PogoLinux got back to me edition Last thread (1/3)
This general is dedicated to the creation of a list of hardware that is relatively botnet-free. The Intel ME and other components are a serious threat to user privacy.
>"But what's the Intel ME, user?" I'm glad you asked! The Intel ME, or Management Engine, is a secondary co-processor in every single Intel chip in the last decade. It runs a MINIX-based operating system and has full networking capabilities, drivers, and a goddamn web server in it. networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html This page offers additional information, and explains that it can read your files and applications, act as a keylogger, capture the screen, inject rootkits, etc. libreboot.org/faq.html#intelme Very nasty stuff.
>"b-but how can I avoid this? Im scared, user!" That's the point of this thread. To highlight options that are out there that are relatively free of botnets. This will include the typical Librebooted memepads and whatnot, but a big part of this is also exploring alternative architectures.
(2/3) For inclusion into this list, if the processor is made by Intel Corporation or Advanced Micro Devices, the device must be 100% free as in Libreboot. Otherwise, a less-extreme stance is taken, and something like Coreboot or U-boot will suffice.
(3/3) In general, your biggest concern with ARM is the GPU drivers. Mali is fucked. PowerVR too. Vivante GC and Qualcomm Ardreno are fine. Broadcom VideoCore is partial. en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver#ARM MALI MIGHT BE GETTING OPENED UP PRAISE LINUX TORVALDS TECH TIPS lwn.net/Articles/738225/ Some anons have reported that lighter environments like XFCE are usable on stuff like Mali without the driver, but it's not ideal. One user said he couldn't remove the ChromeOS on his libreboot C201. This github issue talks about a solution. github.com/altreact/archbk/issues/3
OpenPOWER: Raptor Engineering sells POWER9 workstations, that may soon be getting RYF certification. They're expensive as fuck, but probably the most powerful non-botnet computers that exist. Comparable to Xeons/Epyc. raptorcs.com/TALOSII/
How can we verify this "removal" works if we don't even know how Intel ME works in the first place?
If I understand correctly it's possible to significantly reduce the payload of ME but not removing it all together. How do we know this is enough? Why wouldn't the rudimentary code still be dangerous to us? Can all functionality be restored remotely?
Brody King
Yeah I personally do not trust the ""Fix"".
In beginning of the second post, I mention that my rule is basically "Libreboot or it's not happening" for Intel and AMD processors, but "At least Coreboot or equivalent" for the rest.
Christian Sanchez
Isn't the status of Intel ME with libreboot still unknown?
Owen Davis
as far as I know the status of ME with Libreboot is "Gone".
Chase Myers
That sounds great but won't the CPU brick itself after 5 mins, then?
Kevin Diaz
No. People with Libreboot Memepads don't have this problem. Ask Stallman, or Luke Smith, or that user with the Momiji wallpaper, or anyone who has one of those things.
Nicholas King
Thanks for the info.
Christian Gutierrez
Only newer ones do that, ie. Sandy Bridge and newer, but Libreboot doesn't run on any of them
Leo Bailey
>It runs a MINIX-based operating system and has full networking capabilities, drivers, and a goddamn web server in it. Do they have some sort of datasheet on it? Maybe it is possible to paint pins on CPU and disable this shit?
Brody Reyes
Will me_cleaner work on an i5-3330?
Landon Moore
If such a thing existed, I certainly haven't heard about it. If we're going by the conspiracy theory angle that Intel did this for the NSA/CIAniggers, then I seriously doubt there is any sort of public datasheet from Intel themselves on how this shit works on a low level.
Christopher Kelly
I am not sure, if NSA/CIAniggers can store that much information... But the fucking backdoor, that is not cool
Dominic Jackson
Don't SPARC systems have Open Firmware, and and open and royalty free ISA?
Levi Evans
It fact they have Intel ME documentation for manufacturers, at least ME system tools with which you can flash CPU or chipset I guess.
It means, that it is possible to disable it with this kit...
Josiah Bennett
Got any implementations of that?
Benjamin Allen
Show me your botnet-free machines, /hrt/!
Luke Sanchez
Do you think that PPC doesn't have backdoors?
By the way, Some sort of Intel 486 is backdoor free system...
Ethan Price
...
Mason Flores
I'm pretty sure they don't have a hidden OS running under the hood. Plus they use OpenFirmware, and PowerPC is an open architecture now.
Nolan Reyes
Hmmm. Maybe I should buy old G4 macbook?
Juan Hill
Soon...
Levi Kelly
Get a PowerBook instead if you can. I have this iBook because it's a maxed out top of the line model and I got it for a really good price. But I'd take one of the last 12" PowerBooks over it any day of the week.
Leo Young
I used to have this in the list, but then some anons informed me the that "Open" firmware used on macs wasn't really OPEN. It was a proprietary implementation of an IEEE standard. However, If you can prove that the OpenFirmware is actually open, then I'll add them back.
Hudson White
Let's make PowerPC laptops! And run Mac OS 10.5 there...
Juan Davis
What with all the recent IME developments, does that mean I can finally and permanently disable the IME on my x201 thinkpad?
Carter Richardson
The IEEE standard is just called "IEEE 1275-1994", and Open Firmware is one of its multiple implementations. It also happens to be under a BSD license. Same with OpenBoot (Sun) openfirmware.info/Open_Firmware openfirmware.info/OpenBOOT
Michael Hernandez
What's the best way to block everything but desired communication? A separate uncompromised appliance?
Chase Bennett
Has the source for Sun's builds appeared though? If it's BSD it could be made proprietary on the actual implementations. The only genuinely FOSS firmware I've found on that site only appears to work under QEMU or the OLPC.
You can remove everything except the initialization code that's still needed to prevent the CPU from shutting itself down after 30 minutes.
Bentley Thomas
>You can remove everything except the initialization code that's still needed to prevent the CPU from shutting itself down after 30 minutes. Hm, we have binary files, why we can't disassemble them and make use of it?
And what about AMD systems?
Jack Davis
Is this exactly what's used on the old ibooks/powerbooks?
Eli Clark
for AMD, I don't think there's any removal tools/stuff like that, but their botnet got added later, so you can get some slightly newer stuff like that really sweet looking D16 server Mobo
Kevin Hall
So I can just build this and flash it to an Ultra or Blade series machine without modifications? Doesn't it need tailoring to each device, like any other firmware?
Sebastian Cooper
No, that's Sun's implementation. Apple used firmworks' (Source: firmworks.com/open_firmware/literature/ofpci.pdf ), the source code for which is located here: code.coreboot.org/p/openfirmware/ Technically you could, since it's agnostic about pretty much everything and pulls the basic device drivers from FCode stored in the devices' ROMs.
Cooper Hughes
Still worth checking, maybe you can disable it if you can.
And I know, how to make sure this shit is disabled: turn on PSU, measure total current going to mobo without CPU, insert CPU and see if it draws more current without being turned on.
Connor Rodriguez
>you can disable it if you can. I mean it is easier to disable... Typo.
Nicholas Thomas
Added the iBooks, Powerbooks, and PowerMacs back to the list. I've also added a link to the OpenFirmware source in there.
Thanks!
Dominic Perry
Hmm, I'll have to dig out my Ultra 10 and give this a try.
I don't really have much to add, apart from more detail on the retrocomputing projects from the last thread.
Ethan Hill
An update from Raptor to those who have pre-ordered Talos II systems for the original Q4 2017 window: (I asked when they were planning on shipping by, as I have a holiday coming up.)
>While we are still on track for the Talos PCBs and related components >for a late December shipment, IBM has retargeted the final version of >the POWER9 processor for very early January. Given this, if you need the >system in Q4 we can ship it to you with an earlier CPU revision, then >send out the production CPU as soon as it becomes available (advance >exchange RMA, no cost to you). If you go this route, you would need to >swap out the CPU(s) in your system (unmount HSF, replace CPU, remount >HSF). Otherwise we can wait for the production CPU and ship your system >with the production CPU later in January when you will be available to >receive it. > >Which would you like to do? You have some time to decide, so no rush. > >We will be notifying our Q4 customers of this and offering this choice >individually to each of them. The extra silicon revision on IBM's side >was just enough to force production CPU availability out of Q4 and into Q1.
Thomas Green
OP here. I heard about this from some user on 8 chan. He seemed really pissed about it.
Does anyone have good knowledge of Sparc? From this user's post it sounds like something worth adding to the list.
Jack Watson
>OP here. I heard about this from some user on 8 chan. He seemed really pissed about it.
I use an Ultra Enterprise 250 as my homeserver ( ) And yes, they do use an open ISA and OpenBoot. The experience is pretty much the same as with a ppc Mac, but the distro support gets weaker every day. I know OpenBoot is released under a BSD license (source code linked in ), but technically that license means they could've done whatever with the code before chucking it into the machines. If you're so paranoid, I guess you could find a PROM image from a Solaris install disk and dissasemble it. It's just FCode, so shouldn't be hard at all.
Alexander Hall
Really fucking hope TALOS II succeeds. Can't believe what IBM is doing if what is described is true.
I'd like to take a minute to bring up one of Sup Forums's favorite memes, Gentoo, and how it relates to this. Gentoo lists ppc as an option for install, but it mostly seems to refer to the old apple stuff, not the POWER stuff like TALOS. Now granted, supporting that type of ppc isn't bad, as we do have the NXP stuff in the list right now, but since Gentoo is source-based, shouldn't it be possible to install it on the POWER architecture?
I'm not a gentoo expert, so maybe someone could clarify.
Also, Gentoo does support Sparc officially, which is neat.
Dylan Allen
Good thing I'm posting from Tor then
(USER WAS BANNED FOR THIS POST)
Noah Robinson
wat
Oliver Reyes
I think Raptor themselves are going to make Gentoo happen. They were talking about it for the Talos 1, so I would guess that any work they had done would be applicable to the Talos 2.
Ryan Adams
Gentoofags are too NEET to afford POWER9 until it's comparatively as powerful as the aforementioned "old apple stuff".
Wyatt Martinez
>until it's comparatively as powerful as the aforementioned "old apple stuff" what did he mean by this?
Grayson Morgan
They were? I only remember Debian being mentioned.
IIRC Debian, SUSE, RHEL (and hopefully m'linux) are supported at present.
Jordan Ward
They can't afford a Talos until it's obsolete. They support PPC macs because you can buy them with NEETbucks.
Adrian Davis
So I mean I guess this is legit? >open ISA, >OpenBoot, >source code link, >performance and age varying from ancient 80s shit to 5.0 fucking GHz servers from this year, and everything in between. >Loonix, *BSD, and Illumos I mean it's not like you can get a desktop or laptop with this, but for server-type stuff, wew
IntelME is still a threat, even when "disabled" with HAP flag
Brayden Thomas
And how is systemd a botnet?
Andrew Barnes
It's not, but Sup Forums thinks it is.
William Howard
Added SPARC.
And this too.
Parker Morris
>Samsung Chromebook Plus >Running GPL coreboot out of box >Put in developer mode >Arch Linux >No more botnet >under $500
If Talos II isn't $8000 I will consider one
Alexander Sullivan
You can also reflash to get rid of the ChromeOS+Depthcharge botnet.
Also, you'll be happy to know that you will soon be able to have a working, comfy GPU. lwn.net/Articles/738225/ ...as soon as that one management guy stops being a faggot.
Noah James
and TALOS II price varies, but the cheapest mobo+cpu bundle is $2400, and it goes up depending on how much stuff you want them to throw in (case, ECC memory, GPU, second CPU, etc).
Brody Cruz
I'm also still want to see price on that 32 core 64-bit ARMv8 X-Gene 3
$2,400 for Single CPU, $2,850 for Dual. (motherboard only)
My dual CPU build came to under $4K with 32GB RAM, 480GB SSD, 1.2KW PSU, and a Vega 56. Don't bother buying a prebuilt.
Cooper Allen
wew
We kinda have something similar in the list with the Cavium ThunderX, which has 48 cores, but that one has a higher clockspeed. Either way, I can't wait to see some good implementations of these.
Daniel Lopez
>1TB RAM
Xavier Richardson
Pity LWN didn't give us his name, title, and home address.
Isaiah Williams
That's nothing. One of those PogoLinux rackmounts goes up to 8TB, and the modern SPARC stuff can have 16TB.
The reference platform ships with the AMI AptioV UEFI BIOS
Fuuuuuuuu
Brandon Cook
Sent another email to PogoLoonix guy because there wasn't a clear answer on the ARM servers.
Not that it's essential, as we already have TALOS, which has a 4U rackmount option, the Librebooted Opterons, and now the SPARC stuff, but it's always nice to have another option.
Jordan Davis
Also, would be funny as fuck if this guy found Sup Forums and discovered all of our autism here.