On 01/08/2018 01:36 PM, Vít Šesták wrote:

Or you could just buy POWER 9/TALOS 2, have a libre high performance
system right now and stop waiting for what will never happen (and would
be immediately fixed if it did)
Talos 2 looks nice in theory, but:

* Qubes OS does not support this architecture. So you are going to have 
something  more resistant to backdoors, but it is also less resistant to 
classical exploits. If your typical threat is not like NSA, you probably lose 
security. And even if it is, it is at least not clear win, as NSA could use 
those classical exploits anyway.
You could use POWER-KVM and have an assortment of VM's with shared folders, you can replicate all the other stuff via various methods and have a better security level it simply wouldn't look as slick.

Qubes isn't virtualization, it is simply a collection of tools that can theoretically be compiled for POWER although currently the qubes VMM is xen which isn't yet available for POWER (the xen devs are ignoring requests to assist with porting efforts).
* Not an option for those who want a laptop.
If T2 is successful (ie: enough people buy it) there are plans for a POWER laptop.
* It is quite expensive for needs of most people.
It fills the very high performance sector that previously had no libre hardware, it isn't meant for those like you and me who would be satisfied with the performance of one of the various libre firmware available boards such as the KGPE-D16, KCMA-D8 ($300 MSRP) etc...

The target market segment is someone who already spends just as much on an equivilant performance x86-64 system every few years but who needs and desires better security (ie: they previously have bought one or more of intel's high end CPU's that cost thousands on their own).
That's not to say Talos 2 has no merit. It might have some niche, but it is far 
far from a solution for masses.
It isn't intended for the masses, although if it is successful there will eventually be lower cost versions intended and priced for the average linux power-user - already costs have came down drastically since T1.

No one ever found money or success trying to sell to the average yokel.
If you buy new Intel/AMD CPU's you are supporting future anti-feature
development.
Maybe this is not that bad for AMD: 
https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option
That option simply removes the PCI device and the Option ROM menu, it doesn't disable PSP - like ME it is integral to the x86-64 boot process so it simply can't be disabled.

Yet another journalist that doesn't check the facts before publishing.
But it is still matter of trust. Not having PSP/IME does not mean there cannot 
be any backdoor.
On an owner controlled system that has libre hardware, firmware and software it is incredibly difficult to add a backdoor function, one truly could trust their computer in that case.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/239b4913-a4d6-ae6a-cb6c-6b38fd420bad%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to