back to article Wanna exorcise Intel's secretive hidden CPU from your hardware? Meet Purism's laptops

Purism – a San Francisco, California, social purpose company that flies the flags of privacy, security and software freedom – has begun offering its GNU/Linux-based laptops with Intel's Management Engine disabled. The Intel Management Engine is a hidden coprocessor at the heart of Chipzilla's vPro technology. Part of the …

  1. whitepines Bronze badge
    WTF?

    Disabled? Yeah, right...

    What everyone seems to be overlooking here is that "disabled" is not really "disabled". The ME is integral to the x86 boot process and always, always runs.

    What Purism is using here is the kill switch for the second level of ME services, akin to userspace on a normal Linux computer. The ME kernel still runs and is still required for bootup, even if it goes offline afterward. This means the machine is still just as vulnerable to preinstalled / evil maid type malware targeting the ME as it ever was.

    Purism really needs to be more clear on just what they are doing. They keep making grandiose claims that are not 100% true and compromising everyone's security as a result.

    1. Big John Silver badge

      Re: Disabled? Yeah, right...

      Do AMD chips have this 'feature?' (total noob here)

      1. whitepines Bronze badge

        Re: Disabled? Yeah, right...

        Yes, it's called the Platform Security Processor (PSP for short). Given AMD's track record of (not) keeping key material secret I'd expect it to be hacked at some point, and not in a good way....

        1. Michael Habel Silver badge

          Re: Disabled? Yeah, right...

          S0NY Called they want their PSP back!

    2. MacroRodent Silver badge

      Re: Disabled? Yeah, right...

      Purism seems to be doing here all they can do to disable the engine. If it gets killed very shortly after boot, it cannot get commands from evil masters. Any better ideas? Maybe using another CPU architecture would do it, but is making a high-end laptop around ARM (for example) feasible? In principle software compatibility should not be an issue (as long as you run Linux as the OS), but in practice x86 is still better supported for desktop applications, and it allows customers to boot Windows if they want.

      1. malle-herbert Silver badge
        Facepalm

        Re: and it allows customers to boot Windows if they want...

        Really ?

        First you try to make a laptop as secure as possible, only then to run the most insecure operating system known to man on it ?

        1. Anonymous Coward
          Anonymous Coward

          Re: and it allows customers to boot Windows if they want...

          "First you try to make a laptop as secure as possible, only then to run the most insecure operating system known to man on it ?"

          I didn't know intel laptops ran Android?

      2. DainB Bronze badge

        Re: Disabled? Yeah, right...

        Any better ideas?

        Yes. Firewall.

        1. Anonymous Coward
          Anonymous Coward

          Re: Disabled? Yeah, right...

          "Yes. Firewall."

          This stuff can access the network card directly. It doesn't care about local firewalls.

          And anyway if it uses says HTTPS how are you going to know which traffic to block?!

          1. DainB Bronze badge

            Re: Disabled? Yeah, right...

            "This stuff can access the network card directly. It doesn't care about local firewalls."

            Don't use local firewalls then.

            "And anyway if it uses says HTTPS how are you going to know which traffic to block?!"

            Err... It's quite unlikely it'll be trying access your internet banking or paypal account and it's really easy to check what goes where and when.

            If your computer that is not booted into any OS initiates some HTTPS traffic that's enough to kill it with fire. Unless I missed something there was not a single report about any system caught doing that.

            1. TheVogon Silver badge

              Re: Disabled? Yeah, right...

              "Don't use local firewalls then."

              So you propose configuring an external hardware firewall by destination IP and port for for every every PC you use in every location and say over wifi?! Good luck with that...

              "Err... It's quite unlikely it'll be trying access your internet banking or PayPal"

              On the contrary your Internet banking or PayPal would likely be of great interest to a hacker that has taken remote control of your PC.

              "and it's really easy to check what goes where and when."

              So you propose not only to hardware firewall every device everywhere, but also think you know exactly which of the millions of addresses on the Internet are "safe"?! And even if that were even possible then that won't help if they come via say TOR, a VPN, a proxy or another compromised device...

              1. DainB Bronze badge

                Re: Disabled? Yeah, right...

                "So you propose configuring an external hardware firewall by destination IP and port for for every every PC you use in every location and say over wifi?!"

                Oh, I'm so important that Intel wants to put rootkit on my laptop...

                Latte please, double shot, do you have free wifi here ?

                "So you propose not only to hardware firewall every device everywhere, "

                Yes, if you care about it you most certainly should.

                If you really do.

                Which is highly unlikely.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Disabled? Yeah, right...

                  "Oh, I'm so important that Intel wants to put rootkit on my laptop..."

                  The way in is already there. It's the relatively clueless about security like yourself that will be the ones most likely to get stung. You will think you are safe behind your firewall while hackers monitor everything you do until they can find an opportunity to fleese you.

                  1. DainB Bronze badge

                    Re: Disabled? Yeah, right...

                    "It's the relatively clueless about security like yourself that will be the ones most likely to get stung. "

                    Let me see..

                    Ad hominem attack - check. Posted as AC - check.

                    Reasons to argue with trolls - none detected.

                2. Anonymous Coward
                  Anonymous Coward

                  Re: Disabled? Yeah, right...

                  "Oh, I'm so important that Intel wants to put rootkit on my laptop..."

                  Too late: it is already there. They only need to activate it (and millions others if necessary), no manual steps needed.

            2. Irongut

              Re: Disabled? Yeah, right...

              So how does this external firewall know that the HTTPS traffic to/from PayPal or your bank is a virus in the IME and not you in your browser of choice? The source and destination IPs are the same and the encrypted traffic is unreadable.

              Or do you propose to temporarily disable the firewall every time you want to do banking? If so how do you protect yourself from IME nasties during that time?

              1. DainB Bronze badge

                Re: Disabled? Yeah, right...

                "So how does this external firewall know that the HTTPS traffic to/from PayPal or your bank is a virus in the IME and not you in your browser of choice? The source and destination IPs are the same and the encrypted traffic is unreadable."

                Quite frankly until someone proves that it is in fact possible to run malware on that level I would not give it a second thought. Burglars do not need use cat flap if front door is unlocked and wide open.

      3. Mpeler
        Paris Hilton

        Re: Disabled? Yeah, right...

        Glad to see that someone acted on [Erica] Portnoy's Complaint.....

        (they probably aroused Intel's Roth over that)

    3. TheVogon Silver badge

      Re: Disabled? Yeah, right...

      What I don't understand is why isn't there simply a Bios setting to disable it? Wouldn't that make sense? Then no need for special hardware for the US government, etc. etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: Disabled? Yeah, right...

        There is on every thinkpad I've seen

        1. TheVogon Silver badge

          Re: Disabled? Yeah, right...

          "There is on every thinkpad I've seen"

          Great, so does that solve the problem? We just need that option on all BIOSs?

      2. bombastic bob Silver badge
        Unhappy

        Re: Disabled? Yeah, right...

        "What I don't understand is why isn't there simply a Bios setting to disable it? Wouldn't that make sense?"

        It makes _TOO_ _MUCH_ _SENSE_. That's why nobody's doing it, I guess...

  2. Anonymous Coward
    Anonymous Coward

    Hello: 'Trusted Computing' Model 2.0?

