Conversation

Notices

1. Embed this notice
   Desire-kun (nepiant@varishangout.net)'s status on Wednesday, 08-Jan-2025 01:22:28 JST Desire-kun
   the problem with security is that being too secure gets you on a list, unless it's part of your job.
   
   The other problem is stuff like the Intel Management Engine. You could buy a CPU or laptop with it disabled, but the NSA can collaborate with Intel to easily produce pretend-old CPUs and laptops with a pretend-disableable IME and sell it to people like System76 as if it's actually old, disableable CPUs/laptops. There's no way to tell the difference between these modified CPUs and legitimate ones, and both surely get you on a list.
   
   i'm open to discussion about this. i'll be glad to be proven wrong.
   • Embed this notice
     Desire-kun (nepiant@varishangout.net)'s status on Wednesday, 08-Jan-2025 01:22:28 JST Desire-kun

     in reply to
     cc @nyanide @lamp @j @mischievoustomato
   • Embed this notice
     mischievoustomato@0.5dollah.click's status on Wednesday, 08-Jan-2025 02:17:59 JST mischievoustomato

     in reply to

     • lamp
     • Jerome
     • nyanide :nyancat_rainbow::nyancat_body::nyancat_face:

     @Nepiant @nyanide @j @lamp i don't know anything about these things and frankly, don't care

   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Wednesday, 08-Jan-2025 14:42:56 JST 翠星石

     in reply to
     @Nepiant >pretend-disableable IME and sell it to people like System76
     No Intel laptops the System76 have a disable ME.
     
     They use a proprietary BIOS with me_cleaner ran on it, which only cuts down the ME (as the CPU does not init without the ME) and sets the HAP bit to nicely ask the ME to hang after boot.
     
     If you want a system that you can disable the ME on, the only option is a GNUbooted thinkpad.
     
     As for AMD systems, the newest GNUbootable one you can get without the PSP is from 2011.
     
     https://www.gnu.org/software/gnuboot/web/docs/hardware/
     
     The NSA can't really target GNUboot systems you handcraft from separate components if you don't live in the USA.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Wednesday, 08-Jan-2025 14:44:43 JST 翠星石

     in reply to
     @Nepiant >pretend-disableable IME and sell it to people like System76
     No Intel laptops the System76 offers has a disabled IME.
     
     They use a proprietary BIOS with me_cleaner ran on it, which only cuts down the ME (as modern intel CPUs do not init without the ME) and sets the HAP bit to nicely ask the ME to hang after boot.
     
     If you want a system that you can disable the ME on, the only option is a GNUbooted thinkpad.
     
     As for AMD systems, the newest GNUbootable one you can get without the PSP is from 2011.
     
     https://www.gnu.org/software/gnuboot/web/docs/hardware/
     
     The NSA can't really target GNUboot systems you handcraft from separate components if you don't live in the USA.
     
     The IME is a backdoor they only risk burning on high-value targets - for normal glower activities they intercept shipments and use hardware implants.
   • Embed this notice
     EdBoatConnoisseur (edboatconnoisseur@poa.st)'s status on Wednesday, 08-Jan-2025 14:53:10 JST EdBoatConnoisseur

     in reply to

     • 翠星石

     @Suiseiseki @Nepiant just get your AMD hardware from mainland china and slap a copy of the tianmenn square copypasta on the rom, boom no chinese spyware on amd.

   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Wednesday, 08-Jan-2025 14:53:10 JST 翠星石

     in reply to

     • EdBoatConnoisseur
     @EdBoatConnoisseur @Nepiant It is correct that hardware shipped directly from China to a country that is not the USA or Alaska is difficult for the NSA to intercept.
     
     Chinese motherboards are know for things like having the backdoor BMC soldered onto the motherboard rather than socketed, but you just desolder the BMC and then install GNUboot.