Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Rick Moen]

Elsewhere in this thread, there's been mention of the dire threat to
system security from Intel Management Engine (ME) (every Intel CPU since
2008) and the equivalent AMD Platform Security Processor (PSP).  

Noted in the current Linux Weekly News:  discovery of a way to shoot
Intel ME version 11 in the head:  https://lwn.net/Articles/732291/

Coolness.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Rick Moen]

Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net):

> In essence, moz folks only want to add new fancy brave new world
> features (seems they're totally in the post-humanist ideology),
> and tend to hostile reaction against all critics.
> 
> Just try to submit a patch that eg, allows build-time opt-out of
> geoloc, motion/ambient sensors, etc, and see what happens.

I really do think Iceweasel, Mark II is the real route forward:  When
all is said and done, Mozilla, Inc. are a commercial entity inherently
beholden to their funders.  They is absolutely _nothing_ like a public
utility or charity.  We should thank them for a basic codebase that
can be used as the basis for better things, and carefully not trust
them overmuch.

> >>Most of it should still be in their mail archives - and I could publish
> >>the personal mails when applicable.
> >
> >(Which archives, BTW?)
> 
> mozilla.org.
> IIRC, it should also be synced to the newsgroups.

I honestly cannot find it, FWIW.

> In that case it was 'just' banning me completely from all mozilla
> communication channels (all maillists, bugzilla, newsgroups,
> forums, wikis, etc).

One last time:  What specifically do you mean by 'threatened'?  What,
and by whom?

I ask mostly because, as I mentioned, I really do believe in 'Fiat
justitia ruat cælum' (let justice be done, though the heavens fall) -- 
including citing the relevant names.

If you read the National Transportation Safety Board report on the Pan
American World Airways flight 799 disaster that killed my father in
December '68, the crucial error (among several) was by an _unnamed_
engineer in Pan Am service engineering who 'decided that [a recommended
hardware] modification was not necessary', despite having carte blanche
to do any fix costing less than US $50 per airframe and just expense it.
An equally unnamed supervisor reviewed this decision and 'decided, after
coordination with flight operations, that the bulletin was not
applicable to Pan Am aircraft, and no further action was taken.  The
reason for this decision was not fully documented.'

And no names.

Names.  Accountability.  I rather like them.

(Som faren går fyre, kjem sonen etter.  I am very much my father's son.)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Enrico Weigelt, metux IT consult]

On 01.09.2017 01:25, Rick Moen wrote:


https://github.com/orgs/Librezilla/


Thank you for working on that.  I haven't taken the time to find the
crux of your objection to the upstream code, though.


In essence, moz folks only want to add new fancy brave new world
features (seems they're totally in the post-humanist ideology),
and tend to hostile reaction against all critics.

Just try to submit a patch that eg, allows build-time opt-out of
geoloc, motion/ambient sensors, etc, and see what happens.


Most of it should still be in their mail archives - and I could publish
the personal mails when applicable.


(Which archives, BTW?)


mozilla.org.
IIRC, it should also be synced to the newsgroups.


But you haven't said what this was, and, FWIW, I did spend a few minutes
looking for it.


In that case it was 'just' banning me completely from all mozilla
communication channels (all maillists, bugzilla, newsgroups,
forums, wikis, etc).


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Rick Moen]

Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net):

> >Have you written this up, somewhere?
> 
> yet incomplete and hackish (due lack of time)
> 
> https://github.com/orgs/Librezilla/

Thank you for working on that.  I haven't taken the time to find the
crux of your objection to the upstream code, though.


> >>MSF has already made it perfectly clear they'll never accept any patches
> >>for that and continue their path (already threatened me personally)
> >
> >And have you written up the details of this?
> 
> Most of it should still be in their mail archives - and I could publish
> the personal mails when applicable.

(Which archives, BTW?)

I didn't mean to suggest that I disbelieved you, only that oddly vague 
claims of 'threats' have a generally wretched history on the Internet.
For starters, the author's notion of what qualifies as threatening and
the reader's, and what rises to the level of being worthy of notice,
tend to differ.

