Re: [DNG] It's far from being over. Sigh!
I'd prefer to see chips from scratch, rather than patching on features late in the game. We can be pretty sure chip makers will only patch problems as they are found instead of redesigning their chips to prevent future problems. My reaction to the situation is that I'll no longer buy new hardware at all. Everything I buy now is second user, until I see chip makers pulling their finger out and doing what really needs doing. On top of that I'll only buy hardware that can be free software down to the bios. It should be nothing to them what runs in the bios, so I'll wait and see if they can be more flexible there (for however long it takes). Time to hold them all accountable I think. Cheers, chillfan ‐‐‐ Original Message ‐‐‐ On May 3, 2018 8:22 PM, Alessandro Selli wrote: > https://www.reuters.com/article/us-cyber-intel/next-generation-flaws-found-on-computer-processors-magazine-idUSKBN1I42BZ > > May 3, 2018 > > FRANKFURT (Reuters) - Researchers have found eight new flaws in computer > > central processing units that resemble the Meltdown and Spectre bugs > > revealed in January, a German computing magazine reported on Thursday. > > The magazine, called c’t, said it was aware of Intel Corp’s plans to patch > > the flaws, adding that some chips designed by ARM Holdings, a unit of > > Japan’s Softbank, might be affected, while work was continuing to establish > > whether Advanced Micro Devices chips were vulnerable. > > > > > Alessandro Selli > > Dng mailing list > > Dng@lists.dyne.org > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Firefox does analytics in browser
I noticed this hasn't come up yet. https://www.theregister.co.uk/2018/05/01/sponsored_links_come_to_firefox/ So, it would look like people have only until ESR changes then they'll be stuck with that problem, at least for the US builds unless they can do it for everyone. Cheers, chillfan ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Firefox does analytics in browser
On Fri, May 04, 2018 at 11:04:19AM -0400, chill...@protonmail.com wrote: > I noticed this hasn't come up yet. > > https://www.theregister.co.uk/2018/05/01/sponsored_links_come_to_firefox/ > > So, it would look like people have only until ESR changes then they'll be > stuck with that problem, at least for the US builds unless they can do it > for everyone. At least in Germany, official builds of Firefox bundle Cliqz malware; according to an announcement they start with a small portion of users and want to ramp up to all of them in the future. No idea if non-mozilla.org (such as those from Debian sources) builds are affected. Likewise, Cliqz provides "recommendations" based on your complete browsing history. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ Certified airhead; got the CT scan to prove that! ⠈⠳⣄ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Firefox does analytics in browser
On Fri, May 04, 2018 at 05:37:29PM +0200, Adam Borowski wrote: > At least in Germany, official builds of Firefox bundle Cliqz malware; > according to an announcement they start with a small portion of users and > want to ramp up to all of them in the future. No idea if non-mozilla.org > (such as those from Debian sources) builds are affected. > > Likewise, Cliqz provides "recommendations" based on your complete browsing > history. Update: apparently: # Support for Cliqz integrated functions in Firefox is ending. If you would # like to continue using Cliqz, please install the free Cliqz add-on. https://support.mozilla.org/en-US/kb/cliqz-recommendations-firefox Although it's interesting how they can have the gall to label something that siphons all of your browsing data as "privacy-oriented search experience". Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ Certified airhead; got the CT scan to prove that! ⠈⠳⣄ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Firefox does analytics in browser
Am Freitag, 4. Mai 2018 schrieb Adam Borowski: > Although it's interesting how they can have the gall to label something that > siphons all of your browsing data as "privacy-oriented search experience". LOL ... newspeak everywhere you look: When it's called "expert", you know it does not know what it's talking about. When it's labeled "professional", you know all professionals will stay away from it ... Nik -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
On Fri, May 04, 2018 at 08:28:23AM -0400, chillfan wrote: > I'd prefer to see chips from scratch, rather than patching on features > late in the game. We can be pretty sure chip makers will only patch > problems as they are found instead of redesigning their chips to > prevent future problems. > > My reaction to the situation is that I'll no longer buy new hardware > at all. Everything I buy now is second user, until I see chip makers > pulling their finger out and doing what really needs doing. > > On top of that I'll only buy hardware that can be free software down > to the bios. It should be nothing to them what runs in the bios, so > I'll wait and see if they can be more flexible there (for however long > it takes). I've been trying that for a while now, but my server is starting to fail. It may not be an option unless I want to get out of computing altogether. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
Well that's only my method of dealing with it.. generally I think it's worth waiting for them to properly fix some problems first. At least then people vote for what they want from them based on what they're prepared to buy. Likely next build for me is ASUS KGPE-D16 with libreboot, I'll still get hit with a reasonable portion of those bugs but at least not as many as on intel. Cheers, chillfan > I've been trying that for a while now, but my server is starting to > > fail. > > It may not be an option unless I want to get out of computing > > altogether. > > -- hendrik > > Dng mailing list > > Dng@lists.dyne.org > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
Hi, On 05/05/18 04:04, Hendrik Boom wrote: > It may not be an option unless I want to get out of computing > altogether. The problem is that everything has got a computer in it these days and I too fear that the only option to avoid all the bad-ness going on is to opt out of computing as well :( But whilst I still can, I'll at least run my own servers and rely on the "cloud" as little as possible. Librem 5 phone coming next year for me. Opting out of the big 5 is also very much something I would like to do: 1. Google (including Android) 2. Apple 3. Microsoft (including LinkedIn, Skype and other privacy nightmares) 4. Amazon (including AWS) 5. Facebook Oh and Twitter would make it six... NB: The article is not mine, but the sentiments are the same: https://motherboard.vice.com/en_us/article/mbxndq/one-month-without-big-five-microsoft-google-facebook-apple-amazon I even hate it very much that our public broadcaster has to have fb and twitter accounts -- they are supposed to be 100% free and non-commercial, but that's really just a dream because they, themselves (abc.net.au) are always going to be more commercial than they'll admit. Being sans systemd is not enough, that is another eco-system I want to avoid as much as I can (as we all know here). Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
Quoting Andrew McGlashan (andrew.mcglas...@affinityvision.com.au): > But whilst I still can, I'll at least run my own servers and rely on the > "cloud" as little as possible. Indeed, outsourcing in general is pernicious enough, but outsourcing to unknown infrastructure run by unknown strangers seems worse. > Librem 5 phone coming next year for me. Ah, Librem. Let's see: https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/ https://web.archive.org/web/20161010100959/https://blogs.coreboot.org/blog/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/ Internet Archive links because someone (guess who?) raised a stink, and Alex Gagniuc's comments were then taken down. > Opting out of the big 5 is also very much something I would like to do: > > 1. Google (including Android) > 2. Apple > 3. Microsoft (including LinkedIn, Skype and other privacy nightmares) > 4. Amazon (including AWS) > 5. Facebook > > Oh and Twitter would make it six... One coping strategy that I continue to think works pretty well is to keep one's digital footprint spread around so that minimal concentration of that data ends up with any potential opponent -- in the sprit of Self's Law. http://linuxmafia.com/~rick/lexicon.html#selfs-law Self's Law "Large, low-entropy pools are inherently dangerous." Karsten M. Self originated this observation in the 1990s. Here's an example [link] of his comments on this syndrome, following the attack that destroyed the NYC World Trade Center: "Firm belief that large pools of low entropy are inherently dangerous: tall buildings, large crowds, nuclear power, comprehensive databases, absolute power, monopolies. Seek the mean, keep energies and potentials balanced. Bipolar constructs are inherently more stable than monopolar (hegemonical) ones, and multipolar (diversified) structures better than both. That's not total anarchy — nexuses of power or control within a larger pool are OK, and virtually requisite. Should probably add universal networks and software monocultures to the list, as well." Vodaphone Greece furnished [link], in 2005, a fine example with its large, invisibly tappable digital access to all cellular telephone traffic in Athens. Towards the goal of minimising concentration of data from one's digital footprint, IMO it's worth paying very close attention to the abuse of Javascript and browser user state data, and take active measures to curtail and interfere with those activities. About smartphone security. Ahem: https://blog.torproject.org/mission-impossible-hardening-android-security-and-privacy https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor Note that the key and unsolved challenge is the baseband controller, a remotely vulnerable blackbox device that prevents any smartphone OS, no matter how good and 100% ope source, from having reliable