You have many options today already, and the problem is not in hardware at all, the problem is in fucking users who immidiately begin to whine each time they meet something that can't run their fucking Windows, Photoshop, MS Office, games and other crap.
Open hardware exists for a few years already, in form of RISC-V/POWER/MIPS/SPARC CPU's where you still have to trust chip manufacturer, but at least could choose one you are fine with, or in a form of open source IP cores that could be uploaded to any decent FPGA where you are in full control of your CPU.
And no, none of that CPUs will run any iOS/Windows with their crappy software. Only opensource systems and opensource software. So, you pretty free to buy/make computer that you will control already, but looks like very little people really ready to forget about iOS/Windows bloatware.
To get fully open CPU - buy any suitable FPGA board with plenty of RAM and upload RISC-V/MIPS/SPARC CPU core. Then install Linux and you are ready to go on your own CPU. Don't expect high performance, but if you are so concerned about maximum hardware and software security it is the best option you could find.
As for cheap boards with mass-produced RISC-V processors - look for Mango Pi, Lichee Pi 4A, Vision Five 2. They are cheap enough just to play with and find out if they suit your hardware security demands. In the worst possible case it will be Chineese who will be able to potentially spy on you, not CIA/FBI as with Intel/AMD/Apple/Qualcomm/Broadcom processors. If it is fine for you, go ahead.
Is there really no independent options? I'm just picking who gets to spy on me? Second, I've never heard of these brands before. Where do I buy them? I'm curious of the price.
It would be nice to have something at the power level of a netbook that I could just use for personal internet use. Anything that requires more work I could use my current computer for but I don't need to give all of my internet data because I wanna fuck around on unreal engine or play a video game.
What do you mean by "independent"? For me it looks like making silicon from scratch in garage. It is possible, but with enormous efforts in time, money and zeal, but hardly you will be able to make something better than 6502 or Z80.
I'm just picking who gets to spy on me?
With FPGA option you are not. FPGA is just a tons of logical gates on chip that could be connected into some circuit described on the Verilog language. You compile that code and upload it to FPGA. Logical gates in FPGA connects together in a circuit you designed. You could get ready opensource CPU core, network adapter, display engine, memory controller and some other periferals, check the code, modify it if you need and upload into FPGA. That will be your own CPU circuit, under your full control, not some third-party CPU you don't have any clue about.
Drawback is speed. It will work but will be slow, something like 486 or Pentium I in best case. But if you really care about security, that should not stop you.
Same with cheap SoCs. They are cheap because they use minimal CPU, peripherals and so on to reduce chip square. Adding something like Intel ME means you need to add same amount of logic gates and some additional memory on chip, that will make it at least several times larger. So it would not be so cheap.
I think it is perfectly safe to use something made with something like lower Allwinner SoCs like H3, D1 and so on.
Also, if you have a way to find old Power Mac G5, last with PowerPC 970MP processor, you could just add memory up to 16Gb install Debian Jessie (last one with PPC support) or build Gentoo and have relatively powerful computer without any IntelME or something like. Problems will be with finding suitable memory and HDDs.
AFAIK, there was Apple laptops with PowerPC CPU, but I doubt their memory they could be upgraded to levels necessary for acceptable browser usage.
First Intel chipset series with kind of Intel ME ancestor was 900 series IIRC, so to have an Intel CPU without any ME you will have to fall to Pentium 4, which is hardly useable for modern internet due to RAM size limitations.
Also you could try to find something with AMD processor pre 2013, but I'm not shure AMD had no ancestors for AMT in older chipsets.
As you see, there are not much options for something that could be useable for browsing today. Either that cheap single board computers, either last from non-x86 computers with at least 4Gb RAM support.
There is also some projects like Purism, System76 who aim at making laptops free from any ME crap, but they are only partially succeed in removing ME.
PineBook could be interesting from that angle, because despite having Allwinner A64 SoC with ARM Cortex-A53 that have TrustZone, TrustZone is different from Intel ME/AMT because it is CPU mode and not a separate processor in a chipset running some code without usser knowledge or control. You could use TrustZone to make shit like Intel ME as smartphone manufacturers do, but you don't have to. If you run your own system and bootloader just don't use that CPU mode and that's all. U-Boot that is used on ARM processors as bootloader is opensource and don't need TrustZone. You could even use that TrustZone mode for your own purposes if you wish. Just don't run any third-party kernels with blobs or proprietary drivers for the sake of some higher FPS in 3D or video encoding/decoding. Use only mainline kernel and mainline u-boot and you will be fine.
PineBook is cheap, but you will not get perfect system out-of-the box like with Mac f.e. You will have to tune and adjust Linux here an there, may be read some howtos and forums, but I think it is closest to your wishes thing you could get with minimum effort and money.
There is also some new Chineese RISC-V based laptop "Roma" out there, but I didn't check it yet, and it seems to be relatively expensive. However it is much more powerful than PineBook. Don't know about proprietary drivers for it, may be it needs some blobs for 3D engine or video codec f.e., so it would not be so open.
They whine every time they have to spend a week of their life fixing something they aren't equipped to understand. Then after whining they switch to something that works so they can stay productive.
I say this as a Linux user. The burden is on the hardware makers to market their product and make it accessible to the consumer.
When hardware makers take an attempt to make something average customer friendly, they end in something like Android.
Interesting that decade ago Nokia tried to roll out smartphone on real Linux (Debian fork), not that Android mockup over Linux kernel, pretty useable, unlike Linux based Motorolas and it was a huge success, Nokia N9 sells outnumbered all their Windows Phone phones combined despite N9 was not sold in some regions. Guess how that ended. Microsoft bought Nokia and closed its Linux department. Then Nokia disappeared. Interesting that Microsoft totally ignored Android, and never tried to interfere with it. Android phones was perfectly OK for corporations, but not real Linux ones.
So i doubt that any corporation will make something Linux based preserving all openness and user control.
That rich guy will need his own country and a powerful army.
It is kind of closing technology that threatens all world corporations and governments. Imagine - they build that surveillance bloatware money-sucking arena of personal computers for decades, and suddenly somebody roll out a clean computer and OS everybody like and could use for decades. All their enormous surveillance efforts and trillion investments turn to dust. TPTB bombed entire countries for much less.
If that rich guy is smart he would know that a little innovation can circumvent even the most entrenched power structures. Someone just needs to get him to believe.
10 million spent by a clear thinking person is worth more than 1 billion spent by some gay normie like Jeff Bezos.
As for bombing a country, what can they do if operation is in two or more countries? Working up the will to war is no small feat and can't merely be done on a whim.
Not sure how to get the Russian chips here in NA, please advise.
You don't need Russian chips, really. I think you could buy something based on Baikal processors with MIPS architecture, but you had to hunt for them on Ebay or find a way to buy it from Russia which could be problematic today.
You could just buy something like Mango Pi or Leeche Pi from Aliexpress/Banggood. They are RISC-V machines, pretty cheap but they could even browse modern Internet. At least they are definitely enough to use conspiracies.win. :)
Thing with that RISC-V and many ARM processors of same class is that they are too simple and cheap to have some kind of Intel ME/AMD PSP/ARM TrustZone thing.
Don't use Raspberry Pi, they didn't have special processor for ME thing, but use GPU for that stuff. There was attempts to reverse engineer boot process and GPU supervisor, but AFAIK even for old RPis which are obsolete now, it is still work in progress.
F.e. cheap Allwinner ARM or RISC-V SoCs that often used in cheap SBC are well studied and no malicious activity in background was noticed. SoC internal bootloader is a small 32kb piece of code and it is easy to reverse engineer it even by yourself.
Also RockChip SoCs was found pretty straight things.
If you need some power - take a look at VisionFive 2, this $50 RISC-V computer have performance similar to latest RPi4, however, it is relatively new thing and it is not clear yet, if it have some kind of ME things or not.
Or go to FPGA boards, where you could make any processor you want, even with your own architecture. But that would be more expensive, because FPGA boards with DIMM memory interface are not cheap.
In any case - look for cheap, not very powerful ARM/RISC-V/MIPS boards with lot of memory on board, install Linux distribution of your choice, and you will get pretty protected pocket computer for web browsing. RISC-V is preferrable, since it is not a widespread architecture yet, so even targeted hacker will have to work hard to break into unknown architecture. Code injection exploits designed for x86/ARM just will not work on RISC-V.
OP'TION, noun [Latin optio, opto, to wish or desire.] - "the power of choosing"...aka ones free will of choice. Suggested many (plural) tempts perceiving one (singular) to ignore self for others.
You can clean Intel ME with a USB programmer or RPi + cables, it isn't very hard.
By default it doesn't work over wifi so you don't have to worry about it if you use a laptop in which you never plug an ethernet cable.
Does the ME / PSP have its own address? How is an attacker going to correlate your online identity with it when you use a VPN or Tor? This is a legitimate question, I'm not asking it rhethorically.
You can clean Intel ME with a USB programmer or RPi + cables, it isn't very hard.
That's true, but check a list of supported hardware for me_cleaner (part of coreboot). It is hard to completely remove ME in modern motherboards, because many functions like fan control was moved into ME. Also you could get resets every few minutes or uninitialized onboard hardware like network controller of sound card if you completely clean ME on board that is not suitable.
By default it doesn't work over wifi so you don't have to worry about it if you use a laptop in which you never plug an ethernet cable.
Not shure about laptops with integrated WiFi, those that have WiFi chip soldered on mainboard instead of traditional miniPCI-E card in socket.
Does the ME / PSP have its own address?
It have own MAC/IP independent from what your network card get from OS, sometimes, if AMT is present in BIOS you could change it and make visible. By default it seems to wait for specific packet to appear for networking. Without that packet it will not be visible for external scanners or whatever. ME have direct access to nework controller and ME networking device is not accessible from host, only from outside, so you need 2 computers to play with it.
How is an attacker going to correlate your online identity with it when you use a VPN or Tor?
Intel ME have full access to your computer hardware. So if you have access to Intel ME, then you could just read anything from memory of disk.
However, as far as I understand, to activate (and may be set Intel ME IP address) you need to be in same local network as computer with Intel ME to send activation packet. It is possible that Intel ME networking could be activated by some contents in regular packet destined to your normal IP, since it have access to network controller and could monitor all trafic, but I'm not shure. May be some ME versions could and some couldn't.
I hope efforts of reverse engineereing Intel ME will finally succeed and we will know for shure how it works, at least reverse engineered version. Intel ME uses ARC CPU core, there exist disassemblers and decompilers for that architecture so it is possible to study that crap by yourself.
It is possible that Intel ME networking could be activated by some contents in regular packet destined to your normal IP, since it have access to network controller and could monitor all trafic, but I'm not shure. May be some ME versions could and some couldn't.
Another way they could activate it would be if they controlled your router. If they've compromised computer manufacturers, they've probably compromised router manufacturers, too. So Mossad sends a signal of some sort to your Internet router, which then sends the activation packet to your PC.
since it have access to network controller and could monitor all trafic, but I'm not shure. May be some ME versions could and some couldn't.
If there are any limitations in the ME hardware, they can be gotten around. Since it has access to memory, it can write an arbitrary program into memory, and overwrite OS kernel routines or data structures to prevent that program from being detected, while allowing the OS to schedule it like any other program. Then the program can run on your ordinary CPU.
Another way they could activate it would be if they controlled your router.
Use OpenWRT on your home/office router. Small routers use simple CPUs without ME like things. So replacing firmware will get rid of any backdors manufacturer could install with original firmware.
Since it has access to memory, it can write an arbitrary program into memory, and overwrite OS kernel routines or data structures to prevent that program from being detected, while allowing the OS to schedule it like any other program.
Motherboard chipset manufacturer have to know beforehand exactly what OS you will use on your computer to make it possible. It could work to some extent with Windows/iOS, but impossible with Linux/BSD/Haiku etc, since there are endless variants of possible kernel configurations and versions and each have different addresses and internal structures organisation. You will need something really sophisticated in ME to make it possible.
So to summarise - use opensource from trusted sources anywhere possible to reduce probability of exploiting or using backdoors. Opensource is not a panacea, and need some RTFM and concious setup and adjustment but at least it will make surveillance on you much more complex.
There is a drawback, really. Using opensource make you different from regular sheeple and so more noticeable. There could be another approach used - use typical Windows/iOS in default configuration inside qemu VM running on top of opensource system to look like regular user for internet. Do not store any sensitive data in VM, and have a backup copy of VM disk image with clean installed system in case malicious actors break into your dummy honeypot system. Or you could just use a copy of clean backup image each time you start VM for internet browsing.
