/tech/ - Technology★

>>946956

Nice bait

>>946926 (OP)

Yet another reason to buy AMD exclusively.

>Skylake or later

They really messed up big time with skylake.

>>946956

Ironic shitposting is still shitposting

Isn't this good news for the Libreboot team? Does this mean Libreboot can replace the AMT?

>>946944

You're supposed to create an air gap for a machine by not connecting it to a network. If you must insist on connecting to your internal computer network, then you can try physically disconnecting any internet connections before connecting your "safe air-gapped machine".

>>946970

The point is that the IME has a network stack.

>>946966

Read better

The first bug, CVE-2018-3627, affects all Intel 6th generation chips and newer, which means it affects consumer and corporate devices, servers, as well as Internet of Things devices.

The second bug, CVE-2018-3628, affects a larger range of Intel chips:

    Intel Core 2 Duo vPro and Intel Centrino 2 vPro
    1st, 2nd, 3rd, 4th, 5th, 6th, 7th, & 8th Generation Intel Core Processor Family
    Intel Xeon Processor E3-1200 v5 & v6 Product Family (Greenlow)
    Intel Xeon Processor Scalable Family (Purley)
    Intel Xeon Processor W Family (Basin Falls)

>>946973

Yes, but then you can hardly call any networked machine an "air-gapped machine" if it has a logical connection to any internet. The stated purpose of an "air-gapped machine" is to have the machine physically disconnected from any internet usually for the purpose of ensuring the specific machines have zero internet access.

>>946974

So literally every Jewtel CPU for the past 12 years or so?

>>946980

Most, I don't see the old E5 Xeons on that list.

>>946988

you're retarded. Any Amiga is better than 286 and ega. PC got gud only with 386 and vga.

>>946991

Learn to read, pal. I was strictly talking of PC comptatibles. Also Amiga OCS > AGA. Suck it, bitch. All you lamers who want fancier graphics can get fucked on the botnet. You deserve it.

Anyone have a nice aggregation of all the Intel bugs?, I want to experiment on my cucked Celeron J1800.

>> needs local access on a machine to be able to exploit the Intel ME

This means that in no way a webpage could use it, right ?

>>946994

I like the ocs, I own the a500

>>946984

So using core/libreboot will stop all these intel exploits for sure or does it "totally removes everything bad trust me"?

>>947003

That's an actually good idea.

Or, we just go back to legacy BIOS.

>>947001

> intercepted shipments

> remote support scams

>>947049

Coreboot and Libreboot are software BIOS replacements. The Intel exploits are CPU level exploits meaning that the exploits run on the CPU without regard to any software booted such as the software BIOS or even the operating system.

>I bought something that I ultimately can't own and don't own

<I paid for borrowing mpc that gives me less than 10+ year old processor and

>gives (((them))) access to whatever I do and money

>the only processors I can use are 10+ years old

>it will be like that forever

wat do

>>946926 (OP)

I guess I should have already given my 4790K a Viking funeral. My old Q9550 system probably isn't safe either.

>>947049

>>947054

It doesn't fix problems with intel's microcode but it does fix issues with ME and AMT, since on librebootable platforms ME can be completly removed and on corebootable platforms it can be "cleaned". Cleaned means it's still there, but it's gutted in such a fassion it has just enough code to boot up ME's processor, but then goes into a running error state. This way when the CPU sees ME's heartbeat and thinks everything is good. It doesn't know ME is just sitting there drooling on the carpet.

>>947001

It needs to be in the same subnet, not physically in the same place.

>>947060

Sounds like someone could use a VPN as a vector then.

>>947127

>llvmpipe

Ouch.

Stupid question maybe, but how about we get rid of all the rings.

If you don't have any rings, you can't have exploits that run in other rings.

>>947728

>what is CP/M, MS-DOS, Windows 9x, etc.?

>>946936

>>946984

Is there a thread for this? Any tips to do this from the ground up?

>>947775

Microsoft outright admits it but I'm not seeing any normies rushing to burn Ubuntu ISOs on DVDs so they can get rid of the botnet.

>inb4 ubuntu is botnet

fuck off sperg

>>946926 (OP)

>they can execute arbitrary code on your system at levels more privileged than ring-1.

>>947728

>If you don't have any rings, you can't have exploits that run in other rings.

Rings are a protection system with multiple privilege levels. Usually there are between 4 and 32 rings. x86 has 4 in the 286 and 32-bit modes. AMD64 only supports 2 "rings" which are designed to be used like RISC and PDP-11 modes. Rings make it easier to debug and fix problems because there aren't millions of lines of code running in ring 0. Instead, each driver and library only has access to the devices and data that they need. It's similar to a microkernel, which is what you would get if you did this on hardware that only supports two rings.

These Intel ME and SMM exploits have nothing to do with rings. Intel ME is a separate processor on the chip. SMM runs special code that circumvents the ring system. For reasons unknown to me, certain people make up bullshit terms like "ring -1" and "ring -3" that make rings look bad. People think "rings are unsafe" because they associate these exploits with rings, when the only thing they have to do with rings is that they completely avoid them. It's the fact that these exploits ignore the rings that makes them so dangerous.

http://multicians.org/protection.html

>The ring protection scheme allows a layered supervisor to be included in the virtual memory of each process. In Multics, the lowest-level supervisor procedures, such as those implementing the primitive operations of access control, I/O, memory multiplexing, and processor multiplexing, execute in ring O. The remaining supervisor procedures execute in ring 1. Examples of ring 1 supervisor procedures are those performing accounting, input/output stream management, and file system search direction. (Deciding how many layers to use and which procedures should execute in each layer is an interesting engineering design problem.) Supervisor data segments have read and write brackets that end at ring 0 or ring 1, depending on which layer of the supervisor needs to access each.

>Implicit invocation of certain ring 0 supervisor procedures occurs as a result of a trap. Explicit invocation of selected ring 0 and ring 1 supervisor procedures by procedures executing in rings 2-5 of a process is by standard subroutine calls to gates. Procedures executing in rings 6 and 7 are not given access to supervisor gates.

>Because separate access control lists for each segment and separate descriptor segments for each process provide the means to control separately the use of each segment by each user's process, not all gates into supervisor rings need be available to the processes of all users, and not all gates need have the same gate extension associated with them. For example, some gates into ring 0 are accessible to the processes of all users, but only to procedures executing in ring 1. Such gates provide the internal interfaces between the two layers of the supervisor. Some gates into ring 1 are accessible to procedures executing in rings 2-5 in the processes of selected users, but are not accessible at all from the processes of other users. An example of the latter kind is a gate for registering new users that is available only from the processes of system administrators.

Hell, Unix even -encourages- this phenomenon.  Contrast what
happens on ITS or a Lisp Machine or Multics when a program
error happens, with what happens on Unix.  On ITS, Lisp
Machines or Multics your program suspends and you are given
the opportunity to debug the problem and perhaps fix it and
proceed.  You are given the chance to assign some blame.  On
Unix -- *blam* -- core dumped.  -Maybe- you can debug it,
but you certainly can't proceed, so why bother?  Ignore that
(huge) core dump file and move on to your next task.

Note that users -like- this behavior.  No kidding.  Ask half
the graduate students at MIT these days -- they -hate- the
Lisp Machine debugger.  All those blasted -choices-.  All
those explainations and questions.  They don't want to know
who to blame -- all they want to know is that it what they
were doing didn't work so they can try something else.

So if I want to -think- about who to blame for my problems,
I'll go use a Lisp Machine (or an ITS or a Multics).  But
these days I use Unix, where I don't have to think.

				- A Satisfied Customer

why the fuck does a CPU even have the word HTTP associated with it

...that in itself should be considered a vulnerability

>>947834

THIS

Why do you have fucking HTTP on a energy management ARM processor managing the x86_64 processor? Why do you have a energy management processor? I highly doubt I need one for stand by and turning it on or off. Otherwise the energy management processor would need one too right? And that one too until we have eternal management processors in our PCs.

This gay shit has to stop.

Always new complicated shit solutions for simple problems.

Now people have their OS's bricked by forced updates when all they wanted to do was write something in a word processor.

Should I be able to write to my hardware without at least flipping some physical switch?

NO. I don't want to change the firmware of my CPU.

There are bugs? Well it's HARDware. Maybe you should have taken care of them before it became HARD!

You probably can't actually solve most of the CPU bugs anyways because they're physical.

Is there another crash protection that isn't based on rings but another approach?

>>947844

Corporate customers have a demand for networked CPUs. It is far cheaper from a manufacturing and design standpoint to include these networked features on all CPUs than it is to create lines of product that are distinguished without them.

>>947862

Bullshit. You can have that stuff on the wafer of your consumer CPUs, but actually activating it and having to test it costs you money. Especially since it prevents you from binning enterprise chips where that shit does not work as consumer chips.

>>947772

>Is there a thread for this? Any tips to do this from the ground up?

There is the official documentation, it's not rocket science:

>https://libreboot.org/docs/

You could argue that for everything except gaymen, system requirements for desktops and laptops are in principle so low that if you just keep a line running producing 5 or even 10 year old chips on an old/cheap node consumers wouldn't even care.

For laptops all you would need is using a more energy effecient design.

The only exception is multimedia encoding and decoding which is much better done in hardware anyway.

Even something like a Athlon XP from 15 years ago would be fast enough if you could offload decoding to an fpga and run non retarded software.

So anyway, cost isn't an issue, since all the cpu tech we need can be produced for a few dollars. See the sjw pi for example.

>>947834

This. I don't give a shit about the latest security features. Give me full control of my hardware so I can implement them my own in software.

>>947817

Rings are massive hardware bloat. Systems with "ring" models and CISC instructions is what made UNIX thrive on them.

>>947862

Except Intel already has made a distinction. VPro.

>>947994

>Systems with "ring" models and CISC instructions is what made UNIX thrive on them.

What? CISC =/= complex.

>>948000

Didn't say it does, but

>Complex Instuction Set Computer

>>948004

It has complex in the name; but if you bothered to read even the Wikipedia page, you'd understand that it's not inherently more complex than RISC.

>Contrary to popular simplifications (present also in some academic texts[which?]), not all CISCs are microcoded or have "complex" instructions.

>As CISC became a catch-all term meaning anything that's not a load-store (RISC) architecture, it's not the number of instructions, nor the complexity of the implementation or of the instructions themselves, that define CISC, but the fact that arithmetic instructions also perform memory accesses.

>Compared to a small 8-bit CISC processor, a RISC floating-point instruction is complex. CISC does not even need to have complex addressing modes; 32 or 64-bit RISC processors may well have more complex addressing modes than small 8-bit CISC processors.

>A PDP-10, a PDP-8, an Intel 80386, an Intel 4004, a Motorola 68000, a System z mainframe, a Burroughs B5000, a VAX, a Zilog Z80000, and a MOS Technology 6502 all vary wildly in the number, sizes, and formats of instructions, the number, types, and sizes of registers, and the available data types.

>Some have hardware support for operations like scanning for a substring, arbitrary-precision BCD arithmetic, or transcendental functions, while others have only 8-bit addition and subtraction. But they are all in the CISC category because they have "load-operate" instructions that load and/or store memory contents within the same instructions that perform the actual calculations.

>For instance, the PDP-8, having only 8 fixed-length instructions and no microcode at all, is a CISC because of how the instructions work, PowerPC, which has over 230 instructions (more than some VAXes), and complex internals like register renaming and a reorder buffer, is a RISC, while Minimal CISC has 8 instructions, but is clearly a CISC because it combines memory access and computation in the same instructions.

Also, you're essentially saying that security being built into the hardware is "bloat" -- that's silly.

>>948006

>Also, you're essentially saying that security being built into the hardware is "bloat"

It is. When this "security" (I.E technology designed to lock the user out of controlling his machine that he paid for with his own money) fails to even protect you then why waste the silicon die for something that only exists as a vector for CIA/MOSSAD/FSB? IntelAviv and all other Israel Lisp machine companies should stop making me pay just to be a cattle to them.

>>946936

>>946984

Is there any actual difference between Libreboot and deblobbled Coreboot?

>>947994

>"unix is shit pasta" spammer

Show me on this foreskin where the rabbi touched you.

>>948028

>unix isn't shit

Since everything is shit, he has a point.

Linux is better than Windows, but hardly the best personal computing can be.

>>947844

>ARM processor

ARC != ARM, they are entirely different instruction sets. The only thing they have in common is that they both started out life as a coprocessor addon for a 65-whatever based system.

When will Purism succeed at making FSF-endorsed laptops with current hardware? I'd pay lots of money for that.

>>950211

Intel forced them to stop removing malware from their processors. Purism might go for AMD, but ARM would be a better target. Currently the only promising device they're working on is Librem 5.

>>950211

You might want to look into this, if you haven't already.

https://www.powerpc-notebook.org/en/

>>947834

>You don't need rings at all on a single-user PC.

Rings are for increasing speed for certain kinds of OS, like Multics, VMS, and VME. You won't need 8 or 16 rings on a single-user PC, but x86 has 4 and there are a lot of ways to use them even with a single user, like keeping drivers separate from the kernel so they can only access the hardware they need instead of everything on the computer.

>>947994

>Rings are massive hardware bloat. Systems with "ring" models and CISC instructions is what made UNIX thrive on them.

