On Mon, 28 Jan 2019 16:47:08 +0100 (CET)
<qubes-...@tutanota.com> wrote:
>Jan 27, 2019, 5:04 PM by alexandre.belgr...@mailbox.org:
>
>> Le dimanche 27 janvier 2019 à 16:47 +0000, unman a écrit :
>>
>>> I'd be interested to know what system has been graced with your
>>> approval.
>>> If you believe all this, then what makes you think that national
>>> intelligence agencies haven't infiltrated *bsd, coreboot and any
>>> other
>>> system you can name.
>>> imo Qubes does a reasonable job of providing a more secure system
>>> that's usable by ordinary users.
>>>
>>
>> Simply no x86 system is reasonably secure.
>>
>>> Spreading unfounded allegations is a disservice to the community.
>>>
>
>Most of the serious users are very well aware of the IME/AMT vulnerability and
>are addressing it continuously and publicly. See Joanna Rutkowska and her
>talks. You are looking for a 100% solution. Big surprise is a 100% solution is
>not existing and will never be.
>You can of course use a libre X200 without IME and without real virtualization
>too, having again to deal with issues of a monolythic system.
>Tradeoff can be the X230 with more-less disabled IME with proper
>virtualization.
>
>What do you yourself use?
>
>
>> Qubes is interesting because it is trying to answer security needs and
>> the design is nice.
>>
>> But think about Intel ME backdoor. Imagine that any officer with a
>> signed certificate of Intel can penetrate dom0 in your computer within
>> seconds and then view your screen, move your mouse and type on your
>> keyboard. This is reality and Qubes cannot change it.
>>
>Qubes doesn't even claim to change it. You need to address Intel same way as
>Qubes ppl do and ask them to close the backdoor.
>
>Are you aware that spreading of the false claims *can be* an intelligence
>operation to undermine user's support and appreciation of the codes like
>Debian and Qubes? From leaked materials is known that the US IAs named for
>example Tails based on Debian as a total apocalypse for intelligence
>collection for them, if spread.
>
>Keep in mind, nothing is perfect. But if you have an option for a better set
>and setting, put it up.
>
>
>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to > qubes-users+unsubscr...@googlegroups.com
>> <mailto:qubes-users+unsubscr...@googlegroups.com>> .
>> To post to this group, send email to > qubes-users@googlegroups.com
>> <mailto:qubes-users@googlegroups.com>> .
>> To view this discussion on the web visit >
>> https://groups.google.com/d/msgid/qubes-users/65d4efc1f6cc5203a5fc0802e2cdff2e9fc992f7.ca...@mailbox.org
>>
>> <https://groups.google.com/d/msgid/qubes-users/65d4efc1f6cc5203a5fc0802e2cdff2e9fc992f7.camel%40mailbox.org>>
>> .
>> For more options, visit > https://groups.google.com/d/optout
>> <https://groups.google.com/d/optout>> .
>>
>
Up to a certain manufacture, you can go to coreboot and lose the ME entirely.
After that point, setting the HAP bit may be your best option. We need someone
to to reverse engineer the ME and implement enough of it in coreboot to take
over so the newer ones will run.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20190128114655.7cb7309b%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
