On Fri, 8 Sep 2017 at 00:22:40 -0400 "taii...@gmx.com" <taii...@gmx.com> wrote:
> On 09/07/2017 02:18 PM, Rick Moen wrote: > >> Quoting taii...@gmx.com (taii...@gmx.com): >> >>>> I also find a bit questionable your going around attempting to tarnish >>>> the reputation of someone with a real name, while concealing your own. >>> Criticism isn't allowed? >> This is of course nothing like what I said. >> >>> I dislike when people deal with speculation instead of proven facts >>> when judging technical merits. >> Then, _address what you perceive as speculation_. > I apologize - I should have done that in the first place instead of > resorting to name calling. > > Mr. Selli has said: > *That IBM's POWER CPU's have a hardware level backdoor and have had > backdoors in the past whilst providing no real evidence to support that > those claims, I did provide with the evidence: https://lists.dyne.org/lurker/message/20170907.084234.3d39055c.en.html Why do you write easy to disprove falseness? Don't you have a minimum of self-respect? > he bolstered that argument by stating that IBM's work with > the US military is suspect and thus concludes guilt by association. No, I just pointed out that the fact that IBM does indeed put hardware and software remote-control devices inside it's chips is an established and documented truth. > IBM sells POWER chips to both the the US Military and the Chinese > Military, doing that is largely as to why they are still in business - > as the worlds third maker of high performance computing hardware one > simply can't and shouldn't ignore the worlds two largest consumers. > > IBM has done a variety of bad things, but that doesn't mean OpenPOWER > isn't a really good one. > > * That the presence of a BMC chip on POWER means it has a backdoor > > BMC chips are a common server feature required for remotely > administering a computer without headache, this one is owner controlled > (no hw code signing enforcement) and has full source code available to > the public after POWER9 is released. Again, this is a faith-based assumption as only IBM knows what's inside their proprietary hardware. Anyone who's had experiences on their AS400 and RS600 platforms knows how darned proprietary their hardware is. You're free to believe they changed and they now value the commoner's freedom more than the interests of the governments they serve, of course. You are *not* free to write falsity and disparage people who hold different opinions, though. > *That TALOS is proprietary closed source hardware - which isn't true - > as not being that is the entire point of it. I repeatedly asked you if there is anyone who has their chips' blueprints, which is a prime condition to be able to call their hardware anything other than proprietary. You always turned a deaf ear to these requests. > After the release of POWER9 the board and BMC firmware sources will be > provided, Ok, so nothing available *now* from IBM is openhardware. For a strange reason this is acceptable from IBM/Talos, while it's a disgrace when Purism does the same thing. Go figure. > and both the CPU/board and the BMC are owner controlled due to > the absence of hardware enforced code signing. ...that you know of, as the available hardware is proprietary and closed-source. > Full documentation and HDL's will be available for all components All right, good. I'll believe what I will see. > besides the onboard broadcom nics which currently require a firmware > blob I wonder why you felt entitled at railing against Purism for having considered equipping their laptops with Nvidia GPUs while it's perfectly OK that TALOS uses a NIC from one of the most opensource unfriendly vendors. > as there are no open source non-intel gigabit NIC's Is not having Intel hardware more important than having opensource components inside a TALOS workstation? > - but the FSF > says that this minor detail doesn't prevent it from receiving RYF > certification as they are behind the POWER-IOMMU and as such are not > capable of doing anything malicious. Good. > * That the reason he/purism hasn't made owner controlled hardware is > because it is "too expensive" I don't remember writing anything like this. Quote, please? > Purism's "Librem" 15" laptop is $2,000 False, again: https://puri.sm/shop/librem-15/ $1,599.00, now running a rebate to $1,449.00 Compare with this: https://secure.raptorcs.com/content/TL2WK2/purchase.html Talos™ II Secure Workstation $4,750.00 > - in comparison one can have a > TALOS-2 DIY build for $2.6K Do you realize your "errors" are regularly one-sided, they always play in favour of TALOS and to the detriment of Purism? How do you expect to be trusted as a neutral source of information, given that you also never provide pointers to third-party documentation to back your claims? You're really comparing apples to oranges: Purism sells finished laptops, TALOS sells rack servers and workstations or components/DIY kits. Be back with your comparisons when TALOS will produce laptops. [...] > * That the HAP mode "disabled" ME and makes a purism laptop somehow > equivalent to TALOS when it comes to privacy and security. Again, please quote where I wrote such a thing. I challenged the idea that TALOS products are safe products as privacy and security are concerned just because they are made out of IBM parts, and I challenged the idea they are free from hardware and software that is designed to remotely access the hardware and the OS. > ME_Cleaner even with HAP mode doesn't disable ME - a black box > supervisor processor is still mandatory for the x86 boot process and is > capable of a variety of dirty tricks so even if one can verify that it > is actually off (difficult...by using an electron microscope perhaps?) You just put a protocol analyzer on the chip pins as you operate it. > there are various things that it could have done before powering off. > ME cleaner is nerfing/cleaning, nothing more. There are various things that IMM/RSA could do at boot time and at poweroff, too. Why I am to believe it does nothing or that it only does benign operations? Because IBM states so? I am wary of TALOS not because I know their hardware is bugged, but because I cannot understand how can it be that: 1) a never heard before manufacturer runs a crowdfunding effort to produce a 3,700$ POWER8 workstation; 2) the crowdfunding fails miserably: https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation 14% funded 3) shortly after they manage to fund: *) a $4,750 POWER9 Workstation; *) a $5,100 POWER9 Rack Mount Development Platform; *) a $3,950 POWER9 Desktop Development System. If they had the money, why run a crowdfunding? Why invest so much money to deliver three very costly systems that were turned down by the public so little time before? I smell something fishy here. > * That we should contribute and trust a company that is attempting the > sisyphean task of truly disabling ME. Again, you're putting words in my mouth that I never spoke. Do you know what this shows of *you*, not me? > Google has many times attempted to get intel to provide a method to > disable ME and remove it from the boot process for their in house > computers and the coreboot laptops they sell, they have not been > successful - thus if a billion dollar company can't pull it off a small > upstart certainly can't. I cannot find references, will you please let me read those you have? > I am sure it is **technically** possible to disable ME, but it would > require years of research and hundreds of thousands in R&D for a single > intel CPU generation making it pointless. > > There are real owner controlled devices out there now, I see no reason > to chase a pie in the sky dream of a free x86 - which simply isn't ever > going to happen. You mean there are a few devices that are *believed* to be exempt of hidden, impossible to disable and unremovable remote control features. What I have said it that while we have proof that Intel and AMD chips do have remote control features that cannot fully be removed or disabled, we do not know if other manufacturer's remote control features can be. Some say IMM activates only under the user's supervision and control. But it cannot be removed, and it's still there even when the user tells it to keep quiet and mum. As we're speaking of proprietary, closed-source hardware, we can only take the manufacturer's word for what they contain and do not contain, what they do and do not do. > If purism had in 2013 consulted a skilled hardware engineer and not > insisted on peddling intel quanta rebrands they would have probably made > one of the following: > * An 2013 AMD FT3 device, easily made open source (the Lenovo G505S has > only a few blobs that can be easily replaced) with sandy bridge > equivalent performance > * A performance ARM device such as an AppliedMicro CPU > * A POWER mobile workstation type laptop, which is possible with > POWER9's lower wattage CPU's. > * A KCMA-D8 laptop - the C32 platform has 35W 8 core CPU's and already > has libre firmware so one would simply have to make a custom 1U "laptop" > case, battery etc. Perhaps. Now, I learned of Purism after they debated and settled on what their products were going to be based on, so I do not know why they chose to base them on Intel, that I agree is the hardest platform to be made secure and privacy-respectful among those targeted at devices of mass production. But I can guess their reasons to go for Intel might have to do with the same reasons that non-x86 architectures failed in the '90s and the 2000s and that have kept AMD a small competitor in Intel's turf. If you remember, in those times a few, daring vendors did offer Alpha, Sparc, MIPS and Power-based general-purpose workstations to rival PIII-IV PCs. They were generally regarded as superior machines, delivering awesome graphics, costlier than Intel or AMD based ones but more performing, less power-hungry, of longer durability and stability. Yet they all failed, some shops that offered them suffered bad losses for betting on non-Intel compatible architectures. The reasons they failed were mostly attributed to the fact that they: 1) were not Windows compatible (though there was a Windows NT version ported to Power PReP workstations); 2) could not run unported x86 software; 3) were costlier. Together with the fact most people just buy what they are most familiar with and costs less, those early attempts at breaking the wintel monopoly failed pretty badly. In fact those were the times Digital, SGI and SUN tried to boost sales of their hardware offering entry-level Intel-based workstations and servers. Today those reasons are not as strong at then, but they surely still hold true. Look at the Munchen Windows-to-Linux migration, even such a big success is still questioned, sometimes rumors have that the City Council wants to go back to Windows, almost no one has decided to follow their example. Plus, the economical motive is stronger today than 15 years ago: today fewer people who'd be glad to run their Linux system on non-Intel, not-designed-for_Windows hardware, can afford to pay so much more for a different architecture of comparable performance. I know that people who'd buy a non-Intel/AMD laptop or workstation do not intend to run Windows on it as the prime OS, but some colleagues that develop for big customers (like telcos) are *required* to have Intel compatible laptops. Even some who are not I know are afraid they will not be able to deliver what they are required because they are afraid they will not be able to run Windows or Android under an hypervisor to perform tests or because they are afraid cross-compilation will suffer from hard to debug and to resolve quirks that would not have manifested had they compiled on a native architecture. This is a reason some of them are happy to tout an Apple machine, even though it costs more. Many of them are just plain afraid a foreign architecture will prevent them from enjoying doing something, whatever, they used to take for granted on any Intel-based machine (gaming?). I think Purism people wanted to avoid crashing on those same rocks many other ships run against in the past. Intel and ARM are, indeed, the primary Linux platforms today. > The fact that they haven't retasked to do one of the above means that I > distrust them and that they are sucking resources from real computing > freedom projects and thus my nerves get twinged every time someone talks > them up, moreso someone highly skilled such as mr. selli who I believe > should know better. I do not question your freedom to feel any way you might feel towards Purism, but please stop feeling you alone are entitled at running posts peddling TALOS' "dual socket performance server/workstation hardware ... designed for the power user market" opening threads that are of no direct relevance to Devuan. I do not mind OT threads, I am able at erasing them wholesale if they get too long to read or do not find them interesting. I do not mind people getting euphoric about a specific product or manufacturer, though I do enjoy picking at Apple fan-boys. But I do find ad hominen attacks and baseless allegations about other posters' personal interests disgusting, especially when they come from Anonymous Cowards who never provide links to third party material to substantiate their claims and keep belittling their interlocutor (who "should know better") for holding a different view from theirs. -- Alessandro Selli <alessandrose...@linux.com> Tel. 3701355486 VOIP SIP: dhatarat...@ekiga.net Chiave PGP/GPG key: B7FD89FD _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng