Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On Thu, 31 Aug 2017 at 21:46:39 -0700 Rick Moenwrote: > Elsewhere in this thread, there's been mention of the dire threat to > system security from Intel Management Engine (ME) (every Intel CPU since > 2008) and the equivalent AMD Platform Security Processor (PSP). > > Noted in the current Linux Weekly News: discovery of a way to shoot > Intel ME version 11 in the head: https://lwn.net/Articles/732291/ Only realize it now, it's the same team and hack I read of today. > Coolness. Indeed. -- Alessandro Selli http://alessandro.route-add.net VOIP SIP: dhatarat...@ekiga.net Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On Mon, 4 Sep 2017 11:00:42 +0200, Didier wrote in message <2beaafb7-1f5d-116a-d503-082ee06f4...@in2p3.fr>: > Le 03/09/2017 à 22:38, zap a écrit : > > *but in the future I hope to get eoma68 which promises even more > > freedom.* > > Hope it's higher quality than Pi-Top (poor keyboard and > touchpad, Ethernet and USB connectors inside the box with a hole to > pass the cables, no interface for hard disk, one single micro-sd > slot)! ..there's always the usb disk interfaces. But are Broadcom et al firmware people on Raspberry Pi hardware open to people writing new free firmware? -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Le 03/09/2017 à 22:38, zap a écrit : *but in the future I hope to get eoma68 which promises even more freedom.* Hope it's higher quality than Pi-Top (poor keyboard and touchpad, Ethernet and USB connectors inside the box with a hole to pass the cables, no interface for hard disk, one single micro-sd slot)! Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 09/03/2017 09:41 AM, Alessandro Selli wrote: > On 03/09/2017 at 13:32, zap wrote: >> >> On 09/03/2017 05:26 AM, Alessandro Selli wrote: >>> On 01/09/2017 at 20:36, zap wrote: > I doubt it will be owner controlled, as their laptops aren't - they > still haven't even gotten a blobbed version of coreboot working > (blobbed init code + ME enabled as they insisted on a crappy intel soc) > Purism isn't a trustworthy company. Gee, I thought purism was a trustworthy company, I mean they claim you can get the latest and the greatest without intel me >>> This is *not* what they claim: >>> >>> https://puri.sm/learn/intel-me/ >>> >>> "Freeing the ME is a challenge, but not impossible" >>> >>> "By working with Intel, motherboard design developers, as well as our >>> coreboot developers, Purism has put in motion a solid approach on how to >>> run a freed Intel ME *in the future*." >> Sorry, but have you talked to libreboot or coreboot about this? > What should I tell them? "Why did you let Librem's *evil* patches into > your code?" (https://review.coreboot.org/#/q/owner:"Alaoui; ) No... That's not what I meant. I mean if coreboot and libreboot couldn't figure it out. Why do you think purism can? >> and also, >> not even google with all their money can convince intel to give their >> secrets to them. > What secrets? Intel designes CPUs to Goggle's specifications, what > secrets are you talking about? Not quite, not according to libreboot. >> That for me is a solid reason why I said this. > This is the present state of the matter: > https://puri.sm/learn/avoiding-intel-amt/ > > "So, there is no hardware level remote access to Purism hardware?" > > "No, none that we are aware of, nor have put-in. As it relates specifically > to Intel AMT, we neutralize the threat by avoiding Intel CPUs that have the > hardware chip allowing it, we do not use Intel networking cards, we use a > version of the Intel ME that Intel claims does not have these capabilities > (yes, we know that “Intel claims…” means we don’t have visibility into the > source code, and yes, we know that is a concern, and yes, we are working on > solving this) and we neutralize/lobotomize the Intel ME binary, including > the “network” and “kernel” parts of the Management Engine." > > [...] > > "We are also planning to reverse-engineer the remaining parts. We have > reverse-engineered the ROMP module and will continue the work for other > modules throughout 2017." > > What Librem did to Intel's hardware (fuses: https://puri.sm/learn/intel-me/ > ) and software (firmware) is documented. Better than this you can only have > smartphones from an open-hardware vendor that produced everything in-house, > from the CPU to the screen. Is there such a vendor? > > [...] > >>> "We are working to completely remove (or reverse engineer, as we have begun >>> to do) the Intel ME, on all our models, and will update on our blog (and >>> this page) as we make progress on that front." >> I don't think they will succeed even if they did care... > They are doing it. They already went much farther than anyone else who > tried, AFAIK. AFAIK... that's the problem... you don't really know as much as you think. I used to believe they could do it... But I now realize that they either A, don't care or B: are unable to. Those are the only options given the nature of the free software community and the intel blobs. in it and also they claim that they can sprinkle magic fairy dust on all the hardware so that you can use it all without any blobs or firmware that is proprietary... >>> Again, this is *not* what they claim: >>> >>> https://puri.sm/learn/blobs/ and >>> https://puri.sm/about/competitors/ >>> >>> They do *not* state that their products are free of any binary blob, >>> they state that *their* software does not have any, from Coreboot on, and >>> that the motherboard's BIOS is *partially* free of binary blobs. >> Saying, that purism is being serious and not misleading people, I doubt >> they can achieve what your talking about, *Intel will not help them! > I know, they know and they're not hiding it at all. > Do you know what "reverse engineering" mean? I am not completely aware of what it means, but I have a sense it means to decompile it and get full access to the code. >> *If *Google cannot get convince intel to give their source code to them, > Did they try? AFAIK, Intel produces chips to Goggle's specifications, > what software does Google need from Intel? This is false, because of the nature of most governments wanting intel to put backdoors in the hardware that cannot be removed. Although it allows governments to do more spying, it also lets terrorists crack into more hardware too. But that aside, there are some insane usa laws which make it against the law even to *admit there are backdoors let alone tell people how to remove them!* >> then purism has no chance in hell...* to get the source code >> ** >
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 09/03/2017 09:41 AM, Alessandro Selli wrote: Do you believe that all ARM, SPARC and Power suppliers do not put anything in their CPUs that users and developers do not know about? Again, the only way to be sure is buying hardware from a vendor that produces it's own hardware, CPUs included, openly releasing their full specifications, blue-prints and software. Do you know any? TALOS 2 is actually libre, both the firmware and the hardware - IBM has released full specs for POWER9. ME/PSP is integral to the modern x86 boot process, it simply can't be disabled - maybe with years of research and millions in reverse engineering but that would be silly. I don't like them because they could have picked a mobile platform that could actually be freed in real life (not just wishful thinking) such as AMD FT3 (cpu on the lenovo G505S) or AppliedMicro performance ARM, without doing that they take away resources from legitimate projects - when they first started up the community told them this but they refused to listen and kept insisting they could "free" ME (and backport it to the many laptops they have released? I doubt it) As it stands they are selling an overpriced whitebox laptop and confusing users with the "librem" name and quotes from stallman, they lack the hardware engineering department to tell them what can and can't be reasonably done. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On Sun, Sep 03, 2017 at 03:41:23PM +0200, Alessandro Selli wrote: > This is the present state of the matter: > https://puri.sm/learn/avoiding-intel-amt/ > > "So, there is no hardware level remote access to Purism hardware?" AMT is merely a way to configure the built-in backdoor that allows you to partially use it for your purposes. There is no proof, merely allegations, that the backdoor allows someone with the secret trigger to control it in other cases, but Intel has made a string of very weird engineering decisions that make no sense if there's no such hidden backdoor but make perfect sense if there is. > > Listen to coreboot and libreboot's reasoning why this will never work. > > > > https://libreboot.org/faq.html > > > > look at the parts about purism and intel. > > Nothing new there. An argument remains valid (which doesn't imply true nor untrue) until refuted; it doesn't stop being irrelevant only because it's old. As far as it's currently known, there's no real way to disable Intel's ME, and that flag hack announced this week which might or might not do the trick very likely doesn't already work on CPUs which get out of the production line today. > They just say that the only way to be sure is > "avoiding all modern [>=2008] Intel hardware." Plus: "libreboot project > recommends avoiding all modern [>=2013] AMD hardware." > > This leaves out just ARM, SPARC and Power CPUs. Mind if I ask you: what > are your PCs and laptops running on? Laptop: Allwinner A64 (2016). Desktop: Phenom II X6 1055T (2011). Mail server: Xeon E5440 (2007). Yes, neither is very fast, but at least the desktop feels adequate for all tasks I use it for -- the only thing I've recently wished would compile faster is the kernel. And if you do need more oomph directly under your desk, Talos 2 may be expensive but it's there. The mail server currently suffers from inadequate I/O, but that's because 1. it uses spinning rust (replaceable), 2. it runs a lot of other stuff. Mail load itself (for ~80 users) could be handled by a single NanoPi NEO that's the size of a coin (4 cores, 512MB ram). Obviously I deal with a lot more servers than this, but only these three machines handle any of my data I consider sensitive. > Do you believe that all ARM, SPARC and Power suppliers do not put anything > in their CPUs that users and developers do not know about? ARM has TrustZone which most vendors don't allow running your own code on, but on Allwinner A64 (at least Pine64 and Pinebook) you get to compile and load it yourself. It also has an arisc that improves deepest sleep states (when the ARM CPU is off) but it has no ROM and needs its code loaded at runtime -- it's not needed for regular operation. Unlike ATF for the TrustZone, no free code currently exists but if you don't load anything, you merely > Again, the only way to be sure is buying hardware from a vendor that > produces it's own hardware, CPUs included, openly releasing their full > specifications, blue-prints and software. Do you know any? In theory, you could buy a FPGA and load openrisc or riscv on it, but I'm nowhere that kind of hardware hacker for that. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!? ⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din ⠈⠳⣄ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 03/09/2017 at 13:32, zap wrote: > > > On 09/03/2017 05:26 AM, Alessandro Selli wrote: >> On 01/09/2017 at 20:36, zap wrote: I doubt it will be owner controlled, as their laptops aren't - they still haven't even gotten a blobbed version of coreboot working (blobbed init code + ME enabled as they insisted on a crappy intel soc) Purism isn't a trustworthy company. >>> Gee, I thought purism was a trustworthy company, I mean they claim you >>> can get the latest and the greatest without intel me >> This is *not* what they claim: >> >> https://puri.sm/learn/intel-me/ >> >> "Freeing the ME is a challenge, but not impossible" >> >> "By working with Intel, motherboard design developers, as well as our >> coreboot developers, Purism has put in motion a solid approach on how to >> run a freed Intel ME *in the future*." > Sorry, but have you talked to libreboot or coreboot about this? What should I tell them? "Why did you let Librem's *evil* patches into your code?" (https://review.coreboot.org/#/q/owner:"Alaoui; ) > and also, > not even google with all their money can convince intel to give their > secrets to them. What secrets? Intel designes CPUs to Goggle's specifications, what secrets are you talking about? > That for me is a solid reason why I said this. This is the present state of the matter: https://puri.sm/learn/avoiding-intel-amt/ "So, there is no hardware level remote access to Purism hardware?" "No, none that we are aware of, nor have put-in. As it relates specifically to Intel AMT, we neutralize the threat by avoiding Intel CPUs that have the hardware chip allowing it, we do not use Intel networking cards, we use a version of the Intel ME that Intel claims does not have these capabilities (yes, we know that “Intel claims…” means we don’t have visibility into the source code, and yes, we know that is a concern, and yes, we are working on solving this) and we neutralize/lobotomize the Intel ME binary, including the “network” and “kernel” parts of the Management Engine." [...] "We are also planning to reverse-engineer the remaining parts. We have reverse-engineered the ROMP module and will continue the work for other modules throughout 2017." What Librem did to Intel's hardware (fuses: https://puri.sm/learn/intel-me/ ) and software (firmware) is documented. Better than this you can only have smartphones from an open-hardware vendor that produced everything in-house, from the CPU to the screen. Is there such a vendor? [...] >> "We are working to completely remove (or reverse engineer, as we have begun >> to do) the Intel ME, on all our models, and will update on our blog (and >> this page) as we make progress on that front." > > I don't think they will succeed even if they did care... They are doing it. They already went much farther than anyone else who tried, AFAIK. >>> in it and also they >>> claim that they can sprinkle magic fairy dust on all the hardware so >>> that you can use it all without any blobs or firmware that is >>> proprietary... >> Again, this is *not* what they claim: >> >> https://puri.sm/learn/blobs/ and >> https://puri.sm/about/competitors/ >> >> They do *not* state that their products are free of any binary blob, >> they state that *their* software does not have any, from Coreboot on, and >> that the motherboard's BIOS is *partially* free of binary blobs. > Saying, that purism is being serious and not misleading people, I doubt > they can achieve what your talking about, *Intel will not help them! I know, they know and they're not hiding it at all. Do you know what "reverse engineering" mean? > *If *Google cannot get convince intel to give their source code to them, Did they try? AFAIK, Intel produces chips to Goggle's specifications, what software does Google need from Intel? > then purism has no chance in hell...* to get the source code > ** They do not actually need source code, they'd be content with knowing how to get rid of what they put in. >>> Doesn't that sound just plain trustworthy? Can you >>> honestly say that they cannot be trusted? >> They are honest in what they say. Could you prove they lied of >> misguided people in their statements please let everyone know. > I am sorry to say that I disagree completely, especially due to them > originally trying to pass nvidia as a means to achieve libre status until > there was an uproar and they changed to intel. So, they heeded the community's voice, they excluded a major vendor due to security concerns, and you claim they are *not* sincere in developing a system tat is as free as possible from proprietary software? Other than allegations and personal opinions, do you have anything solid to counter their claims? > Unless they are just plain stupid. > > Listen to coreboot and libreboot's reasoning why this will never work. > > https://libreboot.org/faq.html > > look at the parts about purism and intel. Nothing new there. They just say that the
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 09/03/2017 05:26 AM, Alessandro Selli wrote: > On 01/09/2017 at 20:36, zap wrote: >>> I doubt it will be owner controlled, as their laptops aren't - they >>> still haven't even gotten a blobbed version of coreboot working >>> (blobbed init code + ME enabled as they insisted on a crappy intel soc) >>> Purism isn't a trustworthy company. >> Gee, I thought purism was a trustworthy company, I mean they claim you >> can get the latest and the greatest without intel me > This is *not* what they claim: > > https://puri.sm/learn/intel-me/ > > "Freeing the ME is a challenge, but not impossible" > > "By working with Intel, motherboard design developers, as well as our > coreboot developers, Purism has put in motion a solid approach on how to run > a freed Intel ME *in the future*." Sorry, but have you talked to libreboot or coreboot about this? and also, not even google with all their money can convince intel to give their secrets to them. That for me is a solid reason why I said this. > > Emphasis mine. > How far into the future? > > https://puri.sm/products/ > > "This can be applied as a software update for the existing Librem 13 v1 > (porting to other existing models is ongoing), and this will also be > available factory-installed starting Q3 2017" > > Right now this is what they have achieved: > > "A neutralized ME" > > "While finishing our first coreboot port, we have successfully neutralized > the Intel ME thanks to the great work of the “me_cleaner” project, removing > its kernel, network stack, and about 92% of the Intel ME binary. There > remains a little over 7% before complete removal." > > The complete removal is in the works: > > "We are working to completely remove (or reverse engineer, as we have begun > to do) the Intel ME, on all our models, and will update on our blog (and > this page) as we make progress on that front." I don't think they will succeed even if they did care... > >> in it and also they >> claim that they can sprinkle magic fairy dust on all the hardware so >> that you can use it all without any blobs or firmware that is >> proprietary... > Again, this is *not* what they claim: > > https://puri.sm/learn/blobs/ and > https://puri.sm/about/competitors/ > > They do *not* state that their products are free of any binary blob, they > state that *their* software does not have any, from Coreboot on, and that > the motherboard's BIOS is *partially* free of binary blobs. Saying, that purism is being serious and not misleading people, I doubt they can achieve what your talking about, *Intel will not help them! *If *Google cannot get convince intel to give their source code to them, then purism has no chance in hell...* to get the source code ** >> Doesn't that sound just plain trustworthy? Can you >> honestly say that they cannot be trusted? > They are honest in what they say. Could you prove they lied of misguided > people in their statements please let everyone know. I am sorry to say that I disagree completely, especially due to them originally trying to pass nvidia as a means to achieve libre status until there was an uproar and they changed to intel. Unless they are just plain stupid. Listen to coreboot and libreboot's reasoning why this will never work. https://libreboot.org/faq.html look at the parts about purism and intel. Also if you do, you will see that what I said though very sarcastically, was true. > > > Alessandro > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng <>___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31/08/2017 at 15:24, info at smallinnovations dot nl wrote: > On 31-08-17 10:14, Alessandro Selli wrote: >> >>Good news indeed! The second one this week, after this worthy attempt by >> puri.sm to finally produce a smartphone designed to be 100% evil-software >> free >> and GNU/Linux compatible (scheduled for release in 2019, though): >> >> https://puri.sm/shop/librem-5/ >> >> >> Alessandro > As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind of > free smartphone development. Bear in mind that BQ's Ubuntu phones are (were) regular Android phones with Ubuntu Phone/Touch preinstalled. They have all the binary firmware required to run Android. > But i doubt of a linux smartphone will be > functional comparable with Android or iOS within 3 to 4 years. The Purims Librem 5 is designed to be able to run several GNU/Linux distros ported to ARM. Ubuntu touch was not anything like it, it was *not* a regular Ubuntu running on a smartphone, you could not have it run a generic GUI application on it. > They should > use the efforts of Meego/Maemo development or work together wit Jolla. Jolla was designed to be an OS independent from any other in existence, and it could install Android APK packages. It's not any closer to a generic GNU/Linux distribution than Android is. > And > trying to get support from one or more large smartphone makers. This is not in their plans, as they are not willing to let third parties do away with their binary blobs or to let them reverse-engineer their firmware or drivers or hardware. Just to say one, nearly all smartphone producers put the CPU and the baseband modem together or linked in hardware, making it impossible to prevent anything that runs on the CPU from accessing the modem. The Purims Librem 5 is designed to let those two parts sit on separate, independent, chips. > Until then > when i have to replace my current BQ it will be a iPhone as one of the > lesser evil. Apple, together with Google, Amazon, Samsung, Sony and Microsoft, is a player in the Major Evil League. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 01/09/2017 at 20:36, zap wrote: > >>> >> I doubt it will be owner controlled, as their laptops aren't - they >> still haven't even gotten a blobbed version of coreboot working >> (blobbed init code + ME enabled as they insisted on a crappy intel soc) >> Purism isn't a trustworthy company. > Gee, I thought purism was a trustworthy company, I mean they claim you > can get the latest and the greatest without intel me This is *not* what they claim: https://puri.sm/learn/intel-me/ "Freeing the ME is a challenge, but not impossible" "By working with Intel, motherboard design developers, as well as our coreboot developers, Purism has put in motion a solid approach on how to run a freed Intel ME *in the future*." Emphasis mine. How far into the future? https://puri.sm/products/ "This can be applied as a software update for the existing Librem 13 v1 (porting to other existing models is ongoing), and this will also be available factory-installed starting Q3 2017" Right now this is what they have achieved: "A neutralized ME" "While finishing our first coreboot port, we have successfully neutralized the Intel ME thanks to the great work of the “me_cleaner” project, removing its kernel, network stack, and about 92% of the Intel ME binary. There remains a little over 7% before complete removal." The complete removal is in the works: "We are working to completely remove (or reverse engineer, as we have begun to do) the Intel ME, on all our models, and will update on our blog (and this page) as we make progress on that front." > in it and also they > claim that they can sprinkle magic fairy dust on all the hardware so > that you can use it all without any blobs or firmware that is > proprietary... Again, this is *not* what they claim: https://puri.sm/learn/blobs/ and https://puri.sm/about/competitors/ They do *not* state that their products are free of any binary blob, they state that *their* software does not have any, from Coreboot on, and that the motherboard's BIOS is *partially* free of binary blobs. > Doesn't that sound just plain trustworthy? Can you > honestly say that they cannot be trusted? They are honest in what they say. Could you prove they lied of misguided people in their statements please let everyone know. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 09/01/2017 10:43 AM, Edward Bartolo wrote: > People are mentioning Waterfox yet another reincarnation of Firefox. > Can it run on Devuan ASCII? I have used Palemoon but stopped due to > many issues. YES! and also ceres too. You just can't use it on jessie... for whatever reason... > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng <>___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
People are mentioning Waterfox yet another reincarnation of Firefox. Can it run on Devuan ASCII? I have used Palemoon but stopped due to many issues. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
> Just try to submit a patch that eg, allows build-time opt-out of > geoloc, motion/ambient sensors, etc, and see what happens. Okay point taken screw firefox... I think waterfox though is more accepting of such patches. > >>> Most of it should still be in their mail archives - and I could publish >>> the personal mails when applicable. >> >> (Which archives, BTW?) > > mozilla.org. > IIRC, it should also be synced to the newsgroups. > >> But you haven't said what this was, and, FWIW, I did spend a few minutes >> looking for it. > > In that case it was 'just' banning me completely from all mozilla > communication channels (all maillists, bugzilla, newsgroups, > forums, wikis, etc). That is just plain evil. I never knew firefox was so hostile to humanity. Although good thing their model allows for something like waterfox to take hold. Thank god... I just detest pocket. > > > --mtx > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng <>___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Elsewhere in this thread, there's been mention of the dire threat to system security from Intel Management Engine (ME) (every Intel CPU since 2008) and the equivalent AMD Platform Security Processor (PSP). Noted in the current Linux Weekly News: discovery of a way to shoot Intel ME version 11 in the head: https://lwn.net/Articles/732291/ Coolness. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net): > In essence, moz folks only want to add new fancy brave new world > features (seems they're totally in the post-humanist ideology), > and tend to hostile reaction against all critics. > > Just try to submit a patch that eg, allows build-time opt-out of > geoloc, motion/ambient sensors, etc, and see what happens. I really do think Iceweasel, Mark II is the real route forward: When all is said and done, Mozilla, Inc. are a commercial entity inherently beholden to their funders. They is absolutely _nothing_ like a public utility or charity. We should thank them for a basic codebase that can be used as the basis for better things, and carefully not trust them overmuch. > >>Most of it should still be in their mail archives - and I could publish > >>the personal mails when applicable. > > > >(Which archives, BTW?) > > mozilla.org. > IIRC, it should also be synced to the newsgroups. I honestly cannot find it, FWIW. > In that case it was 'just' banning me completely from all mozilla > communication channels (all maillists, bugzilla, newsgroups, > forums, wikis, etc). One last time: What specifically do you mean by 'threatened'? What, and by whom? I ask mostly because, as I mentioned, I really do believe in 'Fiat justitia ruat cælum' (let justice be done, though the heavens fall) -- including citing the relevant names. If you read the National Transportation Safety Board report on the Pan American World Airways flight 799 disaster that killed my father in December '68, the crucial error (among several) was by an _unnamed_ engineer in Pan Am service engineering who 'decided that [a recommended hardware] modification was not necessary', despite having carte blanche to do any fix costing less than US $50 per airframe and just expense it. An equally unnamed supervisor reviewed this decision and 'decided, after coordination with flight operations, that the bulletin was not applicable to Pan Am aircraft, and no further action was taken. The reason for this decision was not fully documented.' And no names. Names. Accountability. I rather like them. (Som faren går fyre, kjem sonen etter. I am very much my father's son.) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 01.09.2017 01:25, Rick Moen wrote: https://github.com/orgs/Librezilla/ Thank you for working on that. I haven't taken the time to find the crux of your objection to the upstream code, though. In essence, moz folks only want to add new fancy brave new world features (seems they're totally in the post-humanist ideology), and tend to hostile reaction against all critics. Just try to submit a patch that eg, allows build-time opt-out of geoloc, motion/ambient sensors, etc, and see what happens. Most of it should still be in their mail archives - and I could publish the personal mails when applicable. (Which archives, BTW?) mozilla.org. IIRC, it should also be synced to the newsgroups. But you haven't said what this was, and, FWIW, I did spend a few minutes looking for it. In that case it was 'just' banning me completely from all mozilla communication channels (all maillists, bugzilla, newsgroups, forums, wikis, etc). --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net): > >Have you written this up, somewhere? > > yet incomplete and hackish (due lack of time) > > https://github.com/orgs/Librezilla/ Thank you for working on that. I haven't taken the time to find the crux of your objection to the upstream code, though. > >>MSF has already made it perfectly clear they'll never accept any patches > >>for that and continue their path (already threatened me personally) > > > >And have you written up the details of this? > > Most of it should still be in their mail archives - and I could publish > the personal mails when applicable. (Which archives, BTW?) I didn't mean to suggest that I disbelieved you, only that oddly vague claims of 'threats' have a generally wretched history on the Internet. For starters, the author's notion of what qualifies as threatening and the reader's, and what rises to the level of being worthy of notice, tend to differ. This situation is worsened by many Internet denizens' (and many businesses') assumption that talk is cheap on the Internet, that they can get away with darkly hinting at harm of various sorts (semi-threatened litigation for business torts and libel, or alleged trademark violation, being the most common) without consequence. In my experience, the only way to restore accountability is to put the facts out in public without editorial commentary, including names and full texts. This has been my own policy: E.g., when Prof. Daniel J. Bernstein semi-threatened litigation because I dared to maintain a FAQ saying why I preferred not to use his software, I politely referred him to my attorney and then put the correspondence up on the Web for public amusement.[1] Later, when an officer of a LUG in Davis, California sent me an (it was later claimed) unauthorised lawsuit threat letter because I documented on my Web site abusive conduct by the then-listadmin, I published it plus my response letter.[2] And when one of my fellow Board members of my local sysadmin guild, BayLISA, bizarrely and in error claimed _I'd_ threatened litigation against BayLISA (my _own_ organisation), I published all of that, too.[3] Last, when the operator of standalone newsgroup threatened me with copyright litigation for Web-archiving public postings from the newsgroup, I Web-published that as an addition to my Web archive.[4] In each case, the supposed legal threat was obvious bullshit except of the type people feel free to hurl around because they might get their way if the recipient is timid and/or stupid, _and_ because they see no downside to trying. As I happen to have a reasonably high PageRanked Web site, as it turns out, there _is_ a downside to trying this dumb Internet trick on me -- and I don't take lawsuits lightly, having lived through my mother's suit against a Fortune 50 corporation (Boeing) over the wrongful death of my father, Pan Am Captain Arthur Moen. Even though we won, it was an ordeal, so I do not regard bogus legal threats as a matter to take lightly, but rather one to punish with sunlight. If the 'threat' you speak of was substantive _and unmerited_, then IMO you should do likewise. But you haven't said what this was, and, FWIW, I did spend a few minutes looking for it. [1] http://linuxmafia.com/~rick/faq/dan-brandishing-legal-threats [2] http://linuxmafia.com/~rick/linux-info/lugod.html [3] http://linuxmafia.com/~rick/litigious2.html [4] http://linuxmafia.com/~rick/linux-info2/astcomm.html ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31.08.2017 22:38, Rick Moen wrote: I think you're missing that point that a baseband chipset integrated > with a smartphone has total control over anything and everything the> smartphone does, Depends on how it is connected to the rest of the system. If it eg. has a direct link to the mic, it can be easily abused, of course. Nevertheless we should have an open one. --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31.08.2017 22:26, Rick Moen wrote: They say it's going to be either i.MX6 or i.MX8. whenever mx8 will be actually available ... :o They haven't yet decided. (This further underlines my point that it's definitely nothing like a finished product, yet.) ack. I don't want to be unduly cynical about Puri.sm, but they have had a history of overselling and being just a bit reticent about the secret proprietary bits they've not addressed at all in their 'open' designs. well, never heared about these guys, let's see how it finally plays out. They suggest firefox ... recent versions (at least since 52) have built-in malware. I've already removed larged parts of it (yet very experimental and untested) - still need a strategy to align w/ upstream. Have you written this up, somewhere? yet incomplete and hackish (due lack of time) https://github.com/orgs/Librezilla/ MSF has already made it perfectly clear they'll never accept any patches for that and continue their path (already threatened me personally) And have you written up the details of this? Most of it should still be in their mail archives - and I could publish the personal mails when applicable. I've just contacted the waterfox guy, let's see whether we can agree on an alliance. --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31.08.2017 22:05, zap wrote: Try Waterfox that is libre by default at least. eme can be disabled and that is waterfox's only problem. Cool, didn't know that yet. We should support it in dng. --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net): > They suggest firefox ... recent versions (at least since 52) have > built-in malware. I've already removed larged parts of it (yet > very experimental and untested) - still need a strategy to align > w/ upstream. To be very specific, decades ago I learned to distrust the word 'malware', especially when it gets hurled about with a notable and utter absence of specifics. In my experience, it gets used to mean anything and everything in software the author doesn't like. If you mean, for example 'code that opens outbound sockets to a remote corporate IP address for reasons I [either] don't understand [or] consider insufficient', you really ought to say so rather than erring on the side of vague melodrama. Mozilla Foundation's relationship with users cannot help but be problematic on account of its (and its for-profit subsidiary Mozilla Corporation's) funding model, a matter I discussed in passing in my Feb. 2011 Silicon Valley Linux User Group talk 'The Wild, Wild Web: Web Browser Security, Performance, and Privacy'. Slides and lecture notes in the SVLUG News column, here, http://www.svlug.org/ , but I really covered the funding-model problem in full only in my talk itself: In short, you/we/I simply aren't Mozilla Corporation's customer. IMO, the best way to address that and several other problems would be via an Iceweasel Mark II. And likewise: > MSF has already made it perfectly clear they'll never accept any patches > for that and continue their path (already threatened me personally) I've noticed that many people on the Internet use the term 'threaten' at the drop of a hat, and (likewise) the underlying reality, if any, can be anything at all. By the way, what's an MSF? Mozilla Foundation? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31.08.2017 21:53, Daniel Abrecht wrote: While all android phones technically use a linux kernel, they have > nothing else in common with a normal Linux system. Android has it's> own libc: bionic. One of my goals in the gnudroid project (which is currently stalled due lack of time) is porting it to glibc or uclibc. It also has special IPC mechanisms enabled in the > linux kernel, Binder already is mainlined. Not sure whether it's properly namespace'd yet, but that shouldn't be the big deal. and it uses gralloc instead of fbdev or DRM. IIRC, gralloc is used to allocate intermediate surface buffers, for both GPUs and other image/video processing devices, and allows passing them between processes (similar to gem or prime). Not checked, but they probably have something that finally bridges to GEMs, so GPUs drivers can consume the buffers (if not, shouldn't be such a hard job to add that). I'd guess sooner or later will come up with something similar, as a complete video processing pipe (involving dri and v4l devices) is an ongoing topic for quite some time. I Really hope the Librem 5 will get fbdev support, so I can see boot > messages on a framebuffer console, and optionally DRM support for> things like OpenGL and Vulkan. plain fbdev shouldn't be the big deal as soon as basic KMS stuff is implemented. in embedded world it's usally just a matter of properly enabling the ipu (for most SOCs should be mainlined) and backlight (usually some dumb pwm controller, either in the SoC or behind I2C). When bringing up an own custom board, that's one of the early steps (and beyond the SOC-stuff usually board specific). --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
FYI just so everyone knows the 6.5K price is the prebuilt cost, you can get the board and CPU for around 2K then you just need DDR4 memory. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Quoting Arnt Gulbrandsen (a...@gulbrandsen.priv.no): [snip a bunch of stuff I'm not going to spend time on] > Back to the phones. > > If you have proper control over your phones's baseband, you're > relying on the telco as a proprietary black box to forward your > packets and calls. If your baseband's a blob, but you do have a > proper DMZ between your hardware and the baseband, then you're > relying on two black boxes. IMO: Much of a muchness. I think you're missing that point that a baseband chipset integrated with a smartphone has total control over anything and everything the smartphone does, and is an intelligent, autonomous agent that infamously is subject to subversion by both state actors and well-funded private actors from cell towers (or cheap simulations thereof). In other words, you do _not_ have proper control over your phone's baseband, but remote, undetectable, hostile parties may, and are known to have done so routinely. A baseband chipset _not_ integrated with the smartphone is a lesser threat, The Tor Project article describes how this (current-best) ideal can be simulated by USB-connecting a Wifi-only tablet with a cell modem and battery pack. This reduces the threat exposure to remote, hostile control over the modem functions. Maybe the planned future Puri.sm product will come close to that degree of isolation -- or not. Anyway, I've now explained this matter twice and provided links for experts' assessments. If you don't agree, feel free to go argue with them. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Quoting Enrico Weigelt, metux IT consult (enrico.weig...@gr13.net): > On 31.08.2017 20:07, Rick Moen wrote: > > >Having the i.MX6 ori.MX8 CPU 'separate' from the baseband > >controller > > Does it have to be an mx6 ? okay, open gpu drivers, but perhaps a little > bit expensive and produces a lot heat. They say it's going to be either i.MX6 or i.MX8. They haven't yet decided. (This further underlines my point that it's definitely nothing like a finished product, yet.) > #1: isolate them as much as we can, power on only if required, no direct > connections to other vital devices, eg. main memory, storage, ports, > mic, etc - for some interfaces eg. i2s we could even add an extra > tamper detection (when baseband attempts to read audio stream) > or just inject fake data when no actual call is running (w/ > cell calls you can safely assume being wiretapped) This would be the opimal approch given the existing baseband situation, but please note that Puri.sm haven't specified yet what they mean by 'separate'. The Tor Project hardened-Android articles has some good thoughts about the baseband problem and how to isolate it as best can be achieved under current circumstances. I don't want to be unduly cynical about Puri.sm, but they have had a history of overselling and being just a bit reticent about the secret proprietary bits they've not addressed at all in their 'open' designs. > They suggest firefox ... recent versions (at least since 52) have > built-in malware. I've already removed larged parts of it (yet > very experimental and untested) - still need a strategy to align > w/ upstream. Have you written this up, somewhere? > MSF has already made it perfectly clear they'll never accept any patches > for that and continue their path (already threatened me personally) And have you written up the details of this? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
> >> https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy >> > > They suggest firefox ... recent versions (at least since 52) have > built-in malware. I've already removed larged parts of it (yet > very experimental and untested) - still need a strategy to align > w/ upstream. > > MSF has already made it perfectly clear they'll never accept any patches > for that and continue their path (already threatened me personally) > Try Waterfox that is libre by default at least. eme can be disabled and that is waterfox's only problem. > > --mtx > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng <>___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Rick Moen writes: Having the i.MX6 ori.MX8 CPU 'separate' from the baseband controller (a term on which they have not yet elaborated), but the latter remains deeply problematic, being a proprietary black box with proprietary, opaque firmware. Really? I suppose you've dealt with as many ISPs as I have... some of them give you a cable of some sort, some of them send you a router to put on customer premises. In the latter case, some people just connect the ISP CPE to their network, but you and I make a tiny DMZ and route everything via a router of our own. Once I used the exact same kind of Cisco as the ISP, which looked a little superfluous. But that's really a small thing. A few watts, a power cable. Back to the phones. If you have proper control over your phones's baseband, you're relying on the telco as a proprietary black box to forward your packets and calls. If your baseband's a blob, but you do have a proper DMZ between your hardware and the baseband, then you're relying on two black boxes. IMO: Much of a muchness. Arnt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 While all android phones technically use a linux kernel, they have nothing else in common with a normal Linux system. Android has it's own libc: bionic. It also has special IPC mechanisms enabled in the linux kernel, and it uses gralloc instead of fbdev or DRM. I think gralloc is the biggest problem with android phones, it's absolutely useless for everything except for androids SurfaceFlinger and canonicals Mir. I Really hope the Librem 5 will get fbdev support, so I can see boot messages on a framebuffer console, and optionally DRM support for things like OpenGL and Vulkan. On 2017-08-31 15:01, info at smallinnovations dot nl wrote: > On 31-08-17 16:14, Narcis Garcia wrote: >> El 31/08/17 a les 15:24, info at smallinnovations dot nl ha >> escrit: >>> >>> As a owner of a BQ Aquaris E45 Ubuntu version i fully support >>> this kind of free smartphone development. But i doubt of a >>> linux smartphone will be functional comparable with Android or >>> iOS within 3 to 4 years. They should use the efforts of >>> Meego/Maemo development or work together wit Jolla. And trying >>> to get support from one or more large smartphone makers. Until >>> then when i have to replace my current BQ it will be a iPhone >>> as one of the lesser evil. >>> >> All Androids run Linux. > > Sure as far as it the kernel concerns that is true. As soon as you > want hardware support for a specific SOC you depend on the > hardware manufacturer. Which are not interested in open source and > you are already lucky if they even want to deliver a binary blob. -BEGIN PGP SIGNATURE- iQFIBAEBCAAyFiEEZT8xKpcJ1eXNKSM1cASjafdLVoEFAlmoaSUUHG1lQGRhbmll bGFicmVjaHQuY2gACgkQcASjafdLVoH5WAf/cZtmCtR9fKNl14IUqCjf8VIZh77p hcZeBYopuu7hXgMatlHY3R2GrczQbeOSFUJziMtYfcI3FOrARRmbvm6QM1FkvCEF d9bmcFTlxRJgV9fspU6XzAjvbW4L6CRip+C94ENjtpnIzjuiLcOZfkonknTfZV9N gddRKKu/jGf8BgD9Uxuxtq4Nm6ZQagROplwzl8qetlg3G/IXMYeWxKq5wYLQR3Br A1+vN4Pk1mGauHMpqZC5yyy6mIyxii/iGNMCuQBmkk1IjpX7T5dxAu/mG58LPIuK XO4Yobb73jjLXZDB4GJS9W8ltGjqORBIC0RcS3nPkNkBCPVkLUbhI8Ntew== =c/NO -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On Thu, Aug 31, 2017 at 10:40:58AM -0400, taii...@gmx.com wrote: > I doubt it will be owner controlled, as their laptops aren't - they still > haven't even gotten a blobbed version of coreboot working (blobbed init code > + ME enabled as they insisted on a crappy intel soc) > Purism isn't a trustworthy company. You might be interested in Pinebook. While this is on the opposite end to Talos 2 (costs $89 instead of $6.5k), mainline u-boot+ATF+kernel are completely blob-free: the initial bootloader in ROM is really minimal and hands off full control over the hardware to user-controlled code. The BSP (vendor u-boot+kernel) do have sourceless blobs, but the mainline is mostly there. At least, drivers are functional (display has only simplefb rather than proper DRM but that's being worked on), what's missing is a proper DT. Device tree code for this and related hardware is done mostly by Icenowy Zheng; alas she hasn't fully upstreamed the work yet and using her WIP tree requires more u-boot skills than I have. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!? ⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din ⠈⠳⣄ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On Thu, Aug 31, 2017 at 07:35:49PM +0200, Enrico Weigelt, metux IT consult wrote: > On 31.08.2017 16:40, taii...@gmx.com wrote: > > >I doubt it will be owner controlled, as their laptops aren't - they still > >haven't even gotten a blobbed version of coreboot working (blobbed init > >code + ME enabled as they insisted on a crappy intel soc) > >Purism isn't a trustworthy company. > > Don't know anything about that company, but in general x86 boards > are much harder to bring up than ARMs. I only know very few completely > custom x86 boards with open firmware - in ARM world that's daily > business. > > The actually hard part w/ phones is creating a very small and power > efficient board, that's a much bigger challenge than the usual > embedded boards. > > There're several parties out there creating an open phone hw, lets > see how that plays out. > > IMHO, we should now concentrate on the OS, maybe port the android > runtime to GNU platform. That should give us an GUI and applet > framework. Or we start afresh with a plan9-inspired approach. Like Inferno? -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31.08.2017 20:07, Rick Moen wrote: Having the i.MX6 ori.MX8 CPU 'separate' from the baseband controller Does it have to be an mx6 ? okay, open gpu drivers, but perhaps a little bit expensive and produces a lot heat. (a term on which they have not yet elaborated), but the latter remains deeply problematic, being a proprietary black box with proprietary, opaque firmware. #1: isolate them as much as we can, power on only if required, no direct connections to other vital devices, eg. main memory, storage, ports, mic, etc - for some interfaces eg. i2s we could even add an extra tamper detection (when baseband attempts to read audio stream) or just inject fake data when no actual call is running (w/ cell calls you can safely assume being wiretapped) #2: reverse engineer the firmware and find leaks for the time we need to strike #3: write our own open firmware (that might also be useful for existing phones out in the wild - maybe even roll out via a virus) The WiFi and Bluetooth chips and firmware are apparently also black boxes. Don't let them do the encryption part, just let them be dumb switches, until we have our own firmware. https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy They suggest firefox ... recent versions (at least since 52) have built-in malware. I've already removed larged parts of it (yet very experimental and untested) - still need a strategy to align w/ upstream. MSF has already made it perfectly clear they'll never accept any patches for that and continue their path (already threatened me personally) --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Quoting Alessandro Selli (alessandrose...@linux.com): > Good news indeed! The second one this week, after this worthy attempt > by puri.sm to finally produce a smartphone designed to be 100% > evil-software free and GNU/Linux compatible (scheduled for release in > 2019, though): > > https://puri.sm/shop/librem-5/ Having the i.MX6 ori.MX8 CPU 'separate' from the baseband controller (a term on which they have not yet elaborated), but the latter remains deeply problematic, being a proprietary black box with proprietary, opaque firmware. (See: http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone) The WiFi and Bluetooth chips and firmware are apparently also black boxes. One notices, also that they say there aren't yet detailed specifications for the simple reason that the choices of hardware components are still up in the air. The secret-sauce baseband controllers are a tough problem, and will continue to cripple any real chance at smartphone security until there's a credible open-design alternative. But fully isolating the main board and CPU from the baseband modem subassembly -- if that's actually what Puri.sm are going to do -- is at least half a loaf. More at: https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy https://blog.torproject.org/blog/mission-improbable-hardening-android-security-and-privacy (If you look closely, you'll see those are two slightly different URLs.) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31.08.2017 15:48, Edward Bartolo wrote: The devil's advocate in me tells me, since making money is involved, in the end, history will repeat itself as with what happened with 'user-centredness' in GNU/Linux! Those who have used GNU/Linux for some long time know pretty well with the shoving down our throats of systemd what remains of 'user-centredness'. systemd isn't a major threat anymore. we just need some detergences and maybe a few surgical PR hit men here and there. maybe a few PR visible attacks pointing to systemd as the primary weakness would be fine. --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31.08.2017 17:01, info at smallinnovations dot nl wrote: Sure as far as it the kernel concerns that is true. As soon as you want hardware support for a specific SOC you depend on the hardware manufacturer. Which are not interested in open source and you are already lucky if they even want to deliver a binary blob. We could pick a few suitable models (that are widely available for several years, even as cheap used ones) and crack the blobs. This approach already worked for several GPUs, starting w/ NVidia. Perhaps we should try to bundle the resources, perhaps even create a foundation which primary purpose is crack and disclose all blob drivers and firmware of general computers and destroying vendor lockins (including despotic restriction malware) --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31.08.2017 16:40, taii...@gmx.com wrote: I doubt it will be owner controlled, as their laptops aren't - they still haven't even gotten a blobbed version of coreboot working (blobbed init code + ME enabled as they insisted on a crappy intel soc) Purism isn't a trustworthy company. Don't know anything about that company, but in general x86 boards are much harder to bring up than ARMs. I only know very few completely custom x86 boards with open firmware - in ARM world that's daily business. The actually hard part w/ phones is creating a very small and power efficient board, that's a much bigger challenge than the usual embedded boards. There're several parties out there creating an open phone hw, lets see how that plays out. IMHO, we should now concentrate on the OS, maybe port the android runtime to GNU platform. That should give us an GUI and applet framework. Or we start afresh with a plan9-inspired approach. --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31-08-17 16:14, Narcis Garcia wrote: El 31/08/17 a les 15:24, info at smallinnovations dot nl ha escrit: As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind of free smartphone development. But i doubt of a linux smartphone will be functional comparable with Android or iOS within 3 to 4 years. They should use the efforts of Meego/Maemo development or work together wit Jolla. And trying to get support from one or more large smartphone makers. Until then when i have to replace my current BQ it will be a iPhone as one of the lesser evil. All Androids run Linux. Sure as far as it the kernel concerns that is true. As soon as you want hardware support for a specific SOC you depend on the hardware manufacturer. Which are not interested in open source and you are already lucky if they even want to deliver a binary blob. Grtz. Nick ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 08/31/2017 04:14 AM, Alessandro Selli wrote: On Wed, 30 Aug 2017 at 18:25:07 -0400 "taii...@gmx.com"wrote: Thought I would share this! After what happened with TALOS 1 I can't believe they actually pulled it off this time. This is truly a historic moment for computing freedom lovers - an owner controlled open source ultra high performance workstation/server for only a few thousand dollars. https://secure.raptorcs.com/ Note: For the non sysadmin crowd this is what dual socket performance server/workstation hardware costs - it is designed for the power user market - there are already many crappy owner controlled SOC's going for a few hundred, now the performance segment has a device too. Good news indeed! The second one this week, after this worthy attempt by puri.sm to finally produce a smartphone designed to be 100% evil-software free and GNU/Linux compatible (scheduled for release in 2019, though): https://puri.sm/shop/librem-5/ I doubt it will be owner controlled, as their laptops aren't - they still haven't even gotten a blobbed version of coreboot working (blobbed init code + ME enabled as they insisted on a crappy intel soc) Purism isn't a trustworthy company. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
El 31/08/17 a les 15:24, info at smallinnovations dot nl ha escrit: > On 31-08-17 10:14, Alessandro Selli wrote: >> >>Good news indeed! The second one this week, after this worthy >> attempt by >> puri.sm to finally produce a smartphone designed to be 100% >> evil-software free >> and GNU/Linux compatible (scheduled for release in 2019, though): >> >> https://puri.sm/shop/librem-5/ >> >> >> Alessandro > As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind > of free smartphone development. But i doubt of a linux smartphone will > be functional comparable with Android or iOS within 3 to 4 years. They > should use the efforts of Meego/Maemo development or work together wit > Jolla. And trying to get support from one or more large smartphone > makers. Until then when i have to replace my current BQ it will be a > iPhone as one of the lesser evil. > All Androids run Linux. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
The devil's advocate in me tells me, since making money is involved, in the end, history will repeat itself as with what happened with 'user-centredness' in GNU/Linux! Those who have used GNU/Linux for some long time know pretty well with the shoving down our throats of systemd what remains of 'user-centredness'. Financial gain is too strong a temptation to always win irrespective of circumstances. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 31-08-17 10:14, Alessandro Selli wrote: Good news indeed! The second one this week, after this worthy attempt by puri.sm to finally produce a smartphone designed to be 100% evil-software free and GNU/Linux compatible (scheduled for release in 2019, though): https://puri.sm/shop/librem-5/ Alessandro As a owner of a BQ Aquaris E45 Ubuntu version i fully support this kind of free smartphone development. But i doubt of a linux smartphone will be functional comparable with Android or iOS within 3 to 4 years. They should use the efforts of Meego/Maemo development or work together wit Jolla. And trying to get support from one or more large smartphone makers. Until then when i have to replace my current BQ it will be a iPhone as one of the lesser evil. Grtz. Nick ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On Thu, Aug 31, 2017 at 04:03:57AM +0200, mdn wrote: > I wonder how many packages already work on power compared to X86 ? Since this is little-endian, old "power" (ie, powerpc and ppc64) won't work. Thus, you need ppc64el packages only. Binary packages in ppc64el unstable main: 53512 Binary packages in amd64 unstable main: 55586 There are probably some packages that compile but don't run but that's a tiny minority as most software is sane. The biggest exception I know is GNOME (at least as of jessie, no idea if they fixed it since) but good riddance. GNOME programs still work from a sane WM, it's only GNOME's window manager part that requires either a mid-end GPU with specific capabilities or slow software emulation, the latter working only on amd64 and i386. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!? ⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din ⠈⠳⣄ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On Wed, 30 Aug 2017 at 18:25:07 -0400 "taii...@gmx.com"wrote: > Thought I would share this! > > After what happened with TALOS 1 I can't believe they actually pulled it > off this time. > > This is truly a historic moment for computing freedom lovers - an owner > controlled open source ultra high performance workstation/server for > only a few thousand dollars. > > https://secure.raptorcs.com/ > > Note: For the non sysadmin crowd this is what dual socket performance > server/workstation hardware costs - it is designed for the power user > market - there are already many crappy owner controlled SOC's going for > a few hundred, now the performance segment has a device too. Good news indeed! The second one this week, after this worthy attempt by puri.sm to finally produce a smartphone designed to be 100% evil-software free and GNU/Linux compatible (scheduled for release in 2019, though): https://puri.sm/shop/librem-5/ Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Le 31/08/2017 03:58, zap a écrit : > On 08/30/2017 06:25 PM, taii...@gmx.com wrote: > >> Thought I would share this! >> >> After what happened with TALOS 1 I can't believe they actually pulled >> it off this time. >> >> This is truly a historic moment for computing freedom lovers - an >> owner controlled open source ultra high performance workstation/server >> for only a few thousand dollars. >> >> https://secure.raptorcs.com/ >> >> Note: For the non sysadmin crowd this is what dual socket performance >> server/workstation hardware costs - it is designed for the power user >> market - there are already many crappy owner controlled SOC's going >> for a few hundred, now the performance segment has a device too. >> > Wow, I never realized they succeeded... good for them though, talos is > probably perfect for servers wouldn't you say? and maybe desktops too if > your a developer... :) I wonder how many packages already work on power compared to X86 ? > > > >> ___ >> Dng mailing list >> Dng@lists.dyne.org >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Librement BERNARD FR: Veuillez s'il vous plaît utiliser GPG pour nos futures conversations: https://emailselfdefense.fsf.org/fr/ Si c'est email n'est pas signer, il ne vient pas de moi. ENG: Please be kind enough to use GPG for our future conversations: https://emailselfdefense.fsf.org/en/ If this email isn't PGP signed then it isn't mine. -If you can't compile it dump it. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 08/30/2017 06:25 PM, taii...@gmx.com wrote: > Thought I would share this! > > After what happened with TALOS 1 I can't believe they actually pulled > it off this time. > > This is truly a historic moment for computing freedom lovers - an > owner controlled open source ultra high performance workstation/server > for only a few thousand dollars. > > https://secure.raptorcs.com/ > > Note: For the non sysadmin crowd this is what dual socket performance > server/workstation hardware costs - it is designed for the power user > market - there are already many crappy owner controlled SOC's going > for a few hundred, now the performance segment has a device too. > Wow, I never realized they succeeded... good for them though, talos is probably perfect for servers wouldn't you say? and maybe desktops too if your a developer... :) > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng <>___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
Thought I would share this! After what happened with TALOS 1 I can't believe they actually pulled it off this time. This is truly a historic moment for computing freedom lovers - an owner controlled open source ultra high performance workstation/server for only a few thousand dollars. https://secure.raptorcs.com/ Note: For the non sysadmin crowd this is what dual socket performance server/workstation hardware costs - it is designed for the power user market - there are already many crappy owner controlled SOC's going for a few hundred, now the performance segment has a device too. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng