On Saturday, August 5, 2017 at 12:28:32 PM UTC-4, yura...@gmail.com wrote:
> On Saturday, August 5, 2017 at 4:15:43 PM UTC, cooloutac wrote:
> > On Saturday, August 5, 2017 at 12:05:58 PM UTC-4, yura...@gmail.com wrote:
> > > On Saturday, August 5, 2017 at 3:56:25 PM UTC, cooloutac wrote:
> > > > On Saturday, August 5, 2017 at 11:34:32 AM UTC-4, yura...@gmail.com 
> > > > wrote:
> > > > > On Saturday, August 5, 2017 at 3:26:05 PM UTC, cooloutac wrote:
> > > > > > I'll be disappointed but I'm not going to be mad at them for trying 
> > > > > > to get paid, they deserve it. 
> > > > > > 
> > > > > > But I also wouldn't mind if they turned me into a money asset like 
> > > > > > windows so they can keep designing it for home users...lol
> > > > > > 
> > > > > > I look at things differently.  You are referring to linux 
> > > > > > architecture and developers,  while I'm referring to the majority 
> > > > > > of its users and community members, as the Product.
> > > > > 
> > > > > Alright, I respect that, we see some things differently. But the 
> > > > > discussion is good, it does not have to come down to agreeing in the 
> > > > > end. 
> > > > > 
> > > > > I don't like customers being turned into assets though. The way I see 
> > > > > it, it essentially make people "not people" anymore, customer service 
> > > > > is out of the window, it's all about cheating and manipulating people 
> > > > > into making the best use of them, rather than making a fair trade 
> > > > > between a company and a customer. So I kind of black out when I see 
> > > > > business models that turn people into assets, I really, really don't 
> > > > > like that approach.
> > > > > 
> > > > > But I do really agree that I wouldn't mind Qubes taking a fee, ask 
> > > > > for more donations, or focus partly or entirely on business users. 
> > > > > They do a lot of hard work, and regardless of the target group, the 
> > > > > change will be for the better of humanity. Perhaps it's asking too 
> > > > > much for Qubes to focus on both companies and end-users at the same 
> > > > > time, nontheless, I do hope they can manage to do that.
> > > > > 
> > > > > It's obvious they had their hands full on Qubes 4 too, so it might 
> > > > > just be that and we're reading too much into the issue here at hand. 
> > > > > But lets see, with time comes answers. I just hope it wiill be in 
> > > > > good time rather the long wait.
> > > > 
> > > > You are going to be someones asset or product as part of nature,  
> > > > whether you know it or not.
> > > > 
> > > > The ends justify the means to me. Especially if it means being able to 
> > > > use Qubes or not.   
> > > > 
> > > > I also think its silly to not support secure boot, simply because the 
> > > > idea was created by Microsoft.   FSF/Richard Stallman supporters who 
> > > > are against secure boot,  is like Bernie supporters not voting for 
> > > > hillary.  Seems more spiteful then practical.
> > > 
> > > Well yeah, only if one allows oneself to become a victim. We can oppose 
> > > and create balance in the world. 
> > > Also secure boot is entirely pointless in a stateless computer. A 
> > > non-stateless computer has a lot of closed source firmware which can be 
> > > either buggy (which closed software have proven to almost always be), and 
> > > backdoored, which is either illegal, can be abused by other than for the 
> > > intended, and is at the fringe limit crossing into the realm of human 
> > > rights. 
> > > 
> > > We don't need closed source firmware, it only creates problems, and no 
> > > benifit or solutions, other than maintaining market shares through force, 
> > > rather than surviving on good customer service and customer support. 
> > > We don't need companies that leech on society. 
> > > 
> > > I gather you think the world is ruled by bullies, and that you think it's 
> > > okay. If so, using that perspective, we just have to become the bullies 
> > > towards to big companies who wants to make use of us. By the end of the 
> > > day, we the people are what matter, humanity matter, not some greedy 
> > > individuals behind a large company. Having said that, I'm not a fanatic 
> > > against big companies, but they must behave, or I'll be against them.
> > 
> > You can promote change, but we have to work with what we got right now.
> > 
> > And right now secure boot would of stopped hacking teams  insyde bios 
> > attacks,  which some experts said could be exploited remotely, and would of 
> > worked on most ami bios as well.   Without it whats the point?  Why even 
> > bother with Qubes?  Like you said hardware has backdoors, and if bios also 
> > has no protections.  Whats the point then? 
> > 
> > The problem for me is this is not a cool tech experiment.  Its for 
> > practical use.
> 
> ah I see, I follow you now.
> I'm not entirely sure how effective Anti-Evil-Maid is into detecting change 
> in the BIOS/UEFI, perhaps someone can enlighten us on the topic? Can AEM be 
> tricked or bypassed? Practically or theoretically? 
> 
> Though Joanna (head of Qubes) have said it might just be some years, if I 
> remember correctly, before we might see true stateless computers. I'm not 
> sure if anyone with resources would want to commit to such a thing, but it 
> would definitely help us all out. I hope she can convince someone with 
> resources with her goal for a true stateless pc. 
> 
> But meanwhile, we have to live with closed off firmware indeed, and it would 
> be interesting to know how effective and trustworthy AEM is.
> 
> I suppose it might also be possible to hardware firewall off any incoming 
> signals to the computers BIOS/UEFI, which most routors do by default these 
> days. At this point, it should be a simple matter to have a team to test if 
> any BIOS/UEFI are phoning home. 
> 
> The only way someone can attack a BIOS/UEFI is if they have a leak through 
> the firewall, which be be gained by trojan horses by either user mistakes and 
> hidden software malware.
> The only other method, would be to have the BIOS/UEFI to phone home 
> regularly, so that it can open up the hardware firewall, and these can be 
> detected easily if someone keeps taps on them. 
> In other words, our BIOS/UEFI should only be exploitable if our firewalls are 
> not set up properly or we make mistakes on the internet. 
> 
> If I'm not mistaken, I don't want to claim to be an expert on this topic, I'm 
> definitely not an expert. But as far as I understand the issue, this is the 
> limit.
> 
> We should probably try stirrer back on-topic though, this is more Qubes 
> general discussion than Qubes 4 discussion.

Unlike secure boot, aem does not stop a compromise, only notifies you of a 
change which might indicate a compromise has happened,  which basically is a 
prompt to buy a new pc.

Reading posts on the forums tells me it can be buggy and false alarms happen 
though.

Intel says you need 3 things for the best boot protection.  Secure boot, 
trusted boot, and measured boot.   I'm a total noob but I believe aem falls 
into trusted boot category?  So I wonder if its possible to use both?  And I 
have no idea what measured boot is.

Another thing to consider is that if you use a usb key, which makes most sense 
to use with aem, then you can't use a sys-usb at the same time. So it depends 
on your threat model and how you use your system.  Someone might have to 
correct me on this but I believe this to be the case.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/361c0531-892a-4f2c-a0f9-4797c39b7b31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to