entr0py: > [email protected]: >> On 11/14/2016 03:12 PM, Eric wrote: >>> On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote: >>>> Eric: >>>>> On Sunday, November 13, 2016 at 10:44:33 PM UTC-8, >>>>> [email protected] wrote: >>>>>> Forgot to say: Purism is just an overpriced quanta/oem >>>>>> whitebox laptop, it takes 5mil+ of startup funds to do a >>>>>> small run of *just a motherboard* let alone an entire laptop >>>>>> computer including the fab for a fancy aluminum case - it is >>>>>> quite obvious that their components are not "hand selected" >>>>>> and that they just called up some chinese OEM and asked them >>>>>> what they had kicking around. >>>>>> >>>>>> I can't understand if they are scammers or just really >>>>>> naive, Instead of making an OpenPower or ARM laptop and >>>>>> having it be 100% libre from the start they instead do the >>>>>> dishonest "you'll go to disneyworld one day poor johnny" - If >>>>>> google can't convince intel to open up FSP/ME then nobody can >>>>>> - coreboot with FSP is just shimboot (black box FSP - 95% of >>>>>> the bios work) >>>>>> >>>>>> It bothers me quite a lot that they are on the list of >>>>>> approved vendors when they are a dishonest company. >>>>> Whoa. Ok, hold on a sec. I did not buy a Purism computer, >>>>> though not for those reasons - putting a 28W TDP proc in a >>>>> 15inch "workstation" is absurd to me. as is their lack of a >>>>> screen configuration. I hear your anger at the gap between what >>>>> they promise and what they deliver; I'm more displeased on the >>>>> hardware side of things (though I do like HW kill switches. >>>>> I've looked into what they promise and understand very well >>>>> that they don't actually have a very free computer at all, >>>>> especially on the bios/firmware side. >>>>> >>>>> What I actually ordered (and have now cancelled), was a Dell >>>>> XPS 15". There is no vPro option in the configure menu, though >>>>> it does support VT-d and SLAT. I've read all of Joanna's >>>>> papers, and understand the concerns about Intel ME very well. >>>>> However, on the Dell order, it claimed "ME Disabled." Perhaps >>>>> they simply meant that vPro/AMT/TXT was disabled, and that was >>>>> mine and Dell's fault for wishful thinking and false naming, >>>>> respectively. Please see linked photo: https://d.pr/Q0YZ >>>>> >>>> Moral considerations aside, why not buy that Dell and pair it >>>> with a portable router/firewall like this >>>> (https://www.compulab.co.il/utilite-computer/web/products)? >>>> Shouldn't that effectively block out any ME-related mischief or >>>> do I have a fundamental misunderstanding? It doesn't seem >>>> possible otherwise to get the type of processing power you're >>>> looking for in a laptop form-factor. >>> Also, the concern for me is not ME shenanigans. I'm more concerned >>> about having TXT for AEM and measured boot, and the consumer Dell >>> model does not have that (the processor and chipset don't support >>> it). The other option aside from the Precision 5510, would be a >>> ThinkPad T460 or T460p, but the downside there is performance (only >>> SATA-3 SSD), and also the screen quality is terrible. >>> >>> Much as I dislike proprietary anything, I might take a second look >>> at the new MacBook Pros, and run things that need higher security >>> in a VM or in Whonix. >> >> Why would you buy a macbook? You realize those have regular intel processors >> and ME too right? >> >> Lenovo is owned by the chinese, and dell business laptop (their consumer >> line is garbage) is a way better choice than either. >> >> It seems you do have (as you said) a fundamental misunderstanding of how >> security actually works, and how a router/firewall operates. - thus I don't >> think that anyone would be targeting you specifically with a ME exploit. > > (top-posting fixed) > > Despite my "fundamental misunderstanding of how security actually works", I > am able to read a thread and keep track of who said what - a skill you seemed > to have misplaced in all your wizardry. Also, on your crusade to dismantle > Intel and Google, it might behoove you to take a slightly less agressive tack > with people who generally share your beliefs cause it seems you're > significantly outnumbered as it is. > > Now if you'd like to respond without the obligatory disdain and actually > explain something, my questions was: "Is Intel ME/AMT able to bypass > firewalls that haven't been specifically configured to support those > services?" This entry: > https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Communication > leads me to think that ME TCP/IP traffic isn't automatically passed-through, > but like *I* said, I may have a fundamental misunderstanding of that. >
I should add: My question is in the context of independent router/firewalls (on separate hardware). I know that firewalls on the same machine as Intel ME have no effect because the signals are out-of-band / not OS-dependent. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/01cd83db-6b21-bd5b-5963-8b1a6670dfd1%40gmail.com. For more options, visit https://groups.google.com/d/optout.
