|
1gnoirents posted:... But why would Intel require this amount of access?: quote:The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored. Source: https://libreboot.org/faq/#intel EDIT: I think I've got microcode and the CPU Management Engine mixed up here, but I guess it's still a relevant answer to just supposing that it's fine and could never be used for spying or nefarious purposes, so I'll leave the quote as valid. apropos man fucked around with this message at 20:23 on Jan 21, 2017 |
# ? Jan 21, 2017 20:17 |
|
|
# ? May 28, 2024 14:48 |
|
Methylethylaldehyde posted:Funny thing is, you probably need to get State Department approval to release poo poo like that, because it technically counts as a munition and is subject to ITAR and technology transfer agreements. What? Do you have a source for this? If it is true, I'd be shocked. I would have guessed that much of the Intel microcode or whatever was developed by non-US citizens or permanent residents.
|
# ? Jan 21, 2017 20:19 |
|
Boiled Water posted:Is there anything to the management engine being dodgy? I mean not that I can get out of using Core2Duo or older Intel processors. silence_kit posted:Yes, there is Hitler in your CPU.
|
# ? Jan 21, 2017 20:32 |
|
apropos man posted:But why would Intel require this amount of access?: But why would AMD require this amount of access? https://libreboot.org/faq/#amd
|
# ? Jan 21, 2017 20:38 |
|
My favorite quote from that site:quote:For so-called economic reasons, they decided that it was not worth the time to invest in the coreboot project anymore. Yes the economics of the project do change radically depending on whether you assign value to the engineers' labor or not, lol
|
# ? Jan 21, 2017 20:50 |
|
ElehemEare posted:But why would AMD require this amount of access? Correct, as per my original question: apropos man posted:Do AMD have the equivalent of Intel's microcode running on their CPU's? Would a CPU with open microcode be desirable if we had a situation where Ryzen turned out to be a winner and also had transparency? I think the answer is "yes" and will stop derailing the thread. EDIT: changed clunky last sentence apropos man fucked around with this message at 20:56 on Jan 21, 2017 |
# ? Jan 21, 2017 20:50 |
|
apropos man posted:But why would Intel require this amount of access?: I simply do not believe him. This strikes me as "your car has a steering wheel and a gas pedal... did you know a nefarious person could DRIVE IT STRAIGHT INTO A SCHOOL? NEVER BUY FORD" Is it possible it does exactly what he says? Sure. I still don't believe thats why its there. It just doesn't seem to be their game. This is in contrast to say Google releasing a CPU with those capabilities. And this is just an opinion of course, for all I know Intel is just a government puppet, and certainly having backdoor access to every computer and server in the world would be mighty appealing. There are lots of privacy things to worry about but this is about as low on the list as it gets for me. I'm pretty sure the GPU EULA you pressed accept on is far more damaging to privacy than Intel management engine. silence_kit posted:What? Do you have a source for this? If it is true, I'd be shocked. I would have guessed that much of the Intel microcode or whatever was developed by non-US citizens or permanent residents. This used to be true, I dont see why it wouldnt be still I suppose. There are a lot of things on this list. my uncle used to head this in the State Department, though it was typically for more overt things like literal missiles and things like night vision tubes. CPU's are somewhat of a last bastion of high end "American Technology" and has all sorts of military applications and was in the past the tech behind it was under strict export control. The world is a bit different today though. Chinese designs are up and coming iirc and CPU stuff is no longer some holy grail. But, we do still lead currently and im guessing its still of military value. Though this is just software, China hacked away and made off with the software for their latest stealth jet, despite being able to design and manufacture a legitimate high end stealth fighter jet they still had to look elsewhere for the code to actually run the thing. If it did fall under export control this is the link for that https://www.state.gov/strategictrade/overview/ Which does say software, and CPU code would have fallen under dual-use catch all rules. I kind of doubt you'd be able to find a public list of export restrictions and rules though 1gnoirents fucked around with this message at 21:10 on Jan 21, 2017 |
# ? Jan 21, 2017 20:55 |
|
1gnoirents posted:I simply do not believe him. This strikes me as "your car has a steering wheel and a gas pedal... did you know a nefarious person could DRIVE IT STRAIGHT INTO A SCHOOL? NEVER BUY FORD" I'm not worried about my privacy and I currently have two recent Intel CPU's running here (this laptop included). I would definitely desire a CPU with full transparency, though. Not that we're ever likely to see that happen. A car needs a steering system and a means of applying power from the engine.
|
# ? Jan 21, 2017 20:59 |
|
apropos man posted:But why would Intel require this amount of access?: A lot of IT needed out-of-band management features also lines up with a government is spying on you checklist
|
# ? Jan 21, 2017 21:02 |
|
apropos man posted:I'm not worried about my privacy and I currently have two recent Intel CPU's running here (this laptop included). I would definitely desire a CPU with full transparency, though. Not that we're ever likely to see that happen. Yeah that was my lame point about the steering.
|
# ? Jan 21, 2017 21:11 |
|
apropos man posted:I'm not worried about my privacy and I currently have two recent Intel CPU's running here (this laptop included). I would definitely desire a CPU with full transparency, though. Not that we're ever likely to see that happen. I have the same problem but with manual computing where I can't know the mechanisms of the brain responsible for calculations.
|
# ? Jan 21, 2017 21:33 |
|
1gnoirents posted:Yeah that was my lame point about the steering. Well I was insinuating that, although a car needs steering and power delivery, does a CPU need closed-source firmware?
|
# ? Jan 21, 2017 21:37 |
|
apropos man posted:But why would Intel require this amount of access?: "Intel" doesn't have this access. You, the computer owner or company sysadmin have this access. On older systems you needed DRAC or other similar remote management add-ons from various vendors to get this functionality, on newer systems it's simply built into the CPU. apropos man posted:Well I was insinuating that, although a car needs steering and power delivery, does a CPU need closed-source firmware? Yes? They literally need firmware to work just like most other components in your computer. And no one's funded an open source replacement project, so it's gonna be closed source. fishmech fucked around with this message at 22:30 on Jan 21, 2017 |
# ? Jan 21, 2017 22:27 |
|
Snakes in a can posted:Hows AMD chips and more specifically ryzen virtualisation solution against intels? Ive been loosely following ryzen development but have not seen much talk about it. AFAIK, there hasn't been any information on that. It's a question I hope to be able to answer very soon, between Zen's release and Fedora's updated roadmap looking to make hardware passthrough on virtual machines basically point-and-click. Boiled Water posted:I have the same problem but with manual computing where I can't know the mechanisms of the brain responsible for calculations. Politics in a nutshell.
|
# ? Jan 21, 2017 23:05 |
|
The really weird thing with ME is, as it was described at a talk at either Defcon or C3, it's basically a completely self-contained microcontroller that has direct access to the hardware the CPU runs on. Great for management, but also great for And if you try to cripple it, apparently the CPU will shutdown/freeze/stop functioning after 20 minutes or so.
|
# ? Jan 21, 2017 23:18 |
|
Platystemon posted:Is open source microcode something that even Richard M. Stallman would care about? I think he would care. He must have open access to everything, from his CPU microcode to the nutritional content of growths on his foot. https://www.youtube.com/watch?v=I25UeVXrEHQ
|
# ? Jan 22, 2017 01:21 |
|
SpelledBackwards posted:I think he would care. He must have open access to everything, from his CPU microcode to the nutritional content of growths on his foot. Ugh.
|
# ? Jan 22, 2017 01:56 |
|
fishmech posted:"Intel" doesn't have this access. You, the computer owner or company sysadmin have this access. On older systems you needed DRAC or other similar remote management add-ons from various vendors to get this functionality, on newer systems it's simply built into the CPU. How do you know for sure? I would be interested to see the result of fitting some kind of breakout board onto a network cable to see if there's any traffic from the motherboard's NIC which could be attributed to the ME. It might, or even most probably, produce no extra traffic but it'd be good to know. Fair point that the system is a necessity, despite of how it's implemented.
|
# ? Jan 22, 2017 10:02 |
|
apropos man posted:How do you know for sure? I would be interested to see the result of fitting some kind of breakout board onto a network cable to see if there's any traffic from the motherboard's NIC which could be attributed to the ME. It might, or even most probably, produce no extra traffic but it'd be good to know. What do you mean, "how do you know?" It's literally what it is. It's intended for use on a local/corporate network, just like the older Dell DRAC, HP iLO, IBM RSA or American Megatrends MegaRAC, although an incompetent network setup could expose it to the wider internet just as any sort of controls can accidentally be exposed to the internet (for instance, say you had remote desktop serving set up for your corporate intranet, but some networking was hosed up and now all those are exposed to the internet where someone can attempt to use it). But when we're considering that scenario, anyone could try to get in. There's no indication that Intel themselves would have special access that no one else does.
|
# ? Jan 22, 2017 16:41 |
|
fishmech posted:What do you mean, "how do you know?" It's literally what it is. It's intended for use on a local/corporate network, just like the older Dell DRAC, HP iLO, IBM RSA or American Megatrends MegaRAC, although an incompetent network setup could expose it to the wider internet just as any sort of controls can accidentally be exposed to the internet (for instance, say you had remote desktop serving set up for your corporate intranet, but some networking was hosed up and now all those are exposed to the internet where someone can attempt to use it). But when we're considering that scenario, anyone could try to get in. There's no indication that Intel themselves would have special access that no one else does. I mean, completely theoretically, it could be looking at all incoming network traffic and be picking up specific bits in TCP data that is ostensibly going to a service running on the main CPU. Or client, for that matter. Browse to a malicious website and data steno'd in a PNG triggers commands... You're inside the CPU, the NIC is well-known and you can have direct access to it's ring buffers. If Intel didn't do it, it'd still be a great place to stash a persistent infection. It's extremely unlikely, and basically impossible on a consumer board that for some godawful reason doesn't use the intel LAN that comes with the chipset. That's complete and I don't remotely think it exists. But it's not completely impossible. I just hope the new AMD chipset is good. I know my FX- era motherboard has absolutely poo poo USB ports that glitch and reset constantly. Harik fucked around with this message at 02:07 on Jan 23, 2017 |
# ? Jan 23, 2017 02:05 |
|
We know the federal government has a longstanding policy of attempting to get that kind of hardware backdoor. We also know that historically they're spying on people way more than we assume they are at any given point. Incompetence is the only reason they probably don't have that kind of access.
|
# ? Jan 23, 2017 02:25 |
|
I'd be tickled pink of the government knows everything that Stallman is doing because they just have some dude next door listening with a cup against the wall
|
# ? Jan 23, 2017 03:24 |
|
WhyteRyce posted:I'd be tickled pink of the government knows everything that Stallman is doing because they just have some dude next door listening with a cup against the wall Not that it makes his general position on privacy invalid, it's possible to want privacy for others but choose to have none for yourself
|
# ? Jan 23, 2017 03:31 |
|
Anime Schoolgirl posted:Or just reads what he posts on the internet, because he's the exact opposite of a private person including going into his personal habits in which nobody wanted to hear about He's the open source person we all should aspire to become.
|
# ? Jan 23, 2017 08:02 |
|
Boiled Water posted:He's the open source person we all should aspire to become. https://www.youtube.com/watch?v=I25UeVXrEHQ
|
# ? Jan 23, 2017 13:13 |
|
Come on, I just posted this like 10 posts earlier on this same page. And you didn't even make a pun to add to it, like changing the quoted post from open source to open sores.
|
# ? Jan 23, 2017 14:43 |
|
K8.0 posted:We know the federal government has a longstanding policy of attempting to get that kind of hardware backdoor. We also know that historically they're spying on people way more than we assume they are at any given point. Incompetence is the only reason they probably don't have that kind of access. Yeah let me amend my conclusion: It's extremely unlikely that Intel made and shipped a backdoor into all their chips. It's possible (perhaps likely) that the NSA strongarmed them into giving them a signing key so they can load code into the ME for targeting specific persons of interest. Isn't the ME code a blob in the BIOS next to the microcode? So you'd have a detectable fingerprint by dumping your flash and comparing to what the MB manufacturer shipped. Even if the ME was somehow intercepting that and showing you the unmodified code you could always desolder your flash and read it out directly. Unless you're a drug kingpin or some sort of terrorist mastermind or an Iranian nuclear engineer you probably don't need to check that, though. E: This also has nothing to do with AMD I guess. My bad. Harik fucked around with this message at 17:59 on Jan 23, 2017 |
# ? Jan 23, 2017 17:42 |
|
SpelledBackwards posted:Come on, I just posted this like 10 posts earlier on this same page. And you didn't even make a pun to add to it, like changing the quoted post from open source to open sores. Hah, that'll teach me for not scrolling up. I favorite that video just to post it any time I see the name Stallman. It just doesn't get old.
