Agreed, ergonomics are definitely not top-notch, and I hope there's an iteration that improves things. However, for development and Qubes I need 32GB. That, together with the freedom aspect trumps other considerations.
On Thu, Jan 16, 2020 at 2:29 AM Hans-Christoph Steiner <[email protected]> wrote: > > > I hear you, and I've similar things from others. Fairphone is in a > similar boat. I think we need to compare apples to apples here: what > Nitrokey, Librem and Fairphone are trying to do is important, no other > providers are doing those things better. Things like: > > * true free software support > * hardware switches > * repairability > * conflict-free minerals > > .hc > > Abel Luck: > > I have a Purism Librem v3 (the 13" model) and I have to say I am not > > very happy with it. > > > > From a privacy pov, it's nice. ME can be disabled manually. The hardware > > switches are very handy. Rather than ship binary blobs for the bluetooth > > driver, they left that feature out, not compromising. Which I like. > > > > However from an ergonomics/usability pov, I am quite dissatisfied. When > > I say the keyboard is bad, I'm not a keyboard snob. It truly is just a > > bad keyboard, I really dread having to go on the road and use the > > keyboard for any length of time. The trackpad quality is also very low. > > > > Also the laptop comes with a usb c port, which is basically useless as > > it doesn't support thunderbolt, which means no adapter for ethernet or > > external displays. Waste of a port! > > > > I wouldn't buy another Librem :/ > > > > That NitroPad looks interesting, but the deal breaker for me is the > > 1366x768 px screen. So small! 1920x1080 is the minimum I would ever get > > in a laptop again. > > > > ~abel > > > > Devrandom: > >> This is a Lenovo. The Purism laptop goes to 32GB and has hardware kill > >> switches. It also has secure boot with the Nitrokey and the TPM option, > >> but I didn't try it (yet). > >> > >> On Wed, Jan 8, 2020 at 4:19 AM Hans-Christoph Steiner < > >> [email protected]> wrote: > >> > >>> > >>> Looks like quite a nice laptop setup for privacy: > >>> > >>> > >>> -------- Forwarded Message -------- > >>> Subject: NitroPad: Secure Laptop With Unique Tamper Detection > >>> Date: Tue, 7 Jan 2020 10:25:13 +0100 > >>> From: Nitrokey <[email protected]> > >>> Reply-To: Nitrokey <[email protected]> > >>> To: Hans-Christoph Steiner <[email protected]> > >>> > >>> Deutsche Übersetzung ist hier: > >>> > >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/d891PlpQflj763CzcTeLrLCQ/2drgzRE7oneOhHNyMnMe8g > >>> > >>> Dear Nitrokey supporters! > >>> > >>> Do you think your computer hardware is secure? Can you rule out that in > >>> your absence no one has manipulated your computer? In a world, where > >>> most users do not have any real control over their hardware and have to > >>> blindly trust the security promises of vendors, NitroPad unlocks a > >>> refreshingly new security experience. NitroPad X230 [1] is significantly > >>> more secure than normal computers. With NitroPad, you'll have more > >>> control over your hardware than ever before while maintaining ease of use. > >>> > >>> Features > >>> > >>> Tamper Detection Through Measured Boot > >>> > >>> Thanks to the combination of the open source solutions Coreboot [2], > >>> Heads [3] and Nitrokey USB hardware, you can verify that your laptop > >>> hardware has not been tampered with in transit or in your absence > >>> (so-called evil maid attack). The integrity of the TPM, the firmware and > >>> the operating system is effectively checked by a separate Nitrokey USB > >>> key. Simply connect your Nitrokey to the NitroPad while booting and a > >>> green LED on the Nitrokey will show that your NitroPad has not been > >>> tampered with. If the LED should turn red one day, it indicates a > >>> manipulation. > >>> > >>> Deactivated Intel Management Engine > >>> > >>> Vulnerable and proprietary low-level hardware parts are disabled to make > >>> the hardware more robust against advanced attacks. > >>> > >>> The Intel Management Engine (ME) is some kind of separate computer > >>> within all modern Intel processors (CPU). The ME acts as a master > >>> controller for your CPU and has broad access to your computer (system > >>> memory, screen, keyboard, network). Intel controls the code of the ME > >>> and severe vulnerabilities have been found in the ME enabling local and > >>> remote attacks. Therefore ME can be considered as a backdoor and has > >>> been deactivated in NitroPad. > >>> > >>> Preinstalled Ubuntu Linux With Full-Disk Encryption > >>> > >>> NitroPad ships with a preinstalled Ubuntu Linux 18.04 LTS [4] with > >>> full-disk encryption. Ubuntu is one of the most popular, stable and > >>> easiest to use Linux distributions. Switching from Windows to Linux has > >>> never been easier. > >>> > >>> Optional: Preinstalled Qubes OS For Highest Security Requirements > >>> > >>> Instead of Ubuntu Linux, on request you can get your NitroPad with > >>> preinstalled Qubes OS 4.0 [5] and full-disk encryption. > >>> > >>> Qubes OS enables highly isolated working by means of virtual machines > >>> (VM). A separate VM is started for each application or workspace. This > >>> approach isolates applications and processes much more than conventional > >>> operating systems. Qubes OS keeps your system secure, even if a > >>> vulnerability has been exploited in one of the software applications > >>> used. Example: If your PDF viewer or web browser has been successfully > >>> attacked, the attacker cannot compromise the rest of the system and will > >>> be locked out once the VM is closed. > >>> > >>> In addition, separate virtual workspaces can be used, such as an offline > >>> workspace for secret data and an online workspace for communication. > >>> NitroPad with Qubes OS is technically similar to SINA clients (for > >>> governments), but remains transparent thanks to open source. Qubes OS is > >>> for users who want maximum security. > >>> > >>> Keys Under Your Control > >>> > >>> All individual cryptographic keys are generated directly on the NitroPad > >>> exclusively during installation and are not stored by us. However, all > >>> individual keys can be replaced by you. Unlike "Secure Boot", the keys > >>> for securing the operating system remain under your control and do not > >>> depend on the consent of the vendor. > >>> > >>> Nitrokey USB Key Included > >>> > >>> NitroPad comes with a Nitrokey Pro 2 [6] or a Nitrokey Storage 2 [7]. > >>> Their security features include for example email encryption (PGP, > >>> S/MIME), secure server administration (SSH) and two-factor > >>> authentication through one-time passwords (OTP). The Nitrokey Storage 2 > >>> additionally contains an encrypted mass storage with hidden volumes. > >>> > >>> Professional ThinkPad Hardware > >>> > >>> Based on Lenovo ThinkPad X230, the hardware finish and robustness meet > >>> professional quality standards. The famous ThinkPad keyboard with > >>> background lighting and TrackPoint allows comfortable working. The used > >>> laptops have been refurbished. > >>> > >>> Out-of-the-Box User Experience > >>> > >>> With NitroPad, you don't need to take care of opening the hardware > >>> casing to flash the BIOS chip, installing and configuring Linux, or > >>> pairing the Nitrokey Pro/Storage. We do this work for you. The Nitrokey > >>> is already configured with your NitroPad so that it can be used for > >>> tamper detection without any further configuration effort. > >>> > >>> Security Conscious Shipping > >>> > >>> To make it more difficult to intercept and manipulate your NitroPad, the > >>> NitroPad and the Nitrokey USB key can be shipped in two separate > >>> shipments if desired. > >>> > >>> Use Cases > >>> > >>> For Everyone > >>> > >>> NitroPad enables you to detect hardware tampering. For example, if your > >>> laptop is being inspected while crossing the border or if you leave your > >>> device unattended in a hotel or during travelling, you can check the > >>> integrity of your NitroPad with the help of the Nitrokey. > >>> > >>> For Enterprises > >>> > >>> NitroPad can serve as a hardened workstation for certificate authorities > >>> and other use cases requiring high-security computers. On business > >>> trips, the NitroPad protects against evil maid attacks while the > >>> computer is unattended in a hotel or baggage. > >>> > >>> For Governments > >>> > >>> Governments can use NitroPad to protect themselves against advanced > >>> persistent threats (APT) without relying on foreign proprietary > >>> technology. > >>> > >>> For Journalists > >>> > >>> If you as an investigative journalist are serious about protecting your > >>> confidential sources, NitroPad helps you getting there. > >>> > >>> NitroPad X230 is now available in our Online Shop [1]. > >>> > >>> More details are available in the product factsheet [8]. > >>> > >>> Kind regards, > >>> your Nitrokey team > >>> > >>> [1] > >>> > >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/jZaFd1lbEdmWO6EYOcLzDQ/2drgzRE7oneOhHNyMnMe8g > >>> [2] > >>> > >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/YFe1znalGDB8Ua763Ggu9RKw/2drgzRE7oneOhHNyMnMe8g > >>> [3] > >>> > >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/cZ8CHlfV3cxRZgMwQJk6fQ/2drgzRE7oneOhHNyMnMe8g > >>> [4] > >>> > >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/UXFKS892rBzNshvgAM3iX7Sw/2drgzRE7oneOhHNyMnMe8g > >>> [5] > >>> > >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/D8RUORLEDmVGkJAOqOZ12w/2drgzRE7oneOhHNyMnMe8g/ > >>> [6] > >>> > >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/3NM892YvQl3nQBfzax83fVdg/2drgzRE7oneOhHNyMnMe8g > >>> [7] > >>> > >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/892ZG8927tvGnlab4KjZMl8lQg/2drgzRE7oneOhHNyMnMe8g > >>> [8] > >>> > >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/ITDgVP8lO6ZSALVagGX892vw/2drgzRE7oneOhHNyMnMe8g > >>> > >>> > >>> _______________________________________________ > >>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > >>> To unsubscribe, email: [email protected] > >>> > >> > >> > >> _______________________________________________ > >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > >> To unsubscribe, email: [email protected] > >> > > _______________________________________________ > > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To unsubscribe, email: [email protected] > > > > -- > PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 > https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