To be fair, it isn't confirmed that Intel is compromised, the ME has legitimate uses. It's just sketchy and proprietary. I wouldn't jump to the conclusion that routers are compromised. Although it certainly can't hurt to install Tomato or DD-WRT.
To be fair, it isn't confirmed that Intel is compromised, the ME has legitimate uses.
You are right, but in security aspect of computer tech there are no presumtion of innocence. Thing should be proven not compromised, not vice versa.
Also, that legitimate uses are accounted as an additional attack vector.
Really, the whole idea of AMT (ancestor of ME) was strange since the beginning. OK, you need to manage large fleet of employees laptops, so why not just boot them from corporate network and use network drives? Everything will be perfectly manageable on company server, no potential threat of leaking sensitive data through "lost laptop" or installed by user malware. It will even reduce costs, because that laptops will not need HDDs/SSDs.
Serious servers usually have IPMI controller, but the main difference is that servers don't usually have display and keyboard connected and it is annoying to change something in BIOS or reinstall OS from scratch when you have hundreds of them. So the IPMI goal is quite different than one of ME/PSP.
I wouldn't jump to the conclusion that routers are compromised.
That's proven thing, really. Multiple things. From outdated firmware with vulnerabilities on few years old router with dropped support to well-known "engineereing" or default passwords.
And meanwhile Tomato and DD-WRT is just an outdated versions of OpenWRT with blobs from official firmware for the sake of tiny performance goal on specific hardware. There is no any sense in using them instead of OpenWRT unless you participate in dick measuring contest with a buddy on a maximum possible throughput value.
IDK about Tomato, but initially DD-WRT was a customized original firmware for something like Asus 500 router. Then, they switched to OpenWRT codebase with addition of proprietary drivers and customized web-interface. So at the beginning it have some sense, as better, more open version of manufacturer firmware with additional features and with fixed bugs and closed backdoors like unchangeable root password.
The fact that ME can be used to implement a back door is so suspect that the legitimate uses seem more like a cover story than the real reason for implementing it. They could have supported those use cases in a way that doesn't break security.
It is hard to completely remove ME in modern motherboards, because many functions like fan control was moved into ME. Also you could get resets every few minutes or uninitialized onboard hardware like network controller of sound card if you completely clean ME on board that is not suitable.
A neutralized ME doesn't have an attack surface anymore. The network stack is disabled, so an attacker would need physical access. If that happens, a neutralized ME isn't how he's going to compromise your system.
Not shure about laptops with integrated WiFi, those that have WiFi chip soldered on mainboard instead of traditional miniPCI-E card in socket.
You can replace the built-in wifi chip with an Atheros one to make sure.
We can't be sure about that until ME code will be reverse engineered fully and replaced with something opensource wih same functionality.
A neutralized Intel ME has 300 kB of code running, which is too small for a network stack. You don't know what's going on with a black box, so you're assuming the worst, but some things are very unlikely.
It's not that easy, since Atheros chip will have another pinout and you can't just desolder old one and solder Atheros instead.
Is it the norm now to solder wifi chips onto the motherboard? There are still laptops where you can replace it.
A neutralized Intel ME has 300 kB of code running, which is too small for a network stack.
Chek lwIP, you will be surprised. Full scale TCP/IP stack with only dozens of kb footprint. Pretty good thing, I use it often in small networking projects. More than enough for ME needs.
Is it the norm now to solder wifi chips onto the motherboard?
IDK, but I already saw few where everything is soldered on motherboard, including WiFi chip and SSD. Of course you still could find decent machines where CPU, memory, WWAN, WiFi, SSD are in sockets, but they are mostly expensive top things. Most modern laptops have CPU and at least part of memory soldered. I think soon we will have everything soldered laptops only. Sockets reduce profits, when a customer could just add some memory, replace CPU or SSD or replace WiFi card with a better one.
There are BIOSes with a switch to disable it, but there's no way to check that it's actually disabled. That being said, PSP doesn't seem to be as pervasive as ME in the first place.
Pointless endevour. The only way to be off their constant observation is to break your screen addiction and stop using phones and computers for everything possible.
Tardkill strikes again. That nigga died because he refused western medicine while his cancer was still treatable. Once he finally gave in it was too late. If the deep state kills you with cancer it damn sure isn't gonna be pancreatic cancer lol.
a) perceivable implies open to each perceiving one within...suggested implies at will of disclosure by those suggesting it.
b) hardware (life) can only exist within software (inception towards death)...others can tempt one to ignore this for a suggested inversion (software within hardware).
Notice the flow of energy required as the foundation for suggested warez...
You have many options today already, and the problem is not in hardware at all, the problem is in fucking users who immidiately begin to whine each time they meet something that can't run their fucking Windows, Photoshop, MS Office, games and other crap.
Open hardware exists for a few years already, in form of RISC-V/POWER/MIPS/SPARC CPU's where you still have to trust chip manufacturer, but at least could choose one you are fine with, or in a form of open source IP cores that could be uploaded to any decent FPGA where you are in full control of your CPU.
And no, none of that CPUs will run any iOS/Windows with their crappy software. Only opensource systems and opensource software. So, you pretty free to buy/make computer that you will control already, but looks like very little people really ready to forget about iOS/Windows bloatware.
Where can I buy a processor and motherboard that's open? Also does it run linux?
To get fully open CPU - buy any suitable FPGA board with plenty of RAM and upload RISC-V/MIPS/SPARC CPU core. Then install Linux and you are ready to go on your own CPU. Don't expect high performance, but if you are so concerned about maximum hardware and software security it is the best option you could find.
As for cheap boards with mass-produced RISC-V processors - look for Mango Pi, Lichee Pi 4A, Vision Five 2. They are cheap enough just to play with and find out if they suit your hardware security demands. In the worst possible case it will be Chineese who will be able to potentially spy on you, not CIA/FBI as with Intel/AMD/Apple/Qualcomm/Broadcom processors. If it is fine for you, go ahead.
Is there really no independent options? I'm just picking who gets to spy on me? Second, I've never heard of these brands before. Where do I buy them? I'm curious of the price.
It would be nice to have something at the power level of a netbook that I could just use for personal internet use. Anything that requires more work I could use my current computer for but I don't need to give all of my internet data because I wanna fuck around on unreal engine or play a video game.
What do you mean by "independent"? For me it looks like making silicon from scratch in garage. It is possible, but with enormous efforts in time, money and zeal, but hardly you will be able to make something better than 6502 or Z80.
With FPGA option you are not. FPGA is just a tons of logical gates on chip that could be connected into some circuit described on the Verilog language. You compile that code and upload it to FPGA. Logical gates in FPGA connects together in a circuit you designed. You could get ready opensource CPU core, network adapter, display engine, memory controller and some other periferals, check the code, modify it if you need and upload into FPGA. That will be your own CPU circuit, under your full control, not some third-party CPU you don't have any clue about.
Drawback is speed. It will work but will be slow, something like 486 or Pentium I in best case. But if you really care about security, that should not stop you.
Same with cheap SoCs. They are cheap because they use minimal CPU, peripherals and so on to reduce chip square. Adding something like Intel ME means you need to add same amount of logic gates and some additional memory on chip, that will make it at least several times larger. So it would not be so cheap.
I think it is perfectly safe to use something made with something like lower Allwinner SoCs like H3, D1 and so on.
Also, if you have a way to find old Power Mac G5, last with PowerPC 970MP processor, you could just add memory up to 16Gb install Debian Jessie (last one with PPC support) or build Gentoo and have relatively powerful computer without any IntelME or something like. Problems will be with finding suitable memory and HDDs.
AFAIK, there was Apple laptops with PowerPC CPU, but I doubt their memory they could be upgraded to levels necessary for acceptable browser usage.
First Intel chipset series with kind of Intel ME ancestor was 900 series IIRC, so to have an Intel CPU without any ME you will have to fall to Pentium 4, which is hardly useable for modern internet due to RAM size limitations.
Also you could try to find something with AMD processor pre 2013, but I'm not shure AMD had no ancestors for AMT in older chipsets.
As you see, there are not much options for something that could be useable for browsing today. Either that cheap single board computers, either last from non-x86 computers with at least 4Gb RAM support.
There is also some projects like Purism, System76 who aim at making laptops free from any ME crap, but they are only partially succeed in removing ME.
PineBook could be interesting from that angle, because despite having Allwinner A64 SoC with ARM Cortex-A53 that have TrustZone, TrustZone is different from Intel ME/AMT because it is CPU mode and not a separate processor in a chipset running some code without usser knowledge or control. You could use TrustZone to make shit like Intel ME as smartphone manufacturers do, but you don't have to. If you run your own system and bootloader just don't use that CPU mode and that's all. U-Boot that is used on ARM processors as bootloader is opensource and don't need TrustZone. You could even use that TrustZone mode for your own purposes if you wish. Just don't run any third-party kernels with blobs or proprietary drivers for the sake of some higher FPS in 3D or video encoding/decoding. Use only mainline kernel and mainline u-boot and you will be fine.
PineBook is cheap, but you will not get perfect system out-of-the box like with Mac f.e. You will have to tune and adjust Linux here an there, may be read some howtos and forums, but I think it is closest to your wishes thing you could get with minimum effort and money.
There is also some new Chineese RISC-V based laptop "Roma" out there, but I didn't check it yet, and it seems to be relatively expensive. However it is much more powerful than PineBook. Don't know about proprietary drivers for it, may be it needs some blobs for 3D engine or video codec f.e., so it would not be so open.
They whine every time they have to spend a week of their life fixing something they aren't equipped to understand. Then after whining they switch to something that works so they can stay productive.
I say this as a Linux user. The burden is on the hardware makers to market their product and make it accessible to the consumer.
Yes and no.
When hardware makers take an attempt to make something average customer friendly, they end in something like Android.
Interesting that decade ago Nokia tried to roll out smartphone on real Linux (Debian fork), not that Android mockup over Linux kernel, pretty useable, unlike Linux based Motorolas and it was a huge success, Nokia N9 sells outnumbered all their Windows Phone phones combined despite N9 was not sold in some regions. Guess how that ended. Microsoft bought Nokia and closed its Linux department. Then Nokia disappeared. Interesting that Microsoft totally ignored Android, and never tried to interfere with it. Android phones was perfectly OK for corporations, but not real Linux ones.
So i doubt that any corporation will make something Linux based preserving all openness and user control.
It is going to take some eccentric rich guy who hates the system and doesn't want to sell.
That rich guy will need his own country and a powerful army.
It is kind of closing technology that threatens all world corporations and governments. Imagine - they build that surveillance bloatware money-sucking arena of personal computers for decades, and suddenly somebody roll out a clean computer and OS everybody like and could use for decades. All their enormous surveillance efforts and trillion investments turn to dust. TPTB bombed entire countries for much less.
If that rich guy is smart he would know that a little innovation can circumvent even the most entrenched power structures. Someone just needs to get him to believe.
10 million spent by a clear thinking person is worth more than 1 billion spent by some gay normie like Jeff Bezos.
As for bombing a country, what can they do if operation is in two or more countries? Working up the will to war is no small feat and can't merely be done on a whim.
hahaha, Not sure how to get the Russian chips here in NA, please advise.
You don't need Russian chips, really. I think you could buy something based on Baikal processors with MIPS architecture, but you had to hunt for them on Ebay or find a way to buy it from Russia which could be problematic today.
You could just buy something like Mango Pi or Leeche Pi from Aliexpress/Banggood. They are RISC-V machines, pretty cheap but they could even browse modern Internet. At least they are definitely enough to use conspiracies.win. :) Thing with that RISC-V and many ARM processors of same class is that they are too simple and cheap to have some kind of Intel ME/AMD PSP/ARM TrustZone thing.
Don't use Raspberry Pi, they didn't have special processor for ME thing, but use GPU for that stuff. There was attempts to reverse engineer boot process and GPU supervisor, but AFAIK even for old RPis which are obsolete now, it is still work in progress.
F.e. cheap Allwinner ARM or RISC-V SoCs that often used in cheap SBC are well studied and no malicious activity in background was noticed. SoC internal bootloader is a small 32kb piece of code and it is easy to reverse engineer it even by yourself.
Also RockChip SoCs was found pretty straight things.
If you need some power - take a look at VisionFive 2, this $50 RISC-V computer have performance similar to latest RPi4, however, it is relatively new thing and it is not clear yet, if it have some kind of ME things or not.
Or go to FPGA boards, where you could make any processor you want, even with your own architecture. But that would be more expensive, because FPGA boards with DIMM memory interface are not cheap.
In any case - look for cheap, not very powerful ARM/RISC-V/MIPS boards with lot of memory on board, install Linux distribution of your choice, and you will get pretty protected pocket computer for web browsing. RISC-V is preferrable, since it is not a widespread architecture yet, so even targeted hacker will have to work hard to break into unknown architecture. Code injection exploits designed for x86/ARM just will not work on RISC-V.
Amazing work once again, some great inputs here much appreciated.
I should get off my ass and build something.
OP'TION, noun [Latin optio, opto, to wish or desire.] - "the power of choosing"...aka ones free will of choice. Suggested many (plural) tempts perceiving one (singular) to ignore self for others.
You can clean Intel ME with a USB programmer or RPi + cables, it isn't very hard.
By default it doesn't work over wifi so you don't have to worry about it if you use a laptop in which you never plug an ethernet cable.
Does the ME / PSP have its own address? How is an attacker going to correlate your online identity with it when you use a VPN or Tor? This is a legitimate question, I'm not asking it rhethorically.
That's true, but check a list of supported hardware for me_cleaner (part of coreboot). It is hard to completely remove ME in modern motherboards, because many functions like fan control was moved into ME. Also you could get resets every few minutes or uninitialized onboard hardware like network controller of sound card if you completely clean ME on board that is not suitable.
Not shure about laptops with integrated WiFi, those that have WiFi chip soldered on mainboard instead of traditional miniPCI-E card in socket.
It have own MAC/IP independent from what your network card get from OS, sometimes, if AMT is present in BIOS you could change it and make visible. By default it seems to wait for specific packet to appear for networking. Without that packet it will not be visible for external scanners or whatever. ME have direct access to nework controller and ME networking device is not accessible from host, only from outside, so you need 2 computers to play with it.
Intel ME have full access to your computer hardware. So if you have access to Intel ME, then you could just read anything from memory of disk.
However, as far as I understand, to activate (and may be set Intel ME IP address) you need to be in same local network as computer with Intel ME to send activation packet. It is possible that Intel ME networking could be activated by some contents in regular packet destined to your normal IP, since it have access to network controller and could monitor all trafic, but I'm not shure. May be some ME versions could and some couldn't.
I hope efforts of reverse engineereing Intel ME will finally succeed and we will know for shure how it works, at least reverse engineered version. Intel ME uses ARC CPU core, there exist disassemblers and decompilers for that architecture so it is possible to study that crap by yourself.
Another way they could activate it would be if they controlled your router. If they've compromised computer manufacturers, they've probably compromised router manufacturers, too. So Mossad sends a signal of some sort to your Internet router, which then sends the activation packet to your PC.
If there are any limitations in the ME hardware, they can be gotten around. Since it has access to memory, it can write an arbitrary program into memory, and overwrite OS kernel routines or data structures to prevent that program from being detected, while allowing the OS to schedule it like any other program. Then the program can run on your ordinary CPU.
Use OpenWRT on your home/office router. Small routers use simple CPUs without ME like things. So replacing firmware will get rid of any backdors manufacturer could install with original firmware.
Motherboard chipset manufacturer have to know beforehand exactly what OS you will use on your computer to make it possible. It could work to some extent with Windows/iOS, but impossible with Linux/BSD/Haiku etc, since there are endless variants of possible kernel configurations and versions and each have different addresses and internal structures organisation. You will need something really sophisticated in ME to make it possible.
So to summarise - use opensource from trusted sources anywhere possible to reduce probability of exploiting or using backdoors. Opensource is not a panacea, and need some RTFM and concious setup and adjustment but at least it will make surveillance on you much more complex.
There is a drawback, really. Using opensource make you different from regular sheeple and so more noticeable. There could be another approach used - use typical Windows/iOS in default configuration inside qemu VM running on top of opensource system to look like regular user for internet. Do not store any sensitive data in VM, and have a backup copy of VM disk image with clean installed system in case malicious actors break into your dummy honeypot system. Or you could just use a copy of clean backup image each time you start VM for internet browsing.
To be fair, it isn't confirmed that Intel is compromised, the ME has legitimate uses. It's just sketchy and proprietary. I wouldn't jump to the conclusion that routers are compromised. Although it certainly can't hurt to install Tomato or DD-WRT.
You are right, but in security aspect of computer tech there are no presumtion of innocence. Thing should be proven not compromised, not vice versa.
Also, that legitimate uses are accounted as an additional attack vector.
Really, the whole idea of AMT (ancestor of ME) was strange since the beginning. OK, you need to manage large fleet of employees laptops, so why not just boot them from corporate network and use network drives? Everything will be perfectly manageable on company server, no potential threat of leaking sensitive data through "lost laptop" or installed by user malware. It will even reduce costs, because that laptops will not need HDDs/SSDs.
Serious servers usually have IPMI controller, but the main difference is that servers don't usually have display and keyboard connected and it is annoying to change something in BIOS or reinstall OS from scratch when you have hundreds of them. So the IPMI goal is quite different than one of ME/PSP.
That's proven thing, really. Multiple things. From outdated firmware with vulnerabilities on few years old router with dropped support to well-known "engineereing" or default passwords.
And meanwhile Tomato and DD-WRT is just an outdated versions of OpenWRT with blobs from official firmware for the sake of tiny performance goal on specific hardware. There is no any sense in using them instead of OpenWRT unless you participate in dick measuring contest with a buddy on a maximum possible throughput value.
Well, Tomato and DD-WRT are the ones that were relevant when I paid attention. But install OpenWRT then.
IDK about Tomato, but initially DD-WRT was a customized original firmware for something like Asus 500 router. Then, they switched to OpenWRT codebase with addition of proprietary drivers and customized web-interface. So at the beginning it have some sense, as better, more open version of manufacturer firmware with additional features and with fixed bugs and closed backdoors like unchangeable root password.
It played its role at the time.
The fact that ME can be used to implement a back door is so suspect that the legitimate uses seem more like a cover story than the real reason for implementing it. They could have supported those use cases in a way that doesn't break security.
A neutralized ME doesn't have an attack surface anymore. The network stack is disabled, so an attacker would need physical access. If that happens, a neutralized ME isn't how he's going to compromise your system.
You can replace the built-in wifi chip with an Atheros one to make sure.
Also it's spelt 'sure', not 'shure'.
We can't be sure about that until ME code will be reverse engineered fully and replaced with something opensource wih same functionality.
While you use proprietary blob of any kind, you are potentially vulnerable.
It's not that easy, since Atheros chip will have another pinout and you can't just desolder old one and solder Atheros instead.
Thanks. Looks like I fell under brand name imprinting. :)
A neutralized Intel ME has 300 kB of code running, which is too small for a network stack. You don't know what's going on with a black box, so you're assuming the worst, but some things are very unlikely.
Is it the norm now to solder wifi chips onto the motherboard? There are still laptops where you can replace it.
Chek lwIP, you will be surprised. Full scale TCP/IP stack with only dozens of kb footprint. Pretty good thing, I use it often in small networking projects. More than enough for ME needs.
IDK, but I already saw few where everything is soldered on motherboard, including WiFi chip and SSD. Of course you still could find decent machines where CPU, memory, WWAN, WiFi, SSD are in sockets, but they are mostly expensive top things. Most modern laptops have CPU and at least part of memory soldered. I think soon we will have everything soldered laptops only. Sockets reduce profits, when a customer could just add some memory, replace CPU or SSD or replace WiFi card with a better one.
There are BIOSes with a switch to disable it, but there's no way to check that it's actually disabled. That being said, PSP doesn't seem to be as pervasive as ME in the first place.
#2 u mean airgapped?
No, I don't mean that.
Pointless endevour. The only way to be off their constant observation is to break your screen addiction and stop using phones and computers for everything possible.
Steve Jobs Security Clearance Story
its real.... he was killed cause he knew way too much... the whole system runs on blackmail...
Tardkill strikes again. That nigga died because he refused western medicine while his cancer was still treatable. Once he finally gave in it was too late. If the deep state kills you with cancer it damn sure isn't gonna be pancreatic cancer lol.
he died of AIDS... allegedly...
i think he was a closet fag...
Half of yall with computers never computed a damn thing in your life.
Way more than half.
a) perceivable implies open to each perceiving one within...suggested implies at will of disclosure by those suggesting it.
b) hardware (life) can only exist within software (inception towards death)...others can tempt one to ignore this for a suggested inversion (software within hardware).
Notice the flow of energy required as the foundation for suggested warez...