That's a load of bullshit. Rings only add a few extra bits to some CPU table entries and registers (e.g. page tables). Instead of a user/system bit, it uses 2, 3, or 4 bits for a ring number. UNIX and C are associated with RISC and don't benefit from most of the CISC instructions. UNIX only uses 2 rings because of the 2 PDP-11 protection modes. Maybe you're confusing UNIX with Multics.

>>948017

>When this "security" (I.E technology designed to lock the user out of controlling his machine that he paid for with his own money)

That's fearmongering. Lisp machines are more secure than any Intel or RISC, but they don't lock the user out of anything.

>IntelAviv and all other Israel Lisp machine companies should stop making me pay just to be a cattle to them.

That's FUD. These are C and MINIX vulnerabilities that have nothing to do with Lisp machines. If Intel was a Lisp machine company, they would give you full control over the microcode, ME code, and every other part of the system, but Intel's not a Lisp machine company.

    Up until recently, we owned everything from the
    hardware to the microcode to the applications.  We
    could fix anything that broke at any level; we could
    evolve wonderful new systems.  How do we "fix" the X11
    releases or the SMTP protocol or SunRPC??

    In my opinion, things got the way they are because
    market forces completely overwhelmed technological
    forces.  Because UNIX was free (or nominally licensed)
    it came into wide use, first in CS and EE departments
    and later in the world. To some, moving from MS-DOS or
    worse, it seemed like a win.  To those of us who have
    been around for a while and are aware of the
    alternatives, it seemed like a nightmare.  We thought
    it would go away when users came to their senses.  We
    were naive.  Sigh.  Meanwhile, thanks to BSD, UNIX grew
    like Topsy, or more like barnacles encrusting a sunken
    ship.  Ultimately, UNIX began to be viewed by decision
    makers who were not technically competent as a panacea
    for competing technologies.

>>950187

>ARC

Thank you for correcting me. Must have misread or misremembered that.

>>947127

Laptop when?

>>950214

False. Intel stopped Purism from distributing a specific Intel technical document. Purism is perfectly welcome to remove malware from Intel. What Purism are not allowed to do is distribute that specific Intel document because Intel doesn't hold all the copyright on that document.

>>950348

So why isn't intel using their own hardware subsystems in their own CPU's? Who owns the copyright? Why does the NSA not want this to be known?

>>950348

It would be a shame if someone forgot to secure a sever with that file accessible.

I hope it never happens.

>>950348

Do you know how far purism has gotten in its quest to kill ME and motherboard firmware? Last time I checked they managed to get rid of most of ME and install coreboot, but I think that intel FSP is still a problem.

>>950226

That looks cool too, but it doesn't seem to be real yet.

>>950374

Yes, it would be incredibly awful because if that were to happen, Purism would probably be held responsible. They would be sued into oblivion and thus unable to further their project; all the while, a bunch of no-talent larpers realize that they don't have the skillset necessary to make use of that document.

>>950392

>implying you need any sort of talent to understand and use technical documents

>>946926 (OP)

lol eat shit intel

>>948022

>deblobbled Coreboot

That's what Libreboot is.

Librecore = Libreboot without the tranny shitshow.

Use it to fight Intel ME, bruv

>>950421

Nice LARP.

librecore.org redirects to Vikings.net, which sells devices with Libreboot.

>>947056

Moore's law is fucking dead so who cares, your 10 year old processors will be "faster" than new chips before you know it unless NVCTs open up a new era of bloated obsolescence in the near future.

>>950390

> doesn't seem to be real yet

Yeah, and it will take some time. They have four the timeline with steps and donations needed explained on their website.

They go for a laptop, but a board only, they will place it in an oem case. I think the first round of donations was enough to get the preliminary design started.

And just a few days ago they got their devboard working with a radeon card.

On a related note, why is there no powerpc sbc yet? Those nxp chips, e5500 or e6500 start as low as 50 euros.

Slap one of those on a board and you have a budget Raptor. It shouldn't have to cost more than 250 euros right? Similar to what an intel nuc or similar amd would cost.

>>950468

The CPU design might be non-sense and Moore's Law might seem like the driving factor but the real issue is software. Humans are still fighting over concepts with prototypical industrialized toys: C, C++, Java, PHP, ... What is all of this for?

Software is so badly designed and the tools so bad the hardware manufacturers convinced a whole lot of people they need better, and better, and better, and ..., ...

Humans come into a stressed and demotovated life. They do things for profit: financial profit, emotional profit, ... Stitching stuff up because the boss required it so, and one sees the need of a paycheck ...

If Humans valued their life and knew who to give their lives to, things would have been different. They would be having fun and work would be so well done it'll be infinite bliss 24/7, no financial motivation. The universe is all free - fruits grow and trees ask not for taxes.

Humans chose to see life otherwise. That's the outcome of such a choice.

>>950652

I like how you went from Moore's law to the nature of the universe and happiness. How bohemian.

>>950656

We forget that that is the basis of our life.

The hardware isn't made out of /dev/null, those Intel chips require sand and other raw materials which are mined from this planet with polluting machines or using human labor causing tremendous suffering for the sake of a piece of bread. Humans must wake up from their self centric view of life where money is God and open their little monkey minds to a much humbling view.

A much higher mind looking at all of this will find the human situation childish and amusingly destructive. Though the planet doesn't seem to be amused by Human habits.

Humans enjoy dreaming for the cosmic reality doesn't seem enough. But in the end, reality prevails and the dreams are shown for what they truly are - unsustainable.

>>950671

>But in the end, reality prevails and the dreams are shown for what they truly are - unsustainable

So what you're saying is essentially philosophical drivel with no value whatsoever? Good to know.

>>950644

It plateued for single core nearly a decade ago, now it's about making moar coars. You can argue that Moore's law only applies to single core performance because if you count multiple cores then you might as well count multiple machines, and at that point it's entirely irrelevant because you could've built a cluster of any computational power at any year if you had sufficient budget.

>>950706

Diminishing returns. Basic economics, and it works for technology as well. You can't expect to just keep doing the same thing again and again forever and keep getting proportionally identical results. Even if Moore's law did work forever, at some point people simply wouldn't have a need for more performance. I think we are already way past that point right now, actually. If your hardware is too powerful to ever be useful, that's actually bloat, in a weird way. You are spending too many resources on a benefit that you have no use for. It's wasteful. People are way too addicted to this kind of "progress". Meanwhile, developing security and privacy doesn't even seem to be a concern, and shitty normalfag software creates an artificial need for "better" hardware. No one gives a shit about quality either.

>>950706

Maybe you don't understand what Moore's law is? The chart I posted shows that it has not plateued. It still looks fairly linear to me.

>>950681

Philosophical? You're a dreamer if you can't see it for yourself. Humans aren't necssary and their tech is toys, everything else is concepts you try to abide by, but you'll be disappointed at some point. As a matter of fact this place exists because of Human disappointment of what's there and it is bringing much disappointment given most people in here are disappointed by something. You are, as Humans, emotionally retarded on your way to learn it the hard way.

No value is how you humans see the world. Barbaric Earth rapists unaware of their own footprint. That mentality goes everywhere, even in chip design. A deep malaise that the Human tries to paliate with toys and make a whole big deal out of to feal self important.

You want things and you don't even know why you do? A sense of urgency drives you and moves you away from reality.It moves you to another dimension of survival, thinking compulsively about what to do to avoid the suffering of ignorance and destroyng everything that makes your life pleasant in the process.

You live in fear! Fear of seeing the objects of your emotional attachments broken.

How should the world be?

If you even try to answer this question, you're more than asleep and philosophy is your sugar.

>>947834

>Neither my 8-bit computers, nor my Amiga 500 ever got exploited.

Then why don't you go back to them?

>>950252

>These are C and MINIX vulnerabilities

No, they are vulnerabilities in software built to run on MINIX.

MINIX itself doesn't have things like a webserver, its just a kernel, the end user (Intel in this case) writes that.

>le Lisp machine

Let it go dude, we get it that things like x86 and UNIX derivatives are shit and that we could be doing a lot better than we currently are, but mass adopting Lisp machines isn't going to fix those issues even if Lisp had some good ideas.

>>950652

>The CPU design might be non-sense and Moore's Law might seem like the driving factor but the real issue is software

You are correct but not for the reasons you think.

>>950644

Moore's law relates specifically to the number of transistors on the chip, the shrinking of the process just lets you fit more in the same area.

Moore's law isn't dead but its slowing down, it was once a doubling every 18 or so months but now its 24 or more depending on whats actually being made.

>>950832

Because I don't have them anymore, after countless moves across countries and different continents over the past few decades (and some cases where I had to start over from scratch with almost nothing). Anyway I was using them to point out how older hardware design was inherently safer than the modern situation where everything is wide-open to exploitation, no matter how many layers of mitigations your OS my have. And nothing will change much until the user once again has complete control over what his hardware is doing.

>>946936

What does libreboot do?

Where were you for the past year OP?!?