This podcast and newsletter focus on clear conversations about technology, security, and modern software. Experts share insights on DevOps tips, open source projects, cybersecurity, and Europe's move toward its own cloud services. You will hear about continuous integration, airplane hacking, and new laws that affect the tech industry. Each show explores real problems and fresh solutions in the digital world. By subscribing, you will keep up with the latest trends in software, gain helpful advice from pros, and stay current in a fast-changing environment. We also talk about supply chain security, IoT, and the details of building strong systems. This blend of technical ideas with real-world viewpoints is a great resource if you want to grow your skills, learn about new technology, and connect with others who love all things tech.
Firmware is your next security problem
|
Hi Reader, Last time, we talked about Yocto and how it gives you full control over your Linux stack, from the kernel up. But owning the OS is only half the story. LogoFAIL and PixieFAIL made this brutally clear. These BIOS-level bugs hit hundreds, if not thousands, of device models across vendors like Lenovo, Acer, and Intel. They slipped in before the OS even booted and to this day, many vendors still haven’t patched them. Why this matters
“The vendor’s key is fused. The customer can’t do anything about it.” — David Hendricks, coreboot contributor That single quote stuck with me. Most modern systems ship with signing keys that are fused at the silicon level. If the firmware is broken or vulnerable, there’s nothing you can do. You can only hope that your vendor will supply you with a fix. Coreboot changes that. It’s a lightweight, open-source firmware project that replaces proprietary BIOS and UEFI blobs. It does just enough to bring up the board, then hands off to your OS in usually in under half a second. It’s reproducible. It’s auditable. It’s fast. Vendors like System76 and Purism are already shipping laptops with coreboot pre-installed and keys you can replace. Watch my interview with David Hendricks and Matt DeVillier (a.k.a. Mr Chromebox) of coreboot below. But firmware also needs updatesThat’s where fwupd and LVFS come in. Fwupd is a tool that lets Linux systems update firmware just like a software package. LVFS is the backend many vendors now use to distribute those updates securely and at scale.
“When something like LogoFAIL drops, we can scan once and know exactly which models are affected.” — Richard Hughes, maintainer of fwupd & LVFS Fwupd and LVFS now serve over 80 million users a day. 140+ vendors rely on it. Watch my interview with Richard Hughes and Mario Limonciello below. Why now?Open firmware isn’t a niche experiment anymore. It’s becoming a necessity.
Owning your OS is great. From the data center, to embedded devices, slowly but steadily open is winning. If you have any questions, comments or just want to catch up - just reply to this email. Many thanks, Social: Connect with me on Twitter, LinkedIn or Mastadon. |
Nerding Out with Viktor
This podcast and newsletter focus on clear conversations about technology, security, and modern software. Experts share insights on DevOps tips, open source projects, cybersecurity, and Europe's move toward its own cloud services. You will hear about continuous integration, airplane hacking, and new laws that affect the tech industry. Each show explores real problems and fresh solutions in the digital world. By subscribing, you will keep up with the latest trends in software, gain helpful advice from pros, and stay current in a fast-changing environment. We also talk about supply chain security, IoT, and the details of building strong systems. This blend of technical ideas with real-world viewpoints is a great resource if you want to grow your skills, learn about new technology, and connect with others who love all things tech.
Hi Reader, This week we talk about remote work and how it has shaped the world in a post-COVID world. As someone who as worked remotely for over 15 years, I just can't imagine commuting into an office every day. And I'm not alone. COVID was the catalyst that to normalized remote work for the masses. Why does this matter? Big names just doubled down on office life. Amazon and Dell now want folks at their desks five days a week. (reuters.com, reuters.com) Remote roles are scarce but hot. Only...
Hi Reader, My new episode of Nerding Out with Viktor just dropped, and it is a good one. I sat down with engineer and Web3 builder Vlad Trifa to cut through the hype and talk about what crypto, blockchain, and the Internet of Things really mean for us right now. Why does this matter? Trust you can check. Vlad says blockchains are “finger pointing as a service,” a shared ledger where everyone can see who did what and when. That keeps companies honest and data clean. Real-world use. From...
Hi Reader, As someone who has managed IoT devices at scale at Screenly, I wish I knew what I know now when I first started. Learning about Yocto early on would have saved me a lot of pain. That’s what this episode is about." “This is why I wanted to do an episode on Yocto: to save people the time and agony we wasted trying to solve this ourselves.” Why this matters Here’s the common story. You build a prototype on a Raspberry Pi (or similar). It works. Maybe you launch a Kickstarter. You get...