14 DAY TRIAL // The founder of Canonical, Mark Shuttleworth, wrote about the danger of Advanced Configuration and Power Interface (ACPI) and about the steps that the Linux community needs to take in order to free itself from this burden.
Many security problems have been affecting our society, and some of the hardware users are just finding out the true cost. Edward Snowden showed us that we are actually in danger and that all the firmware used by hardware manufacturers is actually just a big risk that everyone is taking.
“If you read the catalogue of spy tools and digital weaponry provided to us by Edward Snowden, you’ll see that firmware on your device is the NSA’s best friend. Your biggest mistake might be to assume that the NSA is the only institution abusing this position of trust – in fact, it’s reasonable to assume that all firmware is a cesspool of insecurity courtesy of incompetence of the worst degree from manufacturers, and competence of the highest degree from a very wide range of such agencies,” said Mark Shuttleworth on his blog.
The problem can be solved if the Linux community acts as one and if the hardware manufacturers are convinced that the innovation they need and require can only come from an open source mindset.
Canonical's founder explained that the security issues that have been brought to light in the past year can be solved from two different directions. Firstly, the main way of delivering the software should be in the upstream kernel. This is done now very efficiently and securely, but this procedure needs to be extended considerably.
Secondly, we need to have declarative firmware that describes linkages and dependencies but doesn’t include executable code. At this point it is like having the cake and eating it too, but it can be done.
Ubuntu itself has faced some security problems, but not from the kernel or spying perspective. Devs have been accused of not properly managing the online search results from Unity, but they fixed all the problems and the Ubuntu community learned how to disable that feature, if necessary.
Linus Torvalds, the father of the Linux kernel, also said explicitly, on a couple of occasions, that he hadn't been approached by the NSA for backdoors into the kernel, and so far none has been found.
Open source insures that such backdoors are very hard to keep hidden and the collaborative nature of the project is working like a self-regulating organism that doesn't let things fall through the cracks.