Re: CPU as a service // MINIX in Intel ME

2017-11-30 Thread Max Mehl 

Hi Timothy,

# Timothy Pearson [2017-11-29 20:25 +0100]:

Yes, I agree.  The question is, in a society where any new features /
ways of doing things are expected at no cost or well below the real cost
of creating things, how does society as a whole move away from the
resultant need to "monetise" the resulting products in unethical ways?


No answer to your question but some additional thoughts:

If you were talking only about web services, I'd understand. But in
other areas technical products sometimes are obviously overpriced and
people seem to tolerate, understand and/or even respect that. Examples:
Apple products or some popular proprietary software like MS Office or
Adobe stuff.

The only difference to the "no-cost" web services like social networks
is that they are paid by the users' data and privacy – hard to quantify
but I'd say this is overpriced, too.

Best,
Max

--
Max Mehl - Program Manager - Free Software Foundation Europe
Contact and further information: https://fsfe.org/about/mehl
Support advocacy for Free Software:  https://fsfe.org/donate
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-29 Thread Timothy Pearson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/29/2017 11:16 AM, Florian Snow wrote:
> Hi,
> 
> 
> Timothy Pearson  writes:
>> Giving up privacy and control to waste time in front of a *game*.
> 
> I agree with you that freedom is more important than games.  But in the
> long run, we need to find other solutions than telling people not to use
> things.  Phones are bad because they all come with proprietary blobs, so
> don't use them.  New technology:  Often bad, better wait till it's old
> and better understood.  Online services that you don't host yourself: Bad,
> dont' use them.  Games: Usually bad, don't use them.  I understand that
> freedom is important but to most people, giving up games they really
> enjoy is also giving up some of their freedom and people who use
> services other people host also feel increased freedom because they can
> spend their time doing something other than managing a server.  So what
> I'm saying is that we need to be careful not to tell people we want them
> to lead a live of deprivation.
> 
> Happy hacking!
> Florian

Yes, I agree.  The question is, in a society where any new features /
ways of doing things are expected at no cost or well below the real cost
of creating things, how does society as a whole move away from the
resultant need to "monetise" the resulting products in unethical ways?

I guess this is really a variation on the age-old practice of "loss
leaders", but taken to such an extreme that it's now expected of every
tech product.  Combined with 120+ year copyright it's rather hard to
come up with a solution other than to just not use the unethical
products in the first place, sadly.

- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJaHwmSAAoJEK+E3vEXDOFbmMYH/0RGmRlEXbmENvQ7n5Ow+Gdb
niXAwE3GvzK/R1IN6eGRZkpdmtDOmP3YiXNayhbtKz99ZGk6RfaM91LiSLVZqI/E
6lvyaJXpnlAAvs1poQ2hWvl5F8tOO6fEp46DaMREOw/3siSw8gmA1nsCyxIuIJC5
1fRtBjtmeDd3crz6daSDlX6SMdEGpXznGE7WzX/xsv9BLy+/xU6tI5bQyegBS/BS
JybDL76mpKLBwA/8CL2i2emDoWaQAfk+Qyxtyn6H7mZRLCWzCSVVaicFV5Knwi9P
0AJQ0vA0SYETAKjifzrHMelwTfwCKrlYpOBNCzORdy2tQ+/s2sKvDIFgW2K/Pfo=
=qbG/
-END PGP SIGNATURE-
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-29 Thread Florian Snow 
Hi,


Timothy Pearson  writes:
> Giving up privacy and control to waste time in front of a *game*.

I agree with you that freedom is more important than games.  But in the
long run, we need to find other solutions than telling people not to use
things.  Phones are bad because they all come with proprietary blobs, so
don't use them.  New technology:  Often bad, better wait till it's old
and better understood.  Online services that you don't host yourself: Bad,
dont' use them.  Games: Usually bad, don't use them.  I understand that
freedom is important but to most people, giving up games they really
enjoy is also giving up some of their freedom and people who use
services other people host also feel increased freedom because they can
spend their time doing something other than managing a server.  So what
I'm saying is that we need to be careful not to tell people we want them
to lead a live of deprivation.

Happy hacking!
Florian
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-29 Thread Adonay Felipe Nogueira 
If I'm not mistaken, this is already there.

They are freedoms, not obligations against the user. They must be
possoble of course, but the user isn't obligated to make use of all of
the freedoms, the same applies to freedom 0, see [1].

[1] . This is multi-audio-track
file. First is with speech in English and commentaries unchanged (either
in English or in Brazilian Portuguese); second is with speech translated
to Brazilian Portuguese (it has some minor errors and cuts but it's OK
for the majority of the speech).

2017-11-29T12:21:54+0100 Andrea Trentini wrote:
> (a latere, semi-serious)
>
> May I propose an amendment to the first freedom (as in
> https://www.gnu.org/philosophy/free-sw.html)?
>
> "The freedom to run the program as you wish, for any purpose (freedom 0)."
>
> should become
>
> "The freedom to run (or NOT to run) the program as you wish, for any
> purpose (freedom 0)."
>
> Of course it's redundant, but it emphasizes the liberty to opt-out.

-- 
- https://libreplanet.org/wiki/User:Adfeno
- Palestrante e consultor sobre /software/ livre (não confundir com
  gratis).
- "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar
  instantaneamente comigo no endereço abaixo.
- Contato: https://libreplanet.org/wiki/User:Adfeno#vCard
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
  Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
  GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
  (apenas sem DRM), PNG, TXT, WEBM.
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-29 Thread Andrea Trentini 
(a latere, semi-serious)

May I propose an amendment to the first freedom (as in 
https://www.gnu.org/philosophy/free-sw.html)?

"The freedom to run the program as you wish, for any purpose (freedom 0)."

should become

"The freedom to run (or NOT to run) the program as you wish, for any purpose 
(freedom 0)."

Of course it's redundant, but it emphasizes the liberty to opt-out.


-- 

  /\___
 /--\ndrea |rentini  (http://atrent.it)
 .  Software Libero - Dipartimento di Informatica
..: Università degli Studi di Milano

[il file "signature.asc" (firma gpg) potrebbe non essere compreso dal vostro 
sistema]



signature.asc
Description: OpenPGP digital signature
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-29 Thread Giovanni Biscuolo 

Dear Jann,

* Jann KRUSE [2017-11-28 21:23:54 +]:


Update: Have been exploited...
(And you wouldn't even realize it!)
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668


as you correctly pointed out below, the real problem is not unintentional
occurrence of exploitable bugs: this is normal on all OSs and can be
addressed (with various level of difficulty, **very** hardly in this case)

«To root, or not to root, that is the question:»
who have root access to the hyper-hyper-visor?

this soon leads to the following questions:

1 is root access documented anywhere on earth?
2 how can I manage the root password in order to be compliant with national
mandatory security regulations? [1]

mumble, mumble...

[...]


In short:
We are essentially being forced, without even being told, to run buggy
proprietary code in a very powerful and very capable hyper-hyper-visori


very nice executive ultra-summary thanks! :-)

Ciao
Giovanni

[1] https://en.m.wikipedia.org/wiki/Cyber-security_regulation
there are a **lot** of mandatory regulations considering password management
_vital_ to the security of IT infrastructure

--
Giovanni Biscuolo
Xelera - IT infrastructures
http://xelera.eu/contact-us/

**per favore** Quota Bene: http://wiki.news.nic.it/QuotarBene
**please** use Inline Reply: 
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style


signature.asc
Description: PGP signature
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-28 Thread Timothy Pearson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/28/2017 04:47 PM, White_Rabbit wrote:
> Il 28 novembre 2017 22:33:06 CET, Timothy Pearson 
>  ha scritto:
>> […]  Think about that: *games*.  Giving
>> up
>> privacy and control to waste time in front of a *game*.  […]
> (I'm sorry, I know this is not a reasonable use of the list)
> You've never played "Metal Gear Solid", have you? I might have drunk the 
> koolaid, but I really believe videogames can be a revolutionary medium of 
> expression, much like books, paintings, sculptures, movies, comics...
> To dismiss them like you did, if it's not hyperbole, is wrong.
> I value freedom more than videogames, but they can be much more than you make 
> them sound.

Oh, I agree they are a valuable artistic medium, and I have a few myself
that I greatly enjoy.  However, not only do I disagree with the onerous
EULA for many of the larger titles, but I strongly object to the game
copyright extending beyond 20 years or so, especially when the
manufacturer won't update or sell the game any more after only a year or
two post release.

I only object to people giving up their privacy, control, etc. over
other aspects of their life because the game is considered more
important.  That is the wrong attitude; the game may be valuable, but is
it really more valuable than anything the individual might ever create
(or want to create) using a computer?

Locked-down x86 boxes are practically a dime a dozen; gaming can be
easily done on one of those while real work is done elsewhere.  But
trying to get people to understand this has yielded unexpected
resistance, largely due to the costs of then having to maintain two
separate computers.  I really don't know what to do to fix this, as I
don't think it *can* be fixed given the issues of the x86 platform.

Personally, I keep all of the DRM boxes separate and isolated.  Amazon
streaming goes through a dedicated "garbage" PC that never sees any
personal data, etc.  No idea if others are willing adopt this model or
will just surrender the last shreds of their personal life to keep up
with games and streaming video...

- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJaHeszAAoJEK+E3vEXDOFb2C8H/iY9OpjP8OE3MdCdbHLF3yfl
gth28MyaZf0HEYhrcwq/xqfB5iZVBfQHxE238E29ehGmdBm9vhFtYu/cFCG53ZjE
kT3mDWFJhg78qXvbcBAMYSfptN7FY1t9EIqd/GYNOeN68jlmKCnHN2rzRHMAtQtu
HCDxjjWzaqt8tkR5tiGDKKMYfPzdVCKkGjsyhEcra1VB7URe4QIjCUcZWeYTQ72n
X1Me5fxlCqEAh6KBHZwCZqzhu8UhhZyugVkO0f1rmKcNrTWwBtJsCEYMb3/qdpNI
MYUFORxqPEvANSugLjbDQL8NmjcDypq9ZlO2h3KAjXWeLRwAMGMJe5MB5cG1b/g=
=PFG3
-END PGP SIGNATURE-
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-28 Thread White_Rabbit 
Il 28 novembre 2017 22:33:06 CET, Timothy Pearson 
 ha scritto:
>[…]  Think about that: *games*.  Giving
>up
>privacy and control to waste time in front of a *game*.  […]
(I'm sorry, I know this is not a reasonable use of the list)
You've never played "Metal Gear Solid", have you? I might have drunk the 
koolaid, but I really believe videogames can be a revolutionary medium of 
expression, much like books, paintings, sculptures, movies, comics...
To dismiss them like you did, if it's not hyperbole, is wrong.
I value freedom more than videogames, but they can be much more than you make 
them sound.
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-28 Thread Timothy Pearson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I was using "unlicensed" somewhat facetiously from a large content
provider perspective; specifically, in the common usage of "not paying a
license fee back to the vendor on a continuous basis".  The general idea
was that the machine vendor wants to see a financial kickback after sale
in return for leasing the hardware to the end user at or near cost --
this is what motivates the preinstalled bloatware and things like SuperFish.

Sorry for the confusion!

On 11/28/2017 03:45 PM, Adonay Felipe Nogueira wrote:
> Jost to note that not all copies of Linux are unlicensed.
> 
> The unlicensed ones are those shipped or provided by non-free system
> distributions that happen to break the terms of the license (currently:
> 99%).
> 
> Besides, the Linux project itself seems to currently put non-free parts
> inside it so, one always has to do some cleanup even if getting a copy
> from Linux project itself.
> 
> 2017-11-28T15:33:06-0600 Timothy Pearson wrote:
>> On 11/28/2017 03:23 PM, Jann KRUSE wrote:
>>> In short:
>>> We are essentially being forced, without even being told, to run buggy
>>> proprietary code in a very powerful and very capable hyper-hyper-visor
>>> of our OS, which can (benign or maliciously) control both the (free)
>>> software we run and the hardware we "own", without our knowledge.
>>> (See also in-line comment below..)
>>>
>>> Greetings,
>>> Jann
>>> PGP 0xE7A47A578A30148A
>>
>> As before, though, you're only forced into this you need to stay on x86.
>>
>> IMHO part of the reasoning for this lockdown is that the majority of x86
>> sales by volume are still to consumers. Therefore, there is strong call
>> to prevent the machine lessee (hesitate to call anyone bound by an EULA
>> an "owner") from doing anything that might be considered unacceptable
>> (e.g. breaking DRM, posting restricted content, using unlicensed
>> software like Linux, possibly even depending on region criticising the
>> authorities).  We're already seeing some of this in the wild in that the
>> 4k streaming services require the ME and its DRM in order to run.
>>
>> It's still early enough to at least forcibly split "production",
>> owner-controlled hardware from the "consumption" leased hardware.
>> However this only happens if people support the vendors that are still
>> making owner controlled hardware by selecting their products over the
>> competing leased x86 systems.
>>
>> Anecdotally, I have personally seen way too many people supposedly
>> interested in libre software that are literally locking themselves into
>> the x86 walled garden over games.  Think about that: *games*.  Giving up
>> privacy and control to waste time in front of a *game*.  This is the
>> mentality that needs to be fixed, that somehow consuming content is more
>> important than being able to create it.  No idea how to do that right now.
>>
>> As always, just my $0.02.
> 


- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJaHdn9AAoJEK+E3vEXDOFbTesH/iM1Pq9XbFMQxTrlGOcMMUMj
NIjGlYbngAhU7YHv+mD2p2tscLLQjo3WTUci7UQHx1JR4PXl188yQv/YAPbnxopc
HJv/iPDFOGr1zEJRSFKdLYQTwczgpwP2DOG9SJZHM6GSsSpoiejv8jSUzMmUtNPl
3jiMMFy8XEkHGzJNJ5/WAYJ7sXAlB2mMCj1DsG3bA4mrDS6i8XopVxD63slOLDcq
TDb/CbeEAeV+nJeheC3ihYVdJBlheahwlVEgOcugsk4Vzp6+OWkso+ta650Oy+iQ
Gf6fCIkPGx1vrtVCsqiS6nRId7rL4TM/IYjrFm507gXre98ZoqAcAVD66XctO5c=
=C6d3
-END PGP SIGNATURE-
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-28 Thread Adonay Felipe Nogueira 
Jost to note that not all copies of Linux are unlicensed.

The unlicensed ones are those shipped or provided by non-free system
distributions that happen to break the terms of the license (currently:
99%).

Besides, the Linux project itself seems to currently put non-free parts
inside it so, one always has to do some cleanup even if getting a copy
from Linux project itself.

2017-11-28T15:33:06-0600 Timothy Pearson wrote:
> On 11/28/2017 03:23 PM, Jann KRUSE wrote:
>> In short:
>> We are essentially being forced, without even being told, to run buggy
>> proprietary code in a very powerful and very capable hyper-hyper-visor
>> of our OS, which can (benign or maliciously) control both the (free)
>> software we run and the hardware we "own", without our knowledge.
>> (See also in-line comment below..)
>> 
>> Greetings,
>> Jann
>> PGP 0xE7A47A578A30148A
>
> As before, though, you're only forced into this you need to stay on x86.
>
> IMHO part of the reasoning for this lockdown is that the majority of x86
> sales by volume are still to consumers. Therefore, there is strong call
> to prevent the machine lessee (hesitate to call anyone bound by an EULA
> an "owner") from doing anything that might be considered unacceptable
> (e.g. breaking DRM, posting restricted content, using unlicensed
> software like Linux, possibly even depending on region criticising the
> authorities).  We're already seeing some of this in the wild in that the
> 4k streaming services require the ME and its DRM in order to run.
>
> It's still early enough to at least forcibly split "production",
> owner-controlled hardware from the "consumption" leased hardware.
> However this only happens if people support the vendors that are still
> making owner controlled hardware by selecting their products over the
> competing leased x86 systems.
>
> Anecdotally, I have personally seen way too many people supposedly
> interested in libre software that are literally locking themselves into
> the x86 walled garden over games.  Think about that: *games*.  Giving up
> privacy and control to waste time in front of a *game*.  This is the
> mentality that needs to be fixed, that somehow consuming content is more
> important than being able to create it.  No idea how to do that right now.
>
> As always, just my $0.02.

-- 
- https://libreplanet.org/wiki/User:Adfeno
- Palestrante e consultor sobre /software/ livre (não confundir com
  gratis).
- "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar
  instantaneamente comigo no endereço abaixo.
- Contato: https://libreplanet.org/wiki/User:Adfeno#vCard
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
  Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
  GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
  (apenas sem DRM), PNG, TXT, WEBM.
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-28 Thread Timothy Pearson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/28/2017 03:23 PM, Jann KRUSE wrote:
> In short:
> We are essentially being forced, without even being told, to run buggy
> proprietary code in a very powerful and very capable hyper-hyper-visor
> of our OS, which can (benign or maliciously) control both the (free)
> software we run and the hardware we "own", without our knowledge.
> (See also in-line comment below..)
> 
> Greetings,
> Jann
> PGP 0xE7A47A578A30148A

As before, though, you're only forced into this you need to stay on x86.

IMHO part of the reasoning for this lockdown is that the majority of x86
sales by volume are still to consumers. Therefore, there is strong call
to prevent the machine lessee (hesitate to call anyone bound by an EULA
an "owner") from doing anything that might be considered unacceptable
(e.g. breaking DRM, posting restricted content, using unlicensed
software like Linux, possibly even depending on region criticising the
authorities).  We're already seeing some of this in the wild in that the
4k streaming services require the ME and its DRM in order to run.

It's still early enough to at least forcibly split "production",
owner-controlled hardware from the "consumption" leased hardware.
However this only happens if people support the vendors that are still
making owner controlled hardware by selecting their products over the
competing leased x86 systems.

Anecdotally, I have personally seen way too many people supposedly
interested in libre software that are literally locking themselves into
the x86 walled garden over games.  Think about that: *games*.  Giving up
privacy and control to waste time in front of a *game*.  This is the
mentality that needs to be fixed, that somehow consuming content is more
important than being able to create it.  No idea how to do that right now.

As always, just my $0.02.

- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJaHdYMAAoJEK+E3vEXDOFbGZ4H/3a9W/NzuaVlB2TcywMfJRzx
A9Ap9adHOLuvsfQwAxHv93GNoJ8g8LOhjwNPV1YUoERgJaYKEtD0SZYjpIVLYmwU
xpImdBbaX5g9PGgeKRF4+I6Ixr/kq9V+EpcyaNvOWVt2U7F0Qlv68CCFsG/Tmg8Q
kO3wY4tvc5BzKv5aeaVadU//XPs9rD1DFNqerBYLk4Z2qxkYCM5EMPfbcR97dEJC
+ljwtsyVQouWKoppPRcjznDKPR6G9Dpd/s8Em23V4RU+Ky0VFpS9Y+p7XOR6L6EG
Gz3UoeHh+87JFew5UHG07GLj4PO6fPjZkt2KLp3j7p6S3qsTFSIQPKOktVKnQ98=
=lIKQ
-END PGP SIGNATURE-
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: CPU as a service // MINIX in Intel ME

2017-11-28 Thread Jann KRUSE 
On 24 November 2017 18:19:23 EET, Giovanni Biscuolo  wrote:
>[...]
>
>2. between the "user facing OS" and the hardware there are at least 2 ½
>OS kernels (MINIX and UEFI)
>3. these are proprietary and very likely exploit-friendly

Update: Have been exploited... 
(And you wouldn't even realize it!)
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668

>4. the exploits can persist, i.e. be written to FLASH, and you can't
>fix that 
> [...]
In short:
We are essentially being forced, without even being told, to run buggy 
proprietary code in a very powerful and very capable hyper-hyper-visor of our 
OS, which can (benign or maliciously) control both the (free) software we run 
and the hardware we "own", without our knowledge.
(See also in-line comment below..)

Greetings,
Jann
PGP 0xE7A47A578A30148A___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion