subject:"\[DNG\] TALOS 2 \- The Libre Owner Controlled POWER9 Workstation\/Server"

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-05 Thread Alessandro Selli

On Thu, 31 Aug 2017 at 21:46:39 -0700
Rick Moen  wrote:

> Elsewhere in this thread, there's been mention of the dire threat to
> system security from Intel Management Engine (ME) (every Intel CPU since
> 2008) and the equivalent AMD Platform Security Processor (PSP).  
> 
> Noted in the current Linux Weekly News:  discovery of a way to shoot
> Intel ME version 11 in the head:  https://lwn.net/Articles/732291/

  Only realize it now, it's the same team and hack I read of today.

> Coolness.

  Indeed.


-- 
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarat...@ekiga.net
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-04 Thread Arnt Karlsen

On Mon, 4 Sep 2017 11:00:42 +0200, Didier wrote in message 
<2beaafb7-1f5d-116a-d503-082ee06f4...@in2p3.fr>:

> Le 03/09/2017 à 22:38, zap a écrit :
> > *but in the future I hope to get eoma68 which promises even more
> > freedom.*
> 
>  Hope it's higher quality than Pi-Top (poor keyboard and
> touchpad, Ethernet and USB connectors inside the box with a hole to
> pass the cables, no interface  for hard disk, one single micro-sd
> slot)!

..there's always the usb disk interfaces.  But are Broadcom et al
firmware people on Raspberry Pi hardware open to people writing 
new free firmware?

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-04 Thread Didier Kryn


Le 03/09/2017 à 22:38, zap a écrit :

*but in the future I hope to get eoma68 which promises even more freedom.*


Hope it's higher quality than Pi-Top (poor keyboard and touchpad, 
Ethernet and USB connectors inside the box with a hole to pass the 
cables, no interface  for hard disk, one single micro-sd slot)!


Didier


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-03 Thread zap



On 09/03/2017 09:41 AM, Alessandro Selli wrote:
> On 03/09/2017 at 13:32, zap wrote:
>>
>> On 09/03/2017 05:26 AM, Alessandro Selli wrote:
>>> On 01/09/2017 at 20:36, zap wrote:
> I doubt it will be owner controlled, as their laptops aren't - they
> still haven't even gotten a blobbed version of coreboot working
> (blobbed init code + ME enabled as they insisted on a crappy intel soc)
> Purism isn't a trustworthy company.
 Gee, I thought purism was a trustworthy company, I mean they claim you
 can get the latest and the greatest without intel me
>>>   This is *not* what they claim:
>>>
>>> https://puri.sm/learn/intel-me/
>>>
>>> "Freeing the ME is a challenge, but not impossible"
>>>
>>> "By working with Intel, motherboard design developers, as well as our
>>> coreboot developers, Purism has put in motion a solid approach on how to
>>> run a freed Intel ME *in the future*."
>> Sorry, but have you talked to libreboot or coreboot about this?
>   What should I tell them?  "Why did you let Librem's *evil* patches into
> your code?" (https://review.coreboot.org/#/q/owner:"Alaoui; )
No... That's not what I meant. I mean if coreboot and libreboot couldn't
figure it out. Why do you think purism can?


>> and also,
>> not even google with all their money can convince intel to give their
>> secrets to them.
>   What secrets?  Intel designes CPUs to Goggle's specifications, what
> secrets are you talking about?
Not quite, not according to libreboot.
>> That for me is a solid reason why I said this.
>   This is the present state of the matter:
> https://puri.sm/learn/avoiding-intel-amt/
>
> "So, there is no hardware level remote access to Purism hardware?"
>
> "No, none that we are aware of, nor have put-in. As it relates specifically
> to Intel AMT, we neutralize the threat by avoiding Intel CPUs that have the
> hardware chip allowing it, we do not use Intel networking cards, we use a
> version of the Intel ME that Intel claims does not have these capabilities
> (yes, we know that “Intel claims…” means we don’t have visibility into the
> source code, and yes, we know that is a concern, and yes, we are working on
> solving this) and we neutralize/lobotomize the Intel ME binary, including
> the “network” and “kernel” parts of the Management Engine."
>
> [...]
>
> "We are also planning to reverse-engineer the remaining parts. We have
> reverse-engineered the ROMP module and will continue the work for other
> modules throughout 2017."
>
>  What Librem did to Intel's hardware (fuses: https://puri.sm/learn/intel-me/
> ) and software (firmware) is documented.  Better than this you can only have
> smartphones from an open-hardware vendor that produced everything in-house,
> from the CPU to the screen.  Is there such a vendor?
>
> [...]
>
>>> "We are working to completely remove (or reverse engineer, as we have begun
>>> to do) the Intel ME, on all our models, and will update on our blog (and
>>> this page) as we make progress on that front."
>> I don't think they will succeed even if they did care...
>   They are doing it.  They already went much farther than anyone else who
> tried, AFAIK.
AFAIK... that's the problem... you don't really know as much as you
think. I used to believe they could do it... But I now realize that they
either A, don't care or B: are unable to. Those are the only options
given the nature of the free software community and the intel blobs.
 in it and also they
 claim that they can sprinkle magic fairy dust on all the hardware so
 that you can use it all without any blobs or firmware that is
 proprietary...
>>>   Again, this is *not* what they claim:
>>>
>>> https://puri.sm/learn/blobs/ and
>>> https://puri.sm/about/competitors/
>>>
>>>   They do *not* state that their products are free of any binary blob,
>>> they state that *their* software does not have any, from Coreboot on, and
>>> that the motherboard's BIOS is *partially* free of binary blobs.
>> Saying, that purism is being serious and not misleading people, I doubt
>> they can achieve what your talking about, *Intel will not help them!
>   I know, they know and they're not hiding it at all.
>   Do you know what "reverse engineering" mean?
I am not completely aware of what it means, but I have a sense it means
to decompile it and get full access to the code.
>> *If *Google cannot get convince intel to give their source code to them,
>   Did they try?  AFAIK, Intel produces chips to Goggle's specifications,
> what software does Google need from Intel?
This is false, because of the nature of most governments wanting intel
to put backdoors in the hardware that cannot be removed. Although it
allows governments to do more spying, it also lets terrorists crack into
more hardware too. 
But that aside, there are some insane usa laws which make it against the
law even to *admit there are backdoors let alone tell people how to
remove them!*
>> then purism has no chance in hell...* to get the source code
>> **
>

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-03 Thread taii...@gmx.com


On 09/03/2017 09:41 AM, Alessandro Selli wrote:


   Do you believe that all ARM, SPARC and Power suppliers do not put anything
in their CPUs that users and developers do not know about?  Again, the only
way to be sure is buying hardware from a vendor that produces it's own
hardware, CPUs included, openly releasing their full specifications,
blue-prints and software.  Do you know any?

TALOS 2 is actually libre, both the firmware and the hardware - IBM has 
released full specs for POWER9.


ME/PSP is integral to the modern x86 boot process, it simply can't be 
disabled - maybe with years of research and millions in reverse 
engineering but that would be silly.


I don't like them because they could have picked a mobile platform that 
could actually be freed in real life (not just wishful thinking) such as 
AMD FT3 (cpu on the lenovo G505S) or AppliedMicro performance ARM, 
without doing that they take away resources from legitimate projects - 
when they first started up the community told them this but they refused 
to listen and kept insisting they could "free" ME (and backport it to 
the many laptops they have released? I doubt it)


As it stands they are selling an overpriced whitebox laptop and 
confusing users with the "librem" name and quotes from stallman, they 
lack the hardware engineering department to tell them what can and can't 
be reasonably done.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-03 Thread Adam Borowski

On Sun, Sep 03, 2017 at 03:41:23PM +0200, Alessandro Selli wrote:
>   This is the present state of the matter:
> https://puri.sm/learn/avoiding-intel-amt/
>
> "So, there is no hardware level remote access to Purism hardware?"

AMT is merely a way to configure the built-in backdoor that allows you to
partially use it for your purposes.  There is no proof, merely allegations,
that the backdoor allows someone with the secret trigger to control it in
other cases, but Intel has made a string of very weird engineering decisions
that make no sense if there's no such hidden backdoor but make perfect sense
if there is.

> > Listen to coreboot and libreboot's reasoning why this will never work.
> >
> > https://libreboot.org/faq.html
> >
> > look at the parts about purism and intel.
> 
>   Nothing new there.

An argument remains valid (which doesn't imply true nor untrue) until
refuted; it doesn't stop being irrelevant only because it's old.  As far as
it's currently known, there's no real way to disable Intel's ME, and that
flag hack announced this week which might or might not do the trick very
likely doesn't already work on CPUs which get out of the production line
today.

>  They just say that the only way to be sure is
> "avoiding all modern [>=2008] Intel hardware."  Plus: "libreboot project
> recommends avoiding all modern [>=2013] AMD hardware."
> 
>   This leaves out just ARM, SPARC and Power CPUs.  Mind if I ask you: what
> are your PCs and laptops running on?

Laptop: Allwinner A64 (2016).
Desktop: Phenom II X6 1055T (2011).
Mail server: Xeon E5440 (2007).

Yes, neither is very fast, but at least the desktop feels adequate for all
tasks I use it for -- the only thing I've recently wished would compile
faster is the kernel.

And if you do need more oomph directly under your desk, Talos 2 may be
expensive but it's there.

The mail server currently suffers from inadequate I/O, but that's because 1. 
it uses spinning rust (replaceable), 2. it runs a lot of other stuff.  Mail
load itself (for ~80 users) could be handled by a single NanoPi NEO that's
the size of a coin (4 cores, 512MB ram).

Obviously I deal with a lot more servers than this, but only these three
machines handle any of my data I consider sensitive.

>   Do you believe that all ARM, SPARC and Power suppliers do not put anything
> in their CPUs that users and developers do not know about?

ARM has TrustZone which most vendors don't allow running your own code on,
but on Allwinner A64 (at least Pine64 and Pinebook) you get to compile and
load it yourself.  It also has an arisc that improves deepest sleep states
(when the ARM CPU is off) but it has no ROM and needs its code loaded at
runtime -- it's not needed for regular operation.  Unlike ATF for the
TrustZone, no free code currently exists but if you don't load anything, you
merely 

> Again, the only way to be sure is buying hardware from a vendor that
> produces it's own hardware, CPUs included, openly releasing their full
> specifications, blue-prints and software.  Do you know any?

In theory, you could buy a FPGA and load openrisc or riscv on it, but I'm
nowhere that kind of hardware hacker for that.

Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!?
⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din
⠈⠳⣄ 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-03 Thread Alessandro Selli

On 03/09/2017 at 13:32, zap wrote:
> 
> 
> On 09/03/2017 05:26 AM, Alessandro Selli wrote:
>> On 01/09/2017 at 20:36, zap wrote:
 I doubt it will be owner controlled, as their laptops aren't - they
 still haven't even gotten a blobbed version of coreboot working
 (blobbed init code + ME enabled as they insisted on a crappy intel soc)
 Purism isn't a trustworthy company.
>>> Gee, I thought purism was a trustworthy company, I mean they claim you
>>> can get the latest and the greatest without intel me
>>   This is *not* what they claim:
>>
>> https://puri.sm/learn/intel-me/
>>
>> "Freeing the ME is a challenge, but not impossible"
>>
>> "By working with Intel, motherboard design developers, as well as our
>> coreboot developers, Purism has put in motion a solid approach on how to
>> run a freed Intel ME *in the future*."
> Sorry, but have you talked to libreboot or coreboot about this?

  What should I tell them?  "Why did you let Librem's *evil* patches into
your code?" (https://review.coreboot.org/#/q/owner:"Alaoui; )

> and also,
> not even google with all their money can convince intel to give their
> secrets to them.

  What secrets?  Intel designes CPUs to Goggle's specifications, what
secrets are you talking about?

> That for me is a solid reason why I said this.

  This is the present state of the matter:
https://puri.sm/learn/avoiding-intel-amt/

"So, there is no hardware level remote access to Purism hardware?"

"No, none that we are aware of, nor have put-in. As it relates specifically
to Intel AMT, we neutralize the threat by avoiding Intel CPUs that have the
hardware chip allowing it, we do not use Intel networking cards, we use a
version of the Intel ME that Intel claims does not have these capabilities
(yes, we know that “Intel claims…” means we don’t have visibility into the
source code, and yes, we know that is a concern, and yes, we are working on
solving this) and we neutralize/lobotomize the Intel ME binary, including
the “network” and “kernel” parts of the Management Engine."

[...]

"We are also planning to reverse-engineer the remaining parts. We have
reverse-engineered the ROMP module and will continue the work for other
modules throughout 2017."

 What Librem did to Intel's hardware (fuses: https://puri.sm/learn/intel-me/
) and software (firmware) is documented.  Better than this you can only have
smartphones from an open-hardware vendor that produced everything in-house,
from the CPU to the screen.  Is there such a vendor?

[...]

>> "We are working to completely remove (or reverse engineer, as we have begun
>> to do) the Intel ME, on all our models, and will update on our blog (and
>> this page) as we make progress on that front."
>
> I don't think they will succeed even if they did care...

  They are doing it.  They already went much farther than anyone else who
tried, AFAIK.

>>> in it and also they
>>> claim that they can sprinkle magic fairy dust on all the hardware so
>>> that you can use it all without any blobs or firmware that is
>>> proprietary...
>>   Again, this is *not* what they claim:
>>
>> https://puri.sm/learn/blobs/ and
>> https://puri.sm/about/competitors/
>>
>>   They do *not* state that their products are free of any binary blob,
>> they state that *their* software does not have any, from Coreboot on, and
>> that the motherboard's BIOS is *partially* free of binary blobs.
> Saying, that purism is being serious and not misleading people, I doubt
> they can achieve what your talking about, *Intel will not help them!

  I know, they know and they're not hiding it at all.
  Do you know what "reverse engineering" mean?

> *If *Google cannot get convince intel to give their source code to them,

  Did they try?  AFAIK, Intel produces chips to Goggle's specifications,
what software does Google need from Intel?

> then purism has no chance in hell...* to get the source code
> **

  They do not actually need source code, they'd be content with knowing how
to get rid of what they put in.

>>> Doesn't that sound just plain trustworthy? Can you
>>> honestly say that they cannot be trusted?
>>   They are honest in what they say.  Could you prove they lied of
>> misguided people in their statements please let everyone know.
> I am sorry to say that I disagree completely, especially due to them
> originally trying to pass nvidia as a means to achieve libre status until
> there was an uproar and they changed to intel.

  So, they heeded the community's voice, they excluded a major vendor due to
security concerns, and you claim they are *not* sincere in developing a
system tat is as free as possible from proprietary software?  Other than
allegations and personal opinions, do you have anything solid to counter
their claims?

> Unless they are just plain stupid. 
>
> Listen to coreboot and libreboot's reasoning why this will never work.
>
> https://libreboot.org/faq.html
>
> look at the parts about purism and intel.

  Nothing new there.  They just say that the

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-03 Thread zap



On 09/03/2017 05:26 AM, Alessandro Selli wrote:
> On 01/09/2017 at 20:36, zap wrote:
>>> I doubt it will be owner controlled, as their laptops aren't - they
>>> still haven't even gotten a blobbed version of coreboot working
>>> (blobbed init code + ME enabled as they insisted on a crappy intel soc)
>>> Purism isn't a trustworthy company.
>> Gee, I thought purism was a trustworthy company, I mean they claim you
>> can get the latest and the greatest without intel me
>   This is *not* what they claim:
>
> https://puri.sm/learn/intel-me/
>
> "Freeing the ME is a challenge, but not impossible"
>
> "By working with Intel, motherboard design developers, as well as our
> coreboot developers, Purism has put in motion a solid approach on how to run
> a freed Intel ME *in the future*."
Sorry, but have you talked to libreboot or coreboot about this? and
also, not even google with all their money can convince intel to give
their secrets to them. That for me is a solid reason why I said this.
>
> Emphasis mine.
>   How far into the future?
>
> https://puri.sm/products/
>
> "This can be applied as a software update for the existing Librem 13 v1
> (porting to other existing models is ongoing), and this will also be
> available factory-installed starting Q3 2017"
>
>   Right now this is what they have achieved:
>
> "A neutralized ME"
>
> "While finishing our first coreboot port, we have successfully neutralized
> the Intel ME thanks to the great work of the “me_cleaner” project, removing
> its kernel, network stack, and about 92% of the Intel ME binary. There
> remains a little over 7% before complete removal."
>
>   The complete removal is in the works:
>
> "We are working to completely remove (or reverse engineer, as we have begun
> to do) the Intel ME, on all our models, and will update on our blog (and
> this page) as we make progress on that front."

I don't think they will succeed even if they did care...

>
>> in it and also they
>> claim that they can sprinkle magic fairy dust on all the hardware so
>> that you can use it all without any blobs or firmware that is
>> proprietary...
>   Again, this is *not* what they claim:
>
> https://puri.sm/learn/blobs/ and
> https://puri.sm/about/competitors/
>
>   They do *not* state that their products are free of any binary blob, they
> state that *their* software does not have any, from Coreboot on, and that
> the motherboard's BIOS is *partially* free of binary blobs.
Saying, that purism is being serious and not misleading people, I doubt
they can achieve what your talking about, *Intel will not help them!

*If *Google cannot get convince intel to give their source code to them,
then purism has no chance in hell...* to get the source code
**
>> Doesn't that sound just plain trustworthy? Can you
>> honestly say that they cannot be trusted?
>   They are honest in what they say.  Could you prove they lied of misguided
> people in their statements please let everyone know.
I am sorry to say that I disagree completely, especially due to them
originally trying to pass nvidia as a means to achieve libre status
until there was an uproar and they changed to intel.
Unless they are just plain stupid. 

Listen to coreboot and libreboot's reasoning why this will never work.

https://libreboot.org/faq.html


look at the parts about purism and intel. Also if you do, you will see
that what I said though very sarcastically, was true.


>
>
> Alessandro
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

<>___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-03 Thread Alessandro Selli

On 31/08/2017 at 15:24, info at smallinnovations dot nl wrote:
> On 31-08-17 10:14, Alessandro Selli wrote:
>>
>>Good news indeed!  The second one this week, after this worthy attempt by
>> puri.sm to finally produce a smartphone designed to be 100% evil-software
>> free
>> and GNU/Linux compatible (scheduled for release in 2019, though):
>>
>> https://puri.sm/shop/librem-5/
>>
>>
>> Alessandro
> As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind of
> free smartphone development.

  Bear in mind that BQ's Ubuntu phones are (were) regular Android phones
with Ubuntu Phone/Touch preinstalled.  They have all the binary firmware
required to run Android.

> But i doubt of a linux smartphone will be
> functional comparable with Android or iOS within 3 to 4 years.

  The Purims Librem 5 is designed to be able to run several GNU/Linux
distros ported to ARM.  Ubuntu touch was not anything like it, it was *not*
a regular Ubuntu running on a smartphone, you could not have it run a
generic GUI application on it.

> They should
> use the efforts of Meego/Maemo development or work together wit Jolla.

  Jolla was designed to be an OS independent from any other in existence,
and it could install Android APK packages.  It's not any closer to a generic
GNU/Linux distribution than Android is.

> And
> trying to get support from one or more large smartphone makers.

  This is not in their plans, as they are not willing to let third parties
do away with their binary blobs or to let them reverse-engineer their
firmware or drivers or hardware.  Just to say one, nearly all smartphone
producers put the CPU and the baseband modem together or linked in hardware,
making it impossible to prevent anything that runs on the CPU from accessing
the modem.  The Purims Librem 5 is designed to let those two parts sit on
separate, independent, chips.

> Until then
> when i have to replace my current BQ it will be a iPhone as one of the
> lesser evil.

  Apple, together with Google, Amazon, Samsung, Sony and Microsoft, is a
player in the Major Evil League.

Alessandro

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-03 Thread Alessandro Selli

On 01/09/2017 at 20:36, zap wrote:
> 
>>>
>> I doubt it will be owner controlled, as their laptops aren't - they
>> still haven't even gotten a blobbed version of coreboot working
>> (blobbed init code + ME enabled as they insisted on a crappy intel soc)
>> Purism isn't a trustworthy company.
> Gee, I thought purism was a trustworthy company, I mean they claim you
> can get the latest and the greatest without intel me
  This is *not* what they claim:

https://puri.sm/learn/intel-me/

"Freeing the ME is a challenge, but not impossible"

"By working with Intel, motherboard design developers, as well as our
coreboot developers, Purism has put in motion a solid approach on how to run
a freed Intel ME *in the future*."

Emphasis mine.
  How far into the future?

https://puri.sm/products/

"This can be applied as a software update for the existing Librem 13 v1
(porting to other existing models is ongoing), and this will also be
available factory-installed starting Q3 2017"

  Right now this is what they have achieved:

"A neutralized ME"

"While finishing our first coreboot port, we have successfully neutralized
the Intel ME thanks to the great work of the “me_cleaner” project, removing
its kernel, network stack, and about 92% of the Intel ME binary. There
remains a little over 7% before complete removal."

  The complete removal is in the works:

"We are working to completely remove (or reverse engineer, as we have begun
to do) the Intel ME, on all our models, and will update on our blog (and
this page) as we make progress on that front."

> in it and also they
> claim that they can sprinkle magic fairy dust on all the hardware so
> that you can use it all without any blobs or firmware that is
> proprietary...

  Again, this is *not* what they claim:

https://puri.sm/learn/blobs/ and
https://puri.sm/about/competitors/

  They do *not* state that their products are free of any binary blob, they
state that *their* software does not have any, from Coreboot on, and that
the motherboard's BIOS is *partially* free of binary blobs.

> Doesn't that sound just plain trustworthy? Can you
> honestly say that they cannot be trusted?

  They are honest in what they say.  Could you prove they lied of misguided
people in their statements please let everyone know.



Alessandro
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-01 Thread zap

On 09/01/2017 10:43 AM, Edward Bartolo wrote:
> People are mentioning Waterfox yet another reincarnation of Firefox.
> Can it run on Devuan ASCII? I have used Palemoon but stopped due to
> many issues.
YES! and also ceres too. You just can't use it on jessie... for whatever
reason...
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

<>___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-01 Thread Edward Bartolo

People are mentioning Waterfox yet another reincarnation of Firefox.
Can it run on Devuan ASCII? I have used Palemoon but stopped due to
many issues.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-09-01 Thread zap


> Just try to submit a patch that eg, allows build-time opt-out of
> geoloc, motion/ambient sensors, etc, and see what happens.
Okay point taken screw firefox... I think waterfox though is more
accepting of such patches.
>
>>> Most of it should still be in their mail archives - and I could publish
>>> the personal mails when applicable.
>>
>> (Which archives, BTW?)
>
> mozilla.org.
> IIRC, it should also be synced to the newsgroups.
>
>> But you haven't said what this was, and, FWIW, I did spend a few minutes
>> looking for it.
>
> In that case it was 'just' banning me completely from all mozilla
> communication channels (all maillists, bugzilla, newsgroups,
> forums, wikis, etc).
That is just plain evil. I never knew firefox was so hostile to
humanity.  Although good thing their model allows for something like
waterfox to take hold.  Thank god... I just detest pocket.
>
>
> --mtx
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

<>___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Rick Moen

Elsewhere in this thread, there's been mention of the dire threat to
system security from Intel Management Engine (ME) (every Intel CPU since
2008) and the equivalent AMD Platform Security Processor (PSP).  

Noted in the current Linux Weekly News:  discovery of a way to shoot
Intel ME version 11 in the head:  https://lwn.net/Articles/732291/

Coolness.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Rick Moen

Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net):

> In essence, moz folks only want to add new fancy brave new world
> features (seems they're totally in the post-humanist ideology),
> and tend to hostile reaction against all critics.
> 
> Just try to submit a patch that eg, allows build-time opt-out of
> geoloc, motion/ambient sensors, etc, and see what happens.

I really do think Iceweasel, Mark II is the real route forward:  When
all is said and done, Mozilla, Inc. are a commercial entity inherently
beholden to their funders.  They is absolutely _nothing_ like a public
utility or charity.  We should thank them for a basic codebase that
can be used as the basis for better things, and carefully not trust
them overmuch.

> >>Most of it should still be in their mail archives - and I could publish
> >>the personal mails when applicable.
> >
> >(Which archives, BTW?)
> 
> mozilla.org.
> IIRC, it should also be synced to the newsgroups.

I honestly cannot find it, FWIW.

> In that case it was 'just' banning me completely from all mozilla
> communication channels (all maillists, bugzilla, newsgroups,
> forums, wikis, etc).

One last time:  What specifically do you mean by 'threatened'?  What,
and by whom?

I ask mostly because, as I mentioned, I really do believe in 'Fiat
justitia ruat cælum' (let justice be done, though the heavens fall) -- 
including citing the relevant names.

If you read the National Transportation Safety Board report on the Pan
American World Airways flight 799 disaster that killed my father in
December '68, the crucial error (among several) was by an _unnamed_
engineer in Pan Am service engineering who 'decided that [a recommended
hardware] modification was not necessary', despite having carte blanche
to do any fix costing less than US $50 per airframe and just expense it.
An equally unnamed supervisor reviewed this decision and 'decided, after
coordination with flight operations, that the bulletin was not
applicable to Pan Am aircraft, and no further action was taken.  The
reason for this decision was not fully documented.'

And no names.

Names.  Accountability.  I rather like them.

(Som faren går fyre, kjem sonen etter.  I am very much my father's son.)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Enrico Weigelt, metux IT consult


On 01.09.2017 01:25, Rick Moen wrote:


https://github.com/orgs/Librezilla/


Thank you for working on that.  I haven't taken the time to find the
crux of your objection to the upstream code, though.


In essence, moz folks only want to add new fancy brave new world
features (seems they're totally in the post-humanist ideology),
and tend to hostile reaction against all critics.

Just try to submit a patch that eg, allows build-time opt-out of
geoloc, motion/ambient sensors, etc, and see what happens.


Most of it should still be in their mail archives - and I could publish
the personal mails when applicable.


(Which archives, BTW?)


mozilla.org.
IIRC, it should also be synced to the newsgroups.


But you haven't said what this was, and, FWIW, I did spend a few minutes
looking for it.


In that case it was 'just' banning me completely from all mozilla
communication channels (all maillists, bugzilla, newsgroups,
forums, wikis, etc).


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Rick Moen

Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net):

> >Have you written this up, somewhere?
> 
> yet incomplete and hackish (due lack of time)
> 
> https://github.com/orgs/Librezilla/

Thank you for working on that.  I haven't taken the time to find the
crux of your objection to the upstream code, though.


> >>MSF has already made it perfectly clear they'll never accept any patches
> >>for that and continue their path (already threatened me personally)
> >
> >And have you written up the details of this?
> 
> Most of it should still be in their mail archives - and I could publish
> the personal mails when applicable.

(Which archives, BTW?)

I didn't mean to suggest that I disbelieved you, only that oddly vague 
claims of 'threats' have a generally wretched history on the Internet.
For starters, the author's notion of what qualifies as threatening and
the reader's, and what rises to the level of being worthy of notice,
tend to differ.

This situation is worsened by many Internet denizens' (and many
businesses') assumption that talk is cheap on the Internet, that they
can get away with darkly hinting at harm of various sorts
(semi-threatened litigation for business torts and libel, or alleged
trademark violation, being the most common) without consequence.

In my experience, the only way to restore accountability is to put the
facts out in public without editorial commentary, including names and
full texts.  This has been my own policy:  E.g., when Prof. Daniel J.
Bernstein semi-threatened litigation because I dared to maintain a FAQ
saying why I preferred not to use his software, I politely referred him
to my attorney and then put the correspondence up on the Web for public
amusement.[1]  Later, when an officer of a LUG in Davis, California sent me
an (it was later claimed) unauthorised lawsuit threat letter because I 
documented on my Web site abusive conduct by the then-listadmin, I
published it plus my response letter.[2]  And when one of my fellow Board
members of my local sysadmin guild, BayLISA, bizarrely and in error
claimed _I'd_ threatened litigation against BayLISA (my _own_
organisation), I published all of that, too.[3]  Last, when the operator
of standalone newsgroup threatened me with copyright litigation for
Web-archiving public postings from the newsgroup, I Web-published that
as an addition to my Web archive.[4]

In each case, the supposed legal threat was obvious bullshit except of
the type people feel free to hurl around because they might get their
way if the recipient is timid and/or stupid, _and_ because they see no
downside to trying.  As I happen to have a reasonably high PageRanked
Web site, as it turns out, there _is_ a downside to trying this dumb
Internet trick on me -- and I don't take lawsuits lightly, having lived
through my mother's suit against a Fortune 50 corporation (Boeing) over
the wrongful death of my father, Pan Am Captain Arthur Moen.  Even
though we won, it was an ordeal, so I do not regard bogus legal threats
as a matter to take lightly, but rather one to punish with sunlight.

If the 'threat' you speak of was substantive _and unmerited_, then IMO
you should do likewise.

But you haven't said what this was, and, FWIW, I did spend a few minutes
looking for it.


[1] http://linuxmafia.com/~rick/faq/dan-brandishing-legal-threats
[2] http://linuxmafia.com/~rick/linux-info/lugod.html
[3] http://linuxmafia.com/~rick/litigious2.html
[4] http://linuxmafia.com/~rick/linux-info2/astcomm.html

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Enrico Weigelt, metux IT consult


On 31.08.2017 22:38, Rick Moen wrote:

I think you're missing that point that a baseband chipset integrated > with a smartphone has total control over anything and everything the> 

smartphone does,

Depends on how it is connected to the rest of the system.
If it eg. has a direct link to the mic, it can be easily abused, of
course.

Nevertheless we should have an open one.


--mtx

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Enrico Weigelt, metux IT consult


On 31.08.2017 22:26, Rick Moen wrote:

They say it's going to be either i.MX6 or i.MX8.  


whenever mx8 will be actually available ... :o


They haven't yet
decided.  (This further underlines my point that it's definitely nothing
like a finished product, yet.)


ack.


I don't want to be unduly cynical about Puri.sm, but they have had a
history of overselling and being just a bit reticent about the secret
proprietary bits they've not addressed at all in their 'open' designs.


well, never heared about these guys, let's see how it finally plays out.


They suggest firefox ... recent versions (at least since 52) have
built-in malware. I've already removed larged parts of it (yet
very experimental and untested) - still need a strategy to align
w/ upstream.


Have you written this up, somewhere?


yet incomplete and hackish (due lack of time)

https://github.com/orgs/Librezilla/


MSF has already made it perfectly clear they'll never accept any patches
for that and continue their path (already threatened me personally)


And have you written up the details of this?


Most of it should still be in their mail archives - and I could publish
the personal mails when applicable.

I've just contacted the waterfox guy, let's see whether we can agree on
an alliance.


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Enrico Weigelt, metux IT consult


On 31.08.2017 22:05, zap wrote:


Try Waterfox that is libre by default at least. eme can be disabled and
that is waterfox's only problem.


Cool, didn't know that yet.
We should support it in dng.


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Rick Moen

Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net):

> They suggest firefox ... recent versions (at least since 52) have
> built-in malware. I've already removed larged parts of it (yet
> very experimental and untested) - still need a strategy to align
> w/ upstream.

To be very specific, decades ago I learned to distrust the word
'malware', especially when it gets hurled about with a notable and utter
absence of specifics.  In my experience, it gets used to mean anything
and everything in software the author doesn't like.

If you mean, for example 'code that opens outbound sockets to a remote
corporate IP address for reasons I [either] don't understand [or]
consider insufficient', you really ought to say so rather than erring on
the side of vague melodrama.  

Mozilla Foundation's relationship with users cannot help but be
problematic on account of its (and its for-profit subsidiary Mozilla
Corporation's) funding model, a matter I discussed in passing in my Feb.
2011 Silicon Valley Linux User Group talk 'The Wild, Wild Web: Web
Browser Security, Performance, and Privacy'.  Slides and lecture notes
in the SVLUG News column, here, http://www.svlug.org/ , but I really
covered the funding-model problem in full only in my talk itself:  In
short, you/we/I simply aren't Mozilla Corporation's customer.

IMO, the best way to address that and several other problems would be
via an Iceweasel Mark II.


And likewise:

> MSF has already made it perfectly clear they'll never accept any patches
> for that and continue their path (already threatened me personally)

I've noticed that many people on the Internet use the term 'threaten' at
the drop of a hat, and (likewise) the underlying reality, if any, can be
anything at all.

By the way, what's an MSF?  Mozilla Foundation?
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Enrico Weigelt, metux IT consult

On 31.08.2017 21:53, Daniel Abrecht wrote:

While all android phones technically use a linux kernel, they have > nothing else in common with a normal Linux system. Android has it's>

own libc: bionic.

One of my goals in the gnudroid project (which is currently stalled
due lack of time) is porting it to glibc or uclibc.

It also has special IPC mechanisms enabled in the > linux kernel,

Binder already is mainlined. Not sure whether it's properly namespace'd
yet, but that shouldn't be the big deal.

and it uses gralloc instead of fbdev or DRM.

IIRC, gralloc is used to allocate intermediate surface buffers,
for both GPUs and other image/video processing devices, and allows
passing them between processes (similar to gem or prime). Not checked,
but they probably have something that finally bridges to GEMs, so GPUs
drivers can consume the buffers (if not, shouldn't be such a hard job
to add that). I'd guess sooner or later will come up with something
similar, as a complete video processing pipe (involving dri and v4l
devices) is an ongoing topic for quite some time.

I Really hope the Librem 5 will get fbdev support, so I can see boot > messages on a framebuffer console, and optionally DRM support for>

things like OpenGL and Vulkan.
plain fbdev shouldn't be the big deal as soon as basic KMS stuff
is implemented. in embedded world it's usally just a matter of
properly enabling the ipu (for most SOCs should be mainlined) and
backlight (usually some dumb pwm controller, either in the SoC or
behind I2C).

When bringing up an own custom board, that's one of the early steps
(and beyond the SOC-stuff usually board specific).

--mtx

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread taii...@gmx.com

FYI just so everyone knows the 6.5K price is the prebuilt cost, you can 
get the board and CPU for around 2K then you just need DDR4 memory.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Rick Moen

Quoting Arnt Gulbrandsen (a...@gulbrandsen.priv.no):

[snip a bunch of stuff I'm not going to spend time on]

> Back to the phones.
> 
> If you have proper control over your phones's baseband, you're
> relying on the telco as a proprietary black box to forward your
> packets and calls. If your baseband's a blob, but you do have a
> proper DMZ between your hardware and the baseband, then you're
> relying on two black boxes. IMO: Much of a muchness.

I think you're missing that point that a baseband chipset integrated
with a smartphone has total control over anything and everything the
smartphone does, and is an intelligent, autonomous agent that infamously
is subject to subversion by both state actors and well-funded private
actors from cell towers (or cheap simulations thereof).  In other words,
you do _not_ have proper control over your phone's baseband, but remote,
undetectable, hostile parties may, and are known to have done so
routinely.

A baseband chipset _not_ integrated with the smartphone is a lesser
threat,  The Tor Project article describes how this (current-best) ideal
can be simulated by USB-connecting a Wifi-only tablet with a cell modem 
and battery pack.  This reduces the threat exposure to remote, hostile control
over the modem functions.

Maybe the planned future Puri.sm product will come close to that degree
of isolation -- or not.

Anyway, I've now explained this matter twice and provided links for
experts' assessments.  If you don't agree, feel free to go argue with
them.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Rick Moen

Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net):

> On 31.08.2017 20:07, Rick Moen wrote:
> 
> >Having the i.MX6 ori.MX8 CPU 'separate' from the baseband
> >controller
> 
> Does it have to be an mx6 ? okay, open gpu drivers, but perhaps a little
> bit expensive and produces a lot heat.

They say it's going to be either i.MX6 or i.MX8.  They haven't yet
decided.  (This further underlines my point that it's definitely nothing
like a finished product, yet.)

> #1: isolate them as much as we can, power on only if required, no direct
> connections to other vital devices, eg. main memory, storage, ports,
> mic, etc - for some interfaces eg. i2s we could even add an extra
> tamper detection (when baseband attempts to read audio stream)
> or just inject fake data when no actual call is running (w/
> cell calls you can safely assume being wiretapped)

This would be the opimal approch given the existing baseband situation,
but please note that Puri.sm haven't specified yet what they mean by 
'separate'. 

The Tor Project hardened-Android articles has some good thoughts about
the baseband problem and how to isolate it as best can be achieved under
current circumstances.

I don't want to be unduly cynical about Puri.sm, but they have had a
history of overselling and being just a bit reticent about the secret
proprietary bits they've not addressed at all in their 'open' designs.

> They suggest firefox ... recent versions (at least since 52) have
> built-in malware. I've already removed larged parts of it (yet
> very experimental and untested) - still need a strategy to align
> w/ upstream.

Have you written this up, somewhere?

> MSF has already made it perfectly clear they'll never accept any patches
> for that and continue their path (already threatened me personally)

And have you written up the details of this?

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread zap


>
>> https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
>>
>
> They suggest firefox ... recent versions (at least since 52) have
> built-in malware. I've already removed larged parts of it (yet
> very experimental and untested) - still need a strategy to align
> w/ upstream.
>
> MSF has already made it perfectly clear they'll never accept any patches
> for that and continue their path (already threatened me personally)
>
Try Waterfox that is libre by default at least. eme can be disabled and
that is waterfox's only problem.
>
> --mtx
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

<>___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Arnt Gulbrandsen


Rick Moen writes:
Having the i.MX6 ori.MX8 CPU 'separate' from the baseband controller (a 
term on which they have not yet elaborated), but the latter remains

deeply problematic, being a proprietary black box with proprietary,
opaque firmware. 


Really?

I suppose you've dealt with as many ISPs as I have... some of them give you 
a cable of some sort, some of them send you a router to put on customer 
premises. In the latter case, some people just connect the ISP CPE to their 
network, but you and I make a tiny DMZ and route everything via a router of 
our own.


Once I used the exact same kind of Cisco as the ISP, which looked a little 
superfluous. But that's really a small thing. A few watts, a power cable.


Back to the phones.

If you have proper control over your phones's baseband, you're relying on 
the telco as a proprietary black box to forward your packets and calls. If 
your baseband's a blob, but you do have a proper DMZ between your hardware 
and the baseband, then you're relying on two black boxes. IMO: Much of a 
muchness.


Arnt

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Daniel Abrecht

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

While all android phones technically use a linux kernel, they have
nothing else in common with a normal Linux system. Android has it's
own libc: bionic. It also has special IPC mechanisms enabled in the
linux kernel, and it uses gralloc instead of fbdev or DRM. I think
gralloc is the biggest problem with android phones, it's absolutely
useless for everything except for androids SurfaceFlinger and
canonicals Mir.

I Really hope the Librem 5 will get fbdev support, so I can see boot
messages on a framebuffer console, and optionally DRM support for
things like OpenGL and Vulkan.

On 2017-08-31 15:01, info at smallinnovations dot nl wrote:
> On 31-08-17 16:14, Narcis Garcia wrote:
>> El 31/08/17 a les 15:24, info at smallinnovations dot nl ha
>> escrit:
>>> 
>>> As a owner of a BQ Aquaris E45 Ubuntu version i fully support
>>> this kind of free smartphone development. But i doubt of a
>>> linux smartphone will be functional comparable with Android or
>>> iOS within 3 to 4 years. They should use the efforts of
>>> Meego/Maemo development or work together wit Jolla. And trying
>>> to get support from one or more large smartphone makers. Until
>>> then when i have to replace my current BQ it will be a iPhone
>>> as one of the lesser evil.
>>> 
>> All Androids run Linux.
> 
> Sure as far as it the kernel concerns that is true. As soon as you
> want hardware support for a specific SOC you depend on the
> hardware manufacturer. Which are not interested in open source and
> you are already lucky if they even want to deliver a binary blob.
-BEGIN PGP SIGNATURE-

iQFIBAEBCAAyFiEEZT8xKpcJ1eXNKSM1cASjafdLVoEFAlmoaSUUHG1lQGRhbmll
bGFicmVjaHQuY2gACgkQcASjafdLVoH5WAf/cZtmCtR9fKNl14IUqCjf8VIZh77p
hcZeBYopuu7hXgMatlHY3R2GrczQbeOSFUJziMtYfcI3FOrARRmbvm6QM1FkvCEF
d9bmcFTlxRJgV9fspU6XzAjvbW4L6CRip+C94ENjtpnIzjuiLcOZfkonknTfZV9N
gddRKKu/jGf8BgD9Uxuxtq4Nm6ZQagROplwzl8qetlg3G/IXMYeWxKq5wYLQR3Br
A1+vN4Pk1mGauHMpqZC5yyy6mIyxii/iGNMCuQBmkk1IjpX7T5dxAu/mG58LPIuK
XO4Yobb73jjLXZDB4GJS9W8ltGjqORBIC0RcS3nPkNkBCPVkLUbhI8Ntew==
=c/NO
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Adam Borowski

On Thu, Aug 31, 2017 at 10:40:58AM -0400, taii...@gmx.com wrote:
> I doubt it will be owner controlled, as their laptops aren't - they still
> haven't even gotten a blobbed version of coreboot working (blobbed init code
> + ME enabled as they insisted on a crappy intel soc)
> Purism isn't a trustworthy company.

You might be interested in Pinebook.  While this is on the opposite end to
Talos 2 (costs $89 instead of $6.5k), mainline u-boot+ATF+kernel are
completely blob-free: the initial bootloader in ROM is really minimal and
hands off full control over the hardware to user-controlled code.

The BSP (vendor u-boot+kernel) do have sourceless blobs, but the mainline is
mostly there.  At least, drivers are functional (display has only simplefb
rather than proper DRM but that's being worked on), what's missing is a
proper DT.  Device tree code for this and related hardware is done mostly by
Icenowy Zheng; alas she hasn't fully upstreamed the work yet and using her
WIP tree requires more u-boot skills than I have.

Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!?
⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din
⠈⠳⣄ 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Hendrik Boom

On Thu, Aug 31, 2017 at 07:35:49PM +0200, Enrico Weigelt, metux IT consult 
wrote:
> On 31.08.2017 16:40, taii...@gmx.com wrote:
> 
> >I doubt it will be owner controlled, as their laptops aren't - they still
> >haven't even gotten a blobbed version of coreboot working (blobbed init
> >code + ME enabled as they insisted on a crappy intel soc)
> >Purism isn't a trustworthy company.
> 
> Don't know anything about that company, but in general x86 boards
> are much harder to bring up than ARMs. I only know very few completely
> custom x86 boards with open firmware - in ARM world that's daily
> business.
> 
> The actually hard part w/ phones is creating a very small and power
> efficient board, that's a much bigger challenge than the usual
> embedded boards.
> 
> There're several parties out there creating an open phone hw, lets
> see how that plays out.
> 
> IMHO, we should now concentrate on the OS, maybe port the android
> runtime to GNU platform. That should give us an GUI and applet
> framework. Or we start afresh with a plan9-inspired approach.

Like Inferno?

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Enrico Weigelt, metux IT consult


On 31.08.2017 20:07, Rick Moen wrote:

Having the i.MX6 ori.MX8 CPU 'separate' from the baseband controller 


Does it have to be an mx6 ? okay, open gpu drivers, but perhaps a little
bit expensive and produces a lot heat.


(a term on which they have not yet elaborated), but the latter remains
deeply problematic, being a proprietary black box with proprietary,
opaque firmware.  


#1: isolate them as much as we can, power on only if required, no direct
connections to other vital devices, eg. main memory, storage, ports,
mic, etc - for some interfaces eg. i2s we could even add an extra
tamper detection (when baseband attempts to read audio stream)
or just inject fake data when no actual call is running (w/
cell calls you can safely assume being wiretapped)
#2: reverse engineer the firmware and find leaks for the time we need
to strike
#3: write our own open firmware (that might also be useful for existing
phones out in the wild - maybe even roll out via a virus)


The WiFi and Bluetooth chips and firmware are apparently also black
boxes.


Don't let them do the encryption part, just let them be dumb switches,
until we have our own firmware.


https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy


They suggest firefox ... recent versions (at least since 52) have
built-in malware. I've already removed larged parts of it (yet
very experimental and untested) - still need a strategy to align
w/ upstream.

MSF has already made it perfectly clear they'll never accept any patches
for that and continue their path (already threatened me personally)


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Rick Moen

Quoting Alessandro Selli (alessandrose...@linux.com):

> Good news indeed!  The second one this week, after this worthy attempt
> by puri.sm to finally produce a smartphone designed to be 100%
> evil-software free and GNU/Linux compatible (scheduled for release in
> 2019, though):
> 
> https://puri.sm/shop/librem-5/

Having the i.MX6 ori.MX8 CPU 'separate' from the baseband controller (a 
term on which they have not yet elaborated), but the latter remains
deeply problematic, being a proprietary black box with proprietary,
opaque firmware.  (See:
http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone)
The WiFi and Bluetooth chips and firmware are apparently also black
boxes.  One notices, also that they say there aren't yet detailed
specifications for the simple reason that the choices of hardware
components are still up in the air.

The secret-sauce baseband controllers are a tough problem, and will
continue to cripple any real chance at smartphone security until there's
a credible open-design alternative.  But fully isolating the main board
and CPU from the baseband modem subassembly -- if that's actually what
Puri.sm are going to do -- is at least half a loaf.  More at:

https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://blog.torproject.org/blog/mission-improbable-hardening-android-security-and-privacy

(If you look closely, you'll see those are two slightly different URLs.)


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Enrico Weigelt, metux IT consult


On 31.08.2017 15:48, Edward Bartolo wrote:

The devil's advocate in me tells me, since making money is involved,
in the end, history will repeat itself as with what happened with
'user-centredness' in GNU/Linux! Those who have used GNU/Linux for
some long time know pretty well with the shoving down our throats of
systemd what remains of 'user-centredness'.


systemd isn't a major threat anymore. we just need some detergences
and maybe a few surgical PR hit men here and there.

maybe a few PR visible attacks pointing to systemd as the primary
weakness would be fine.


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Enrico Weigelt, metux IT consult


On 31.08.2017 17:01, info at smallinnovations dot nl wrote:

Sure as far as it the kernel concerns that is true. As soon as you want 
hardware support for a specific SOC you depend on the hardware 
manufacturer. Which are not interested in open source and you are 
already lucky if they even want to deliver a binary blob.


We could pick a few suitable models (that are widely available for
several years, even as cheap used ones) and crack the blobs.

This approach already worked for several GPUs, starting w/ NVidia.
Perhaps we should try to bundle the resources, perhaps even create
a foundation which primary purpose is crack and disclose all
blob drivers and firmware of general computers and destroying
vendor lockins (including despotic restriction malware)

--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Enrico Weigelt, metux IT consult


On 31.08.2017 16:40, taii...@gmx.com wrote:

I doubt it will be owner controlled, as their laptops aren't - they 
still haven't even gotten a blobbed version of coreboot working (blobbed 
init code + ME enabled as they insisted on a crappy intel soc)

Purism isn't a trustworthy company.


Don't know anything about that company, but in general x86 boards
are much harder to bring up than ARMs. I only know very few completely
custom x86 boards with open firmware - in ARM world that's daily
business.

The actually hard part w/ phones is creating a very small and power
efficient board, that's a much bigger challenge than the usual
embedded boards.

There're several parties out there creating an open phone hw, lets
see how that plays out.

IMHO, we should now concentrate on the OS, maybe port the android
runtime to GNU platform. That should give us an GUI and applet
framework. Or we start afresh with a plan9-inspired approach.


--mtx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread info at smallinnovations dot nl


On 31-08-17 16:14, Narcis Garcia wrote:

El 31/08/17 a les 15:24, info at smallinnovations dot nl ha escrit:


As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind
of free smartphone development. But i doubt of a linux smartphone will
be functional comparable with Android or iOS within 3 to 4 years. They
should use the efforts of Meego/Maemo development or work together wit
Jolla. And trying to get support from one or more large smartphone
makers. Until then when i have to replace my current BQ it will be a
iPhone as one of the lesser evil.


All Androids run Linux.


Sure as far as it the kernel concerns that is true. As soon as you want 
hardware support for a specific SOC you depend on the hardware 
manufacturer. Which are not interested in open source and you are 
already lucky if they even want to deliver a binary blob.


Grtz.

Nick


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread taii...@gmx.com


On 08/31/2017 04:14 AM, Alessandro Selli wrote:


On Wed, 30 Aug 2017 at 18:25:07 -0400
"taii...@gmx.com"  wrote:


Thought I would share this!

After what happened with TALOS 1 I can't believe they actually pulled it
off this time.

This is truly a historic moment for computing freedom lovers - an owner
controlled open source ultra high performance workstation/server for
only a few thousand dollars.

https://secure.raptorcs.com/

Note: For the non sysadmin crowd this is what dual socket performance
server/workstation hardware costs - it is designed for the power user
market - there are already many crappy owner controlled SOC's going for
a few hundred, now the performance segment has a device too.

   Good news indeed!  The second one this week, after this worthy attempt by
puri.sm to finally produce a smartphone designed to be 100% evil-software free
and GNU/Linux compatible (scheduled for release in 2019, though):

https://puri.sm/shop/librem-5/

I doubt it will be owner controlled, as their laptops aren't - they 
still haven't even gotten a blobbed version of coreboot working (blobbed 
init code + ME enabled as they insisted on a crappy intel soc)

Purism isn't a trustworthy company.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Narcis Garcia

El 31/08/17 a les 15:24, info at smallinnovations dot nl ha escrit:
> On 31-08-17 10:14, Alessandro Selli wrote:
>>
>>Good news indeed!  The second one this week, after this worthy
>> attempt by
>> puri.sm to finally produce a smartphone designed to be 100%
>> evil-software free
>> and GNU/Linux compatible (scheduled for release in 2019, though):
>>
>> https://puri.sm/shop/librem-5/
>>
>>
>> Alessandro
> As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind
> of free smartphone development. But i doubt of a linux smartphone will
> be functional comparable with Android or iOS within 3 to 4 years. They
> should use the efforts of Meego/Maemo development or work together wit
> Jolla. And trying to get support from one or more large smartphone
> makers. Until then when i have to replace my current BQ it will be a
> iPhone as one of the lesser evil.
> 

All Androids run Linux.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Edward Bartolo

The devil's advocate in me tells me, since making money is involved,
in the end, history will repeat itself as with what happened with
'user-centredness' in GNU/Linux! Those who have used GNU/Linux for
some long time know pretty well with the shoving down our throats of
systemd what remains of 'user-centredness'.

Financial gain is too strong a temptation to always win irrespective
of circumstances.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread info at smallinnovations dot nl


On 31-08-17 10:14, Alessandro Selli wrote:


   Good news indeed!  The second one this week, after this worthy attempt by
puri.sm to finally produce a smartphone designed to be 100% evil-software free
and GNU/Linux compatible (scheduled for release in 2019, though):

https://puri.sm/shop/librem-5/


Alessandro
As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind 
of free smartphone development. But i doubt of a linux smartphone will 
be functional comparable with Android or iOS within 3 to 4 years. They 
should use the efforts of Meego/Maemo development or work together wit 
Jolla. And trying to get support from one or more large smartphone 
makers. Until then when i have to replace my current BQ it will be a 
iPhone as one of the lesser evil.


Grtz.

Nick
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Adam Borowski

On Thu, Aug 31, 2017 at 04:03:57AM +0200, mdn wrote:
> I wonder how many packages already work on power compared to X86 ?

Since this is little-endian, old "power" (ie, powerpc and ppc64) won't work.
Thus, you need ppc64el packages only.

Binary packages in ppc64el unstable main: 53512
Binary packages in amd64   unstable main: 55586

There are probably some packages that compile but don't run but that's a
tiny minority as most software is sane.  The biggest exception I know is
GNOME (at least as of jessie, no idea if they fixed it since) but good
riddance.  GNOME programs still work from a sane WM, it's only GNOME's
window manager part that requires either a mid-end GPU with specific
capabilities or slow software emulation, the latter working only on amd64
and i386.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!?
⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din
⠈⠳⣄ 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-31 Thread Alessandro Selli

On Wed, 30 Aug 2017 at 18:25:07 -0400
"taii...@gmx.com"  wrote:

> Thought I would share this!
>
> After what happened with TALOS 1 I can't believe they actually pulled it 
> off this time.
>
> This is truly a historic moment for computing freedom lovers - an owner 
> controlled open source ultra high performance workstation/server for 
> only a few thousand dollars.
>
> https://secure.raptorcs.com/
>
> Note: For the non sysadmin crowd this is what dual socket performance 
> server/workstation hardware costs - it is designed for the power user 
> market - there are already many crappy owner controlled SOC's going for 
> a few hundred, now the performance segment has a device too.

  Good news indeed!  The second one this week, after this worthy attempt by
puri.sm to finally produce a smartphone designed to be 100% evil-software free
and GNU/Linux compatible (scheduled for release in 2019, though):

https://puri.sm/shop/librem-5/


Alessandro
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-30 Thread mdn



Le 31/08/2017 03:58, zap a écrit :
> On 08/30/2017 06:25 PM, taii...@gmx.com wrote:
> 
>> Thought I would share this!
>>
>> After what happened with TALOS 1 I can't believe they actually pulled
>> it off this time.
>>
>> This is truly a historic moment for computing freedom lovers - an
>> owner controlled open source ultra high performance workstation/server
>> for only a few thousand dollars.
>>
>> https://secure.raptorcs.com/
>>
>> Note: For the non sysadmin crowd this is what dual socket performance
>> server/workstation hardware costs - it is designed for the power user
>> market - there are already many crappy owner controlled SOC's going
>> for a few hundred, now the performance segment has a device too.
>>
> Wow, I never realized they succeeded... good for them though, talos is
> probably perfect for servers wouldn't you say? and maybe desktops too if
> your a developer... :)

I wonder how many packages already work on power compared to X86 ?
> 
> 
> 
>> ___
>> Dng mailing list
>> Dng@lists.dyne.org
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 
> 
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 

-- 
Librement
BERNARD

FR: Veuillez s'il vous plaît utiliser GPG pour nos futures conversations:
https://emailselfdefense.fsf.org/fr/
Si c'est email n'est pas signer, il ne vient pas de moi.

ENG: Please be kind enough to use GPG for our future conversations:
https://emailselfdefense.fsf.org/en/
If this email isn't PGP signed then it isn't mine.

-If you can't compile it dump it.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-30 Thread zap

On 08/30/2017 06:25 PM, taii...@gmx.com wrote:

> Thought I would share this!
>
> After what happened with TALOS 1 I can't believe they actually pulled
> it off this time.
>
> This is truly a historic moment for computing freedom lovers - an
> owner controlled open source ultra high performance workstation/server
> for only a few thousand dollars.
>
> https://secure.raptorcs.com/
>
> Note: For the non sysadmin crowd this is what dual socket performance
> server/workstation hardware costs - it is designed for the power user
> market - there are already many crappy owner controlled SOC's going
> for a few hundred, now the performance segment has a device too.
>
Wow, I never realized they succeeded... good for them though, talos is
probably perfect for servers wouldn't you say? and maybe desktops too if
your a developer... :)



> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

<>___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server

2017-08-30 Thread taii...@gmx.com


Thought I would share this!

After what happened with TALOS 1 I can't believe they actually pulled it 
off this time.


This is truly a historic moment for computing freedom lovers - an owner 
controlled open source ultra high performance workstation/server for 
only a few thousand dollars.


https://secure.raptorcs.com/

Note: For the non sysadmin crowd this is what dual socket performance 
server/workstation hardware costs - it is designed for the power user 
market - there are already many crappy owner controlled SOC's going for 
a few hundred, now the performance segment has a device too.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

45 matches

Mail list logo