I wonder if this one will come with free backdoors and spyware installed, thanks to the wonderful Intel Management Engine (Intel ME) backdoor. [1][2][3]
Intel (and AMT) keep pushing more and more proprietary code that can not be read, changed or removed. No one knows exactly what it does and it has built in screen and key recording. It's my advice and the advice of privacy advocates that no one should purchase or use any processor made by Intel or AMD until they address these serious issues.
I'm not sure this should be discussed in this thread.
Also, I don't know of any alternative that doesn't have large unauditable blobs integrated into the chip.
All ARM SoCs come with radio processors that are running a non-trivial piece of software with full access to the system memory, which is responsible for power management, boot sequence and wireless communications. It is by definition network connected.
AMD has a technology it calls the Platform Security Processor (PSP for short) which does basically the same thing.
To have a processor that doesn't have this kind of technology, you have to give up on decades of advancement in compute power, or buy a very expensive and non-portable POWER8 or POWER9 system.
Why should a serious backdoor, privacy concerns and ethical problems with a monopolies new product not be discussed in a thread about that product? Not sure I get your point on that.
But yeah you are totally right on the alternatives. Nothing quite matches Intel and AMD, and a lot of those ARM SoC's have proprietary code running on their bootloader too. But you can get some processor from 7 years ago that are usable.
OpenPOWER is fantastic though and has real potential. There were a few projects out there looking to implement a laptop and personal desktop computer using it, but unfortunatly didn't reach it's funding goals.
I think the more people that know about Intel and AMD's shading practices that more funding open hardware projects can get, and maybe in the next few years we can replace Intel and AMD with ethical and open solutions.
I agree, this has to be allowed to be discussed about, it's literally about the product.
Haven't heard about OpenPOWER, I hope more people are made aware of alternatives to get funding and spin.
There are some ARM processors that live without blobs, I think Olimex produces what they call open-source hardware (OSHW), is this an acceptable product?
I meant that as in, there have been plenty of dedicated discussions threads on this site and many others regarding the Intel ME. Most people here know about the ME by now, and we don't have to bring it up in every single Intel-related thread.
Check out Talos II motherboard. It's a workstation-class motherboard with dual POWER9 CPUs for $2750. It's a good price for workstation computer IMO. They claim that all their firmware is open source. Specifications are quite modern. The only problem is (kind of) exotic architecture, but many people would be able to use it with open source software.
I was scanning thought he comments to see if somebody had already mentioned this and if you hadn't I would have.
I am finding the Talos II an increasingly attractive proposition, even though the prices got a full system are quite staggering by comparison to mainstream hardware.
> All ARM SoCs come with radio processors that are running a non-trivial piece of software with full access to the system memory, which is responsible for power management, boot sequence and wireless communications. It is by definition network connected.
The high-end ones used for flagship smartphones/tablets do, but low-end ones used in cheaper tablets/TV boxes and more specialized hardware often don't have any radio interface.
Do you know the depths of not taking that advice and what lurks in them? Do you know that if everybody simply took it to heart, there'd be nothing unrealistic about it at all? How many months of abstinence and solidarity would be required to end these practices, or the companies if they so wish? And then that money simply shifts to ethical companies and we actually have a future. Or, we keep pretending it's all so very hard, and don't have one.
You are asking for the whole of humanity to stop buying some of the most sought after products of modern times from two of the best-selling makers of that industry.
I am all in for some philosophical discussion but actually being this detached from reality doesn't make you any good. It's not because you can see the stars that you can reach for them right now...
So yes, in summary: it is hard, to the point of impossibility.
Keep that up for a while longer, and it will become a physical impossibility, as any gesture of resistance leads to automatic extermination. Until then? Thanks for nothing.
The Talos II[1], which is a IBM POWER9-based machine. It's a bit more expensive than a standard Intel machine (~$2k for the whole prebuilt machine, a bit less for just the motherboard+CPU).
Everything in it is free, including all of the firmware, and the CPU is an open specification.
Does anyone here know someone who works on these various management engines? It'd be interesting to see if the security services were involved or if they really were back dooring all computers right?
My guess is it's definitely possible but it would have been popped by foreign agencies by now too and there would have been a leak of tools to exploit such devices? I guess maybe it's very tempting to be able to hack any device though so knowing the NSA they are probably for doing this, fuck the consequences?
Well, this seems quite a bit unsubstantial. If an Intel Employee in that position wanted to leak some real info, i would assume it would be accompanied by something that gives the information some credibility.
The issue I have is companies like Google and Puri.sm have asked Intel and AMD for a blank signed blob that completely disables ME but they have refused this. It would take them literally no time at all. This raises all sorts of red flags that something dodgy is going on.
If you had the chance to make a supplier who creates millions of chromebooks happy, wouldn't you take every opportunity to help them, especially if it costs you little to no money at all. Obviously there is a big reason why they don't want this backdoor removed.
Which is why someone with deep enough pockets and some help by the community (crowdfunding?) should invest in making open alternatives possible. Thousands of people have been laid off in the past by big silicon corporations, I refuse to believe there aren't 10 of those people in the world who caannot be hired to design an open platform. It doesn't have to be fast as modern processors; if it allows opening a webpage at acceptable speed or playing a video at 30fps 720p that is more than enough for most us, and more importantly would send a huge message. Many would of course disagree, mainly gamers who would sell their soul to the devil for a faster graphics card or other people who don't care about their privacy. Once the design is done, it comes the fab. Decades ago any company would have to set up its own but today there are fabless companies who design chips and fabs producing them for various customers, so it's just a matter of money. The goal isn't to create an alternative with respect to computing power, but rather in usage. The message is "we're not using your bugged shit to communicate among us or keep our data".
Companies that act as OEMs for enterprises most likely have a larger footprint of Intel installs than Google. Any single companies usage of a product is dwarfed by how much effective installs a large OEM might have.
Maybe if Lenovo, Toshiba, Acer, Dell, etc all asked Intel to provide said blobs (and the threat was tangible) then they would probably reconsider.
It would be more useful for them if it could be controlled at the source level. The management engine would be fine if it were free software and could be replaced.
I'm very unhappy with my old Sun servers, for example, because the management system cannot be upgraded and the servers are no longer supported. I'm stuck with proprietary insecure software that I depend on and that I have no way of changing. It's all worse if the insecure outdated software can only be replaced by soldering wires to a chip on the board.
This is disturbing, to say the least. Given how much effort I've invested in securing myself, it's... disappointing. The rationale, it seems, is that government doesn't count as "someone to be concerned about", from a security point of view.
I'm curious about how one would be associated with a particular chip. I understand that key strokes can be logged, TCP/IP can be read; you can be scraped, but ultimately how is their backdoor aware of you so that it doesn't appear to them like needle in a stack of needles. A fascinating and revolting technical conundrum.
yep. Once everything will be under control, having the freedom to write your own software, especially software that challenges the rules, will be useless...
No. Basically the Intel ME is a completely separate ARM processor that's physically stuck onto each Intel Processor. It has direct access to everything the Intel chip does. The memory it's allocating, the hardware commands (ie keyboard, mouse, display), the software running, the processes running. This all happens at a higher level than the actual Intel processor and you have no control over it at all.
Basically whatever you run at any level on your Intel chip can be monitored by the Intel ME chip, no matter how many VM's, operating systems, encrypted files/processes you have installed/are using.
Ahh thanks, sorry was getting confused. It's AMD's PSP that uses an ARM based spyware kit. I wonder what Intel ME actually runs on then. Probably just another Intel Chip?
Have a look at https://minifree.org/ and a few Chromebooks (obviously with the operating system replaced). There are some options, but yeah it's a big problem that the microprocessor market has been locked up by two monopolies.
But I guess people have to make a personal judgement. Is ethics, privacy, freedom more important than a faster processor to run your games on?
In addition to MiniFree, there's the Talos II[1] which is an entirely free motherboard and CPU (based on IBM's POWER9). It's a very modern CPU specification, and is also fairly powerful. Currently pre-orders are open. They are a bit pricey (~$2k for a fully prebuilt machine), but if you feel that you want a more powerful CPU that is an option. They also have server offerings.
Back in the days when a new computer became hopelessly obsolete within 3 years, I would never have considered spending that much. But perhaps now I might :)
Intel (and AMT) keep pushing more and more proprietary code that can not be read, changed or removed. No one knows exactly what it does and it has built in screen and key recording. It's my advice and the advice of privacy advocates that no one should purchase or use any processor made by Intel or AMD until they address these serious issues.
1. https://libreboot.org/faq.html#intel
2. https://puri.sm/learn/intel-me/
3. https://news.ycombinator.com/item?id=14708575