This situation is worsened by many Internet denizens' (and many
businesses') assumption that talk is cheap on the Internet, that they
can get away with darkly hinting at harm of various sorts
(semi-threatened litigation for business torts and libel, or alleged
trademark violation, being the most common) without consequence.

In my experience, the only way to restore accountability is to put the
facts out in public without editorial commentary, including names and
full texts.  This has been my own policy:  E.g., when Prof. Daniel J.
Bernstein semi-threatened litigation because I dared to maintain a FAQ
saying why I preferred not to use his software, I politely referred him
to my attorney and then put the correspondence up on the Web for public
amusement.[1]  Later, when an officer of a LUG in Davis, California sent me
an (it was later claimed) unauthorised lawsuit threat letter because I 
documented on my Web site abusive conduct by the then-listadmin, I
published it plus my response letter.[2]  And when one of my fellow Board
members of my local sysadmin guild, BayLISA, bizarrely and in error
claimed _I'd_ threatened litigation against BayLISA (my _own_
organisation), I published all of that, too.[3]  Last, when the operator
of standalone newsgroup threatened me with copyright litigation for
Web-archiving public postings from the newsgroup, I Web-published that
as an addition to my Web archive.[4]

In each case, the supposed legal threat was obvious bullshit except of
the type people feel free to hurl around because they might get their
way if the recipient is timid and/or stupid, _and_ because they see no
downside to trying.  As I happen to have a reasonably high PageRanked
Web site, as it turns out, there _is_ a downside to trying this dumb
Internet trick on me -- and I don't take lawsuits lightly, having lived
through my mother's suit against a Fortune 50 corporation (Boeing) over
the wrongful death of my father, Pan Am Captain Arthur Moen.  Even
though we won, it was an ordeal, so I do not regard bogus legal threats
as a matter to take lightly, but rather one to punish with sunlight.

If the 'threat' you speak of was substantive _and unmerited_, then IMO
you should do likewise.

But you haven't said what this was, and, FWIW, I did spend a few minutes
looking for it.


[1] http://linuxmafia.com/~rick/faq/dan-brandishing-legal-threats
[2] http://linuxmafia.com/~rick/linux-info/lugod.html
[3] http://linuxmafia.com/~rick/litigious2.html
[4] http://linuxmafia.com/~rick/linux-info2/astcomm.html

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Enrico Weigelt, metux IT consult]

On 31.08.2017 22:38, Rick Moen wrote:

I think you're missing that point that a baseband chipset integrated > with a smartphone has total control over anything and everything the> 

smartphone does,

Depends on how it is connected to the rest of the system.
If it eg. has a direct link to the mic, it can be easily abused, of
course.

Nevertheless we should have an open one.


--mtx

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Enrico Weigelt, metux IT consult]

On 31.08.2017 22:26, Rick Moen wrote:

They say it's going to be either i.MX6 or i.MX8.  


whenever mx8 will be actually available ... :o


They haven't yet
decided.  (This further underlines my point that it's definitely nothing
like a finished product, yet.)


ack.


I don't want to be unduly cynical about Puri.sm, but they have had a
history of overselling and being just a bit reticent about the secret
proprietary bits they've not addressed at all in their 'open' designs.


well, never heared about these guys, let's see how it finally plays out.


They suggest firefox ... recent versions (at least since 52) have
built-in malware. I've already removed larged parts of it (yet
very experimental and untested) - still need a strategy to align
w/ upstream.


Have you written this up, somewhere?


yet incomplete and hackish (due lack of time)

https://github.com/orgs/Librezilla/


MSF has already made it perfectly clear they'll never accept any patches
for that and continue their path (already threatened me personally)


And have you written up the details of this?


Most of it should still be in their mail archives - and I could publish
the personal mails when applicable.

I've just contacted the waterfox guy, let's see whether we can agree on
an alliance.


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Enrico Weigelt, metux IT consult]

On 31.08.2017 22:05, zap wrote:


Try Waterfox that is libre by default at least. eme can be disabled and
that is waterfox's only problem.


Cool, didn't know that yet.
We should support it in dng.


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Rick Moen]

Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net):

> They suggest firefox ... recent versions (at least since 52) have
> built-in malware. I've already removed larged parts of it (yet
> very experimental and untested) - still need a strategy to align
> w/ upstream.

To be very specific, decades ago I learned to distrust the word
'malware', especially when it gets hurled about with a notable and utter
absence of specifics.  In my experience, it gets used to mean anything
and everything in software the author doesn't like.

If you mean, for example 'code that opens outbound sockets to a remote
corporate IP address for reasons I [either] don't understand [or]
consider insufficient', you really ought to say so rather than erring on
the side of vague melodrama.  

Mozilla Foundation's relationship with users cannot help but be
problematic on account of its (and its for-profit subsidiary Mozilla
Corporation's) funding model, a matter I discussed in passing in my Feb.
2011 Silicon Valley Linux User Group talk 'The Wild, Wild Web: Web
Browser Security, Performance, and Privacy'.  Slides and lecture notes
in the SVLUG News column, here, http://www.svlug.org/ , but I really
covered the funding-model problem in full only in my talk itself:  In
short, you/we/I simply aren't Mozilla Corporation's customer.

IMO, the best way to address that and several other problems would be
via an Iceweasel Mark II.


And likewise:

> MSF has already made it perfectly clear they'll never accept any patches
> for that and continue their path (already threatened me personally)

I've noticed that many people on the Internet use the term 'threaten' at
the drop of a hat, and (likewise) the underlying reality, if any, can be
anything at all.

By the way, what's an MSF?  Mozilla Foundation?
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Enrico Weigelt, metux IT consult]

On 31.08.2017 21:53, Daniel Abrecht wrote:

While all android phones technically use a linux kernel, they have > nothing else in common with a normal Linux system. Android has it's> 

own libc: bionic.

One of my goals in the gnudroid project (which is currently stalled
due lack of time) is porting it to glibc or uclibc.


It also has special IPC mechanisms enabled in the > linux kernel,


Binder already is mainlined. Not sure whether it's properly namespace'd
yet, but that shouldn't be the big deal.

and it uses gralloc instead of fbdev or DRM. 


IIRC, gralloc is used to allocate intermediate surface buffers,
for both GPUs and other image/video processing devices, and allows
passing them between processes (similar to gem or prime). Not checked,
but they probably have something that finally bridges to GEMs, so GPUs
drivers can consume the buffers (if not, shouldn't be such a hard job
to add that). I'd guess sooner or later will come up with something
similar, as a complete video processing pipe (involving dri and v4l
devices) is an ongoing topic for quite some time.

I Really hope the Librem 5 will get fbdev support, so I can see boot > messages on a framebuffer console, and optionally DRM support for> 

things like OpenGL and Vulkan.
plain fbdev shouldn't be the big deal as soon as basic KMS stuff
is implemented. in embedded world it's usally just a matter of
properly enabling the ipu (for most SOCs should be mainlined) and
backlight (usually some dumb pwm controller, either in the SoC or
behind I2C).

When bringing up an own custom board, that's one of the early steps
(and beyond the SOC-stuff usually board specific).


--mtx

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[taii...@gmx.com]

FYI just so everyone knows the 6.5K price is the prebuilt cost, you can 
get the board and CPU for around 2K then you just need DDR4 memory.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Rick Moen]

Quoting Arnt Gulbrandsen (a...@gulbrandsen.priv.no):

[snip a bunch of stuff I'm not going to spend time on]

> Back to the phones.
> 
> If you have proper control over your phones's baseband, you're
> relying on the telco as a proprietary black box to forward your
> packets and calls. If your baseband's a blob, but you do have a
> proper DMZ between your hardware and the baseband, then you're
> relying on two black boxes. IMO: Much of a muchness.

I think you're missing that point that a baseband chipset integrated
with a smartphone has total control over anything and everything the
smartphone does, and is an intelligent, autonomous agent that infamously
is subject to subversion by both state actors and well-funded private
actors from cell towers (or cheap simulations thereof).  In other words,
you do _not_ have proper control over your phone's baseband, but remote,
undetectable, hostile parties may, and are known to have done so
routinely.

A baseband chipset _not_ integrated with the smartphone is a lesser
threat,  The Tor Project article describes how this (current-best) ideal
can be simulated by USB-connecting a Wifi-only tablet with a cell modem 
and battery pack.  This reduces the threat exposure to remote, hostile control
over the modem functions.

Maybe the planned future Puri.sm product will come close to that degree
of isolation -- or not.

Anyway, I've now explained this matter twice and provided links for
experts' assessments.  If you don't agree, feel free to go argue with
them.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Rick Moen]

Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net):

> On 31.08.2017 20:07, Rick Moen wrote:
> 
> >Having the i.MX6 ori.MX8 CPU 'separate' from the baseband
> >controller
> 
> Does it have to be an mx6 ? okay, open gpu drivers, but perhaps a little
> bit expensive and produces a lot heat.

They say it's going to be either i.MX6 or i.MX8.  They haven't yet
decided.  (This further underlines my point that it's definitely nothing
like a finished product, yet.)

> #1: isolate them as much as we can, power on only if required, no direct
> connections to other vital devices, eg. main memory, storage, ports,
> mic, etc - for some interfaces eg. i2s we could even add an extra
> tamper detection (when baseband attempts to read audio stream)
> or just inject fake data when no actual call is running (w/
> cell calls you can safely assume being wiretapped)

This would be the opimal approch given the existing baseband situation,
but please note that Puri.sm haven't specified yet what they mean by 
'separate'. 

The Tor Project hardened-Android articles has some good thoughts about
the baseband problem and how to isolate it as best can be achieved under
current circumstances.

I don't want to be unduly cynical about Puri.sm, but they have had a
history of overselling and being just a bit reticent about the secret
proprietary bits they've not addressed at all in their 'open' designs.

> They suggest firefox ... recent versions (at least since 52) have
> built-in malware. I've already removed larged parts of it (yet
> very experimental and untested) - still need a strategy to align
> w/ upstream.

Have you written this up, somewhere?

> MSF has already made it perfectly clear they'll never accept any patches
> for that and continue their path (already threatened me personally)

And have you written up the details of this?

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[zap]

>
>> https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
>>
>
> They suggest firefox ... recent versions (at least since 52) have
> built-in malware. I've already removed larged parts of it (yet
> very experimental and untested) - still need a strategy to align
> w/ upstream.
>
> MSF has already made it perfectly clear they'll never accept any patches
> for that and continue their path (already threatened me personally)
>
Try Waterfox that is libre by default at least. eme can be disabled and
that is waterfox's only problem.
>
> --mtx
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

<>___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Arnt Gulbrandsen]

Rick Moen writes:
Having the i.MX6 ori.MX8 CPU 'separate' from the baseband controller (a 
term on which they have not yet elaborated), but the latter remains

deeply problematic, being a proprietary black box with proprietary,
opaque firmware. 


Really?

I suppose you've dealt with as many ISPs as I have... some of them give you 
a cable of some sort, some of them send you a router to put on customer 
premises. In the latter case, some people just connect the ISP CPE to their 
network, but you and I make a tiny DMZ and route everything via a router of 
our own.


Once I used the exact same kind of Cisco as the ISP, which looked a little 
superfluous. But that's really a small thing. A few watts, a power cable.


Back to the phones.

If you have proper control over your phones's baseband, you're relying on 
the telco as a proprietary black box to forward your packets and calls. If 
your baseband's a blob, but you do have a proper DMZ between your hardware 
and the baseband, then you're relying on two black boxes. IMO: Much of a 
muchness.


Arnt

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Daniel Abrecht]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

While all android phones technically use a linux kernel, they have
nothing else in common with a normal Linux system. Android has it's
own libc: bionic. It also has special IPC mechanisms enabled in the
linux kernel, and it uses gralloc instead of fbdev or DRM. I think
gralloc is the biggest problem with android phones, it's absolutely
useless for everything except for androids SurfaceFlinger and
canonicals Mir.

I Really hope the Librem 5 will get fbdev support, so I can see boot
messages on a framebuffer console, and optionally DRM support for
things like OpenGL and Vulkan.

On 2017-08-31 15:01, info at smallinnovations dot nl wrote:
> On 31-08-17 16:14, Narcis Garcia wrote:
>> El 31/08/17 a les 15:24, info at smallinnovations dot nl ha
>> escrit:
>>> 
>>> As a owner of a BQ Aquaris E45 Ubuntu version i fully support
>>> this kind of free smartphone development. But i doubt of a
>>> linux smartphone will be functional comparable with Android or
>>> iOS within 3 to 4 years. They should use the efforts of
>>> Meego/Maemo development or work together wit Jolla. And trying
>>> to get support from one or more large smartphone makers. Until
>>> then when i have to replace my current BQ it will be a iPhone
>>> as one of the lesser evil.
>>> 
>> All Androids run Linux.
> 
> Sure as far as it the kernel concerns that is true. As soon as you
> want hardware support for a specific SOC you depend on the
> hardware manufacturer. Which are not interested in open source and
> you are already lucky if they even want to deliver a binary blob.
-BEGIN PGP SIGNATURE-

iQFIBAEBCAAyFiEEZT8xKpcJ1eXNKSM1cASjafdLVoEFAlmoaSUUHG1lQGRhbmll
bGFicmVjaHQuY2gACgkQcASjafdLVoH5WAf/cZtmCtR9fKNl14IUqCjf8VIZh77p
hcZeBYopuu7hXgMatlHY3R2GrczQbeOSFUJziMtYfcI3FOrARRmbvm6QM1FkvCEF
d9bmcFTlxRJgV9fspU6XzAjvbW4L6CRip+C94ENjtpnIzjuiLcOZfkonknTfZV9N
gddRKKu/jGf8BgD9Uxuxtq4Nm6ZQagROplwzl8qetlg3G/IXMYeWxKq5wYLQR3Br
A1+vN4Pk1mGauHMpqZC5yyy6mIyxii/iGNMCuQBmkk1IjpX7T5dxAu/mG58LPIuK
XO4Yobb73jjLXZDB4GJS9W8ltGjqORBIC0RcS3nPkNkBCPVkLUbhI8Ntew==
=c/NO
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Adam Borowski]

On Thu, Aug 31, 2017 at 10:40:58AM -0400, taii...@gmx.com wrote:
> I doubt it will be owner controlled, as their laptops aren't - they still
> haven't even gotten a blobbed version of coreboot working (blobbed init code
> + ME enabled as they insisted on a crappy intel soc)
> Purism isn't a trustworthy company.

You might be interested in Pinebook.  While this is on the opposite end to
Talos 2 (costs $89 instead of $6.5k), mainline u-boot+ATF+kernel are
completely blob-free: the initial bootloader in ROM is really minimal and
hands off full control over the hardware to user-controlled code.

The BSP (vendor u-boot+kernel) do have sourceless blobs, but the mainline is
mostly there.  At least, drivers are functional (display has only simplefb
rather than proper DRM but that's being worked on), what's missing is a
proper DT.  Device tree code for this and related hardware is done mostly by
Icenowy Zheng; alas she hasn't fully upstreamed the work yet and using her
WIP tree requires more u-boot skills than I have.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!?
⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din
⠈⠳⣄ 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Hendrik Boom]

On Thu, Aug 31, 2017 at 07:35:49PM +0200, Enrico Weigelt, metux IT consult 
wrote:
> On 31.08.2017 16:40, taii...@gmx.com wrote:
> 
> >I doubt it will be owner controlled, as their laptops aren't - they still
> >haven't even gotten a blobbed version of coreboot working (blobbed init
> >code + ME enabled as they insisted on a crappy intel soc)
> >Purism isn't a trustworthy company.
> 
> Don't know anything about that company, but in general x86 boards
> are much harder to bring up than ARMs. I only know very few completely
> custom x86 boards with open firmware - in ARM world that's daily
> business.
> 
> The actually hard part w/ phones is creating a very small and power
> efficient board, that's a much bigger challenge than the usual
> embedded boards.
> 
> There're several parties out there creating an open phone hw, lets
> see how that plays out.
> 
> IMHO, we should now concentrate on the OS, maybe port the android
> runtime to GNU platform. That should give us an GUI and applet
> framework. Or we start afresh with a plan9-inspired approach.

Like Inferno?

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Enrico Weigelt, metux IT consult]

On 31.08.2017 20:07, Rick Moen wrote:

Having the i.MX6 ori.MX8 CPU 'separate' from the baseband controller 


Does it have to be an mx6 ? okay, open gpu drivers, but perhaps a little
bit expensive and produces a lot heat.


(a term on which they have not yet elaborated), but the latter remains
deeply problematic, being a proprietary black box with proprietary,
opaque firmware.  


#1: isolate them as much as we can, power on only if required, no direct
connections to other vital devices, eg. main memory, storage, ports,
mic, etc - for some interfaces eg. i2s we could even add an extra
tamper detection (when baseband attempts to read audio stream)
or just inject fake data when no actual call is running (w/
cell calls you can safely assume being wiretapped)
#2: reverse engineer the firmware and find leaks for the time we need
to strike
#3: write our own open firmware (that might also be useful for existing
phones out in the wild - maybe even roll out via a virus)


The WiFi and Bluetooth chips and firmware are apparently also black
boxes.


Don't let them do the encryption part, just let them be dumb switches,
until we have our own firmware.


https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy


They suggest firefox ... recent versions (at least since 52) have
built-in malware. I've already removed larged parts of it (yet
very experimental and untested) - still need a strategy to align
w/ upstream.

MSF has already made it perfectly clear they'll never accept any patches
for that and continue their path (already threatened me personally)


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Rick Moen]

Quoting Alessandro Selli (alessandrose...@linux.com):

> Good news indeed!  The second one this week, after this worthy attempt
> by puri.sm to finally produce a smartphone designed to be 100%
> evil-software free and GNU/Linux compatible (scheduled for release in
> 2019, though):
> 
> https://puri.sm/shop/librem-5/

Having the i.MX6 ori.MX8 CPU 'separate' from the baseband controller (a 
term on which they have not yet elaborated), but the latter remains
deeply problematic, being a proprietary black box with proprietary,
opaque firmware.  (See:
http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone)
The WiFi and Bluetooth chips and firmware are apparently also black
boxes.  One notices, also that they say there aren't yet detailed
specifications for the simple reason that the choices of hardware
components are still up in the air.

The secret-sauce baseband controllers are a tough problem, and will
continue to cripple any real chance at smartphone security until there's
a credible open-design alternative.  But fully isolating the main board
and CPU from the baseband modem subassembly -- if that's actually what
Puri.sm are going to do -- is at least half a loaf.  More at:

https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://blog.torproject.org/blog/mission-improbable-hardening-android-security-and-privacy

(If you look closely, you'll see those are two slightly different URLs.)


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Enrico Weigelt, metux IT consult]

On 31.08.2017 15:48, Edward Bartolo wrote:

The devil's advocate in me tells me, since making money is involved,
in the end, history will repeat itself as with what happened with
'user-centredness' in GNU/Linux! Those who have used GNU/Linux for
some long time know pretty well with the shoving down our throats of
systemd what remains of 'user-centredness'.


systemd isn't a major threat anymore. we just need some detergences
and maybe a few surgical PR hit men here and there.

maybe a few PR visible attacks pointing to systemd as the primary
weakness would be fine.


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Enrico Weigelt, metux IT consult]

On 31.08.2017 17:01, info at smallinnovations dot nl wrote:

Sure as far as it the kernel concerns that is true. As soon as you want 
hardware support for a specific SOC you depend on the hardware 
manufacturer. Which are not interested in open source and you are 
already lucky if they even want to deliver a binary blob.


We could pick a few suitable models (that are widely available for
several years, even as cheap used ones) and crack the blobs.

This approach already worked for several GPUs, starting w/ NVidia.
Perhaps we should try to bundle the resources, perhaps even create
a foundation which primary purpose is crack and disclose all
blob drivers and firmware of general computers and destroying
vendor lockins (including despotic restriction malware)

--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Enrico Weigelt, metux IT consult]

On 31.08.2017 16:40, taii...@gmx.com wrote:

I doubt it will be owner controlled, as their laptops aren't - they 
still haven't even gotten a blobbed version of coreboot working (blobbed 
init code + ME enabled as they insisted on a crappy intel soc)

Purism isn't a trustworthy company.


Don't know anything about that company, but in general x86 boards
are much harder to bring up than ARMs. I only know very few completely
custom x86 boards with open firmware - in ARM world that's daily
business.

The actually hard part w/ phones is creating a very small and power
efficient board, that's a much bigger challenge than the usual
embedded boards.

There're several parties out there creating an open phone hw, lets
see how that plays out.

IMHO, we should now concentrate on the OS, maybe port the android
runtime to GNU platform. That should give us an GUI and applet
framework. Or we start afresh with a plan9-inspired approach.


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[info at smallinnovations dot nl]

On 31-08-17 16:14, Narcis Garcia wrote:

El 31/08/17 a les 15:24, info at smallinnovations dot nl ha escrit:


As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind
of free smartphone development. But i doubt of a linux smartphone will
be functional comparable with Android or iOS within 3 to 4 years. They
should use the efforts of Meego/Maemo development or work together wit
Jolla. And trying to get support from one or more large smartphone
makers. Until then when i have to replace my current BQ it will be a
iPhone as one of the lesser evil.


All Androids run Linux.


Sure as far as it the kernel concerns that is true. As soon as you want 
hardware support for a specific SOC you depend on the hardware 
manufacturer. Which are not interested in open source and you are 
already lucky if they even want to deliver a binary blob.


Grtz.

Nick


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[taii...@gmx.com]

On 08/31/2017 04:14 AM, Alessandro Selli wrote:


On Wed, 30 Aug 2017 at 18:25:07 -0400
"taii...@gmx.com"  wrote:


Thought I would share this!

After what happened with TALOS 1 I can't believe they actually pulled it
off this time.

This is truly a historic moment for computing freedom lovers - an owner
controlled open source ultra high performance workstation/server for
only a few thousand dollars.

https://secure.raptorcs.com/

Note: For the non sysadmin crowd this is what dual socket performance
server/workstation hardware costs - it is designed for the power user
market - there are already many crappy owner controlled SOC's going for
a few hundred, now the performance segment has a device too.

   Good news indeed!  The second one this week, after this worthy attempt by
puri.sm to finally produce a smartphone designed to be 100% evil-software free
and GNU/Linux compatible (scheduled for release in 2019, though):

https://puri.sm/shop/librem-5/

I doubt it will be owner controlled, as their laptops aren't - they 
still haven't even gotten a blobbed version of coreboot working (blobbed 
init code + ME enabled as they insisted on a crappy intel soc)

Purism isn't a trustworthy company.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Narcis Garcia]

El 31/08/17 a les 15:24, info at smallinnovations dot nl ha escrit:
> On 31-08-17 10:14, Alessandro Selli wrote:
>>
>>Good news indeed!  The second one this week, after this worthy
>> attempt by
>> puri.sm to finally produce a smartphone designed to be 100%
>> evil-software free
>> and GNU/Linux compatible (scheduled for release in 2019, though):
>>
>> https://puri.sm/shop/librem-5/
>>
>>
>> Alessandro
> As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind
> of free smartphone development. But i doubt of a linux smartphone will
> be functional comparable with Android or iOS within 3 to 4 years. They
> should use the efforts of Meego/Maemo development or work together wit
> Jolla. And trying to get support from one or more large smartphone
> makers. Until then when i have to replace my current BQ it will be a
> iPhone as one of the lesser evil.
> 

All Androids run Linux.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Edward Bartolo]

The devil's advocate in me tells me, since making money is involved,
in the end, history will repeat itself as with what happened with
'user-centredness' in GNU/Linux! Those who have used GNU/Linux for
some long time know pretty well with the shoving down our throats of
systemd what remains of 'user-centredness'.

Financial gain is too strong a temptation to always win irrespective
of circumstances.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[info at smallinnovations dot nl]

On 31-08-17 10:14, Alessandro Selli wrote:


   Good news indeed!  The second one this week, after this worthy attempt by
puri.sm to finally produce a smartphone designed to be 100% evil-software free
and GNU/Linux compatible (scheduled for release in 2019, though):

https://puri.sm/shop/librem-5/


Alessandro
As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind 
of free smartphone development. But i doubt of a linux smartphone will 
be functional comparable with Android or iOS within 3 to 4 years. They 
should use the efforts of Meego/Maemo development or work together wit 
Jolla. And trying to get support from one or more large smartphone 
makers. Until then when i have to replace my current BQ it will be a 
iPhone as one of the lesser evil.


Grtz.

Nick
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Adam Borowski]

On Thu, Aug 31, 2017 at 04:03:57AM +0200, mdn wrote:
> I wonder how many packages already work on power compared to X86 ?

Since this is little-endian, old "power" (ie, powerpc and ppc64) won't work.
Thus, you need ppc64el packages only.

Binary packages in ppc64el unstable main: 53512
Binary packages in amd64   unstable main: 55586

There are probably some packages that compile but don't run but that's a
tiny minority as most software is sane.  The biggest exception I know is
GNOME (at least as of jessie, no idea if they fixed it since) but good
riddance.  GNOME programs still work from a sane WM, it's only GNOME's
window manager part that requires either a mid-end GPU with specific
capabilities or slow software emulation, the latter working only on amd64
and i386.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!?
⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din
⠈⠳⣄ 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

[Alessandro Selli]

On Wed, 30 Aug 2017 at 18:25:07 -0400
"taii...@gmx.com"  wrote:

> Thought I would share this!
>
> After what happened with TALOS 1 I can't believe they actually pulled it 
> off this time.
>
> This is truly a historic moment for computing freedom lovers - an owner 
> controlled open source ultra high performance workstation/server for 
> only a few thousand dollars.
>
> https://secure.raptorcs.com/
>
> Note: For the non sysadmin crowd this is what dual socket performance 
> server/workstation hardware costs - it is designed for the power user 
> market - there are already many crappy owner controlled SOC's going for 
> a few hundred, now the performance segment has a device too.

  Good news indeed!  The second one this week, after this worthy attempt by
puri.sm to finally produce a smartphone designed to be 100% evil-software free
and GNU/Linux compatible (scheduled for release in 2019, though):

https://puri.sm/shop/librem-5/


Alessandro
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] journalctl and Unix groups

[Narcis Garcia]

I've discovered that for journalctl only exist user(s) and others: no
group permissions.

Example: exim4 sets read+write permissions to root for logs, and
read-only for group "adm". If you are member of "adm", you can read
EXIM4 logs.
Depending on distribution, journalctl allows you to read recorded logs
depending only on you being root or not: In some distros (eg. Ubuntu)
any user can read any journal, and (eg. Debian) only root can read
journals (nobody else can read anything else).

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng