SoylentNews is people
SoylentNews
Hugo Landau has written a blog post about why Intel will never let hardware owners control the Management Engine. The Intel Managment Engine (ME) is a secondary microprocessor ensconced in recent Intel x86 chips, running an Intel-signed, proprietary, binary blob which provides remote access over the network as well as direct access to memory and peripherals. Because of the code signing restrictions enforced by the hardware, it cannot be modified or replaced by the user.
Intel/AMD will never allow machine owners to control the code executing on the ME/PSP because they have decided to build a business on preventing you from doing so. In particular, it's likely that they're actually contractually obligated not to let you control these processors.
The reason is that Intel literally decided to collude with Hollywood to integrate DRM into their CPUs; they conspired with media companies to lock you out of certain parts of your machine. After all, this is the company that created HDCP.
This DRM functionality is implemented on the ME/PSP. Its ability to implement DRM depends on you not having control over it, and not having control over the code that runs on it. Allowing you to control the code running on the ME would directly compromise an initiative which Intel has been advancing for over a decade.
(Score: 5, Insightful) by edIII on Monday July 23 2018, @10:30PM (17 children)
What is advancing, regardless of efforts to stop it, is the knowledge of what security actually is, and what it isn't. In way Pandora's box has been opened, the disasters and fears made very real, and nobody is ever going to trust proprietary code again. Nobody. Both because it cannot be reviewed, and that we cannot trust the executives and shareholders intentions (Hollywood DRM). It's anti-consumer in its execution.
Security starts at the silicon up, if not also around it (side channel attacks). A Management Engine is just a form of security processor that lies below the main processors. They say management, I say control and interdiction of unauthorized and undesirable code. Purism and others are working towards open source designs that can be controlled by the owner and not the manufacturer.
They can fight it, but they're just going to lose that percentage of the population that can fight back against them. Kinda like how a lot of Microsoft techs I know run Ubuntu now.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 5, Insightful) by Thexalon on Monday July 23 2018, @11:39PM (1 child)
... and Microsoft is still a highly profitable company.
They know they might lose the geeks on this one in the short-term, but they figure they can make more money from the payoffs from the MPAA / RIAA (and presumably also the NSA). And then their fairly small number of competitors will realize the cash cow that Intel has found, and put the same misfeature in their CPUs for the right price. You might have access to open source CPU designs, but you won't have access to the fabrication facilities needed to actually make a CPU based on those designs, and if you do you will have little guarantee that said facility doesn't put these kinds of misfeatures into your theoretically clean CPUs.
In short, you're screwed, and Intel knows it.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 1, Interesting) by Anonymous Coward on Tuesday July 24 2018, @05:31PM
Not really.
Microsoft can be profitable. Intel can be profitable. AMD can be profitable.
But that doesn't mean that they aren't fostering a countermovement that renders them increasingly irrelevant.
They can make a fat profit all this time, doing widgets and gadgets like embedded video players and games consoles and tablets, while people who want to do real work use other equipment. As the utility difference between the Intel and the freer options grows, the tension grows in the market.
It's not a binary situation.
(Score: 4, Insightful) by c0lo on Monday July 23 2018, @11:46PM (12 children)
Nobody is a bit too close to an absolute to be plausible true.
Perhaps I can accept "nobody that understands the consequences and cannot accept a security tradeoff".
Look, the world lived and continue to live with vulns in the software that runs on top of the hardware for already a long time (no matter if that hardware was considered rocksolid or vulnerable itself).
Don't tell me that the fact that Windows (**) was, is and will be vulnerable will preclude its use by zillions on this planet, even used by security conscious people (which conscientiously accepts a trade off as long as they can mitigate the risks).
E.g. you commented just above - do the hardware and software that you used have 100% your trust or did you considered the situation and you decided that "Bah, what's the worse that can happen if I post on S/N using a non-100% trusted software/hardware"?
[**]- replace with the OS of your choice, all of them are in the same situation, even with their sources open.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by requerdanos on Tuesday July 24 2018, @12:11AM (11 children)
I'd like to point out that there is a big difference between "doesn't quite have 100% of my trust but can theoretically be secured" and "rootkit factory installed, you have no hope of securing it, ever, guaranteed 0% trustworthy".
99% trustworthy (or 25%!) with the potential to approach 100% is good.
0% trustworthy with a lifetime max possible of 0% trustworthy is what we are talking about here with IME and AMD's PSP.
I'd like to stress that I agree that "nobody is ever going to trust proprietary code" is idealized but entirely unrealistic. No one should, but a great proportion just don't care and might never, computers not being their thing.
If computers are your thing professionally, as a hobby or interest, anything like that, then you should be the one caring, and not trusting nonfree software, especially in your factory rootkits.
(Score: 2) by c0lo on Tuesday July 24 2018, @12:27AM (10 children)
Yes, I care, but... tel me, is there any actual** choice of running Linux on a trusted CPU?
Personally I don't know any, thus I manage to the best I can (and, depending the circumstances, care).
I'll be happy to learn there are trustworthy CPU's/platforms that can run Linux.
---
** in both meanings: "existing in fact, real" and "existing now, current".
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Informative) by requerdanos on Tuesday July 24 2018, @01:18AM (8 children)
Yes, with caveats.
I have a couple Olimex Olinuxino Lime2 single-board computers that run Debian pretty well. On their website Olimex points out that [olimex.com]:
The caveats to this particular solution:
- Armv7l 32-bit dual-core dirt dog slow (Similar performance to a Pentium 4 2.66)
- 1GB RAM that you can't upgrade
- Free driver for the Mali GPU is not yet full-featured
- GPU supports only 0 to 1 monitors
- No display support if you use mainline kernel (only with their custom 3.4.103)
- except for SATA and serial debug port, peripherals must connect via USB2
I chose these because no nonfree software is required to boot/run them (unlike the R. Pi) and I've been running two of them for years, both running Debian GNU/Linux, one headless, one via KVM. I moved them into a different case recently, so their uptime is only in the months, but before that each had over a year of uptime. I recommend them wholeheartedly for those who can live with their deficiencies.
I use these because they are inexpensive (~US$100) and I am cheap.
There are faster, more expensive (still very limited) systems in this vein, such as the US$550 Nvidia Jetson TX1/TX2 [arrow.com], which have 4 - 8GB of RAM, much better I/O including a PCIe slot, and USB3, and which, while not open hardware, Debian calls [debian.org] fully supported by free software (even if not by Debian itself).
Would something like these count as running Linux on a trusted CPU? I know there are the "yeah, but..." objections that come from these being strange nonstandard developer boards, but then I am a strange nonstandard developer and I suspect you might be one also.
I'd love to see a fast, cheap Desktop ATX board with a no-Management-Engine CPU that would support my usual three-HD-monitor setup. But we're getting there.
(Score: 3, Interesting) by c0lo on Tuesday July 24 2018, @01:26AM
Thanks in heaps.
Hardly can call them a software dev platform, but then again... for interaction with the outside world they seem perfect.
I'll also look what I/O they have on the boards.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by bzipitidoo on Tuesday July 24 2018, @02:44AM (6 children)
Like I said in another story, I'm not trading down to a 133 MHz Pentium MMX with a measly 256M RAM for security from Spectre. Or security from the ME. This ARM chip is better than a 20 year old Pentium system, but it's still a huge performance hit and has other problems. It's too high a price.
We'd all like to be free of Treacherous Computing and DRM, and there are other solutions than trying to avoid the ME. Like, sniff out the kind of traffic that the ME sends and receives, and block it at the firewall. Another possibility is to spoof or DDoS Intel with fake ME traffic. SN had a few stories about the possibility of disabling the ME by exploiting its security flaws to get it to flash itself to oblivion, or at least a permanently disabled state.
Another strategy is to "zerg" them. That's the main way we fight the MAFIAA. There is way too much pirating for any of their strategies to have a hope of really stopping it, and a DRM enforcing ME won't change that. MIcrosoft already tried that approach in the OS a decade ago with the much hated Windows Vista, and it was an abysmal failure. Moving the DRM to hardware won't help.
Yet another approach is a class action lawsuit against Intel and AMD, and anyone else of the very few who manufacture CPUs who dare to build in back doors. It's only a matter of time before their fool backdoor causes some major failure, in the same vein as Sony's incredibly stupid root kit on their audio CDs. Maybe a compromised ME causes some PC handing critical medical equipment to kill a patient, like the infamous Therac 25 did. Also, I'm sure the military takes a very dim view of their own computer hardware having such back doors. They love other militaries being stuck with such hardware, but they hate it for themselves.
You mentioned MALI. I've been watching for years, wondering which way to jump to get open graphics hardware, Nvidia (Nvidious, you know) or ATI, or someone else, maybe Matrox? Maybe 3dfx would rise from the dead? So far, no one has delivered fully open 3D accelerated graphics. MALI is not open enough.
(Score: 3, Interesting) by jmorris on Tuesday July 24 2018, @03:24AM (3 children)
I'm watching this little fellow: RockPro64 [pine64.org]
From the forums it looks not ready for prime time for now, but look carefully at it. It or something like it is probably the future we seek. See that PCIe slot? It is "open ended" so it could accept a Radeon. Screw waiting for a reverse engineered Mali driver, Radeon is supported by AMD with open docs and developers. If the driver can be ported to ARM64 successfully one could have a quad core machine with 4GB of memory and a real desktop Linux running for $250. This particular product might also have a problem where a long PCIe card could get in the way of the eMMC slot. But if we see more PCIe slots appear on these little Arm boards, that is the way forward. Assuming they do not start getting "Management coprocessors" that can't be controlled.
(Score: 2) by bobthecimmerian on Tuesday July 24 2018, @02:04PM (2 children)
https://en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver#ATI/AMD [wikipedia.org] "The FOSS drivers for ATI-AMD GPUs are being developed under the name Radeon (xf86-video-ati or xserver-xorg-video-radeon). They still must load proprietary microcode into the GPU to enable hardware acceleration." (Emphasis mine.)
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @05:40PM (1 child)
It's microcode. I'm not sure that the "source" is anything more than comments next to blobs of bits?
Maybe the industry has advanced but I'm not sure what there is to see
(Score: 0) by Anonymous Coward on Sunday August 05 2018, @08:00AM
Seeing is one thing. Modifying and distributing another.
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @07:16AM
I'm not trading down to a 133 MHz Pentium MMX with a measly 256M RAM for security from Spectre.
Nor is anyone else ... so i can develop my Spectre exploit with the sure certain knowledge that it will hack everything
It may not be easy, but with the funds provided by
my backersa well-wisher - I will get there in the endBwaa ha ha haar!
(Score: 4, Informative) by urza9814 on Tuesday July 24 2018, @02:52PM
They aren't stuck with it. Companies like Dell have publicly stated that they have specific models which they will only sell to government agencies or specific approved corporate buyers which have these features disabled. I'm sure Intel is cooperating with that, for the right price. Intel has also publicly stated that there are features in the management engine that were placed there specifically to be used by the NSA. So why should the government be concerned when Intel allows them to either remove or custom modify these features? The feds probably have source code and schematics. They don't care about any of this. They aren't going to save you.
https://www.extremetech.com/computing/260219-dell-sells-pcs-without-intel-management-engine-tradeoffs [extremetech.com]
(Score: 2, Informative) by Anonymous Coward on Tuesday July 24 2018, @04:30AM
Talos II lite (power9 cpu) is the only thing with performance same/better than xeon, and in same price range-- everything with software/firmware is free/open on this board.
For 100% free drivers on an ARM board (including GPU), I think there is only the MX6, MX7, and MX8 SOC. There are some boards ( https://wandboard.org [wandboard.org] ) with a raspi form factor. And, some larger form factor boards that include a pci-e etc.
For a headless box, your options open up quite a bit. Look for anything ARM that has been used in a recent chrome book. Google is now requiring manufacturers to get everything but gpu drivers upstream and in-tree in the linux kernel, in order to be used in a chrome book. So,even Chinese SOCs like Rockchip can now run a vanilla kernel* with no proprietary blobs for a headless / frame buffer box (Pine makes a cheap SBC based on rockchip- "rock 64"; $25 with 1G ram, $45 with 4G; their rockpro64 gets you a faster CPU, and pci-e x4 slot with 2G ram $60 4G $80).
*only have read this, No personal exp with rockchip (but that is about to change).
(Score: 2) by pdfernhout on Tuesday July 24 2018, @02:20AM
https://www.youtube.com/watch?v=XgFbqSYdNK4 [youtube.com]
Concludes: "If they don't trust you, why should you trust them?"
The biggest challenge of the 21st century: the irony of technologies of abundance used by scarcity-minded people.
(Score: 2) by bobthecimmerian on Tuesday July 24 2018, @01:59PM
What? All the evidence you need to disprove your hypothesis exists in the mobile operating system space. Nothing in that space is open source from top to bottom. Not a damn thing. Casual users, power users, technology enthusiasts - they don't care.
Intel, Hollywood, DRM, and the surveillance state are winning.
(Score: 3, Interesting) by RS3 on Monday July 23 2018, @10:33PM (7 children)
Does the RISC-V https://en.wikipedia.org/wiki/RISC-V [wikipedia.org] CPU have an ME? No? Oh.
Great, so I can't do anything with or about the IME, but the criminals can: https://www.tomshardware.com/news/intel-me-new-firmware-bugs,37492.html [tomshardware.com].
(Score: 5, Informative) by requerdanos on Monday July 23 2018, @11:59PM (1 child)
I, for one, would love to see a desktop version of something like this Gigabyte ARM server: https://b2b.gigabyte.com/ARM-Server/R120-T33-rev-110 [gigabyte.com]
It has a Cavium ThunderX 64-bit ARM (aarch64) 48-core CPU, DDR4 RAM, and no management engine or other factory malware.
Alas, like the RISC-V boards, it costs about as much as a good used car, or a secondhand travel trailer.
I would love to see cheap (Chinese, perhaps? Anyone in Shenzhen listening?) ATX or mATX commodity boards with non-x86 processors (fast ones, not slow junk) more in the cost range of US$100-$250.
(Score: 2) by coolgopher on Tuesday July 24 2018, @02:20AM
Somehow wrangle a 16x PCI-Express slot onto that and you could have a real winner.
(Score: 1, Disagree) by Anonymous Coward on Tuesday July 24 2018, @01:38AM (3 children)
RISC-V Architecture: Understand the Facts [riscv-basics.com]
(Score: 2) by coolgopher on Tuesday July 24 2018, @02:21AM (2 children)
Link no worky :(
(Score: 5, Informative) by requerdanos on Tuesday July 24 2018, @02:56AM (1 child)
This was a FUD piece written by ARM (the R in ARM stands for RISC, in case you missed the relevance). It was so egregious that ARM pulled it quickly after the proper trouncing they got in the editorial tech press, which is why the link doesn't work.
Phoronix has a brief write-up [phoronix.com] of ARM's anti-RISC V claims from the hit job before it was taken down.
Anytime someone tells you some variation of "Get the truth" or "Get the facts", they are about to feed you propaganda that is either completely dishonest, or a mixture of truth and lies that's got a spin to favor their preferred position. This was no exception.
(Score: 2) by coolgopher on Tuesday July 24 2018, @04:14AM
ARM, aka Acorn RISC Machine, later Advanced RISC Machine.
The RISC-V must be pretty decent if they're feeling threatened.
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @01:38PM
Since RISC-V is not a CPU, but an instruction set architecture, this question is about as meaningful as the question whether the x86 instruction set architecture has a management engine. Which is, not meaningful at all.
A processor implementing RISC-V may or may not have an equivalent to Intel's ME. That is up to whoever implements the processor. Indeed, a processor (RISC-V or otherwise) could even have a RISC-V based ME!
(Score: 1, Informative) by Anonymous Coward on Monday July 23 2018, @11:35PM (18 children)
I'm not interested in your latest superhero movie. Give me back my CPU.
(Score: 3, Insightful) by c0lo on Monday July 23 2018, @11:49PM (6 children)
That CPU? It wasn't truly yours ever.
Yes, you own it as a blackbox, but don't have any right on the design of the CPU and never had.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2, Insightful) by Anonymous Coward on Tuesday July 24 2018, @03:06AM (5 children)
(Score: 2) by c0lo on Tuesday July 24 2018, @03:35AM (4 children)
You realize that this doesn't hold to much of a value, the question of your trust in the ... ummm .. assuring party still remains.
I mean, how could one verify the "no more no less" assurance if one doesn't have access to the design of the CPU?
It doesn't even need to be a false assurance given in ill-faith, to err is human, unintentional bugs in hardware aren't new.
Even if you know implementation details doesn't keep you from harm's way: the predictive branching, out-of-order execution and all the other stuff used by Spectre were known as design principles for quite a long way back
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Insightful) by stormwyrm on Tuesday July 24 2018, @06:20AM (3 children)
Gaining access to the design of the CPU to be able to look at it does not automatically give you the rights to the design of the CPU, any more than having a peek at the source code for Windows gives you any right to use it the way you'd be able to use code that was released under a Free license. Your previous post talked about "rights on the design of the CPU". An independent third-party auditor might be able to gain enough access to the designs to audit them under a non-disclosure agreement, and yes, it's naturally going to be a matter of trust in the auditors as well. But that's also true for a lot of things out there. We have it just about entirely on trust that every bit of Free Software out there doesn't have malicious misfeatures. The only difference is that that trust is highly distributed, making it a lot stronger than trust in say, Microsoft alone. Plenty of other people can and have had a good look at the code. If you had an open hardware design for a CPU, I doubt that you, personally, would have the time, knowledge, and inclination to be able to do a thorough job of assuring its trustworthiness all by yourself, any more than you would have for something as complex as the Linux kernel. The only advantage it would have is that the ability to audit it is a lot easier: you don't have to sign NDA's or pay Danegeld to Intel or AMD to be able to audit the design of RISC V or some other Free CPU, which increases the chances that someone trustworthy has done the auditing already. But again, that's also something you still probably need to take entirely on trust.
Unintentional bugs are out of scope here. We're talking only about outright malicious features designed specifically to subvert the user's intentions put there deliberately by the designer, like Intel's ME or AMD's PSP. You can get unintentional bugs in any design, Free or proprietary or anything in between. Even so, I'd rather have a system that at minimum strives to be loyal [gnu.org] to me, instead of having deliberate back doors baked into it to allow itself to betray me to whoever is supposed to be its true master. Unintentional mistakes are a fact of life. Deliberate disloyalty and betrayal shouldn't be.
Numquam ponenda est pluralitas sine necessitate.
(Score: 3, Insightful) by anubi on Tuesday July 24 2018, @07:01AM (2 children)
Agreed, I have no rights to the CPU design. But I find myself in the same position as if I were buying locks.
Say, for instance, I love Schlage locks. But some suit-man over there accepts the idea that all his locks should open with a master key. Now, the playing field is wide open to whoever gets a copy of the master key. Now, anybody who has an interest in violating my lock is free to do so.
( Just for example... mechanical locks like this are not secure at all. "bump keys". And any locksmith can pick one. A lot of kids can, too. )
I know I am going to be moderated "redundant" for this post. Everyone on this forum is saying the same thing! Dammit! Just how can one explain in words that even a Hand Shaking SuitMan can comprehend that having any hardware with a cooked-in-silicon master key backdoor is a really, really, really bad idea?
This is one issue I have been screaming about ever since "scripts" which mix code and data. Never execute code you can't verify or hold someone accountable - and for crying out loud, don't willy nilly leave your business and trust some lock, especially if you know even a script kiddie will have free run of your place once he jimmies your lock. The technology exists for you to have the only key in existence, yet you choose to use a technology where others you have no idea who they are also have a key?
Once the trick gets out how to get in your machine through that backdoor, there will be no patch. And all your stuff is right out there for anyone who knows how the "open sesame" works.
And to think that suit-men have spent so much effort on copyright. They are watching their candy jar while someone else is making off with their bank account!
My grandpa, and old dirt-farmer, was smarter than that... when the local kids took to setting outhouses on fire, or moving them back four feet, he built his out of cinderblock.
Yet, how many of those executives are going to authorize purchase and implementation of this backdoored technology in *their own* corporation?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by stormwyrm on Wednesday July 25 2018, @05:30AM (1 child)
Numquam ponenda est pluralitas sine necessitate.
(Score: 1) by anubi on Wednesday July 25 2018, @08:06AM
I was mostly referring to the lock I compared to... standard common house front door lock.
Like you say, they come in varieties from that super cheap lock I use on a gate, just to let people know that I don't welcome uninvited visitors, but should they insist and force it open anyway ( can be done with paper clip ), another circuit will sense the open gate and make a fuss.
I have a G&S dial lock on an outside door.... just in case I lock myself out of my own house. It'll be easier to bash the door down than to open that one without its combination.
Generally, its hard to compare mechanical locks to electronic locks.. as its usually hard to violate a mechanical lock in private. Whereas an electronic lock can be hammered at from the other side of the planet for years if it comes to that.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @12:04AM
.. and going beyond c0lo's point, this isn't the first time you've paid your supply chain to slurp from that hose either; https://www.techdirt.com/articles/20060227/0211220.shtml [techdirt.com]
(Score: 3, Informative) by fyngyrz on Tuesday July 24 2018, @01:20AM (9 children)
Don't give Intel CPUs a network connection any longer. Just use 'em for grunt work given on USB sticks. It's all they deserve at this point.
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @04:03AM (8 children)
It'll try to connect out using wireless
Like a virus
(Score: 2) by fyngyrz on Tuesday July 24 2018, @04:11AM (7 children)
Easily dealt with.
(Score: 1) by anubi on Tuesday July 24 2018, @05:12AM (6 children)
How would you handle:
"! Update required. Please connect to internet for critical system security update. " ( ding! )
And system fails to run until you agree and give it what it wants.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Unixnut on Tuesday July 24 2018, @08:46AM (2 children)
I would not use a system that tries to control, deny my instructions and generally boss me around.
I mean think about it, if you care about freedom and security enough to never ever connect your PC to a network and only deal with USB sticks as your interaction, why on earth would you go through all that effort, and deal with all the inconvenience, and then stick to a software system that tells you what you should do, and denies you control unless you submit to its instructions?
Ideally, If you want security and control, you have to apply it to the entire stack, from the silicon to the end-user app.
Also, I would not recommend USB sticks, after all, an entire class of viruses developed that spread by floppies, in theory nefarious backdoor could just use your USB stick for compromising you. Not sure what would be a good way for communication, I would probably go back to the old RS232, with custom (and limited) commandsets. It is a low-level, simple and rugged enough system that it would be hard to find underlying security holes in, at which point your security is as good as the terminal server you write/use on the other end of the line.
(Score: 3, Insightful) by fyngyrz on Tuesday July 24 2018, @10:03AM
With an axe.
(Score: 2) by fyngyrz on Tuesday July 24 2018, @10:05AM
ugh, sorry, replied to wrong message. Coffee!
(Score: 2) by fyngyrz on Tuesday July 24 2018, @10:10AM (2 children)
I'd handle it with an axe.
Seriously. If a machine with no connection to the net suddenly demanded one and this was hardware-based, there's no way in the world it could be trusted. You know, we don't have to use computers. If the process is made to be intolerable, then we should stop using the problem hardware until / unless they fix it. Or, if there is one, use an alternative source of hardware (and don't reward the miscreants who made the untrustworthy hardware with future purchases, either.)
(Score: 3, Insightful) by anubi on Tuesday July 24 2018, @11:05AM (1 child)
I was relating the frustration I am experiencing with my phone when using Yelp, and it keeps nagging me requiring a Google account if I am going to see more than one set of reviews... it bluescreens on me, "checking info", then redirects me to Google... "Add your account".
This kind of thing really annoys me.
I keep seeing all these gadgets for sale on store shelves, but they have internet connection. My guess is I pay maybe $19.95 plus tax for the gadget in the retail store, take it home, then find it needs "activation", which is a stiff monthly fee? I know businessmen are really "thinking outside the box" these days, and will pull off anything to get someone to bite, then reel 'em in.
I've been seeing this ad for a "Micro Mechanic" bluetooth OBD reader, but being bitten by businesstalk, I don't know what they are really saying on the ad... like "free download"... I have had those... I could download it for free, but not run it. Just "activate" it, eh? Monthly fee? Termination agreement required? Have to surrender my banking credentials, name, and God knows what else they may demand, or just write off the little junklet I just paid for... brand new junklet. Do I have to load malware in my phone? I feel like I'm playing a game of three card monte with a street shyster every time I hear those TV ads.
Its really hard for me to trust marketers these days. Many of them seem to think that once I have paid for *anything*, I am now fair game for a feeding ( fee-ing) frenzy to herd me where they want me to go to cut my losses of giving them any money in the first place. If it involves any computer or phone, I have almost convinced myself that they *will* use my own technology as their enforcement agent for forcing yet more and more money from me in order to get what I paid for to work... kinda like getting involved in some sort of cult. Not at all like buying a drill motor from Home Depot.
So far, I have not bought any "smart" drill motors that tell me "Thank you for buying me, now just log onto www.gotchanow.com and do whatever they demand from you to activate me. You have shown you are a smart guy who leads the pack in adopting smart technology, and you may now show your friends and boss how smart your are!"
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Monday July 30 2018, @03:40AM
Don't but those personal cloud devices then
does not work without an Internet connection
(Score: 3, Informative) by Runaway1956 on Tuesday July 24 2018, @02:25AM (3 children)
A couple quick searches about the Intel ME let me here: https://learnlinuxandlibreoffice.org/3-create-your-own-linux-computer/3-1-why-we-need-to-create-our-own-computer [learnlinuxandlibreoffice.org]
The page didn't seem to be very on-topic, but I browsed through anyway. Apparently, Chromebooks don't use the ME.
Specifically, the article is showing how to take the top-of-the-line Chromebook, and turn it into a Linux laptop. The CPU is only a Celeron 3205U Broadwell dual core, but the article touts it as plenty fast enough, and powerful enough to run Linux Mint and Libreoffice.
It isn't quite clear to me yet, whether the 6th and higher generations of this chip have the ME on Chromebooks - or even if they are used in Chromebooks.
We're gonna be able to vacation in Gaza, Cuba, Venezuela, Iran and maybe Minnesota soon. Incredible times.
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @02:52AM (2 children)
Again, Runaway, thank you for sharing you lack of understanding. It has been very helpful to the SN community.
(Score: 1, Interesting) by Anonymous Coward on Tuesday July 24 2018, @04:51AM (1 child)
Wo ist Francis?
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @01:56PM
Don't worry 'bout Francis. All he wants is a pat on the head, and the old bastard won't pay him any mind.
(Score: 4, Interesting) by epitaxial on Tuesday July 24 2018, @03:28AM (11 children)
Can this blog author provide any proof that Hollywood is involved in management engines? Does the ME even interface with HDCP at all?
(Score: 1, Interesting) by Anonymous Coward on Tuesday July 24 2018, @05:21AM
The HDCP is the reason I have been very reluctant to adopt HDMI.
I consider HDMI drivers as already crippled just waiting for denial of worky.
To me, its a Business-Grade system just awaiting a nuisance denial-of-service virus or prank to shut it down by corrupting some key file. Its mostly for businessmen who will tolerate stuff that does not work. Personally, I consider a machine that does not do what I tell it to do, even though its perfectly capable of doing it, like most businessmen would see an insubordinate employee.
However, its been my observation that businessmen will tolerate insubordination from their machine.
But if some employee flat tells their supervisor "No!", the supervisor's response is apt to be "You're Fired".
(Score: 2, Informative) by bob_super on Tuesday July 24 2018, @06:43AM (2 children)
Nope. SN is just having one of its regular moments of excessive paranoid overreaction. Many of those are driven by hardware-level spying, however unlikely and impractical, because Linux & friends take care of the software paranoia, but too few people have access to custom hardware (let alone with decent performance).
If someone has added a processor to handle the increasing complexity of the hardware we're dealing with, and the ever more complex security protocols that badly attempt to keep said hardware safe (ironically, before handing execution pointers to Microsoft code), then that person must have a nefarious intent, and must be working for those people who either spy on us, want money for the entertainment we consume, or clearly both.
Intel, ARM, and AMD employees take blood oaths, and are under constant watch after they depart the company, to make sure that none outside of the trusted halls ever spills a word of the conspiracy which watches us from Ring -1.
All hail Ring -1! All hail Ring -1! The first rule of Ring -1, is you don't ... Just a minute, doorbell's ringing.
(Score: 2, Touché) by anubi on Tuesday July 24 2018, @07:07AM
Didn't I read something like that about the DVD_CCA encryption? Way too many permutations! Can't be done!
And a Norwegian kid gave their stuff back to them on a platter? (DVD-JON DeCSS ).
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Informative) by urza9814 on Tuesday July 24 2018, @03:40PM
That would be a decent argument if any of this stuff was actually secret. But when Intel officially confirms that they have code in the management engine that was custom written for government security agencies, it's kinda hard to still dismiss the existence of such code as a crazy conspiracy theory...
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html [ptsecurity.com]
(Score: 1, Informative) by Anonymous Coward on Tuesday July 24 2018, @10:44AM (1 child)
It's not a secret; Intel is upfront about it.
See here:
(Score: 2, Interesting) by Anonymous Coward on Tuesday July 24 2018, @12:47PM
A blog post and an obscure e-book isn't likely to be sufficient to meet the legal standard of informed consent.
I think the real question here, is: "Has anybody reverse engineered this to the level where they can demonstrate actual use cases in a courtroom?"
Because it probably is exactly what it looks like. And while they may have posted on some obscure blog, I can recall no one ever signing a contract defering their reservation of rights to Intel. In consequence any equipment that they own that implements this, and has functionally changed service on behalf of a third party, could reasonably be interpreted by a jury as violating wiretapping statues.
And given the frequency with which people claim other peoples shit on Youtube, it is highly likely that DRM claims have been falsified. So while some courts may regard digitally violating the sanctity of a domicile, as something doesn't constitute sufficient harm to produce standing, there are almost surely cases where the DRM clients, have harmed eachother.
It isn't about paranoia, it is about the law. Or more to the point, the unwillingness of the judiciary to hear cases where digital civil rights are concerned.
(Score: 1, Interesting) by Anonymous Coward on Tuesday July 24 2018, @01:30PM (1 child)
Yes. It's written right in there, with explicit links to material published by Intel.
To quote from that linked page [intel.com] (note the domain of the link!):
(Score: 2) by epitaxial on Tuesday July 24 2018, @07:10PM
Yeah HDCP is used for copyright protection. How does it interface with the IME?
(Score: 2) by Reziac on Tuesday July 24 2018, @02:03PM (2 children)
Considering that Hollywood is what, about 5% of the market?
How does that sneak past the BoD, who are presumably beholden to making profits for the shareholders?
And there is no Alkibiades to come back and save us from ourselves.
(Score: 1) by anubi on Wednesday July 25 2018, @08:22AM (1 child)
I believe Hollywood is being used as plausible deniability that the real reason is increased governmental snooping and ability to shut down systems.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Insightful) by Reziac on Wednesday July 25 2018, @01:55PM
Having worked in Hollywood, two observations:
1) Hollywood's real function is as a giant open-air money laundry. (Not only "Hollywood accounting" but that most films lose money by design. 90% of film productions never make it to the can, but everyone involved still gets paid. TV is much cleaner because budgets are fixed, unlike film where they're open-ended.) Everything is sorta technically legal and above-board, but only because it's hard to prove waste wasn't ...allowed, if not outright deliberate.
2) Outside of the lawyer contingent, who will always behave like lawyers, Hollywood is too disorganized to be useful to any gov't for anything other than propaganda. And in America, Hollywood has always been under the control of the communist left (nowadays meaning the diversity police), so that's the propaganda we get; not exactly useful to a gov't seeking stability and cohesion, but perhaps to one seeking division and chaos (and its own demise, but that's a different problem).
But I think another poster nailed it: this article has little foundation, but a very large axe to grind. It's an opinion piece, not an Intel manifesto. I looked through this HL's other articles, and while lots of good technical points, kinda has that RMS skew, so to speak.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @01:16PM
From the article:
Platform Embedded Security Technology has the initials PEST. Coincidence?
(Score: 2, Interesting) by Anonymous Coward on Tuesday July 24 2018, @05:21PM (1 child)
I have asked this before, never saw an answer. This ME has its own network stack and works with the ethernet port on the motherboard. So suppose you bought a network card with a different chip and plugged it in and used it, and not eth0. Linux would have a driver for that chip, but the ME wouldn't, so it seems to me the ME could never do the unwanted stuff, without connection to some mothership. Would that work? Is this theory testable? Anybody out who'd like to try it? Thanks.
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @09:57PM
It would work, but 'slots' are becoming rare, except for video. ( of course they could just block it at the board level " no drivers, no power for you".. )
USB may be your only option.
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @09:54PM (2 children)
*AA's wet dream. And something i predicted long ago.
FPGAs to the rescue. ( at least the near term, since they are starting to buy up major FPGA companies too.. )
(Score: 1, Interesting) by Anonymous Coward on Wednesday July 25 2018, @08:40AM (1 child)
If worse comes to worse, make little boxes with a good LCD screen on one side, and a camera on the other, stream whatever, then encode the camera to whatever easily editable format you want, edit the crap out of it, then put it up.
It won't be an absolutely perfect copy, but it will be passable. Its not nearly as bad as recording speaker to microphone, like some of us did before we learned how to use patch cables.
Whack-A-Mole!
(Score: 2) by Reziac on Wednesday July 25 2018, @01:57PM
Which gets countered with interference patterns, and on up the escalation ladder we go.
And there is no Alkibiades to come back and save us from ourselves.