Re: [coreboot] Coreboots Board Status have privacy issues for contributors
Sounds like something that should be pretty simple to automate in the uploader script? While it's probably good to also have a warning and clarify that the final obligation lies with the uploader, there's no reason we can't help them by adding sanitization for common issues as we find them. We're doing something similar when we collect Chrome OS crash reports (these don't get made public so the impact isn't as high, but the basic idea is the same), so we could just steal or at least take inspiration from that code: https://chromium.googlesource.com/chromiumos/platform2/+/master/crash-reporter/crash_collector.cc#262 (Note in particular the extra care taken to distinguish MAC addresses from ATA ACPI commands, that's probably useful for our case as well? Although maybe not anymore these days...) On Sun, Nov 25, 2018 at 10:42 PM David Hendricks wrote: > > > > On Sun, Nov 25, 2018 at 9:25 AM wrote: >> >> I was thinking of contributing to the Board Status but i dont want to >> release any private data and wont contribute now. What is the usage of >> the world to know what mac address the people are using? > > > Thanks for pointing out these issues. > > For what it's worth, the user must use the '-u' option to upload results. And > as Arthur points out you can edit logs and such yourself to scrub any private > data. The script just automates a few steps for convenience, though obviously > we'd like a reasonably uniform data set to compare with. You're right that we > don't need to know anyone's MAC address for coreboot development; however as > others have pointed out a full kernel log is useful since firmware issues > often manifest themselves there (memory map incorrect, devices not enabled, > etc) so it's good to have them for comparison. > > Still, a pause as Mike suggested and perhaps a scary warning or two could be > useful. > >> Then there can be for example a simple live linux iso that people can boot >> with LAN cable connected. No requirement of installation software, of >> setting things up or anything like that. > > > There is one - See util/board_status/set_up_live_image.sh . > > -- > coreboot mailing list: coreboot@coreboot.org > https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboots Board Status have privacy issues for contributors
On Sun, Nov 25, 2018 at 9:25 AM wrote: > I was thinking of contributing to the Board Status but i dont want to > release any private data and wont contribute now. What is the usage of > the world to know what mac address the people are using? > Thanks for pointing out these issues. For what it's worth, the user must use the '-u' option to upload results. And as Arthur points out you can edit logs and such yourself to scrub any private data. The script just automates a few steps for convenience, though obviously we'd like a reasonably uniform data set to compare with. You're right that we don't need to know anyone's MAC address for coreboot development; however as others have pointed out a full kernel log is useful since firmware issues often manifest themselves there (memory map incorrect, devices not enabled, etc) so it's good to have them for comparison. Still, a pause as Mike suggested and perhaps a scary warning or two could be useful. Then there can be for example a simple live linux iso that people can boot > with LAN cable connected. No requirement of installation software, of > setting things up or anything like that. There is one - See util/board_status/set_up_live_image.sh . -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboots Board Status have privacy issues for contributors
I've already raised this board_status.sh issue a few months earlier, together with the proposed fix (which I forgot to transform into a patch, perhaps because no one replied to me) - https://mail.coreboot.org/pipermail/coreboot/2018-April/086488.html . It could be hard to create an automatic filter which will successfully erase all the information that you believe is private, and also there could be different estimates of what is private and what is not. Perhaps the easiest solution is just to insert a pause before uploading the results, so that a user could use this pause to remove the log parts that he considers as private. Also, this way only the user will be responsible for removing his private information and there wouldn't be any complains like "your script didn't remove X and some 3-letter-agency hacked me by using this knowledge" On Mon, Nov 26, 2018 at 12:03 AM Nico Huber wrote: > > On 25.11.18 18:24, j44...@goat.si wrote: > > the mac 70:3a:cb:bd:fd:e3 . This is probably some Google device his > > device is connecting to because the mac range is registered to Google > > Inc. Now i can lookup in public wifi databases and in some cases i then > > know where the users lives. > > You can also just ask them where they live. Whereby I want to say, not > everybody is in the same paranoid mode. > > > I was thinking of contributing to the Board Status but i dont want to > > release any private data and wont contribute now. What is the usage of > > the world to know what mac address the people are using? > > There is no usage. It just makes the script simpler that gathers the > information. > > > > > Please fix this to: > > No, you, please fix this. You are very welcome to contribute patches. > > > 1) Remove kernel log and replace it with "uname -r" to just know the > > kernel version. > > This makes no sense, nobody asked for the kernel version. We want to see > kernel messages. You can however implement a heuristic to filter per- > sonal information. > > > 2) Please make the contribution without the force of having to register > > to git. Make a public account that have just access to the > > board-status.git and set this public account into the code itself. > > You are free to set something like this up and redirect all pushes to > your Gerrit account. *After* you filtered spam. > > > Then > > there can be for example a simple live linux iso that people can boot > > with LAN cable connected. No requirement of installation software, of > > setting things up or anything like that. > > Yes, please implement that. Again patches are welcome. We don't lack > ideas, we lack the time to set things up. So once you are done with > that, feel free to ask what else you can do. > > Nico > > -- > coreboot mailing list: coreboot@coreboot.org > https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboots Board Status have privacy issues for contributors
On 25.11.18 18:24, j44...@goat.si wrote: > the mac 70:3a:cb:bd:fd:e3 . This is probably some Google device his > device is connecting to because the mac range is registered to Google > Inc. Now i can lookup in public wifi databases and in some cases i then > know where the users lives. You can also just ask them where they live. Whereby I want to say, not everybody is in the same paranoid mode. > I was thinking of contributing to the Board Status but i dont want to > release any private data and wont contribute now. What is the usage of > the world to know what mac address the people are using? There is no usage. It just makes the script simpler that gathers the information. > > Please fix this to: No, you, please fix this. You are very welcome to contribute patches. > 1) Remove kernel log and replace it with "uname -r" to just know the > kernel version. This makes no sense, nobody asked for the kernel version. We want to see kernel messages. You can however implement a heuristic to filter per- sonal information. > 2) Please make the contribution without the force of having to register > to git. Make a public account that have just access to the > board-status.git and set this public account into the code itself. You are free to set something like this up and redirect all pushes to your Gerrit account. *After* you filtered spam. > Then > there can be for example a simple live linux iso that people can boot > with LAN cable connected. No requirement of installation software, of > setting things up or anything like that. Yes, please implement that. Again patches are welcome. We don't lack ideas, we lack the time to set things up. So once you are done with that, feel free to ask what else you can do. Nico -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboots Board Status have privacy issues for contributors
j44...@goat.si writes: > > I was thinking of contributing to the Board Status but i dont want to release > any private data and wont contribute now. What is the usage of the world to > know > what mac address the people are using? > Feel free to edit the kernel log. > Please fix this to: > 1) Remove kernel log and replace it with "uname -r" to just know the kernel > version. The kernel log does contain other useful information, so dropping it would make the board status repo less useful. -- == Arthur Heymans -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
[coreboot] Coreboots Board Status have privacy issues for contributors
I took a look into https://review.coreboot.org/cgit/board-status.git? The commit here https://review.coreboot.org/cgit/board-status.git/commit/?id=72945dee4c60b90cdf6c507f4847c26028a56a09 tells me for example that the MAC address from Paul Menzel is bc:5f:f4:c8:d3:98 . The mac address from the WLAN Router Patrick Georgi is using is based on this commit https://review.coreboot.org/cgit/board-status.git/commit/?id=addd59d8fb55dc62a7d8e9ec730612f63fc5d61a the mac 70:3a:cb:bd:fd:e3 . This is probably some Google device his device is connecting to because the mac range is registered to Google Inc. Now i can lookup in public wifi databases and in some cases i then know where the users lives. The mac address from Chris Thompson is 6c:f0:49:47:22:4d based on https://review.coreboot.org/cgit/board-status.git/commit/?id=da41a5a88bebc9ffbe2cbc9a38a5fba530496daf And the mac address from Denis 'GNUtoo' Carikli who is using parabola as os was using a Hitachi HDP725050GLA360 with firmware GM4OA52A and a second WDC WD5000AAKB-00YSA0 with firmware 12.01C02 and have switched now to a ST9160314AS with 0002SDM1 firmware. His mac address of one of his computers is bc:5f:f4:9c:b7:32 . In this computer he is using a KINGSTON SV300S37A240G with firmware 603ABBF0 . I was thinking of contributing to the Board Status but i dont want to release any private data and wont contribute now. What is the usage of the world to know what mac address the people are using? Please fix this to: 1) Remove kernel log and replace it with "uname -r" to just know the kernel version. 2) Please make the contribution without the force of having to register to git. Make a public account that have just access to the board-status.git and set this public account into the code itself. Then there can be for example a simple live linux iso that people can boot with LAN cable connected. No requirement of installation software, of setting things up or anything like that. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
