Re: Intel CPU (in)security

2020-05-15 Thread Герман Содатов


 
 
> Fortunately, the people who could possibly order intel to do something
> like this doesn't care about your pirated movies, and it would be a PR
> nightmare if Intel actually used the power they have for anything less
> than national security, since the risk of something leaking would be
> too large.
 
Some people, most likely secret services working for corporations tried many 
times to make obstacles to his work including (but not limited to):
1) Electromagnetic attacks on his computer which made its work slower, buses 
could not operate on full speed, network worked at 100 mbits instead of 1 
gbits, many devices failed to work. Sometimes it was even difficult to boot the 
system after several continuous power cycles, it did not depend on a specific 
hardware operability, the same happened even if the hardware was replaced.
2) Targeted EMI attacks on his disk, most likely some wrong data was injected 
into SATA channel which was always noticed by ZFS pool and sometimes even led 
to pool crash. The same happen at his job to backup and mail server.
Shorter SATA cables helped to stop this.
3) Attacks on chips in new SATA controller most likely via radio channel led to 
a half of the pool mirrors lost temporary
4) Video records in zone minder were deleted periodically
5) Many voice records available including today when his mother indicated pain 
in her body
6) On Russian forums these criminal morons threaten him for his mother health.
It is called ganstalking against targeted individuals.
 
According to Russian laws almost each episode of their activity shall be 
punished by bringing them to prison for a few years.
And taking into account this a group of people - a criminal band and very many 
episodes, they must be jailed for the whole their life to avoid hurting lawful 
people.
They shall be deported from Russia  and never allowed to return back.
The information discussed here about Intel CPUs is taken from public forums, he 
did not stole it from an Intel laboratory.
Almost anyone using X86 hardware threatens its own country national security in 
favor of western financial security, since corruption in Russia is often 
supported and defended by secret services operating backdoors in popular 
computers in their own interests just to cover stealing money from the country.
 


re: fw_update verify firmware?

2020-05-15 Thread Герман Содатов


>    This has nothing to do with OpenBSD.
 
If OpenBSD would have a switch to disable usage of all BLOBs provided by OBSD 
at once on an user desire.
Does OpenBSD have any other BLOBs except firmwares which can be 
deleted/renamed/moved?
>     Please read your own statement. You aren't qualified to assert your
     opinion in this group, humble or not.

He does not assert, but rather trying to find a truth which is very difficult 
in a security area because
most agencies trying to hide such info and even often promote intentional 
misleading false on this topic.

>   It's not our job to turn you into a security expert.
 
Nobody's trying to force you to share knowledge, it is on your own will, up to 
you.
If someone else would ask that questions would you take it easier?
>   If you value the work that OpenBSD does to protect your security, use it. 
> If you don't, use something else.

As it is obvious from a discussion he still evaluating OpenBSD, that is the 
reason of his many questions.

>    Please. We aren't here to win you over.
 
Actually it does not matter for him win you him or not, he just wants to make a 
good choice, though it seems there is no other variants for him except paid 
grsec + his time spent on hardening the whole installation with grsec.
Btw, an idea of hardening processes by their own declaration like unveil, 
pledge, etc. looks very nice.
>Some of us are kinda tired of your flood of queries asking for yet another 
>opinion on often and widely discussed topics.
It is very hard times now when shameless corporations attack single persons, 
thanks for understanding, he is his line of defense.

>     ...and you won't find much modern hardware that it works on.

He does NOT need much hardware also he does NOT need modern hardware and he 
does NOT need a shiny superfast desktop.
Very slow secure OS on a very slow ancient hardware which can protect him is 
many many times better than any modern super expensive server if it would be 
even a free gift.

>     Oh, btw...if I recall properly, a lot of CPU security fixes are     
> distributed as firmware microcode updates that have to be loaded by the      
> OS. So... being inappropriately paranoid about firmware could      compromise 
> your security.
 
Especially if new backdoors (e.g. for rooting CPUs) are added in new microcode 
versions?
He does not trust any modern X86 CPUs with a firmware update or not. May be 
using a full software emulator can improve security? Say if running a very slow 
full software emulation of a rare CPU like Motorolla or MIPS on Librebooted X86 
CPU host like Core2 QUAD 9500 or something like it, would it be more secure 
inside a emulated MIPS guest to run OpenBSD than on a bare metal X86?