26 Jul

mjg59 – Further adventures in EFI booting

Many people still install Linux from CDs. But a growing number install from USB. In an ideal world you’d be able to download one image that would let you do either, but it turns out that that’s quite difficult. Shockingly enough, it’s another situation where the system firmware exists to make your life difficult.

Booting a hard drive is pretty easy. The BIOS reads the first 512 bytes off the drive, copies them to RAM and executes them. That code is then responsible for either starting your bootloader or identifying the currently active partition and jumping to its boot sector, but before too long you’re in a happy place where you’re executing whatever you want to. Life is good. So you’d think that CDs would work in a similar way. The ISO 9660 format even leaves a whole 32KB at the start of a filesystem, which is enough space for a pretty awesome bootloader. But no. This is not how CDs work. That would be far too easy.

via mjg59 – Further adventures in EFI booting. Stand back, we’re about to go down the rabbit hole.

29 Jun

Schneier on Security – Yet Another “People Plug in Strange USB Sticks” Story

Maybe it would be if the response if 60% of people tried to play the USB sticks like ocarinas, or tried to make omelettes out of the computer disks. But not if they plugged them into their computers. That’s what they’re for.

People get USB sticks all the time. The problem isn’t that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. The problem is that the OS trusts random USB sticks. The problem is that the OS will automatically run a program that can install malware from a USB stick. The problem is that it isn’t safe to plug a USB stick into a computer.

Quit blaming the victim. They’re just trying to get by.

via Schneier on Security – Yet Another “People Plug in Strange USB Sticks” Story. Have to agree with Bruce Schneier, the problem isn’t people plugging a device into their computer for which they have no reason to suspect harm from.