On Sunday, February 25, 2018 at 8:46:52 AM UTC+1, tai...@gmx.com wrote: > On 02/24/2018 11:50 PM, Yuraeitha wrote: > > > Qubes OS on normal hardware (fulfilling current security hardware > > requirements) is still a much more secure alternative than > > Windows/Mac/Linux OS's, even on compromised hardware from i.e. > > Intel/AMD/etc. I agree there still are very big security/privacy problems > > in hardware, there definitely is. But all things considered, if you're not > > trying to be immune from state-level/advanced hacker attacks, then it may > > be too extreme to go that far just yet. > Why not have max security all the time? It isn't difficult. > > Besides if the TALOS 2 isn't successful it will be the end of high > performance owner controlled hardware, so maxing out today is important > so you will be able to tomorrow. > > Unless of course, you are a high profile target, or even a medium-level > > target. Don't piss off, or grab unwanted attention of dangerously > > resourceful people. > "Avoid pissing people off" is bad advice and simply no fun - if your > security plan counts on that then you don't have any security at all. > > If you're a normal user, and you don't grab unwanted attention, then you > > should be okay in this time and day, however, that may change down the line > > as attack vectors improve and advance, and increasingly become mainstream > > for less skilled hackers to use. At which point, it's not the few handful > > really skilled hackers you need to worry about, but script kiddie "hackers" > > around every city-block. > > > > Frankly it's impossible to get the perfect hardware to our desires. > > Whatever your needs may be, you need to take everything into account. The > > current situation however, I'd think if you're low profile (normal person > > with no unwanted attention), then you should be fine from a security > > perspective, with most laptops that meet the current hardware > > specifications. > I would argue that the TALOS 2 is perfect, it is the only system that > has freedom, security and performance - you could even play videogames > on it if they were compiled for POWER. > Its featureset and performance are much better than what intel and AMD > are selling rather than being simply equivilant - it isn't at all > "heavily limited". > > A wintel skylake system "meets the current specifications" but I could > cause a commotion and steal your encryption keys while you are > distracted by plugging in a USB debugger because intel "forgot" to > disable that feature in shipping chipsets. > > It's the same if you climb Mount Everest or venture into a wild jungle, no > > matter how much you prepare, there will always be risk. There are no > > perfect hardware, while we can do better, currently we are heavily limited. > > I run open source firmware on all of my computers and I sacrifice > absolutely nothing - I play new games at max settings in a VM on my > KGPE-D16 and if I wanted to I could install OpenBMC for remote lights > out access just like on a mainstream proprietary system - it is feature > equivilant. > > I highly doubt that anyone here would prefer silly apple aesthetics and > total lack of features/expansion ports over a secure functional computer > and I for one prefer the industrial designs of the older thinkpads and > latitudes. > > On 02/24/2018 11:49 PM, vel...@tutamail.com wrote: > > I think a Lenovo is the way to go...the Qubes developers use them, the > > X1/Gen5 was mentioned as being popular with them. I googled and Max Ram is > > 16, however I went from 8-12 and more then satisfied with improvement. I > > wanted the X1 but thought it was out of my budget and thought I would look > > too cool using it:) > The W520 supports 32GB, the T420 and X230 16GB. > > The W520, T420 and X230 (with x220 keyboard) are all decent mobile > workstation performance choices and they support egpu via expresscard. > The G505S is more free (no ME/PSP) but it doesn't have expresscard and > the build quality is not as nice. > > >> Notes: > >> There isn't much point using qubes with hardware that has ME/PSP, > > Is the ME/PSP risk more from a Governement/Intel threat or are the > > vulnerabilities with these features available to other threat vectors as > > well? Would appreciate your thoughts... > Rumor has it that signing keys for all ME versions and local HECI > exploit mechanisms are being traded on obscure internet forums and being > used to attack the usual targets (fortune 500, journalists, political > types etc) > > I highly doubt you I or anyone posting here is important enough to get a > specific exploit package targeted to us by a government actor - you > gotta have something worth stealing such as industrial processes, > proprietary code to some important program, blueprint etc, for instance > the chinese government has many hacking teams dedicated to industrial > espionage but just because you aren't a necessarily a target doesn't > mean you should support the makers of non-owner controlled hardware. > > Thanks again Qubes team... > I am not a qubes team member - they have better things to do than tech > support but I don't.
But Adam is asking for laptops here, not desktops, that's why it becomes such a problem. It's not that I disagree so much with you, it's just that there are other perspectives to consider too. While I from time to time learn new perspectives and insight into open standard hardware from you (which I appreciate btw), I also in general tend to criticize perspectives, it's kind of a part of my personality (aka it's not personal), while I remain open to be criticized of my criticism too. That's why I love discussions, it enriches all parties. Just mentioning this so that I'm not misunderstood by being opposing. In regards to Adams needs, it's true that security and functionality are important, but it's not equally so for all people (although we don't fully have an understanding of his needs, it might be more insightful if he elaborates a bit on it, otherwise our discussion will remain somewhat philosophical). I think we can agree many people, but not all, just want something that works, no further questions asked (dangerous, nut nonetheless). These kind of people also often love aesthetics (not to over generalize too much which can go wrong too, but some kinds of Mac fanboys/girls are like this for example). But it's not something exclusively so for Mac users either, or even all Mac users, but other PC users may have similar traits perspectives and desires as well. There can also be certain functionality specifications, which may not be available in many laptops, and to add to that, adding specification requirements quickly narrows down the market of available laptops. If you add open standard on-top of that, it becomes even more narrow. It'll be impossible to fulfill all needs. We lack open standard laptops on the market which has the features we need. While I my self take security seriously too, i.e. I as an example, have worries for a collapsing democracy in the future as technology risk becoming more and more centralized and closed, instead of decentralized and open. Another I as an example have other needs too, for example I do really enjoy a good looking laptop that feels like a high quality build. (That being said as a disclaimer, I heavily dislike Apple products). Thing is, not everyone views laptops and computers the same way. I think the solution may be to try understand what people want form their devices, and try push solutions that fixes users needs through decentralized open standards, and thereby beating large corporations and their closed centralized technology, at their own game. Qubes OS is one such example, especially with Qubes Air coming in the future, among others. The concern, I think, is that while it's true that it isn't always the users fault that security is weak, it is also true that it isn't always the hardwares fault either. It's often a mix of the two, where both variables can shift to give a different output in the equation, that being security right. I don't think we can beat this game by taking away sleek looking laptops from people, it'd be like taking candy from children, they will cry. Before that starts to sound arrogant, I may say that I feel the same too, I'd love a good looking sleek laptop. That being said though, I also take security seriously too. The OP, Adam, seem to be in a similar situation? I'm not sure if he is. But if he wants best of both worlds (laptops, not desktops), he thereby ends in an impossible situation choosing between two variables, security and user-needs. One factor of the equation has to give in for the other factor, because the equations output is already set (existing laptops on the market right now), and we can only try shift the variables so the equation solves and matches. For the most part I do agree with you btw, don't get me wrong about that. The enemy I think, is society as a whole, and not just the hardware industry and market. We need to find solutions in society to fix this, and consider issues in society too. The impossible situation Adam seems to end up in here between these two factors, is one such example, we can't fix it, there is no solution right now. He will draw the short straw, just like the rest of us, if we have user-needs which is not covered by open standards. Society seen in a holistic view, with regard to open hardware, needs to change in its views and understanding of it. We can even force the large corporations on their knee's this way, to open up their standards if society as a whole demands it. Meanwhile though, there is no good choices for Adam in the laptop market. I might be wrong as I don't keep taps on new open standard releases, but as I understand it, we're at least a few years away from a decent quality build open standard laptop? and a bit further away from such laptops with various functional needs. As such, while it sucks, shoulnd't we recommend him laptops that works better overall between his user-needs and security? For that though, we need a better understanding of his needs though, he hasn't posted about that yet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aad0bc6d-5e00-49da-9454-e542d2711f12%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
