On 01/08/2018 01:36 PM, Vít Šesták wrote:
Or you could just buy POWER 9/TALOS 2, have a libre high performance
system right now and stop waiting for what will never happen (and would
be immediately fixed if it did)
Talos 2 looks nice in theory, but:
* Qubes OS does not support this architecture. So you are going to have
something more resistant to backdoors, but it is also less resistant to
classical exploits. If your typical threat is not like NSA, you probably lose
security. And even if it is, it is at least not clear win, as NSA could use
those classical exploits anyway.
You could use POWER-KVM and have an assortment of VM's with shared
folders, you can replicate all the other stuff via various methods and
have a better security level it simply wouldn't look as slick.
Qubes isn't virtualization, it is simply a collection of tools that can
theoretically be compiled for POWER although currently the qubes VMM is
xen which isn't yet available for POWER (the xen devs are ignoring
requests to assist with porting efforts).
* Not an option for those who want a laptop.
If T2 is successful (ie: enough people buy it) there are plans for a
POWER laptop.
* It is quite expensive for needs of most people.
It fills the very high performance sector that previously had no libre
hardware, it isn't meant for those like you and me who would be
satisfied with the performance of one of the various libre firmware
available boards such as the KGPE-D16, KCMA-D8 ($300 MSRP) etc...
The target market segment is someone who already spends just as much on
an equivilant performance x86-64 system every few years but who needs
and desires better security (ie: they previously have bought one or more
of intel's high end CPU's that cost thousands on their own).
That's not to say Talos 2 has no merit. It might have some niche, but it is far
far from a solution for masses.
It isn't intended for the masses, although if it is successful there
will eventually be lower cost versions intended and priced for the
average linux power-user - already costs have came down drastically
since T1.
No one ever found money or success trying to sell to the average yokel.
If you buy new Intel/AMD CPU's you are supporting future anti-feature
development.
Maybe this is not that bad for AMD:
https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option
That option simply removes the PCI device and the Option ROM menu, it
doesn't disable PSP - like ME it is integral to the x86-64 boot process
so it simply can't be disabled.
Yet another journalist that doesn't check the facts before publishing.
But it is still matter of trust. Not having PSP/IME does not mean there cannot
be any backdoor.
On an owner controlled system that has libre hardware, firmware and
software it is incredibly difficult to add a backdoor function, one
truly could trust their computer in that case.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/239b4913-a4d6-ae6a-cb6c-6b38fd420bad%40gmx.com.
For more options, visit https://groups.google.com/d/optout.