|
# ? Jan 23, 2017 18:38 |
|
I feel like I'm desensitized by this point on the internet but I seriously have a hard time stomaching that specific thing lol
|
# ? Jan 23, 2017 20:33 |
|
putin genociding people for being underclassmen of the old ottoman empire = meh some guy eating toe jam =
|
# ? Jan 23, 2017 20:34 |
|
Anime Schoolgirl posted:putin genociding people for being underclassmen of the old ottoman empire = meh Lol yes, exactly. Protesters getting gunned down somewhere by the army = :o wow that sucks! toe jam = unacceptable
|
# ? Jan 23, 2017 21:38 |
|
1gnoirents posted:Lol yes, exactly. Protesters getting gunned down somewhere by the army = :o wow that sucks! unironically this if you're part of the cult of GNU, except instead of toe jam it's proprietary software
|
# ? Jan 23, 2017 22:38 |
|
Isn't the ME feature also a BIOS switch away from being on/off as far as accessible from the NIC port is concerned? And to top it off, isn't most of the vPRO and other Management feature stuff exclusive to the non K models of Desktop CPU's as well as U series chips?
|
# ? Jan 23, 2017 23:39 |
|
EdEddnEddy posted:Isn't the ME feature also a BIOS switch away from being on/off as far as accessible from the NIC port is concerned? But we have no way of knowing that turning it off turns it off! quote:And to top it off, isn't most of the vPRO and other Management feature stuff exclusive to the non K models of Desktop CPU's as well as U series chips? vPro is available on many models of Core CPU (it's not on the Pentium branded variations, the K series, and some others), but it's useless without firmware support. I don't know about the other letters, but the Q series firmware includes full vPro remote management bits. One of my big regrets from my last sysadmin job was not making the time to do full desktop remote management. Every desktop in the company had full vPro functionality available and we did nothing at all with it. AMD could do themselves a big favor if they rolled out similar functionality and was more open about the implementation to attract toe fungus eaters and types.
|
# ? Jan 23, 2017 23:57 |
|
McGlockenshire posted:But we have no way of knowing that turning it off turns it off!
|
# ? Jan 24, 2017 00:00 |
|
McGlockenshire posted:But we have no way of knowing that turning it off turns it off! I wanted to do this at my past 2 IT jobs because it was irritating as hell using whatever 3rd party tools the Owners of both were making us use, but of course could never get the time or OK to even explore the option, let alone implement it. After being ignored on my ideas to make everything easier and cheaper to use what we already had access too is part of the reason I want to get out of working in IT completely. Never paid enough to make it worth the stress and life sapping it continues to be.
|
# ? Jan 24, 2017 00:01 |
|
Anime Schoolgirl posted:they kind of do with Zen, specifically it's a qualcomm ARM chip within the cpu handling the ME-like functionality, AMD didn't develop their own for obvious reasons CPUs all the way down
|
# ? Jan 24, 2017 21:21 |
|
Methylethylaldehyde posted:Glorious 240nm Opterons! That'd consume, what, 1000 watts? What's the next step beyond liquid nitrogen cooling? I have a feeling a 240nm Naples core would need that.
|
# ? Jan 29, 2017 06:03 |
|
RyuHimora posted:That'd consume, what, 1000 watts? What's the next step beyond liquid nitrogen cooling? I have a feeling a 240nm Naples core would need that. In-chip water cooling.
|
# ? Jan 29, 2017 06:17 |
|
|
# ? May 28, 2024 14:48 |
|
PerrineClostermann posted:In-chip water cooling. That would be neat as hell. Should release a line of Xxxxtreme overclocking IHS waterblocks. They xould charge whatever they wanted too
|
# ? Jan 29, 2017 06:51 |