example, the CPU will deal only in ciphertext. The FPGA, via graphics cues, will know which region of the screen is to be decrypted, and will send the plaintext out to the screen directly. Unless someone’s physically between the FPGA and your screen or keyboard, this should be unsniffable.

As with all early-stage ideas, the devil will be in the details here. It’s not yet worked out how to know when the keyboard needs to be encoded before passing the keystrokes on to the CPU, for instance. But the idea is very interesting, and places the trust boundary about as close to the user as possible, at input and output.

Harrowing Story of Installing Libreboot on ThinkPad

As an Apple user, I’ve become somewhat disillusioned over the past few years. Maybe it’s the spirit of Steve Jobs slowly vanishing from the company, or that Apple seems to care more about keeping up with expensive trends lately rather than setting them, or the nagging notion Apple doesn’t have my best interests as a user in mind.

Whatever it is, I was passively on the hunt for a new laptop with the pipe dream that one day I could junk my Apple for something even better. One that could run a *nix operating system of some sort, be made with quality hardware, and not concern me over privacy issues. I didn’t think that those qualities existed in a laptop at all, and that my 2012 MacBook Pro was the “lesser of evils” that I might as well keep using. But then, we published a ThinkPad think piece that had two words in it that led me on a weeks-long journey to the brand-new, eight-year-old laptop I’m currently working from. Those two words: “install libreboot”.

Continue reading “Harrowing Story of Installing Libreboot on ThinkPad”