security against even a modestly funded opponent (such as, these days, a motivated medium-sized business). Personally, my interim solution is to _eschew_ smartphones and, for now, use a 2000s-decade Motorola 3g flipphone without any sensitive data on it and assume that the device could be compromised and put under remote control by a motivated opponent via its baseband chipset. Sensitive data I have remain entirely on other, non-cellular-based devices. The Tor Project people mentioned a clever workaround: Install/configure hardened Android such as they describe on a wifi-only tablet computer, and use it on cellular networks only via a separate (e.g., USB-connectable) mifi 'modem'. Which means that the baseband controller cannot compromise the Android device's security from underneath, and you can always just disconnect the mifi 'modem' any time you want to make sure it can't do anything with/to the tablet at all. want to Otherwise, IMO, cellular device 'security' is a mirage. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
On 05/04/2018 02:52 PM, chill...@protonmail.com wrote: > Well that's only my method of dealing with it.. generally I think it's worth > waiting for them to properly fix some problems first. At least then people > vote for what they want from them based on what they're prepared to buy. > > Likely next build for me is ASUS KGPE-D16 with libreboot, I'll still get hit > with a reasonable portion of those bugs but at least not as many as on intel. > > Cheers, A TALOS 2 is an even better choice - it is much faster and freer + IBM should be supported purchase wise as they are very friendly to the open source firmware community and small businesses like raptor (which made the KGPE-D16's coreboot port, the coreboot native init code for fam15h, the D8/D16 OpenBMC port, and a variety of other neat stuff) Of course if you want to play x86_64 games the KCMA-D8 or KGPE-D16 is a good choice, I play the Witcher 3 (DRM free!) at max settings with 4 cores from a 6328 CPU. Here's to hoping for a future POWER gaming community. I suggest either the 6386 or the 6328 CPU for the D16 and the 4386 for the D8. Note the D16 comes with the module you need for OpenBMC but the D8 seems not to. For a laptop I recommend the G505S which has no ME/PSP and can be made almost libre, it has open init for ram/cpu and people are working on an open EC and to replace the other blobs. Thanks for the links rick! Purism is a very dishonest company and their phone is yet another example of faux-freedom hardware like their laptops, they do absolutely nothing to address the real issues like the baseband problem. 0xDF372A17.asc Description: application/pgp-keys ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2018-05-04 20:03, Rick Moen wrote: >> Librem 5 phone coming next year for me. > Ah, Librem. Let's see: > https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/ blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-lib re/ > > https://web.archive.org/web/20161010100959/https://blogs.coreboot.org/bl og/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/ > > Internet Archive links because someone (guess who?) raised a stink, > and Alex Gagniuc's comments were then taken down. I've ordered a librem 5 phone too. I'm really annoyed by the very few people that go to great lengths just to badmouth those who give their best to make products as good, libre, and user respecting as possible for them, just over some minor details. There is no such thing as a perfect system after all, and there are a lot of companies that are actually evil, to which raising awareness would help much more than complaining about those that do make a step in the right direction. Also, as far as I know, there is no other phone which: * Doesn't use gralloc and allows me to install any normal linux distro I want, not just ones for phones * Does care at all about privacy, for example by including physical kill switches * Provides development kits & documentation I can't speak for other people, but I prefer to do have a somewhat good and libre phone that I can control over no phone or phones I can't use the way I want them to. Regards, Daniel Abrecht -BEGIN PGP SIGNATURE- iQFIBAEBCAAyFiEEZT8xKpcJ1eXNKSM1cASjafdLVoEFAlrs1iwUHG1lQGRhbmll bGFicmVjaHQuY2gACgkQcASjafdLVoHsSQgAmlLJ1XVYSKKYnBLiQuUYLXaBRTX7 4PxBBx4iwwSdBvBow5+Lx1Y/mlb7WfHReoGf1/uhEf8fUptKGiglccDI+sUzpGU4 oz9HmvEIqY4N9s+I6JyDDaT7AkjMLSlbWkbLDreDFkfZNrfxuxcKgjVQqsah4QW7 srk1WGrg3J1hkHF0mPMmiR88Df2NJK8KSyOsC3bYwtB1ehCjiTCXC+LmnM43KrWu Bzs6KE1fJ8czkhOFUryG6eUsMxN2on2Mk++vjBdiX5+UkknZUSxqni7Cw/x1M4lS HCY3c9kGMYDIO9nv1kZWqkrrNCygldo6ZVkMJjcgJSldH6vpnER53+Afgg== =m6M4 -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Firefox does analytics in browser
On Fri, 4 May 2018 17:50:50 +0200, Dr. wrote in message <201805041750.50383.dr.kl...@gmx.at>: > Am Freitag, 4. Mai 2018 schrieb Adam Borowski: > > Although it's interesting how they can have the gall to label > > something that siphons all of your browsing data as > > "privacy-oriented search experience". > > LOL ... newspeak everywhere you look: When it's called "expert", you > know it does not know what it's talking about. When it's labeled > "professional", you know all professionals will stay away from it ... ..a proper "professional" "expert" reponse could be run all browsers exactly once, from throw-away virtual machines, so all web browsers etc look brand new to trackers, because they always _are_ brand new. ..on killing them, we _may_ (and _not_) wanna haul out the history and bookmarks into some sort of (local) history log server and (local) bookmarks (web) server, that e.g. launches new throw-aways anytime an url is hit. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
> I'd prefer to see chips from scratch, rather than patching on features > late in the game. We can be pretty sure chip makers will only patch > problems as they are found instead of redesigning their chips to prevent > future problems. The problem with doing that is you find yourself facing all new bugs never before seen. As well as having to characterize the new chips from the ground up to get best results. > My reaction to the situation is that I'll no longer buy new hardware at > all. Everything I buy now is second user, until I see chip makers pulling > their finger out and doing what really needs doing. > On top of that I'll only buy hardware that can be free software down to > the bios. It should be nothing to them what runs in the bios, so I'll wait > and see if they can be more flexible there (for however long it takes). Need to go for a lot deeper than the "bios". Modern processors have at least another layer under that, either on the CPU or in the chipset. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
On Fri, 4 May 2018 at 17:29:24 -0400 "taii...@gmx.com" wrote: > Purism is a very dishonest company and their > phone is yet another example of faux-freedom hardware like their > laptops, they do absolutely nothing to address the real issues like the > baseband problem. Not in the least as dishonest as you are. First off, what does Purism have to do with the thread's subject? Nothing at all, but you feel compelled at disparaging them at every turn of the road. Like bashing the librem5, a smartphone in the design stage, which hardware is not yet finalised yet you keep stating it is not going to have a modem and WiFi unit separated from the CPU. How do you know? How could one accept your Talos' obsessive advertizing when you proved yourself over and over a compulsive liar and an emotionally driven idiot? Do us and yourself a big favour, please shut your mouth up. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
On Fri, May 04, 2018 at 05:19:22PM -0500, Jamey Fletcher wrote: > > I'd prefer to see chips from scratch, rather than patching on features > > late in the game. We can be pretty sure chip makers will only patch > > problems as they are found instead of redesigning their chips to prevent > > future problems. > > The problem with doing that is you find yourself facing all new bugs never > before seen. As well as having to characterize the new chips from the > ground up to get best results. > > > My reaction to the situation is that I'll no longer buy new hardware at > > all. Everything I buy now is second user, until I see chip makers pulling > > their finger out and doing what really needs doing. > > > On top of that I'll only buy hardware that can be free software down to > > the bios. It should be nothing to them what runs in the bios, so I'll wait > > and see if they can be more flexible there (for however long it takes). > > Need to go for a lot deeper than the "bios". Modern processors have at > least another layer under that, either on the CPU or in the chipset. Ideally, the bottom layer should be such that rewriting it won't brick the processor -- at least you should aways be able to rewrite it again. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
> > On top of that I'll only buy hardware that can be free software down > > to the bios. It should be nothing to them what runs in the bios, so > > I'll wait and see if they can be more flexible there (for however long > > it takes). > > I've been trying that for a while now, but my server is starting to > fail. > > It may not be an option unless I want to get out of computing > altogether. If one peers closely enough at the various speculative execution bugs alluded to in this thread, and the horrible modern web-browser in the thread next door, one realises that they are just different facets of the same problem. If browsers were simple and didn't contain javascript interpreters, then the CPU bugs wouldn't be that serious on a single user machine as it would be much more difficult to get hostile code to run on the CPU. In the same way, the biggest memory and CPU hog on a modern computer is the web browser - it is not uncommon to have browsers consume multiple gigs of RAM to display data which contains a few hundred bits of actual information (train time-table, bank-balance, tomorrow's weather forecast). So if were not for the browser a PC from the last century would do, and that would mean that a simple, single core CPU without wild speculative execution modes, insane pipelines, signed microcode or management engines would suffice - the kind that enthusiasts occasionally build in verilog, and the role that maybe RISCV will fill more comprehensively. So maybe don't give up on computing, nor give up on the internet, but give up on the web. Maybe we should all host things gopher, ftp or bittorrent and related protocols... talk via irc or smtp, not web forums. Read mail with an actual mail client, not a web frontend. regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
I would agree that I don't want to bash them, I think it's better to just explain that a blob still exists in those products and the problems with the modems. Cheers, chillfan ‐‐‐ Original Message ‐‐‐ On May 4, 2018 10:52 PM, Daniel Abrecht wrote: > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > On 2018-05-04 20:03, Rick Moen wrote: > > > > Librem 5 phone coming next year for me. > > > > > > Ah, Librem. Let's see: > > > > > > https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/ > > blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-lib > > re/ > > > > > https://web.archive.org/web/20161010100959/https://blogs.coreboot.org/bl > > og/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/ > > > Internet Archive links because someone (guess who?) raised a stink, > > > > and Alex Gagniuc's comments were then taken down. > > I've ordered a librem 5 phone too. I'm really annoyed by the very few > > people that go to great lengths just to badmouth those who give their > > best to make products as good, libre, and user respecting as possible > > for them, just over some minor details. There is no such thing as a > > perfect system after all, and there are a lot of companies that are > > actually evil, to which raising awareness would help much more than > > complaining about those that do make a step in the right direction. > > Also, as far as I know, there is no other phone which: > > - Doesn't use gralloc and allows me to install any normal linux > > distro I want, not just ones for phones > > - Does care at all about privacy, for example by including physical > > kill switches > > - Provides development kits & documentation > > I can't speak for other people, but I prefer to do have a somewhat > > good and libre phone that I can control over no phone or phones I > > can't use the way I want them to. > > Regards, > > Daniel Abrecht ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
I am curious as to if there is a point when the major OEM's simply give up providing security updates for the latest CPU issues or if they will start doing it in batches as there are just so many of them. I hope that the security world will also test AMD_x64, POWER, RiscV, ARM and ARM64 for these issues, and that there will be security updates for those. I believe 7 years is a reasonable timeframe for CPU security updates with 10 for server CPU's and 15 for embedded - this is how long they are realistically used. While intel not providing security updates for their pre-sandy bridge server CPUs is I believe somewhat an issue it isn't as bad as they are pretty much useless due to not having a real IOMMU (Pre-sandy bridge intel IOMMU does not support Interrupt Remapping making it trivially easy to bypass and one can simply buy a D8/D16 board for a much better and more secure x86 server platform) On 05/04/2018 06:35 PM, Alessandro Selli wrote: > On Fri, 4 May 2018 at 17:29:24 -0400 > "taii...@gmx.com" wrote: > >> Purism is a very dishonest company and their >> phone is yet another example of faux-freedom hardware like their >> laptops, they do absolutely nothing to address the real issues like the >> baseband problem. > Not in the least as dishonest as you are. First off, what does Purism have > to do with the thread's subject? Someone replied talking about their phones and I wanted to provide information. > Nothing at all, but you feel compelled at > disparaging them at every turn of the road. Like bashing the librem5, a > smartphone in the design stage, which hardware is not yet finalised yet you > keep stating it is not going to have a modem and WiFi unit separated from > the CPU. How do you know? Because that is a mandatory feature on any secure phone, as evidenced by many competing products such as the free replicant and the costly GSMK CryptoPhone from ESD America which is currently sold to government agencies marketed with a "Baseband Firewall" If it had that they would mention it as it is a core feature. > How could one accept your Talos' obsessive advertizing I have a lot of free time with nothing better to do than to provide free information and help people get the best stuff for their money as others did for me - I don't get paid for anything as not everyone is a paid shill. By those same standards I also work for lenovo, asus (my also "obsessive advertising" of the last and best x86 choices) and several arms of the federal government (my telling people they should take amtrak as it is much nicer than the bus and of course my defense of the CIA's spying programs) > when you proved yourself over and over a compulsive liar and an emotionally > driven idiot? Do us and yourself a big favour, please shut your mouth up. I am providing information about the best current options and I will continue to do so until I am banned. All my facts are cited and anyone can look them up. I am only one person who is going up against companies with million dollar marketing departments and I don't see why people like you and so many others are so intent on shutting down protest and constructive criticis. On 05/04/2018 05:52 PM, Daniel Abrecht wrote: > On 2018-05-04 20:03, Rick Moen wrote: > >> Librem 5 phone coming next year for me. > > Ah, Librem. Let's see: > > https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/ > blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-lib > re/ > > > https://web.archive.org/web/20161010100959/https://blogs.coreboot.org/bl > og/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/ > > > Internet Archive links because someone (guess who?) raised a stink, > > and Alex Gagniuc's comments were then taken down. > > I've ordered a librem 5 phone too. I'm really annoyed by the very few > people that go to great lengths just to badmouth those who give their > best to make products as good, libre, and user respecting as possible > for them, just over some minor details. The thing is that they are not doing their best and the problems are not minor details. My issue with purism isn't their selling products not 100% free it is their dishonest marketing that equates a computer with an entirely blobbed hardware initiation process to be "running libre open source firmware" "all chips hand selected to protect your privacy and freedom" and implying endorsement from the FSF and RMS which is very dishonest. There are various other companies selling actually libre hardware and its not as though it is impossible to do, purism could have released an owner controlled FT3 platform laptop which despite claims to the contrary is only slightly slower than their devices, was faster than the first two they released and already had a functional coreboot port that is mostly free. > There is no such thing as aperfect system after all There are various other brand new owner controlled systems out there which have entirely open source firmware. Right no
Re: [DNG] It's far from being over. Sigh!
On Sat, 5 May 2018 01:31:58 +0200 marc wrote: > > > On top of that I'll only buy hardware that can be free software > > > down to the bios. It should be nothing to them what runs in the > > > bios, so I'll wait and see if they can be more flexible there > > > (for however long it takes). > > > > I've been trying that for a while now, but my server is starting to > > fail. > > > > It may not be an option unless I want to get out of computing > > altogether. > > If one peers closely enough at the various speculative > execution bugs alluded to in this thread, and the horrible > modern web-browser in the thread next door, one realises that > they are just different facets of the same problem. > > If browsers were simple and didn't contain javascript > interpreters, then the CPU bugs wouldn't be that serious on > a single user machine as it would be much more difficult to > get hostile code to run on the CPU. > > In the same way, the biggest memory and CPU hog on a modern > computer is the web browser - it is not uncommon to have > browsers consume multiple gigs of RAM to display data which > contains a few hundred bits of actual information (train > time-table, bank-balance, tomorrow's weather forecast). > > So if were not for the browser a PC from the last century would > do, and that would mean that a simple, single core CPU without > wild speculative execution modes, insane pipelines, > signed microcode or management engines would suffice - the kind > that enthusiasts occasionally build in verilog, and the role > that maybe RISCV will fill more comprehensively. > > So maybe don't give up on computing, nor give up on the > internet, but give up on the web. Maybe we should all host > things gopher, ftp or bittorrent and related protocols... talk > via irc or smtp, not web forums. Read mail with an actual mail > client, not a web frontend. I think you're painting all Javascript with the same brush. See my pricing page: http://troubleshooters.com/utp/courseware_cost_calculator.htm Loads almost instantly. Does exactly what is needed. Replacing it with a calculator on the back end would require a send to the back end and (remember, no Javascript, no AJAX) the back end sending an entire page to the browser. Don't blame Javascript because some programmers think it's hip to throw in fifty layers of abstraction to get "just the right look" without "reinventing the wheel." Blaming Javascript for force fed pig websites is like blaming C for systemd. SteveT Steve Litt April 2018 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
