Re: [DNG] Talos, Intel, libre purism, ...
Quoting zap (calmst...@posteo.de): > The Sad thing is, I sometimes if it is nonsensical, or stupid, I find it > highly amusing. Isn't it just? One of the mutt MUA's (many) unsung advantages is you can often tell, merely by glancing at the threading pattern, that a thread has gone totally off the rails and is now best deleted unread. And yes, IMVAO, it's damned amusing, too. > In this case though, it was getting old though. ;/ Quite. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Talos, Intel, libre purism, ...
Quoting eric (eri...@cox.net): > That may remove some of the (off-topic?) traffic on this list even > though I do not know what is off-topic anymore. One rule of thumb I try to follow, to reduce noise, is state a specific point of contention twice at most, then exit, even if an Inevitable One insists on rearguing said topic and misrepresenting what you said (a common ploy to troll another party into continuing) -- evading the notorious 'dogfight' antipattern that otherwise ensues: 61 r + 170830 George Tirebiter (636) ,-> 62 F 170830 To George Tirebit ( 12) ,-> 63 r + 170830 George Tirebiter (520) ,-> 64 F 170830 To George Tirebit ( 16) ,-> 65 r + 170830 George Tirebiter (230) ,-> 66 F 170830 To George Tirebit ( 10) ,-> 67 r + 170830 George Tirebiter (121) ,-> ObWarGames: 'The only winning move is not to play.' IMVAO. ;-> (http://linuxmafia.com/~rick/lexicon.html#imvao)) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ascii-security Was:Re: Security updates in Devuan
> On Sep 7, 2017, at 1:54 PM, KatolaZwrote: > > These things will clear out when amprolla3 comes up. We are almost > there. The current amprolla is not merging sone suites on ascii, > including ascii-updates and ascii-proposed-updates. I’m looking forward to a big update when it finally does. I hope amprolla3 is getting the priority attention it deserves. jf -- John Franklin frank...@tux.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
Quoting taii...@gmx.com (taii...@gmx.com): > >I also find a bit questionable your going around attempting to tarnish > >the reputation of someone with a real name, while concealing your own. > Criticism isn't allowed? This is of course nothing like what I said. > I dislike when people deal with speculation instead of proven facts > when judging technical merits. Then, _address what you perceive as speculation_. Instead ttempting cheap character assassination, from behind cover of anonymity, suggests you have no real argument. > I don't use my "real" name on the internet for the same reason I > don't want a computer with ME/PSP. Once again, you are deflecting and changing the subject. I said nothing against being anonymous. I merely said that slagging reputations of real named people with unsupported derogatory allegations, especially when you refuse to name yourself, is disreputable and bogus. Of course, you don't actually need to worry about 'taii...@gmx.com' developing a bad reputation: At some point, you can just walk away from that 'nym and be someone else, which is the whole point, isn't it? It makes the character assassination ploy a bit transparent. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ascii-security Was:Re: Security updates in Devuan
On Thu, Sep 07, 2017 at 10:22:57AM -0400, fsmithred wrote: [cut] > > I think there's nothing in ascii-security and ascii-updates. The Packages > files for both are empty. (I only checked amd64.) > > In contrast to that jessie-security, jessie-updates and > jessie-proposed-updates all have packages. > > Can someone explain the difference between -security, -updates and > -proposed-updates? What goes where, and why is ascii different from > jessie? Thanks. Questions about security updates come up regularly on d1g. > These things will clear out when amprolla3 comes up. We are almost there. The current amprolla is not merging sone suites on ascii, including ascii-updates and ascii-proposed-updates. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thu, Sep 07, 2017 at 05:25:47PM +0200, Enrico Weigelt, metux IT consult wrote: > IMHO, even this discussion isn't strictly related to devuan That's why we're talking on dng not on devuan-dev. The latter is for development of Devuan specifically. The former came with the slogan "campfire for systemd refugees". > it's still related to the bigger picture, why FOSS exists at all. Why would anyone bother to use free software if you have no free hardware to run it on? Hardware with merely closed internal workings but well-defined programmer-facing specs has been so far considered acceptable, but nowadays we're faced with hardware that actively works against you! Security is simply not possible on such gear. > Actually, I'm very happy w/ the things posted here (*incl* the OTs). I'd consider a discussion of bind vs nsd, or user questions somewhat OT (even if usually helpful). I don't see how talk about direct threats towards openness of development would be against the spirit of such list -- be that replacing half of the system with an opaque unmodular blob with bugs unfixable[1] for an outsider, so are backdoors or DRM in the hardware. > Maybe we could split the list into multiple ones, for several topic > types. (eg. strictly technical ones, like packages/patches, general > discussions, etc) There's probably not enough traffic for separating user-facing stuff yet; strictly packaging stuff already has a list of its own. Also, note my sig: it has the swirl rather than the chevron in it. All of Devuan development I do migrates through Debian first. Yet I don't have a feeling of being unwelcome here. And, I guess it's up to Jaromil and co to declare what's acceptable here: they're the owners of this list after all. I do understand your anger about a spat between someone calling another poster a Purism shill while the other person derided Talos in turn. That was ugly. But, if you exclude this shout-fest, the rest of the thread was worth the electrons it came on. Meow! [1]. Taking too much effort, for someone with decent general programming skills but unfamiliar with the system in question, makes such a system too closed to be allowed to live. I'm not a kernel dev yet I can fix easy kernel problems -- no such thing with systemd. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!? ⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din ⠈⠳⣄ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Off-topic postings Was: Re: Talos, Intel, libre purism, ...
On 2017-09-07 10:31, Svante Signell wrote: On Thu, 2017-09-07 at 08:47 -0500, goli...@dyne.org wrote: On 2017-09-07 08:01, Svante Signell wrote: > > Yes, please! Even if some messages are interesting, a majority of them > are off-topic for Devuan. This list should concern user feedback, etc. For > pure development there is already list for that: devuan-dev. LOL! We had a devuan-discuss list and almost nobody used it so it was removed. Unlikely we'll go there again. Search the archives for the discussion about that event. What to do then? Maybe create a devuan-user list and forward people contributing off-topic postings on that list to this [DNG] list. This is similar to telling people writing off-topic stuff on #devuan to move to #debianfork! ___ This is not a lack-of-a-list problem. It is a human behavior problem that is not easily managed. Either participants will get a clue or not . . . golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Talos, Intel, libre purism, ...
On 2017-09-07 10:40, zap wrote: On 09/07/2017 08:11 AM, Antony Stone wrote: On Thursday 07 September 2017 at 13:59:01, Narcis Garcia wrote: This thread has now 86 posts, and I still don't see a solid contribution to Devuan project. This makes very heavy to be subscribed in a mailing list for people like me, that are looking a good alternative to Debian/Systemd, not only in software but also in community. I'm strongly inclined to agree. Perhaps we could have something like a "devuan-discuss" list for the philosophy and the disagreements, leaving this list for discussions actually directly related to developing or using Devuan? Yes! PLEASE! let's do that. :) Do you not READ this list? Been there. Done that. It failed miserably. Date: 2016-11-06 07:59 -600 To: dng Subject: [DNG] devuan-discuss is not useful, quite the opposite Why don't you start a blog or something to host mind-numbing debates like this. golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] OT: (almost), but tangentially on-topic Re: Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thursday 07 September 2017 at 17:34:48, Rowland Penny wrote: > On Fri, 8 Sep 2017 01:23:29 +1000 Erik Christiansen wrote: > > > > Losing your temper in an infantile manner is not. And it won't. > > No I didn't lose my temper, I just shouted because you lot must be deaf. Just because someone doesn't do what you say does not mean they did not hear you. Shouting is (in my opinion) ill-mannered and unlikely to achieve your objectives with the people you feel need shouting at. > > > I don't care about your drivel, it has nothing directly to do with > > > Devuan > > > > Then don't read this thread. By all means divert it to your spam > > folder, if you have the competence. > > I do have the competence, but why should I have to, why should I not > complain after 80 posts of drivel ? It's your choice to be on this list, and it's your choice whether to continue reading a thread you clearly think is irrelevant to you. I also think this thread should move elsewhere, but having expressed my opinion, if the thread continues, my next choice would simply be to ignore it. > No sorry, but at 61 years of age, I feel that I am as mature as I am > likely to get. Oh, well in that case maybe you just need to get a bigger delete key. Regards, Antony. -- Users don't know what they want until they see what they get. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ascii-security Was:Re: Security updates in Devuan
On Thu, 2017-09-07 at 10:22 -0400, fsmithred wrote: > On 09/07/2017 08:55 AM, Svante Signell wrote: > > > > I think there's nothing in ascii-security and ascii-updates. The Packages > files for both are empty. (I only checked amd64.) > > In contrast to that jessie-security, jessie-updates and > jessie-proposed-updates all have packages. > > Can someone explain the difference between -security, -updates and > -proposed-updates? What goes where, and why is ascii different from > jessie? Thanks. Questions about security updates come up regularly on d1g. In my opinion they should be as follows: ascii-security: Debian stretch security updates, filtered so that if there is an older Devuan package it cannot be installed. ascii-updates: Remove, it serves no real purpose, or? ascii-proposed-updates: Devuan packages, not yet migrated into ascii. (similar to Debian packages in sid/unstable not yet merged into testing/buster. They do migrate to testing after normally 5-10 days if no RC bugs, etc blocks them) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Talos, Intel, libre purism, ...
On 09/07/2017 08:11 AM, Antony Stone wrote: > On Thursday 07 September 2017 at 13:59:01, Narcis Garcia wrote: > >> This thread has now 86 posts, and I still don't see a solid contribution >> to Devuan project. >> This makes very heavy to be subscribed in a mailing list for people like >> me, that are looking a good alternative to Debian/Systemd, not only in >> software but also in community. > I'm strongly inclined to agree. > > Perhaps we could have something like a "devuan-discuss" list for the > philosophy and the disagreements, leaving this list for discussions actually > directly related to developing or using Devuan? > Yes! PLEASE! let's do that. :) > Antony. > <>___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] OT: (almost), but tangentially on-topic Re: Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Fri, 8 Sep 2017 01:23:29 +1000 Erik Christiansenwrote: > On 07.09.17 15:42, Rowland Penny wrote: > > On Thu, 7 Sep 2017 16:32:42 +0200 > > Adam Borowski wrote: > > > > > On Thu, Sep 07, 2017 at 11:51:46PM +1000, Erik Christiansen wrote: > > > > I have tried asking nicely > > That was wise. It might have worked. It didn't > > > WILL YOU SHUTUP!!! > > Losing your temper in an infantile manner is not. And it won't. No I didn't lose my temper, I just shouted because you lot must be deaf. > > > I don't care about your drivel, it has nothing directly to do with > > Devuan > > Then don't read this thread. By all means divert it to your spam > folder, if you have the competence. I do have the competence, but why should I have to, why should I not complain after 80 posts of drivel ? > > All lists tolerate a modicum of OT traffic - especially when it is > tangentially on-topic, as is discussion of security risks when running > linux. It is an act of consideration to flag such posts with "OT:", > and that allows one procmail or MUA rule to screen all such traffic. A modicum, you call over 80 posts a modicum ? Am I suppose to wait until it gets to rival Tolstoy's War and Peace before complaining ? > > But your whining, and the traffic which it might take to help you > achieve a little more maturity is OT. So it might be useful for you to > desist. No sorry, but at 61 years of age, I feel that I am as mature as I am likely to get. Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On 07.09.2017 16:12, Erik Christiansen wrote: If the firewall is on a FPGA, then we know what every gate is doing, as we have the VHDL source for it. An purely FPGA-based firewall (w/o an cpu in it), specifically synthesized for a given ruleset seems an very interesting approach. Anyone here w/ some practical vhdl experience ? --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Off-topic postings Was: Re: Talos, Intel, libre purism, ...
On Thu, 2017-09-07 at 08:47 -0500, goli...@dyne.org wrote: > On 2017-09-07 08:01, Svante Signell wrote: > > > > Yes, please! Even if some messages are interesting, a majority of them > > are off-topic for Devuan. This list should concern user feedback, etc. For > > pure development there is already list for that: devuan-dev. > LOL! We had a devuan-discuss list and almost nobody used it so it was > removed. Unlikely we'll go there again. Search the archives for the > discussion about that event. What to do then? Maybe create a devuan-user list and forward people contributing off-topic postings on that list to this [DNG] list. This is similar to telling people writing off-topic stuff on #devuan to move to #debianfork! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME
On Thu, 7 Sep 2017 17:12:25 +0200 Edward Bartolowrote: > Quote: "Please take this discussion somewhere else, it has NOTHING to > do with Devuan" > > This discussion has taught me that Intel CPUs from 2008 onwards also > come with GRATIS but QUESTIONABLE functionalities, that many including > myself, frown upon. > > If there are non-risky hacks that readers can use to 'harden' their > computer against this unwelcome feature, please go ahead and provide > it, even here. This has to do with Devuan as it has to do with > security. Sorry Edward, but this doesn't really have anything to do with Devuan OS directly and if it was just a mention of a 'feature', I could live with it. This topic, like several others lately, just goes on and on and on. It is just clogging my email with something I not that interested in (well not to the extent it has been discussed here). If you are going to mention something not directly to do with Devuan, then do just that, mention it and move on, don't chew it over and over. If you feel you should have a major discourse about it, then do it of list! Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On 07.09.2017 16:42, Rowland Penny wrote: On Thu, 7 Sep 2017 16:32:42 +0200 Adam Borowskiwrote: On Thu, Sep 07, 2017 at 11:51:46PM +1000, Erik Christiansen wrote: I have tried asking nicely WILL YOU SHUTUP!!! hey, please calm down. IMHO, even this discussion isn't strictly related to devuan, it's still related to the bigger picture, why FOSS exists at all. Actually, I'm very happy w/ the things posted here (*incl* the OTs). Maybe we could split the list into multiple ones, for several topic types. (eg. strictly technical ones, like packages/patches, general discussions, etc) --mtx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] OT: (almost), but tangentially on-topic Re: Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On 07.09.17 15:42, Rowland Penny wrote: > On Thu, 7 Sep 2017 16:32:42 +0200 > Adam Borowskiwrote: > > > On Thu, Sep 07, 2017 at 11:51:46PM +1000, Erik Christiansen wrote: > > I have tried asking nicely That was wise. It might have worked. > WILL YOU SHUTUP!!! Losing your temper in an infantile manner is not. And it won't. > I don't care about your drivel, it has nothing directly to do with > Devuan Then don't read this thread. By all means divert it to your spam folder, if you have the competence. All lists tolerate a modicum of OT traffic - especially when it is tangentially on-topic, as is discussion of security risks when running linux. It is an act of consideration to flag such posts with "OT:", and that allows one procmail or MUA rule to screen all such traffic. But your whining, and the traffic which it might take to help you achieve a little more maturity is OT. So it might be useful for you to desist. HAND. Erik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
Quote: "Please take this discussion somewhere else, it has NOTHING to do with Devuan" This discussion has taught me that Intel CPUs from 2008 onwards also come with GRATIS but QUESTIONABLE functionalities, that many including myself, frown upon. If there are non-risky hacks that readers can use to 'harden' their computer against this unwelcome feature, please go ahead and provide it, even here. This has to do with Devuan as it has to do with security. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thu, 7 Sep 2017 16:32:42 +0200 Adam Borowskiwrote: > On Thu, Sep 07, 2017 at 11:51:46PM +1000, Erik Christiansen wrote: I have tried asking nicely WILL YOU SHUTUP!!! I don't care about your drivel, it has nothing directly to do with Devuan Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thu, Sep 07, 2017 at 11:51:46PM +1000, Erik Christiansen wrote: > On 07.09.17 13:32, Adam Borowski wrote: > > On Thu, Sep 07, 2017 at 09:17:20PM +1000, Erik Christiansen wrote: > > > If our hosts cannot be trusted not to phone home to folk wearing dark > > > glasses, then would it not suffice to employ a simple embedded host with > > > a small die, such as an ARM, e.g. Beaglebone Black, as a firewall? > > > > It's not hard to trigger a backdoor using a higher level protocol, from > > Javascript, etc. > > But no-one who is awake would enable java or any of that stuff on a firewall. > Back doors on the LAN can't phone home through a minimal-silicon RISC > embedded firewall which is just too small to contain any secondary CPU. > It just needs to run a minimal kernel with packet routing capability. > Everything else is a door into vacuum. You don't make a separate TCP connection, you put it into a stream the user already has. And no firewall can distinguish a https connection from another, other that the destination (the black glasses guys won't use a .nsa.gov server) or perhaps some flow patterns if you tunnel certain long-lived protocols inside the https connection -- which isn't possible if they use anything that resembles a typical browsing session. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!? ⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din ⠈⠳⣄ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ascii-security Was:Re: Security updates in Devuan
On 09/07/2017 08:55 AM, Svante Signell wrote: > On Thu, 2017-09-07 at 21:07 +0900, Olaf Meeuwissen wrote: >> Hi John, >> >> John Franklin writes: >> >>> I’ve seen several security alerts from Debian, but no matching >>> updates in Devuan. For example, the “file" package has >>> CVE-2017-1000249, released yesterday. >>> For the stable distribution (stretch), this problem has been fixed in version 1:5.30-1+deb9u1. > >> Uhm, Devuan ascii is testing. I'd think that doesn't get any security >> upgrades, just like Debian's testing (buster) doesn't get any. > > No, Devuan ascii is stretch, i.e. Debian stable. > > This upgrade should be available, but isn't: > Adding to /etc/apt/sources.list, > deb http://auto.mirror.devuan.org/merged ascii-security main > does not make it available: > apt-cache policy file > file: > Installed: 1:5.30-1 > Candidate: 1:5.30-1 > Version table: > *** 1:5.30-1 991 > 991 http://auto.mirror.devuan.org/merged ascii/main i386 Packages > 100 /var/lib/dpkg/status > ___ My sources.list is bigger than yours, and I see the same thing for file, but I know of two other cases in which the patched version found in stretch security is in ascii-proposed-updates - apache2: 2.4.25-3+deb9u2 0 10 http://security.debian.org/ stretch/updates/main amd64 Packages 100 http://auto.mirror.devuan.org/merged/ ascii-proposed-updates/main amd64 Packages chromium: 60.0.3112.78-1~deb9u1 0 10 http://security.debian.org/ stretch/updates/main amd64 Packages 100 http://auto.mirror.devuan.org/merged/ ascii-proposed-updates/main amd64 Packages I think there's nothing in ascii-security and ascii-updates. The Packages files for both are empty. (I only checked amd64.) In contrast to that jessie-security, jessie-updates and jessie-proposed-updates all have packages. Can someone explain the difference between -security, -updates and -proposed-updates? What goes where, and why is ascii different from jessie? Thanks. Questions about security updates come up regularly on d1g. fsmithred ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Fri, 8 Sep 2017 00:12:02 +1000 Erik Christiansenwrote: > On 07.09.17 14:05, Alessandro Selli wrote: > > ROMB is the ROM Bypass and that too is builtin the PCH chip: > > Erik Excuse me, but can you lot not take a hint ??? Please take this discussion somewhere else, it has NOTHING to do with Devuan Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Docker on Devuan?
On 2017-09-07 07:22, Olaf Meeuwissen wrote: Hi Ozi, Ozi Traveller writes: Just wondering whether anyone has managed to get docker installed on Devuan? If so, how? And are you getting docker updates as well? Have a look at my blog post[1] on this topic ;-) [1]: https://paddy-hack.gitlab.io/posts/sandwiching-docker-with-devuan/ I basically just use the vendor provided package for Debian. Works fine so far. I've also put together a Devuan base image and have a few issues[2] that I plan to work on in the not too distant future. [2]: https://gitlab.com/paddy-hack/devuan/issues Hope this helps, Would you consider moving that to git.devuan.org? Would make it easier for devuan users to find. golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On 07.09.17 14:05, Alessandro Selli wrote: > ROMB is the ROM Bypass and that too is builtin the PCH chip: > > Loading starts with the ROM program, which is contained in the > built-in PCH read-only memory. Unfortunately, no way to read or > rewrite this memory is known to the general public. However, one can > find pre-release versions of ME firmware on the Internet containing > the ROMB (ROM BYPASS) section which, as we can assume, duplicates the > functionality of ROM. Many thanks Alessandro for elucidating that. I'm experiencing some culture shock on reading it. I have not made a survey of the open source CPU cores implemented on FPGAs, but a quick "fpga linux board" google shows multiple candidates. Running a minimal kernel with little more than packet routing filtering and a local management interface - console only if we're paranoid, means we _are_ in full control of all network traffic in and out of out LAN. (I do not plan to use wlan.) Presumably all externally initiated connections are already blocked. Then if we only allow outgoing connections to whitelisted IPs, we're beginning to make things more difficult for snoops. Vulnerabilities on our hardware-compromised hosts are less exploitable if they can't be reached, I figure. If the firewall is on a FPGA, then we know what every gate is doing, as we have the VHDL source for it. Erik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On 07.09.17 13:32, Adam Borowski wrote: > On Thu, Sep 07, 2017 at 09:17:20PM +1000, Erik Christiansen wrote: > > If our hosts cannot be trusted not to phone home to folk wearing dark > > glasses, then would it not suffice to employ a simple embedded host with > > a small die, such as an ARM, e.g. Beaglebone Black, as a firewall? > > It's not hard to trigger a backdoor using a higher level protocol, from > Javascript, etc. But no-one who is awake would enable java or any of that stuff on a firewall. Back doors on the LAN can't phone home through a minimal-silicon RISC embedded firewall which is just too small to contain any secondary CPU. It just needs to run a minimal kernel with packet routing capability. Everything else is a door into vacuum. Erik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Talos, Intel, libre purism, ...
On 2017-09-07 08:01, Svante Signell wrote: On Thu, 2017-09-07 at 14:11 +0200, Antony Stone wrote: On Thursday 07 September 2017 at 13:59:01, Narcis Garcia wrote: > This thread has now 86 posts, and I still don't see a solid contribution > to Devuan project. > This makes very heavy to be subscribed in a mailing list for people like > me, that are looking a good alternative to Debian/Systemd, not only in > software but also in community. I'm strongly inclined to agree. Perhaps we could have something like a "devuan-discuss" list for the philosophy and the disagreements, leaving this list for discussions actually directly related to developing or using Devuan? Yes, please! Even if some messages are interesting, a majority of them are off- topic for Devuan. This list should concern user feedback, etc. For pure development there is already list for that: devuan-dev. ___ LOL! We had a devuan-discuss list and almost nobody used it so it was removed. Unlikely we'll go there again. Search the archives for the discussion about that event. It started here: Date: 2016-11-06 07:59 -600 To: dng Subject: [DNG] devuan-discuss is not useful, quite the opposite More lists is not a solution for poor judgment on the part of list participants who always try to have the last word in some ridiculous hair-splitting debate that is often off-topic. golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Talos, Intel, libre purism, ...
On Thu, 2017-09-07 at 14:11 +0200, Antony Stone wrote: > On Thursday 07 September 2017 at 13:59:01, Narcis Garcia wrote: > > > This thread has now 86 posts, and I still don't see a solid contribution > > to Devuan project. > > This makes very heavy to be subscribed in a mailing list for people like > > me, that are looking a good alternative to Debian/Systemd, not only in > > software but also in community. > > I'm strongly inclined to agree. > > Perhaps we could have something like a "devuan-discuss" list for the > philosophy and the disagreements, leaving this list for discussions actually > directly related to developing or using Devuan? Yes, please! Even if some messages are interesting, a majority of them are off- topic for Devuan. This list should concern user feedback, etc. For pure development there is already list for that: devuan-dev. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] ascii-security Was:Re: Security updates in Devuan
On Thu, 2017-09-07 at 21:07 +0900, Olaf Meeuwissen wrote: > Hi John, > > John Franklin writes: > > > I’ve seen several security alerts from Debian, but no matching > > updates in Devuan. For example, the “file" package has > > CVE-2017-1000249, released yesterday. > > > > > For the stable distribution (stretch), this problem has been fixed in > > > version 1:5.30-1+deb9u1. > Uhm, Devuan ascii is testing. I'd think that doesn't get any security > upgrades, just like Debian's testing (buster) doesn't get any. No, Devuan ascii is stretch, i.e. Debian stable. This upgrade should be available, but isn't: Adding to /etc/apt/sources.list, deb http://auto.mirror.devuan.org/merged ascii-security main does not make it available: apt-cache policy file file: Installed: 1:5.30-1 Candidate: 1:5.30-1 Version table: *** 1:5.30-1 991 991 http://auto.mirror.devuan.org/merged ascii/main i386 Packages 100 /var/lib/dpkg/status ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Docker on Devuan?
Hi Ozi, Ozi Traveller writes: > Just wondering whether anyone has managed to get docker installed on Devuan? > > If so, how? And are you getting docker updates as well? Have a look at my blog post[1] on this topic ;-) [1]: https://paddy-hack.gitlab.io/posts/sandwiching-docker-with-devuan/ I basically just use the vendor provided package for Debian. Works fine so far. I've also put together a Devuan base image and have a few issues[2] that I plan to work on in the not too distant future. [2]: https://gitlab.com/paddy-hack/devuan/issues Hope this helps, -- Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Softwarehttps://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Security updates in Devuan
Hi John, John Franklin writes: > I’ve seen several security alerts from Debian, but no matching > updates in Devuan. For example, the “file" package has > CVE-2017-1000249, released yesterday. > >> For the stable distribution (stretch), this problem has been fixed in >> version 1:5.30-1+deb9u1. >> >> For the unstable distribution (sid), this problem has been fixed in >> version 1:5.32-1. > > But, on a Devuan Ascii VM: Uhm, Devuan ascii is testing. I'd think that doesn't get any security upgrades, just like Debian's testing (buster) doesn't get any. In addition, this particular DSA doesn't mention fixes for oldstable so I would not expect Devuan's jessie to get any security upgrade either. Looks like you'll have to wait until whatever hit unstable trickles down to testing. > [...] > > Maybe this one is too new, but the “apache2" package has > CVE-2017-9788 released July 18th, 2017. > >> For the oldstable distribution (jessie), this problem has been fixed >> in version 2.4.10-10+deb8u10. >> >> For the stable distribution (stretch), this problem has been fixed in >> version 2.4.25-3+deb9u2. >> >> For the unstable distribution (sid), this problem has been fixed in >> version 2.4.27-1. > > The latest apache2 in Ascii is 2.4.25-3+deb9u1. On my Devuan jessie I get this $ apt-cache policy apache2 apache2: Installed: (none) Candidate: 2.4.10-10+deb8u10 Version table: 2.4.10-10+deb8u10 0 500 http://auto.mirror.devuan.org/merged/ jessie-security/main amd64 Packages 2.4.10-10+deb8u9 0 500 http://auto.mirror.devuan.org/merged/ jessie/main amd64 Packages This matches what is available for Debian's jessie (oldstable). Hope this helps, -- Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Softwarehttps://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Talos, Intel, libre purism, ...
On Thu, 7 Sep 2017 13:59:01 +0200 Narcis Garciawrote: > This thread has now 86 posts, and I still don't see a solid > contribution to Devuan project. > This makes very heavy to be subscribed in a mailing list for people > like me, that are looking a good alternative to Debian/Systemd, not > only in software but also in community. > > Totally agree with the sentiments of the above post. Can we please keep to posts that are relevant to Devuan. If you want to have philosophical discussions about Open source, can you please do it somewhere else. Rowland Penny ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Talos, Intel, libre purism, ...
On Thursday 07 September 2017 at 13:59:01, Narcis Garcia wrote: > This thread has now 86 posts, and I still don't see a solid contribution > to Devuan project. > This makes very heavy to be subscribed in a mailing list for people like > me, that are looking a good alternative to Debian/Systemd, not only in > software but also in community. I'm strongly inclined to agree. Perhaps we could have something like a "devuan-discuss" list for the philosophy and the disagreements, leaving this list for discussions actually directly related to developing or using Devuan? Antony. -- Wanted: telepath. You know where to apply. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thu, 7 Sep 2017 at 13:41:25 +0200 Alessandro Selliwrote: > On Thu, 7 Sep 2017 at 21:17:20 +1000 > Erik Christiansen wrote: > > > The notion of an extra embedded CPU or two on big Intel chips is not > > difficult to credit, but where is the postulated entire minix OS loaded > > from? > > It's in the report by the Positive Technologies team: > http://blog.ptsecurity.com/2017/08/disabling-intel-me.html > > We see increasing interest in Intel ME internals from researchers > all over the world. One of the reasons is the transition of this > subsystem to new hardware (x86) and software (modified MINIX as an > operating system). The x86 platform allows researchers to make use > of the full power of binary code analysis tools. Previously, firmware > analysis was difficult because earlier versions of ME were based on > an ARCompact microcontroller with an unfamiliar set of instructions. Sorry, i think I misinterpreted your question. Did you ask where in the Intel hardware is the Minix OS loaded from? In the above report I read that: Similarly, we are sure that the ROM integrated into the PCH is practically the same as ROMB, which also does not contain any code allowing an exit from HAP mode. PCH is the Platform Controller Hub: Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer. The "set of built-in peripherals" most notably include the ethernet and the WiFi controllers, depending on the specific chips involved. ROMB is the ROM Bypass and that too is builtin the PCH chip: Loading starts with the ROM program, which is contained in the built-in PCH read-only memory. Unfortunately, no way to read or rewrite this memory is known to the general public. However, one can find pre-release versions of ME firmware on the Internet containing the ROMB (ROM BYPASS) section which, as we can assume, duplicates the functionality of ROM. Bye, -- Alessandro Selli http://alessandro.route-add.net VOIP SIP: dhatarat...@ekiga.net Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Talos, Intel, libre purism, ...
This thread has now 86 posts, and I still don't see a solid contribution to Devuan project. This makes very heavy to be subscribed in a mailing list for people like me, that are looking a good alternative to Debian/Systemd, not only in software but also in community. El 07/09/17 a les 13:43, Didier Kryn ha escrit: > Le 07/09/2017 à 10:48, taii...@gmx.com a écrit : >> On 09/07/2017 04:30 AM, Alessandro Selli wrote: >> >>> On Wed, 6 Sep 2017 at 17:12:27 -0400 >>> zapwrote: >>> Agreed! Talos is at least *LIBRE!* >>>No, it ain't: >>> https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ >>> >>> "BMCs and the IPMI Protocol >>> >>> Baseboard Management Controllers (BMCs) are a type of embedded >>> computer used to provide out-of-band monitoring for desktops and >>> servers. These products are sold under many brand names, >>> including HP >>> iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, *IBM IMM*, and Supermicro >>> IPMI." >>> >>>IBM stuff is plagued by embedded controlware, too. > > > Alessandro, I've read that thread with great interest and I think > you forgot a "detail": BMC software is open on IBM Power, meaning you > can replace it by your own, or patch the existant if you prefer. > > Wether there is yet another backdoor is only a supposition and it > applies to everything you can buy, not specifically IBM. At least, if > there is one, it is known only to the manufacturer and the 3-letter > agencies, not to the general hacker. And I'm optimistic because of the > following law: the time of life of a secret decreases when the number of > persons who share it increases, and in this case there must be a number > of engineers. > > Didier > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
Le 07/09/2017 à 10:48, taii...@gmx.com a écrit : On 09/07/2017 04:30 AM, Alessandro Selli wrote: On Wed, 6 Sep 2017 at 17:12:27 -0400 zapwrote: Agreed! Talos is at least *LIBRE!* No, it ain't: https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ "BMCs and the IPMI Protocol Baseboard Management Controllers (BMCs) are a type of embedded computer used to provide out-of-band monitoring for desktops and servers. These products are sold under many brand names, including HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, *IBM IMM*, and Supermicro IPMI." IBM stuff is plagued by embedded controlware, too. Alessandro, I've read that thread with great interest and I think you forgot a "detail": BMC software is open on IBM Power, meaning you can replace it by your own, or patch the existant if you prefer. Wether there is yet another backdoor is only a supposition and it applies to everything you can buy, not specifically IBM. At least, if there is one, it is known only to the manufacturer and the 3-letter agencies, not to the general hacker. And I'm optimistic because of the following law: the time of life of a secret decreases when the number of persons who share it increases, and in this case there must be a number of engineers. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thu, 7 Sep 2017 at 21:17:20 +1000 Erik Christiansenwrote: > The notion of an extra embedded CPU or two on big Intel chips is not > difficult to credit, but where is the postulated entire minix OS loaded > from? It's in the report by the Positive Technologies team: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html We see increasing interest in Intel ME internals from researchers all over the world. One of the reasons is the transition of this subsystem to new hardware (x86) and software (modified MINIX as an operating system). The x86 platform allows researchers to make use of the full power of binary code analysis tools. Previously, firmware analysis was difficult because earlier versions of ME were based on an ARCompact microcontroller with an unfamiliar set of instructions. > If our hosts cannot be trusted not to phone home to folk wearing dark > glasses, They do not just that they phone home, the worst part is that they pick up the phone, your phone! > then would it not suffice to employ a simple embedded host with > a small die, such as an ARM, e.g. Beaglebone Black, as a firewall? Maybe, but it's difficult to know exactly what triggers the numerous ME modules and functions of a running system - it's best disabling everything at boot time. You are supposed to filter both incoming and outgoing traffic, which is not very easy when you do not know what you need to block. Plus, I do not remember where I read it, but there are functions in WiFi AP/DSL modems that were found to have backdoors that are triggered by a precise sequence of IP packets the unit receives where both headers and payload matter, which makes for a complicated deep packet inspection firewall that you need to set up. What we actually need is Openhardware products ready to supplant current off-the-shelf proprietary chips and controllers. -- Alessandro Selli http://alessandro.route-add.net VOIP SIP: dhatarat...@ekiga.net Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thu, Sep 07, 2017 at 09:17:20PM +1000, Erik Christiansen wrote: > If our hosts cannot be trusted not to phone home to folk wearing dark > glasses, then would it not suffice to employ a simple embedded host with > a small die, such as an ARM, e.g. Beaglebone Black, as a firewall? It's not hard to trigger a backdoor using a higher level protocol, from Javascript, etc. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!? ⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din ⠈⠳⣄ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
The notion of an extra embedded CPU or two on big Intel chips is not difficult to credit, but where is the postulated entire minix OS loaded from? If our hosts cannot be trusted not to phone home to folk wearing dark glasses, then would it not suffice to employ a simple embedded host with a small die, such as an ARM, e.g. Beaglebone Black, as a firewall? Buy two, take the lid off the chip on one, to confirm that there's only enough silicon complexity to provide one RISC CPU, and paranoia might be able to be reigned in. With a microscope, purely optical or USB, it is not that hard to identify recognisable structures such as ALU, registers, ROM, etc. Any second CPU capable of running a TCP stack would show up. If that's not enough, then an ethernet sniffer running on unsubvertible low level 16 bit embedded hardware, running a low level RTOS, could monitor traffic to the firewall, logging all destination IPs, protocol, etc., revealing unwarranted traffic. Conspiracy theories are lotsa fun, but if there's a problem with substance, then restoring user control needn't be that hard, I figure. Erik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thu, 7 Sep 2017 at 06:29:59 -0400 "taii...@gmx.com"wrote: > On 09/07/2017 05:01 AM, Rick Moen wrote: > >> Quoting taii...@gmx.com (taii...@gmx.com): >> >> [speaking to Alessandro Selli] >> >>> You are constantly defending them and snubbing your nose at superior >>> products so it is obvious you work for purism. >> Can I ask for a bit more civility, please? Mr. Selli is a fairly >> passionate free software person, more than adequately accounting for his >> views, which I respect even though we have sometimes disagreed rather >> strongly. There is zero justification for attributing ulterior motives >> to him. >> >> I also find a bit questionable your going around attempting to tarnish >> the reputation of someone with a real name, while concealing your own. > Criticism isn't allowed? I dislike when people deal with speculation > instead of proven facts when judging technical merits. I provided links and quotes to back what I wrote. Of course I could still be wrong, but your criticism was not based on anything factual - at least you did not provide facts to back your claims. > Could POWER have an undocumented backdoor? Of course - anything is > possible when it comes to something that complex. > Do modern x86 processors have one that is impossible to remove? That is > a proven fact. * Does POWER have an undocumented backdoor? Of course, that is a proven fact. * Could they be disabled or at least partially removed? No one knows. * Do modern x86 processors have undocumented backdoor? Of course, that is a proven fact. * Could they be disabled or at least partially removed? Yes, as Rick Moen reported on Thu, 31 Aug 2017 21:46:39 -0700 documenting his claims and quoting the works of the Positive Technologies team. > I don't use my "real" name on the internet for the same reason I don't > want a computer with ME/PSP. No one can hack your brain remotely because they know your real name. Concealing it just makes whatever you claim dubious and unverifiable without third-party documentation - that you *always* fail producing. Greetings, -- Alessandro Selli http://alessandro.route-add.net VOIP SIP: dhatarat...@ekiga.net Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On 09/07/2017 05:01 AM, Rick Moen wrote: Quoting taii...@gmx.com (taii...@gmx.com): [speaking to Alessandro Selli] You are constantly defending them and snubbing your nose at superior products so it is obvious you work for purism. Can I ask for a bit more civility, please? Mr. Selli is a fairly passionate free software person, more than adequately accounting for his views, which I respect even though we have sometimes disagreed rather strongly. There is zero justification for attributing ulterior motives to him. I also find a bit questionable your going around attempting to tarnish the reputation of someone with a real name, while concealing your own. Criticism isn't allowed? I dislike when people deal with speculation instead of proven facts when judging technical merits. Could POWER have an undocumented backdoor? Of course - anything is possible when it comes to something that complex. Do modern x86 processors have one that is impossible to remove? That is a proven fact. I don't use my "real" name on the internet for the same reason I don't want a computer with ME/PSP. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thu, 7 Sep 2017 at 04:48:43 -0400 "taii...@gmx.com"wrote: > On 09/07/2017 04:30 AM, Alessandro Selli wrote: > >> On Wed, 6 Sep 2017 at 17:12:27 -0400 >> zap wrote: >> >>> Agreed! Talos is at least *LIBRE!* >>No, it ain't: >> https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ >> >> "BMCs and the IPMI Protocol >> >> Baseboard Management Controllers (BMCs) are a type of embedded >> computer used to provide out-of-band monitoring for desktops and >> servers. These products are sold under many brand names, >> including HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, *IBM IMM*, and >> Supermicro IPMI." >> >>IBM stuff is plagued by embedded controlware, too. > > Uhh no it is Yes it is. > There is a major difference between ME/PSP and IBM's POWER-BMC - One is > open source and owner controlled the other two aren't. Anything from IBM and Power-related is proprietary. Again, could you show us blueprints of the CPU and the Remote Supervisor Adapter present in IBm's chipsets? > On 09/06/2017 07:18 PM, Alessandro Selli wrote: > >> On 06/09/2017 at 19:15, taii...@gmx.com wrote: >>> On 09/06/2017 06:36 AM, Alessandro Selli wrote: >>> The steep price. >>> Uhh the laptops you guys are selling now cost just as much as TALOS... >>"you" whom? I am not a seller. > You are constantly defending No, I reported of what they are doing, providing quotations. > them and snubbing your nose at superior > products No, I am only pointing out anything you wrote about the supposed superiority of TALOS is faith-based. > so it is obvious you work for purism. You are constantly defending TALOS and their products based on proprietary, closed-source hardware from a single producer that has decades-log strong relationships with the US military and is known to put remote-control hardware and software in their products that cannot be disabled AFAIK. So, it is obvious you work for TALOS. >>> only they aren't owner controlled. >>That you know of. I remember IBM has always been one of the top USA >> military's purveyors: >> >> http://newspaperarchives.vassar.edu/cgi-bin/vassar?a=d=miscellany19700206-01.2.13 >> >> "In fiscal 1909, IBM contracted for $257,000,000.00 worth of its >> products with the United States Department of Defense. 4 The importance >> of IBM's military role has grown with the computerization of the >> American war effort in Vietnam." (1909 is probably an OCR error, there >> are many in the piece; it could be 1969). >> >>I very doubt material from IBM can be thought of being >> freedom-and-liberty loving and exempt from any governmental-friendly >> "features". They just don't put it in their public spec sheets like >> Intel does. > Ahh oh well shucks looks like I had better buy a purism right? at least > then I know for a fact that there is a hardware level backdoor and can > act accordingly! You could buy a costlier product from TALOS and get yourself a system with hardware backdoors that, differently from Intel's, cannot be disabled (at least no one knows how to do it). Enjoy your golden privacy- and freedom-denying cage by Big Blue. -- Alessandro Selli http://alessandro.route-add.net VOIP SIP: dhatarat...@ekiga.net Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
Quoting taii...@gmx.com (taii...@gmx.com): [speaking to Alessandro Selli] > You are constantly defending them and snubbing your nose at superior > products so it is obvious you work for purism. Can I ask for a bit more civility, please? Mr. Selli is a fairly passionate free software person, more than adequately accounting for his views, which I respect even though we have sometimes disagreed rather strongly. There is zero justification for attributing ulterior motives to him. I also find a bit questionable your going around attempting to tarnish the reputation of someone with a real name, while concealing your own. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On 09/07/2017 04:30 AM, Alessandro Selli wrote: On Wed, 6 Sep 2017 at 17:12:27 -0400 zapwrote: Agreed! Talos is at least *LIBRE!* No, it ain't: https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ "BMCs and the IPMI Protocol Baseboard Management Controllers (BMCs) are a type of embedded computer used to provide out-of-band monitoring for desktops and servers. These products are sold under many brand names, including HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, *IBM IMM*, and Supermicro IPMI." IBM stuff is plagued by embedded controlware, too. Uhh no it is There is a major difference between ME/PSP and IBM's POWER-BMC - One is open source and owner controlled the other two aren't. On 09/06/2017 07:18 PM, Alessandro Selli wrote: On 06/09/2017 at 19:15, taii...@gmx.com wrote: On 09/06/2017 06:36 AM, Alessandro Selli wrote: The steep price. Uhh the laptops you guys are selling now cost just as much as TALOS... "you" whom? I am not a seller. You are constantly defending them and snubbing your nose at superior products so it is obvious you work for purism. only they aren't owner controlled. That you know of. I remember IBM has always been one of the top USA military's purveyors: http://newspaperarchives.vassar.edu/cgi-bin/vassar?a=d=miscellany19700206-01.2.13 "In fiscal 1909, IBM contracted for $257,000,000.00 worth of its products with the United States Department of Defense. 4 The importance of IBM's military role has grown with the computerization of the American war effort in Vietnam." (1909 is probably an OCR error, there are many in the piece; it could be 1969). I very doubt material from IBM can be thought of being freedom-and-liberty loving and exempt from any governmental-friendly "features". They just don't put it in their public spec sheets like Intel does. Ahh oh well shucks looks like I had better buy a purism right? at least then I know for a fact that there is a hardware level backdoor and can act accordingly! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thu, 7 Sep 2017 at 10:30:39 +0200 Alessandro Selliwrote: > On Wed, 6 Sep 2017 at 17:12:27 -0400 > zap wrote: > > > Agreed! Talos is at least *LIBRE!* > > No, it ain't: > https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ > > "BMCs and the IPMI Protocol > > Baseboard Management Controllers (BMCs) are a type of embedded > computer used to provide out-of-band monitoring for desktops and > servers. These products are sold under many brand names, including > HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, *IBM IMM*, and Supermicro > IPMI." > > IBM stuff is plagued by embedded controlware, too. More info: https://www.ibm.com/support/knowledgecenter/STAV45/com.ibm.sonas.doc/imm_users_guide_60y1465.pdf IMM features The IMM provides the following functions: ° Around-the-clock remote access and management of your server ° Remote management independent of the status of the managed server ° Remote control of hardware and operating systems ° Web-based management with standard Web browsers So much for the idea such a thing as a a freedom-loving and people's rights and privacy respectfull technocorporation could exist. Greetings, -- Alessandro Selli http://alessandro.route-add.net VOIP SIP: dhatarat...@ekiga.net Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Wed, 6 Sep 2017 at 17:12:27 -0400 zapwrote: > Agreed! Talos is at least *LIBRE!* No, it ain't: https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ "BMCs and the IPMI Protocol Baseboard Management Controllers (BMCs) are a type of embedded computer used to provide out-of-band monitoring for desktops and servers. These products are sold under many brand names, including HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, *IBM IMM*, and Supermicro IPMI." IBM stuff is plagued by embedded controlware, too. -- Alessandro Selli http://alessandro.route-add.net VOIP SIP: dhatarat...@ekiga.net Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng