On 11/14/2016 04:50 PM, entr0py wrote:
[email protected]:
On 11/14/2016 03:12 PM, Eric wrote:
On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote:
Eric:
On Sunday, November 13, 2016 at 10:44:33 PM UTC-8,
[email protected] wrote:
Forgot to say: Purism is just an overpriced quanta/oem
whitebox laptop, it takes 5mil+ of startup funds to do a
small run of *just a motherboard* let alone an entire laptop
computer including the fab for a fancy aluminum case - it is
quite obvious that their components are not "hand selected"
and that they just called up some chinese OEM and asked them
what they had kicking around.
I can't understand if they are scammers or just really
naive, Instead of making an OpenPower or ARM laptop and
having it be 100% libre from the start they instead do the
dishonest "you'll go to disneyworld one day poor johnny" - If
google can't convince intel to open up FSP/ME then nobody can
- coreboot with FSP is just shimboot (black box FSP - 95% of
the bios work)
It bothers me quite a lot that they are on the list of
approved vendors when they are a dishonest company.
Whoa. Ok, hold on a sec. I did not buy a Purism computer,
though not for those reasons - putting a 28W TDP proc in a
15inch "workstation" is absurd to me. as is their lack of a
screen configuration. I hear your anger at the gap between what
they promise and what they deliver; I'm more displeased on the
hardware side of things (though I do like HW kill switches.
I've looked into what they promise and understand very well
that they don't actually have a very free computer at all,
especially on the bios/firmware side.
What I actually ordered (and have now cancelled), was a Dell
XPS 15". There is no vPro option in the configure menu, though
it does support VT-d and SLAT. I've read all of Joanna's
papers, and understand the concerns about Intel ME very well.
However, on the Dell order, it claimed "ME Disabled." Perhaps
they simply meant that vPro/AMT/TXT was disabled, and that was
mine and Dell's fault for wishful thinking and false naming,
respectively. Please see linked photo: https://d.pr/Q0YZ
Moral considerations aside, why not buy that Dell and pair it
with a portable router/firewall like this
(https://www.compulab.co.il/utilite-computer/web/products)?
Shouldn't that effectively block out any ME-related mischief or
do I have a fundamental misunderstanding? It doesn't seem
possible otherwise to get the type of processing power you're
looking for in a laptop form-factor.
Also, the concern for me is not ME shenanigans. I'm more concerned
about having TXT for AEM and measured boot, and the consumer Dell
model does not have that (the processor and chipset don't support
it). The other option aside from the Precision 5510, would be a
ThinkPad T460 or T460p, but the downside there is performance (only
SATA-3 SSD), and also the screen quality is terrible.
Much as I dislike proprietary anything, I might take a second look
at the new MacBook Pros, and run things that need higher security
in a VM or in Whonix.
Why would you buy a macbook? You realize those have regular intel processors
and ME too right?
Lenovo is owned by the chinese, and dell business laptop (their consumer line
is garbage) is a way better choice than either.
It seems you do have (as you said) a fundamental misunderstanding of how
security actually works, and how a router/firewall operates. - thus I don't
think that anyone would be targeting you specifically with a ME exploit.
(top-posting fixed)
Despite my "fundamental misunderstanding of how security actually works", I am
able to read a thread and keep track of who said what - a skill you seemed to have
misplaced in all your wizardry. Also, on your crusade to dismantle Intel and Google, it
might behoove you to take a slightly less agressive tack with people who generally share
your beliefs cause it seems you're significantly outnumbered as it is.
Now if you'd like to respond without the obligatory disdain and actually explain
something, my questions was: "Is Intel ME/AMT able to bypass firewalls that haven't
been specifically configured to support those services?" This entry:
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Communication leads me
to think that ME TCP/IP traffic isn't automatically passed-through, but like *I* said, I
may have a fundamental misunderstanding of that.
It is the same as any other device connected to your network, if it has
a world routable IP, you port forward, your router gets hacked, your
computer gets exploited or it initiates communication on its own then
yes it can communicate with the outside world.
For all we know it is simply waiting for an "activation" code sent via
MITM that it will detect.
I do not want to "dismantle" intel/google, I simply want them to be more
friendly to the customer and for intel to end their war on free software
and general purpose computing - they used to be great companies but now
they aren't because of nepotism and outsourcing.
Features like boot guard could have been implemented fully open source
and transparent, with a jumper to disable or place the computer in
signing mode so that you can sign/write your own firmware.
In 10-20 years you won't even be able to run unapproved binaries or view
unapproved files on an average computer, similarly as to how secure boot
v2 standards don't require the option to disable it (and thus you must
ask microsoft for permission to run linux on your own computer) it is a
slippery slope and if you give them an inch they take a mile.
It is the hollowing of the market, the removal of the middle class of
computing.
You can buy a low performance arm (or the like) device with free
firmware or you can splash out 4-8K for a super high performance OPOWER8
device from ibm/tyan - it is a myth that free firmware is only available
on old/slow devices. My next laptop will be a desktop board in a custom
made mobile 1U chassis.
"top posting" is my natural way of reading things, with my eyes at the
center-top of the screen it feels more natural. I am the trump of the IT
world - a steamroller in every way "my way or the highway" - but I enjoy
and am happy to help people with highly technical questions that no one
else is able to answer as long as they do their own research as well.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/41e1a3e2-31b6-4802-5b07-5951712b798a%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
