On Saturday, August 5, 2017 at 12:28:32 PM UTC-4, yura...@gmail.com wrote: > On Saturday, August 5, 2017 at 4:15:43 PM UTC, cooloutac wrote: > > On Saturday, August 5, 2017 at 12:05:58 PM UTC-4, yura...@gmail.com wrote: > > > On Saturday, August 5, 2017 at 3:56:25 PM UTC, cooloutac wrote: > > > > On Saturday, August 5, 2017 at 11:34:32 AM UTC-4, yura...@gmail.com > > > > wrote: > > > > > On Saturday, August 5, 2017 at 3:26:05 PM UTC, cooloutac wrote: > > > > > > I'll be disappointed but I'm not going to be mad at them for trying > > > > > > to get paid, they deserve it. > > > > > > > > > > > > But I also wouldn't mind if they turned me into a money asset like > > > > > > windows so they can keep designing it for home users...lol > > > > > > > > > > > > I look at things differently. You are referring to linux > > > > > > architecture and developers, while I'm referring to the majority > > > > > > of its users and community members, as the Product. > > > > > > > > > > Alright, I respect that, we see some things differently. But the > > > > > discussion is good, it does not have to come down to agreeing in the > > > > > end. > > > > > > > > > > I don't like customers being turned into assets though. The way I see > > > > > it, it essentially make people "not people" anymore, customer service > > > > > is out of the window, it's all about cheating and manipulating people > > > > > into making the best use of them, rather than making a fair trade > > > > > between a company and a customer. So I kind of black out when I see > > > > > business models that turn people into assets, I really, really don't > > > > > like that approach. > > > > > > > > > > But I do really agree that I wouldn't mind Qubes taking a fee, ask > > > > > for more donations, or focus partly or entirely on business users. > > > > > They do a lot of hard work, and regardless of the target group, the > > > > > change will be for the better of humanity. Perhaps it's asking too > > > > > much for Qubes to focus on both companies and end-users at the same > > > > > time, nontheless, I do hope they can manage to do that. > > > > > > > > > > It's obvious they had their hands full on Qubes 4 too, so it might > > > > > just be that and we're reading too much into the issue here at hand. > > > > > But lets see, with time comes answers. I just hope it wiill be in > > > > > good time rather the long wait. > > > > > > > > You are going to be someones asset or product as part of nature, > > > > whether you know it or not. > > > > > > > > The ends justify the means to me. Especially if it means being able to > > > > use Qubes or not. > > > > > > > > I also think its silly to not support secure boot, simply because the > > > > idea was created by Microsoft. FSF/Richard Stallman supporters who > > > > are against secure boot, is like Bernie supporters not voting for > > > > hillary. Seems more spiteful then practical. > > > > > > Well yeah, only if one allows oneself to become a victim. We can oppose > > > and create balance in the world. > > > Also secure boot is entirely pointless in a stateless computer. A > > > non-stateless computer has a lot of closed source firmware which can be > > > either buggy (which closed software have proven to almost always be), and > > > backdoored, which is either illegal, can be abused by other than for the > > > intended, and is at the fringe limit crossing into the realm of human > > > rights. > > > > > > We don't need closed source firmware, it only creates problems, and no > > > benifit or solutions, other than maintaining market shares through force, > > > rather than surviving on good customer service and customer support. > > > We don't need companies that leech on society. > > > > > > I gather you think the world is ruled by bullies, and that you think it's > > > okay. If so, using that perspective, we just have to become the bullies > > > towards to big companies who wants to make use of us. By the end of the > > > day, we the people are what matter, humanity matter, not some greedy > > > individuals behind a large company. Having said that, I'm not a fanatic > > > against big companies, but they must behave, or I'll be against them. > > > > You can promote change, but we have to work with what we got right now. > > > > And right now secure boot would of stopped hacking teams insyde bios > > attacks, which some experts said could be exploited remotely, and would of > > worked on most ami bios as well. Without it whats the point? Why even > > bother with Qubes? Like you said hardware has backdoors, and if bios also > > has no protections. Whats the point then? > > > > The problem for me is this is not a cool tech experiment. Its for > > practical use. > > ah I see, I follow you now. > I'm not entirely sure how effective Anti-Evil-Maid is into detecting change > in the BIOS/UEFI, perhaps someone can enlighten us on the topic? Can AEM be > tricked or bypassed? Practically or theoretically? > > Though Joanna (head of Qubes) have said it might just be some years, if I > remember correctly, before we might see true stateless computers. I'm not > sure if anyone with resources would want to commit to such a thing, but it > would definitely help us all out. I hope she can convince someone with > resources with her goal for a true stateless pc. > > But meanwhile, we have to live with closed off firmware indeed, and it would > be interesting to know how effective and trustworthy AEM is. > > I suppose it might also be possible to hardware firewall off any incoming > signals to the computers BIOS/UEFI, which most routors do by default these > days. At this point, it should be a simple matter to have a team to test if > any BIOS/UEFI are phoning home. > > The only way someone can attack a BIOS/UEFI is if they have a leak through > the firewall, which be be gained by trojan horses by either user mistakes and > hidden software malware. > The only other method, would be to have the BIOS/UEFI to phone home > regularly, so that it can open up the hardware firewall, and these can be > detected easily if someone keeps taps on them. > In other words, our BIOS/UEFI should only be exploitable if our firewalls are > not set up properly or we make mistakes on the internet. > > If I'm not mistaken, I don't want to claim to be an expert on this topic, I'm > definitely not an expert. But as far as I understand the issue, this is the > limit. > > We should probably try stirrer back on-topic though, this is more Qubes > general discussion than Qubes 4 discussion.
Unlike secure boot, aem does not stop a compromise, only notifies you of a change which might indicate a compromise has happened, which basically is a prompt to buy a new pc. Reading posts on the forums tells me it can be buggy and false alarms happen though. Intel says you need 3 things for the best boot protection. Secure boot, trusted boot, and measured boot. I'm a total noob but I believe aem falls into trusted boot category? So I wonder if its possible to use both? And I have no idea what measured boot is. Another thing to consider is that if you use a usb key, which makes most sense to use with aem, then you can't use a sys-usb at the same time. So it depends on your threat model and how you use your system. Someone might have to correct me on this but I believe this to be the case. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/361c0531-892a-4f2c-a0f9-4797c39b7b31%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.