    ....."The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility," (EFF)...

    http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

    1. Anonymous Coward
      Anonymous Coward

      Re: Hello: 'Trusted Computing' Model 2.0?

      I think we are still at Model 1.0 will all the attendant problems of the Great Magic Box Idea.

      Once we get to the point where you are forced to watch Ads, read NYT headlines or listen to McCain extolling liberventionism while the webcam checks your attention level, THEN we will be at Model 2.0.

    2. Anonymous Coward
      Anonymous Coward

      Re: Hello: 'Trusted Computing' Model 2.0?

      FAQ summarizes it nicely:

      " 25. So a `Trusted Computer' is a computer that can break my security?

      That's a polite way of putting it. "

      TCPA and derivatives are _designed_ to break _your_ security, i.e. backdoor. They have no other functions and the Intel moron who dares to lie otherwise, is an a**hole.

      "12. But can't you just turn it off?

      Sure - unless your system administrator configures your machine in such a way that TC is mandatory, you can always turn it off. You can then run your PC as before, and use insecure applications. "

      Which might have been true in 2003. In NSA-era it isn't and now you can't.

  3. frank ly Silver badge

    "It's not a purposeful backdoor,"

    It's an accidental backdoor?

  4. A Non e-mouse Silver badge

    Pixies?

    If a machine can't boot its OS, you need something running under the operating system, at the chipset firmware level, to recover the box.

    Er, isn't this what PXE booting is for?

    1. John Doe 6

      Re: Pixies?

      Servers got management CPU' for decades, I've got an IBM from 1998 with a PowerPC chip as management processor.

      1. Anonymous Coward
        Anonymous Coward

        Re: Pixies?

        Different thing: That management is just for the server hardware and totally separate HW which has no idea what the main processor is doing.

        This "management" is sitting within main processor spying everything it does and acts as a middle man to _everything_ main processor is doing. Perfect backdoor you can't even disable.

        Renders any encryption you have totally worthless: NSA _must see_ everything you do and Intel is their hand sock in this case, lying whatever they can.

    2. Sampler

      Re: Pixies?

      I was thinking, fifteen years ago when I assisted the third line and infrastructure support guys, all the servers had iLO's in them, so, why would you need to build it into the chip for sysadmins when the chips go into a lot of other machines?

      Allow those that want to put iLO's into the devices, the rest of us that don't need one, can skip, makes the silicone cheaper, so more profit for intel, that point, right there, concerns me, why aren't Intel maximizing their bottom line?

      1. Anonymous Coward
        Anonymous Coward

        Re: Pixies?

        "makes the silicone cheaper"

        You made a boob with your spelling.

        s/silicone/silicon

        1. TheVogon Silver badge

          Re: Pixies?

          "You made a boob with your spelling"

          Android at least autocorrects silicon to silicone if you don't change it...

          1. HieronymusBloggs Silver badge

            Re: Pixies?

            "Android at least autocorrects silicon to silicone if you don't change it..."

            Good to know, but an odd choice considering silicon is much more common than silicone.

      2. TheVogon Silver badge

        Re: Pixies?

        "Allow those that want to put iLO's into the devices"

        ILO cards cost a few hundred quid and if optional take a slot / motherboard connector and presumably an additional network connection. Extra hardware built into a chip you already use costs a few cents...

      3. DainB Bronze badge

        Re: Pixies?

        Because iLOM has absolutely nothing to do with it, it's a separate CPU with it's own OS and totally different purpose.

    3. Anonymous Coward
      Anonymous Coward

      isn't this what PXE booting is for?

      Exactly.

      Not only that, looooong before there was PXE on x86, there were other technologies on other hardware that provided, as a standard documented part of the core CPU and boot ROM functionality, what PXE eventually got around to implementing as a "value add" feature.

      E.g. lots of DEC VAXes and pretty much every DEC/CPQ Alpha system had a documented network boot procedure, using either an IP network stack or (in the olden days) a DECnet stack. It needed no management co-processor or other untrustworthy stuff, just the standard processor and a standard boot ROM and standard documented network-bootable code and corresponding executables.

      The industry has moved on since then, hasn't it.

  5. mark l 2 Silver badge

    Looks like keeping hold of my 2007 Dell Latitude without these 'features' was a good idea. it is still going strong dual booting between Linux Mint and Window 7.

    1. bombastic bob Silver badge
      Black Helicopters

      "Looks like keeping hold of my 2007 Dell Latitude without these 'features' was a good idea"

      ack. Intel's "new, shiny" [particularly when running Win-10-nic] isn't worth the *RISKS*. I'll stick with proven, slightly older, very slightly slower tech that doesn't have a built-in back door.

  6. Milton Silver badge

    We need companies like Purism

    While I won't address all the tech details here, I will submit that the modern age absolutely needs organisations like Purism, as much as we need a free press, separation of powers in government, independent judiciary, free speech - the human right to dignity, privacy and the basic right *not* to treated like an exploitable commodity.

    Whether Purism specifically ticks all the boxes is less important than that we support the principles of security, freedom from snooping, government overreach and corporate spying.

    So I wish them well. "Apple, but ethical" - excellent. Next up, "Google but not evil" and maybe one day "Social media, by grown-ups".

    1. deive

      Re: We need companies like Purism

      Too right we do need more, but the only way that'll happen is if consumers actually buy...

      Also they said "there's no ethical computing device option" which may be true for the USA but the is Fairphone here in the EU. I would love to see those two collaborate on electronics that are totally ethical from mining and production through to software and data gathering

    2. Primus Secundus Tertius Silver badge

      Re: We need companies like Purism

      @Milton

      "Social media, by grown-ups"

      All computer freaks are nerds. Even me, a little bit.

    3. Anonymous Coward
      Anonymous Coward

      Re: We need companies like Purism

      "Google but not evil"

      Only when Satan has been cast from the fiery pit of hell can Google not be evil.

      1. Michael Habel Silver badge

        Re: We need companies like Purism

        ~Only when Satan has been cast from the fiery pit of hell can Google not be evil.~

        Really?! I would have thought he would have scored himself a nice Desk as the CEO of the slightly melting Chocolate Factory, had he been in need of some new employment.

      2. Captain DaFt

        Re: We need companies like Purism

        Only when Satan has been cast from the fiery pit of hell can Google not be evil.

        Don't bet on it.

        The Infernal Trinity of Google, Oracle, and Microsoft would see his deportment as a business opportunity immediately take over running Hell.

    4. Michael Habel Silver badge

      Re: We need companies like Purism

      I down voted you while your 'Heart' may well be with-in the PCZ (Political Correctness Zone), simply miming out the motions wont make anyone more secure in the end. In the end you only have but, Two options. Either do the job, you were tasked to do, Or find someone else who can. Making chimp like noises about having done much about nothing, and in the grand scheme of things serves no purpose other then to trick the schmo into buying whatever snake oil is on tap that day.

      While it may well be regarded as a better fix then not having done anything at all... it would have at least been more useful had this lot targeted Windows instead. Not that I have anything against Linux. But, like it or not, Windows is still the workplace king.

      1. Charles 9 Silver badge

        Re: We need companies like Purism

        "In the end you only have but, Two options. Either do the job, you were tasked to do, Or find someone else who can."

        There MUST be a third option because you may lack the skills to do it yourself and can't trust anyone else to do it.

        For example, how can one be sure the government can't subvert every phone using their airwaves if all radio chips must go through them first?

        1. Michael Habel Silver badge

          Re: We need companies like Purism

          ~For example, how can one be sure the government can't subvert every phone using their airwaves if all radio chips must go through them first?~

          Thus we have a reason why these Companies such as Purism exist for. It's up to you if you think that they are trusty enough, or not.

          A real Third Option is to NOT support Companies that pull this kind of crap. Which may on the face of it seem harder than it seems. But, I gather that this is only on the newer CPUs.

        2. Destroy All Monsters Silver badge

          Re: We need companies like Purism

          There MUST be a third option because you may lack the skills to do it yourself and can't trust anyone else to do it.

          That's the DayZ option: Innawoods with AKM and unconnected.

      2. AJ MacLeod

        Re: We need companies like Purism @Michael Habel

        If someone's concerned enough about security and privacy to disable the IME I don't think they're very likely to be interested in running Windows of any variety.

        1. TheVogon Silver badge

          Re: We need companies like Purism @Michael Habel

          " I don't think they're very likely to be interested in running Windows of any variety."

          It depends on the use. For desktops where you have user interaction Windows is most attacked. However if you look at say Internet facing servers, Windows server is several times less likely to be attacked than say Linux boxes if you look at for instance defacement stats versus share of boxes. That might well be partly because of what is commonly run on the Linux boxes rather than the OS itself but you could say the same about Windows on the desktop where attacks have commonly leavaged java, flash, acrobat, office, etc...

          1. Anonymous Coward
            Anonymous Coward

            Re: We need companies like Purism @Michael Habel

            " Internet facing servers, Windows server is several times less likely to be attacked than say Linux boxes if you look at for instance defacement stats versus share of boxes. "

            Irrelevant when one attack is enough to deface a Windows server so of course there're less attacks against them. W10 reports everything by design so there's no need to even attack it.

            Also "Linux box" by itself is even more a non-description as "Windows" without version number.

      3. This post has been deleted by a moderator

        1. Michael Habel Silver badge

          Re: We need companies like Purism

          I blame my Smartphone... Beit the crappy on-screen Keyboard, or the overzealous Autocorrect.

  7. Neil Barnes Silver badge

    For decades now

    A hardware reset took the program counter to a defined memory location and started executing code there (or from a vector there). This read directly from memory - usually prom or eprom, or more recently on-board flash.

    Thence (for a desktop system, as opposed to an embedded system) one ran a minimum code to the hardware to read the first sector of the first track of the disc; that contained enough code to load the rest of the OS.

    Why has this basic operation suddenly become no longer sufficient? Hiding a separate co-processor just to boot the thing is no different in concept from a tiny eeprom bolted on to the side (or even internally) but without the option of the user/end manufacturer reprogramming it.

    1. Anonymous Coward
      Anonymous Coward

      Re: For decades now

      This, and add a physical switch to write protect the boot flash, probably in the form of an absent jumper that needs to be put in, to alter the flash. Why anyone thought it a good idea to leave the boot flash in a writeable state by default is beyond comprehension

      1. TheVogon Silver badge

        Re: For decades now

        "add a physical switch to write protect the boot flash"

        It's not practical to have to change a jumper to update every box - especially in large environments. Most corporates set Bios passwords which you would require to know for an update script to work - at least if it uses conventional update methods...

        For partly this reason and also to make boxes mostly useless if stolen I always disable external boot and set Bios passwords on my own kit.

        To remove a Bios password without manufacturer's assistance generally requires replacing a chip on the motherboard as I understand it so it's not perfect but it's a good start.

        1. martinusher Silver badge

          Re: For decades now

          > It's not practical to have to change a jumper to update every box

          You don't need to update the bootstrap code very often, if at all, for the life of the machine.

          As for the bootup code having to set up DRAM, peripherals, clocks and what have you this isn't unique to Intel processors, you've got to do this for every processor. Its just part of the job. (been doing it for 40+ years.....).

          I fear that layers of complexity are being substtuted for simply getting basic stuff to work properly. You only have to look at the amount of code bloat and the Byzantine attempts to secure computers (that invariably stop them from doing a lot of useful work) to realize that something is very wrong. I can't deal with a lot of modern software professionals (and their IT counterparts) because they're like talking to practiioners of witchcraft; they know a great deal about their subject but somehow haven't much of a clue about why they're doing what they're doing. This makes them easy prey to marketers (but the fallout for the rest of us is computer systems that are becoming increasingly unusuable).

          1. TheVogon Silver badge

            Re: For decades now

            "You don't need to update the bootstrap code very often, if at all, for the life of the machine."

            We only recently had to patch the BIOS of most recent corporate PCs due to a critical UEFI vulnerability.

            Also the boot code is still part of the BIOS which is on a single flash chip - and that typically requires several updates over the life of a PC.

            1. Anonymous Coward
              Anonymous Coward

              Re: For decades now

              "Also the boot code is still part of the BIOS which is on a single flash chip - and that typically requires several updates over the life of a PC."

              Not at least in corporation use: I've been working in several and none of them ever upgraded BIOS in any of their machines, typically 3 to 5 years of lifetime.

              As a home user I've done that few times for hoped bug fixes but usually no chage, so useless.

              1. Anonymous Coward
                Anonymous Coward

                Re: For decades now

                "Not at least in corporation use: I've been working in several and none of them ever upgraded BIOS in any of their machines, typically 3 to 5 years of lifetime."

                Not even for an emergency "in the wild" exploit?

        2. Updraft102 Silver badge

          Re: For decades now

          "It's not practical to have to change a jumper to update every box - especially in large environments."

          Perhaps a compromise, then. Have the jumper open for read-only, but have the jumper installed at the factory. Large environments and users who would rather keep using an old, perhaps insecure firmware than open the case would find things exactly as they are now, so no loss, no gain for them. For those shops/individuals who want the extra security (I sure do), they can simply remove the jumper (or let it sit on one pin so it doesn't get lost, as we used to do back when jumpers were a common thing).

          That would even make possible a reintroduction of the old keyswitches on cases-- instead of locking the keyboard, have it allow flashing in one key position and not in the other (depending on the NO/NC setup of the attached switch). As long as the admin at said large environment can find the key, it's really simple to enable flashing in the rare event it is needed, and it would otherwise remain locked, safe against prying fingers who have no idea what they are doing, unless they're willing to go so far as to open the case (in which case they could just as easily remove the jumper). Or pick the lock, if they've such skills.

          1. TheVogon Silver badge

            Re: For decades now

            "Perhaps a compromise, then. Have the jumper open for read-only, but have the jumper installed at the factory. "

            OK so you make certain bits of the BIOS read only by default. That still leaves the rest to be attacked. And makes it much less likely that critical vulnerabilities found in the read only code will actually ever be patched. Most users wont bother to change a jumper.

            "Large environments and users who would rather keep using an old, perhaps insecure firmware than open the case would find things exactly as they are now, so no loss, no gain for them. "

            In my experience it's the large environments that are much more likely to have to the resources to package and deploy a BIOS update.

      2. Doctor Syntax Silver badge

        Re: For decades now

        "Why anyone thought it a good idea to leave the boot flash in a writeable state by default is beyond comprehension"

        Convenience. It overrides security every time.

      3. Anonymous Coward
        Anonymous Coward

        Re: For decades now

        "Why anyone thought it a good idea to leave the boot flash in a writeable state by default is beyond comprehension"

        Totally logical in retrospective: To introduce permanent back doors of course. Or at least I can't imagine anything else.

    2. Phil Endecott Silver badge

      Re: For decades now

      >A hardware reset took the program counter to a defined

      > memory location and started executing code there

      To give one example of the difficulty of that, the DRAM controller needs to be set up first. So you need to interrogate all of the DIMMs (RAM modules) via their i2c interfaces and ask them their capacity, speed etc. and then program the control registers in the DRAM controller to match. Until you’ve done that you don’t have any RAM. So you have various tricks, such as having a small block of on-CPU RAM that can be used while the main RAM is brought up. Or maybe a mode where the on-CPU cache behaves as RAM initially.

      There are plenty of other similar issues. The ROM containing this start-up code, for example. Clocks are now under CPU control, so you need code to run to turn on the clocks and set the right frequencies. Even power supplies are under software control, so that power management (sleep modes etc.) can work.

      For a few years it was made to work by having things power on in some sort of “safe” lowest-common-denominator configuration, but that really doesn’t scale to the complexity of modern systems. So instead, there is a small separate processor that comes on first (and can boot in the sort of simple old-fashioned way that you describe, because it’s simple enough to do so), and it brings up the main processor, Subsequently it doesn’t need to do much except perhaps adjust clock frequencies and core voltages depending on workload.

      This is all good.

      The only issue is that it is locked down and unverifiable.

      1. Anonymous Coward
        Anonymous Coward

        Re: For decades now

        "... but that really doesn’t scale to the complexity of modern systems. "

        Which is more or less made up by Intel in order to sell you the idea of built-in backdoors in form of "management processor", i.e. otherwise obsolete Intel CPUs embedded in the MB.

        So true on the surface, but when you scratch it a bit you realize quite soon that none of that visible complexity is really necessary, it's exists only for making hardware cheaper to build while dumbing it down and programs more complex, i.e. more profit for Intel.

        That's the whole idea. Intel is the company behind soft-modems and windows printers: This is just another round of the same s*it.

        It exists solely for vendor lock in and cheaper, but BS HW.

  8. This post has been deleted by its author

  9. Joerg

    Spreading b*ll against Intel as usual....

    Spreading b*ll against Intel as usual.... with some companies trying to cash in on that too and many gullible people trusting such privacy issues claims nonsense.

    1. TheVogon Silver badge

      Re: Spreading b*ll against Intel as usual....

      "Spreading b*ll against Intel as usual...."

      It's clearly not bs. There is plenty of evidence of flaws that can be attacked. And once compromised you could potentially bypass all OS security. Also I recall that AMD have a similar solution and many servers also do so this is probably not only an Intel problem.

      If you bear in mind that this stuff is on almost all corporate PCs which can be rich picking for hackers its quite possible someone will attack it.

      The most likely risk imo is that we already know that government agencies have gone so far as for instance attacking hard disk firmware, so you can bet they will attack this if they don't already have easier methods. And such exploits tend to eventually leak or be found in the wild...

      1. Anonymous Coward
        Anonymous Coward

        Re: Spreading b*ll against Intel as usual....

        "There is plenty of evidence of flaws that can be attacked. And once compromised you could potentially bypass all OS security"

        To me flaws aren't really a problem but the whole thing is _designed_ to bypass OS and any security _you_ may have.

        It isn't a backdoor, it's whole fu**ing wall missing and NSA looking in. With help of Intel, which in this context nicely is a short from "Intelligence gathering" ... something they've thought from the start.

    2. Destroy All Monsters Silver badge

      Re: Spreading b*ll against Intel as usual....

      The corporate kool aid is strong with this one.

    3. Anonymous Coward
      Anonymous Coward

      Re: Spreading b*ll against Intel as usual....

      "such privacy issues claims nonsense."

      Ooh, privacy issues are now nonsense. Nice.

      Do you work for NSA, by the way?

  10. Snorlax Silver badge
    Meh

    Tough Sell

    "In a blog post Thursday, Purism CEO Todd Weaver characterized Intel's Management Engine as "the bane of the security market since 2008."

    His company is offering its Librem 13 (US$1,399+, Core i7-6500U) and Librem 15 (US $1,599+, Core i7-6500U) laptops with the Intel Management Engine verifiably turned off"

    At those prices I might as well buy a Mac and achieve the same effect. The fact that these laptops run linux isn't gonna sway anybody. Well, ok, maybe 10 or 12 people...

    "By focusing on making Purism products easy to use and convenient, he believes the company can attract customers beyond developers and those already sold on the merits of Linux. "Purism taking a business model similar to Apple, except we're ethical," he said."

    Nobody who drops $1400 on a laptop gives a shit about how ethical you are buddy. Purism is an unknown quantity, and will struggle at this price point as a result.

    Call Blackphone and ask how they're doing these days.

    1. WolfFan Silver badge

      Re: Tough Sell

      this will get downvotes, but... as soon as I read "Purism taking a business model similar to Apple, except we're ethical," I resolved to keep my wallet in my pocket.

      1. Snorlax Silver badge

        Re: Tough Sell

        @WolfFan: I think Purism are being more than a bit naive on the whole ethics thing.

        I personally don't believe it's possible to be in the hardware business and claim that you're ethical.

        Some issues to consider:

        The mining and refining of gold, copper and other metals, and the pollution it causes...

        The e-waste problem at the end-of-life. Europe and the US likes to ship its shite to third-world countries...

        The exploitation of workers in China and elsewhere by multinational companies in the manufacturing process...

        Anyway, Purism's sales figures are going to run to three digits at most so maybe they won't have much of a footprint from an ethics point of view.

        1. Destroy All Monsters Silver badge
          Windows

          Re: Tough Sell

          We are going to Stand on Zanzibar anyway, deal with it. The ultrakill of the mid-20th will be laughable. Buy a lappy while you can.

    2. Anonymous Coward
      Anonymous Coward

      Re: Tough Sell

      "At those prices I might as well buy a Mac and achieve the same effect. "

      Macs have their own System Management Controller (SMC) too...

  11. John Smith 19 Gold badge

    Open message to Intel. Security by obscurity does not work. C'n'P chip design is bad too.

    This laptop looks like the best that can be done about an idea that might have been done with good intentions but whose implementation has been a complete clusterf**k.

    1. TheVogon Silver badge

      Re: Open message to Intel. Security by obscurity does not work. C'n'P chip design is bad too.

      "Open message to Intel. Security by obscurity does not work"

      As I understand it, the security of the underlying system does not rely on obscurity of the code or how it works. Intel just choose not to publish to source code which is not quite the same thing.

      1. Anonymous Coward
        Anonymous Coward

        Re: Open message to Intel. Security by obscurity does not work. C'n'P chip design is bad too.

        ". Intel just choose not to publish to source code which is not quite the same thing."

        It literally is the same thing as "how it works".

        It's painfully obvious to anyone that Intel is lying about it not being a backdoor for Intel & NSA, so it's irrelevant what they _say_ it is doing: That's a lie every time and not by choise of Intel: NSA tells them to lie and if they don't, they'll end up in Guantanamo, one-way, personally.

        That's how the world works in a NSA-driven fascism and it's totally legal.

        So the part they lie about is the relevant part and that's laughable easy to do in documentation, much harder to do in source code.

        Especially when the binary compiled from the source doesn't match the binary running in the machine.

        1. Anonymous Coward
          Anonymous Coward

          Re: Open message to Intel. Security by obscurity does not work. C'n'P chip design is bad too.

          "It's painfully obvious to anyone that Intel is lying about it not being a backdoor for Intel & NSA, so it's irrelevant what they _say_ it is doing: That's a lie every time and not by choise of Intel: NSA tells them to lie and if they don't, they'll end up in Guantanamo, one-way, personally."

          Really, Mr. Conspiracy Nut. Then where will they go to without Intel processors? Most other processors in the world are manufactured outside their jurisdiction.

  12. DougS Silver badge

    will "disclose a Management Engine flaw that allows the execution of unsigned code"?

    Nice that Purism is using it to disable the ME, but a flaw like that could also be used for a lot of bad things. If they follow through with the disclosure in December, or it otherwise is released into the wild (maybe by someone carefully examining how Purism does it) I suspect 2018 will bring a lot more Reg articles about hack attacks perpetuated with the Management Engine now that it can be made to run unsigned code!

  13. Anonymous Coward
    Anonymous Coward

    A recent delidding...

    Some years back, someone was paid to makeshift up some chip decapping/lidding, as the standard equipment costs millions... they were surprised to find a wifi modual under there besides the normal chip. So, either as an undocumented side and failed design, or an actual hidden system, there was wifi where there should not be.

    1. DropBear Silver badge

      Re: A recent delidding...

      [Citation needed]. The ESP8266 and ESP32 are just about the tightest WiFi has ever been integrated into a single chip, up to on-die inductors an all that jazz - and even they don't work without some form of external antenna. Do these magic chips come with a note attached, saying "please route 3cm of impedance-matched dead-end PCB trace to pin XYZ, okthxbai"...?

      1. Anonymous Coward
        Anonymous Coward

        Re: [Citation needed]

        Check out some defcon videos on youtube. I have no idea if it was a toy or a remote control or whatever. It did though either by accident, bad design or failed attempt have a wifi chip hidden in as it was not on the spec, and hence one reason people were checking the actual silicone.

        Yes it was possibly a multi type chip, short range (antenna was in chip in the xray). Fact was, it was not specced or labelled as such.

        1. Orv Silver badge

          Re: [Citation needed]

          That would be interesting to see At normal wi-fi frequencies even a folded antenna is going to be larger than the chip die.

          1. Anonymous Coward
            Anonymous Coward

            Re: [Citation needed]

            Bo idea what type of wi-fi/bluetooth or whatever. It was decapped, had an antenna and a chip about the size of the main silicone.

            1. Sandtitz Silver badge
              WTF?

              Re: [Citation needed]

              Hey AC, did you notice the title [Citation needed]

              I couldn't find any articles about a hidden wifi inside a CPU, so give us a link or just give up.

              1. Anonymous Coward
                Anonymous Coward

                Re: [Citation needed]

                Downvote all you like.

                Deny all you want. Continue to think that because I point out Apple or Intel or Samsung are both competitive enough or stupid enough to forget what they have in a chip [Ok, here it was a "package"], push it out without working features and cut out promises (I've seen features removed after functional releases), means this thing never ever happens?

                "Decapping defcon", first hit. Is it that hard? Get a life!

                https://www.youtube.com/watch?v=0Z4aF-qiziM

                1. Sandtitz Silver badge
                  FAIL

                  Re: [Citation needed]

                  "Deny all you want."

                  Dear AC, you haven't paid attention when you watched the video. Your original quote was this:

                  "...they were surprised to find a wifi modual under there besides the normal chip. So, either as an undocumented side and failed design, or an actual hidden system, there was wifi where there should not be."

                  In the 100-minute video the presenters say it was a PIC32 microcontroller (12"30') , and the interesting part you are referring starts at 42"10' when they mention about the surprise of finding a 'radio chip', but the presenter immediately added that it was there legitimately - perhaps because he checked the specs afterwards.

                  That 'radio chip' was not a Wi-Fi module, nor did the presenter say so. It is probably a very low-power RF transmitter in the Megahertz class built into the microcontroller, but since I didn't catch the exact PIC model they used I can't say anything else about it. Except that it wasn't Wi-Fi, and it very likely was documented and a working design.

                  "Apple or Intel or Samsung are both competitive enough or stupid enough to forget what they have in a chip"

                  They're not that stupid. I recall an AMD presentation perhaps here in ElReg, where the lecturer told about how CPUs are built and tested. When new features are added they may not work properly in the finished package so they are disabled and the microcode needs to do those operations in the more generic silicon parts which always incurs a speed penalty.

                  Intel at least has presented plenty of CPU revisions and microcode updates for the CPUs to circumvent some off hangs and miscalculations, and this I believe is just general knowledge.

    2. TheVogon Silver badge

      Re: A recent delidding...

      "So, either as an undocumented side and failed design, or an actual hidden system, there was wifi where there should not be"

      A link would be good. If this is correct then most likely it's just a multipurpose chipset that can also do WiFi to reduce cost. The good news is that to actually transmit anything would almost certainly require an external amplifier and at least a rudimentary antenna.

      If you tried to generate any receivable level of signal within a processor chip at 2.4 or 5GHz I don't think that chip would be very stable!

  14. Anonymous Coward
    Anonymous Coward

    Everybody's ethical

    It just depends what your ethics are. While I'm for privacy, I'm not necessarily all for the alt-Left agenda either.

    Generally speaking, considering this computer depends how absolutely high your privacy need is. If my security/privacy needs really were that extreme, I'd want to know more about this company before I trusted them. Often those claiming to be oh so high minded really just want to make one gag. I'm supposed to take it on faith that a bunch of alt-Leftists are trust worthy. Look at the U.S., mayors who trust them get their cities trashed.

    Nevertheless, if one is OK with the company, it might make an interesting purchase. The idea of a more secure machine with lower vectors is a good one. I'd probably try to install Windows on it though, Linux doesn't suit me, and I'm not anti-profit.

    1. Snorlax Silver badge
      FAIL

      Re: Everybody's ethical

      @Stephen Battleware:"While I'm for privacy, I'm not necessarily all for the alt-Left agenda either."

      "I'm supposed to take it on faith that a bunch of alt-Leftists are trust worthy. Look at the U.S., mayors who trust them get their cities trashed."

      What's the "alt-left" got to do with any of this?

      You think privacy is an "alt-left" construct?

      Or do you just like to to project your insecurities by spouting meaningless shite?

      1. Anonymous Coward
        Anonymous Coward

        Re: Everybody's ethical

        Don't you know? Anything that can possibly look like you care about anyone or anything but yourself is Left.

        1. Anonymous Coward
          Anonymous Coward

          Re: Everybody's ethical

          "Don't you know?"

          The alt+Left certainly does care about everybody's business but run so few of their own. Perhaps all these alt+Left SJWs are more about sprouting and forcing their own political agendas and weird oh-so-high-minded thinking than really honestly caring. Politically, with a few caveats e.g. universal health care, I tend to prefer libertarians who just want to stay out of my business.

          The result of a communist revolution is supposedly an alt+Left socialist utopia. Some utopia though: the socialist regime operating in mainland China outlaws privacy wouldn't you know .. it also puts scores of people to death .. and even has harvested organs from dissidents so .. so much for socialists and their caring, I don't believe them.

          1. anonymous boring coward Silver badge

            Re: Everybody's ethical

            What is "Alt-Left"?

            Why do you seem to think anyone to the left of the Nazis want the Chinese system?

            1. Anonymous Coward
              Anonymous Coward

              Re: Everybody's ethical

              The Nazis were left:

              Nationalsozialistische Deutsche Arbeiterpartei (English: National-Socialist German Workers' Party)

              They believed in the state controlling everything, including the business community. Not in the communist sense of centralization of production, but politically and socially. If someone had a non alt+Left opinion on things, they would lose their jobs, and or be jailed or even executed. Abortion, euthanasia and eugenics generally were was allowed in as much as they fit the vision of the state. Business were allowed to profit but they too existed to serve the vision of the socialist state.

              Look at the chill the alt-Left wants to put on dissenting opinion today. Brendan Eich made some some contribution years ago that the alt+Left found (after combing through the records looking for dissenters and victims) .. look what happened to him .. the axe.

              So ... I just don't buy it. Thanks but no thanks on socialism, the alt-Left, and SJWs.

              1. anonymous boring coward Silver badge

                Re: Everybody's ethical

                I know the Nazis were National Socialists. The key is in the name. You wasted a lot of words there.

                However, traditionally people call them ultra right. Probably because they were total assholes who cared about no-one but themselves. It's a theory anyway.

                Still have no idea what Alt-Left might be. I know that Alt-Right is the same as the old shit-Right morons on Breitbart and such places. Guess the "Alt" bit signifies that they are new younger versions of the old dying off breed of morons. That's the only explanation, as there is absolutely no other difference between a new nazy and an old one.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Everybody's ethical

                  @ anonymous boring coward

                  Yes, I know the Nazis were National Socialists. The key is in the name. You wasted a lot of words there.

                2. stephanh Silver badge

                  Re: Everybody's ethical

                  Alt-left is what Mac users call option-left, and what Emacs users call meta-left.

                  1. Charles 9 Silver badge

                    Re: Everybody's ethical

                    "Alt-left is what Mac users call option-left, and what Emacs users call meta-left."

                    I thought that was Command-Left (The Command key being the one with the loopy graphic on it).

                3. tiggity Silver badge

                  Re: Everybody's ethical

                  If we trust names (without any research) then North Korea is democratic...

              2. Voyna i Mor Silver badge

                Re: Everybody's ethical

                "Nationalsozialistische Deutsche Arbeiterpartei (English: National-Socialist German Workers' Party)"

                Come off the lies and distortions.

                Hitler took over a mild left wing party and turned it into a far-right party with armed militias, but he kept some of the socialist things in the manifesto until he attained power, whereupon they were dropped.

                The Nazis were not just a right wing party but a gangster party, literally. They put their officials into German businesses in order to loot them, but in exchange they passed and enforced laws limiting the rights of workers - including pay cuts. In exchange for keeping the likes of Goering and Himmler rich, people like Thyssen could so what they liked with their workforce. Let's remind ourselves that "left wing" politics is about the middle and lower classes - the proletariat - having political power. In Germany, they didn't.

                Now, Mussolini explained quite clearly what fascism was. It is a political system in which the government works hand in hand with big business, and workers only have such rights as their bosses choose to give them. It is borrowed, in fact, from Imperial Rome, where the Senators were, basically, the heads of the Mafia families and the Knights ran the businesses, and the mob did what it was told.

                So Hitler acknowledged that his system was fascist, and since giving all power to the rich is clearly the exact opposite of socialism or communism, fascism is far right.

                I'm not going to comment on the system of at-will employment in some US states or how it maps onto those political systems, but the parallels may be thought to be fairly obvious.

                The lie about the Nazis being socialist was a big lie (as explained by Goebbels) that is popular with the Right today as it tries to explain why it is definitely not Nazi. But it is a lie, and you are propagating it.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Everybody's ethical

                  @ Voyna i Mor

                  You're gonna tell us your version of WWII now, eh? It was the National-Socialist German Workers' Party - 'too bad so sad not' that it doesn't look good for and exposes somewhat the alt+Left and socialist agendas out there today. State and business working together is all about what socialism is all about.

                  But next time the alt+Left is screaming for someone to lose their job, or eugenics should be expanded, or that a dissenter should be jailed, or that someone shouldn't be allowed to speak freely at a campus, think about it.

                  1. anonymous boring coward Silver badge

                    Re: Everybody's ethical

                    Sorry, but you have very large knowledge gaps. You are simply confused, and don't realise how much more there is to know than your limited understanding.

                  2. Captain DaFt

                    Re: Everybody's ethical

                    Horseshoe political theory: The further right or left you go from center on the political spectrum, the more the opposing sides resemble each other.

                    Far left and far right (or alt-left/alt-right if you prefer) resemble each other in their belief in the right to force their will on the populace with the only difference being the specific beliefs they are espousing. Instead of being complete opposites on a spectrum, they sit side by side.

                    Basically, human nature at its worst; the more you're convinced that you're right, the more you're willing to use force to enforce your agenda.

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: Everybody's ethical

                      It is important to remember that the political spectrum has moved far to the right since the 1950s. There have been some human rights gains made since then, but those are in danger of being rolled back in Trumpistan and I'd bet England too.

                    2. Charles 9 Silver badge

                      Re: Everybody's ethical

                      Also the less likely one is to accept a dissent since an overbearing sense of right implies anyone else is dead wrong and cannot be trusted. Even contrary facts can be dismissed as hearsay or, in the extreme case, self-delusion caused by The Enemy.

                    3. tom dial Silver badge

                      Re: Everybody's ethical

                      The political spectrum is not one-dimensional. The "horseshoe" theory, therefore, is rubbish. The cited article, implicitly taking the Christian fundamentalist position in the US as opposite to the Muslim fundamentalist position in (presumably) the Middle East is rubbish too.

                      1. anonymous boring coward Silver badge

                        Re: Everybody's ethical

                        "The "horseshoe" theory, therefore, is rubbish."

                        It's not rubbish. Not being complete or perfect doesn't make something rubbish. It's a tool for critical thinking that will need further refinement.

                  3. Voyna i Mor Silver badge

                    Re: Everybody's ethical

                    "You're gonna tell us your version of WWII now, eh? It was the National-Socialist German Workers' Party - 'too bad so sad not' that it doesn't look good for and exposes somewhat the alt+Left and socialist agendas out there today. State and business working together is all about what socialism is all about."

                    I find your ignorance depressing.

                    The name is irrelevant - look at the Democratic Republic of the Congo, which was not democratic, or the remark made of the Holy Roman Empire, that it was neither holy, nor Roman, nor an empire (it was, basically, Germany). When looking at parties, see what they do. If they shoot the opposition, exploit the workers, and enrich the party bosses and the big businessmen - they are fascist, not socialist.

                    Socialism says that the state should own the means of production, distribution and exchange. There are no enterprises, just businesses supplying social needs and run by elected officials.

                    The so-called Third Way is a mixture of public (usually infrastructure) and private business. Government regulates business. It may be democratic (Western Europe) or not (China).

                    My version of WW2? German expansionism led to a power grab across the East and the conquest of France and the Low Countries, initially rather feebly opposed by Britain while the US continued to profit from trade with Germany. But then Germany invaded the Soviet Union, which surprised them by not collapsing, and the US became involved in a war with Japan which led to its also becoming involved in the war against Germany. The US defeated Japan and the Soviet Union defeated Germany, with some sideshows involving the British and, in Europe, the US.

                    Two large democratic countries and one quasi-socialist dictatorship defeated two fascist régimes.

                    In 1945, as a result of fighting fascism, the UK went briefly socialist.

                    1. Charles 9 Silver badge

                      Re: Everybody's ethical

                      Look, either way can get you into trouble. Overbearing socialism means Big Brother Is Watching You. Meanwhile, unfettered capitalism means Robber Barons Have You For Lunch. Both are extremes of control, and unfortunately that's a natural consequence of the human condition. Apply it to a sociopath or two, and this is the natural result. And because of their extreme need to control (which includes other humans), any attempt to thread the needle has to defy their gravities or you just end up gravitating toward one or the other extreme. It doesn't help that the average human is amenable to these sociopaths.

                      1. Sandtitz Silver badge

                        Re: Everybody's ethical

                        "Look, either way can get you into trouble. Overbearing socialism means Big Brother Is Watching You. Meanwhile, unfettered capitalism means Robber Barons Have You For Lunch."

                        I agree with your comment.

                        Eventually, after centuries or millennia, in a capitalist system all property could end up in the hands of a single entity, which would replace the traditional governments.

                        I can't see that differing from a pure socialist state where the governments own and dictate everything.

                        1. Anonymous Coward
                          Anonymous Coward

                          Re: Everybody's ethical

                          "I can't see that differing from a pure socialist state where the governments own and dictate everything."

                          Only difference is the motivation: State entity wants good for their people (at least on paper) or world domination, the single entity wants more money for itself.

                          Both consist of less than 20 individuals and basically are the same thing with different name.

                          It's obvious that in US and EU elections are totally irrelevant and any politician is a paid puppet of big money already at candidate status.

                          Capitalism (=money) has trumped over democracy, 6-0.

                          That can't be changed by any democratic means when money owns the army too.

                          1. tom dial Silver badge

                            Re: Everybody's ethical

                            There is not a lot of reason to think that Lenin and a lot of his followers did not want good for their people - and that may well include Stalin. One problem was that at the time of the 1905 and 1917 revolutions Russia did not meet the theoretical prerequisites of Communism, so it was seen as necessary to hasten things despite the fact there was no significant proletariat. Another problem was, and is, that the human nature assumed by Marxian theory conforms poorly to the actual behavior of unconstrained people. The second is a fatal flaw, and requires that communist societies have a state to enforce proper communist behavior, a state that, contrary to Marx and Engels, never will wither away.

                            1. Charles 9 Silver badge

                              Re: Everybody's ethical

                              In other words, the basic human condition actually doesn't lend itself well to large societies. Even if you try to take the competitive nature into consideration, people along the way will start to change the rules. It's like the perennial problem with tax codes and other "necessary but unpopular" governmental necessities. People eventually gain the ability to cheat the system: either by locating loopholes or simply getting far enough into the government to change the rules directly.

                      2. Anonymous Coward
                        Anonymous Coward

                        Re: Everybody's ethical

                        " Overbearing socialism means Big Brother Is Watching You"

                        Semi-true: That can happen (DDR) but by that definition US and UK are overbearingly socialist countries now.

                        By US standards Germany is definitely a socialist country and they've specifially made the point of big brother not watching you, so I don't really buy this definitiön.

                        1. Charles 9 Silver badge

                          Re: Everybody's ethical

                          "Semi-true: That can happen (DDR) but by that definition US and UK are overbearingly socialist countries now.

                          By US standards Germany is definitely a socialist country and they've specifially made the point of big brother not watching you, so I don't really buy this definitiön."

                          One, by your standard Germany is not overbearing. And two, how can one be sure Germany isn't actually watching its citizens on the sly?

                  4. Anonymous Coward
                    Anonymous Coward

                    Re: Everybody's ethical

                    "State and business working together is all about what socialism is all about."

                    I see you don't have any idea what socialism is about. In proper socialism there is no such thing as "business".

                    it's not needed and serves no function, as it exists solely for making rich people even more rich. Why socialism would have anything like that?

                2. Updraft102 Silver badge

                  Re: Everybody's ethical

                  "Right" and "Left" assume that a sum total of all political belief can be placed on a monodimensional spectrum. As such, it fails to mean all that much anymore.

                  There's not a great deal between communism and fascism in practice. They're both collectivist, totalitarian ideologies that can only continue to exist by means of extreme repression, purges, disappearances, secret police, censorship, and propaganda. If you're creating a right-left spectrum and place these two ideologies on the extreme ends, you form a spectrum from "total censorship" on the left to "total censorship" on the right, and the same with all of that other stuff.

                  What I do know is that what people on the "right" in the US believe is about as far from both fascism and communism as can be. Low regulation, low taxes, small government, individual liberty, the free market... none of those exist at all in either fascism or communism. Ayn Rand, heroine of many on the right, dismissed both as collectivist, and on that I agree with her. It doesn't make a great deal of difference whether a government regulates business to the point that it may as well be government owned or whether it takes that final step and nationalizes it so that it actually is government owned. In fascism, the captains of industry are given party position and government power even while power over their own business is minimal, where in communism, to be a captain of industry means being a party member in the first place. It's a distinction without a difference. The same goes for a government that demands undying allegiance to the state and a government that demands undying allegiance to the "revolution," which is in practice identical to the state.

                  It's easy to get caught up in the rhetoric of what communism and fascism are supposed to be about, but the rhetoric isn't reality. Communists like to talk about being a worker's paradise or a dictatorship of the proletariat, but that key feature of communism has never and will never exist in any communist state. They like to talk about a stateless society, which SOUNDS like the opposite of "the state is everything" mentality of the fascists, but in reality the state is everything in communism as well. The rhetoric is different, but the reality is identical. Which matters more? Do you think the talk of communism being a dictatorship of the proletariat meant anything to the millions of Ukranian peasants (part of the proletariat) who were being deliberately forced into starvation during Stalin's collectivization? Talk is cheap; results are what I look at.

                  If you oppose totalitarianism so strongly that you have extreme suspicion of ANY government, and you thus want to reduce it to the absolute minimum possible, in the US at least, you'd be considered a libertarian, which is very much in line with Ayn Rand's "objectivism." If Rand and libertarianism are right, then fascism cannot be anything but left. That's a spectrum that makes sense; you have massive government that controls everything on one side and almost anarchy on the other. I hesitate to declare that anarchy would sit at the other end from totalitarianism, as most "anarchists" in practice support left-wing politicians who seek to impose massive government, which is anything but anarchist. What they really appear to be is people who like to shock others by being the members of a fringe movement, even though they vote for parties advocating massive government. The rhetoric means nothing; the vote counts.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: Everybody's ethical

                    "They're both collectivist, totalitarian ideologies that can only continue to exist by means of extreme repression, purges, disappearances, secret police, censorship, and propaganda"

                    Both apply to modern US quite well. But it is literally a corporativism now: Corporations buy the laws as they wish and anyone opposing is censored to oblivion.

                    Secret police? Check

                    Propaganda? Check

                    Disappearances? Check

                    Collectivist? Check (in form of corporations)

                    Totalitarian? Check (police is basically a copy of SS now)

                    " If Rand and libertarianism are right, then fascism cannot be anything but left."

                    They aren't and they know it, because they advocate basically fascism but vehemently deny doing so. Fascism is the coalition of government and corporations against the People and that's exact opposite of what leftism is and means.

                    Rand isn't that stupid, he knows what it means. He just lies to get money because if said the truth about fascism, he wouldn't be paid anything.

                    If the word has wrong meaning to you, use propaganda (and money) to change the meaning. That's the oldest trick in the books since feminism.

                  2. Orv Silver badge

                    Re: Everybody's ethical

                    "What I do know is that what people on the "right" in the US believe is about as far from both fascism and communism as can be. "

                    I have to disagree because it's not just about economics. For example, the right wing in the US feels that the government should prohibit sexual relations between people of the same gender. How is controlling people's bedroom behavior not fascist in intent?

                    1. anonymous boring coward Silver badge

                      Re: Everybody's ethical

                      It's absurd to the extreme. Wanting to control peoples sexual preferences, while allowing lethal semi-automatic firearms begin sold.

              3. AlbertH
                Headmaster

                Re: Everybody's ethical

                Just read up on the"Frankfurt School" and discover where most leftist "thinking" came from, how they subverted the media, introduced "political correctness", and have largely taken over education throughout the world. There's a pretty good Wikipedia entry about them!

                1. anonymous boring coward Silver badge

                  Re: Everybody's ethical

                  "Just read up on the"Frankfurt School" and discover where most leftist "thinking" came from"

                  You sound like a very well read and intelligent person... ;-)

                  That was sarcasm, in case you are unable to recognise it.

              4. Doctor Syntax Silver badge

                Re: Everybody's ethical

                "National-Socialist "

                It's called "getting rid of the difficult bit in the title".

      2. Anonymous Coward
        Anonymous Coward

        Re: Everybody's ethical

        @Sorlax

        Thanks for the reply. What's alt+Left got to do with it? I visited the Purism's website and was met with alt+Left sounding language. perhaps they're not. But that's why I said I would want to know more about them!

        Do I think privacy is an alt+Left construct? Absolutely not! It more libertarian (which is sort of to the right) as socialists tend to want to get up all in your business and then tax you for it (just look at the socialist/communist regime running mainland China). Privacy is important for everyone and should be reasonably protected. I said "reasonably protected" because humanity is still at the stage where terrorism and violence is still running rampant, and gov'ts need the ability to hold a warrant on those they reasonably suspect are plotting violence.

        Do I just like to project my insecurities? Um, Maybe! I think I'm just expressing my doubts:.

        Out of nowhere: Purim's laptops will keep you safe and private!

        I'm just expressing that I would want to investigate further this "magic bullet" that is this oh-so-high-minded Purism.

        1. Snorlax Silver badge

          Re: Everybody's ethical

          @Stephen Battleware:"I visited the Purism's website and was met with alt+Left sounding language."

          Oh my! You poor snowflake. And you were so triggered, you had to come straight back here and report your findings?

          I think you need to seek some kind of psychiatric help. Genuinely.

          1. Anonymous Coward
            Anonymous Coward

            Re: Everybody's ethical

            @ Snorlax

            "I think you need to seek..."

            When your point of view is shown wanting, there's always the ad hominem, eh?

            1. Snorlax Silver badge

              Re: Everybody's ethical

              @Stephen Battleware: No, that wasn’t an ad hominem. I genuinely think you need some kind of psychiatric counseling...

              1. Anonymous Coward
                Anonymous Coward

                Re: Everybody's ethical

                Snorlax

                Put the mirror down, your thinking's not that pretty.

              2. tom dial Silver badge

                Re: Everybody's ethical

                I don't claim to know the meaning of "alt+left," but recommending Stephen seek psychiatric counseling seems a lot like I thought from the context that it might be. Among my acquaintances, the judgment that those of materially different opinion are likely to be mental is pretty much absent among the more or less Libertarian and never seems far from the surface among those who identify as progressive.

                1. anonymous boring coward Silver badge

                  Re: Everybody's ethical

                  Anyone throwing "alt-left" around needs some kind of help. Perhaps it's just help in understanding things a bit better.

            2. Uffish

              Re: Ad hominem

              If the straightjacket fits...

        2. Doctor Syntax Silver badge

          Re: Everybody's ethical

          "I visited the Purism's website and was met with alt+Left sounding language."

          I've no idea what alt+Left sounding language is. However, I do know that Purism have been around for a good while. I think of them as the hair-shirt wing of the FSF.

      3. Orv Silver badge

        Re: Everybody's ethical

        "You think privacy is an "alt-left" construct?"

        In the US anything with a whiff of intellectualism is now considered leftist. Also anything that has the EFF or the FSF involved is going to be considered suspect because the right views them as a bunch of commie hippies.

        1. Updraft102 Silver badge

          Re: Everybody's ethical

          Pseudo-intellectualism is considered leftist. Big difference.

          The EFF opposes the big-government totalitarian regulation of speech and communication. Commie hippies? Please! It's the commies that want the big government and the regulation of speech in the first place. They're more libertarian than left.

          As far as FSF... there have been some who call it communism, including some within the free software movement, but there's nothing whatever left or communist about it. People collaborating voluntarily to create products that do not generate a profit isn't left at all. People associating voluntarily and deciding for themselves what to do with their labor and the fruits thereof is very much in line with libertarian ideals, typically thought of as right-wing. Libertarianism, at its heart, has one simple premise: People should be free of coercion. People volunteering their time to work on a free software project is free of coercion.

          Communism, on the other hand, is all about coercion. Not the pretend fantasy-land view of what socialist society will become, but the reality. It's all about coercion. People getting together and making a product without government interference, according to their own goals, just because they want to, is about as far from communist as one can get.

          1. Charles 9 Silver badge

            Re: Everybody's ethical

            I think part of the problem with your thought is the human condition itself. You NEED some coercion, or people will cheat. Libertarianism sounds too utopian without someone there to keep things fair, and the human condition means ANY position of control can be corrupted beyond any checks or balances that can be made by man.

          2. Voyna i Mor Silver badge

            Re: Everybody's ethical

            "Communism, on the other hand, is all about coercion. Not the pretend fantasy-land view of what socialist society will become, but the reality. It's all about coercion. People getting together and making a product without government interference, according to their own goals, just because they want to, is about as far from communist as one can get."

            No. Read Marx.

            I personally think Communism is unworkable pie in the sky, and is just another Utopian dream like Christianity.

            Under Communism the State is supposed to wither away, and people will have evolved to the point at which they voluntarily work for the good of everybody.

            The earlier state of socialism requires coercion (but so does capitalism, or where does the workforce come from) because it is an imperfect state on the way to Communism.

            This explains why the USSR was (a) called the USSR and (b) had a Communist Party. The states were supposedly socialist republics. They were supposed to be run by a Communist Party which would raise the consciousness of the workers until they ceased to need managing and pure communism would evolve, at which point the Party itself would cease to exist, being unnecessary.

            Reading the non-economic bits of Kapital reminds you frequently that Karl was the grandson of a rabbi.

            1. anonymous boring coward Silver badge

              Re: Everybody's ethical

              Marx himself didn't believe in communism. It was more of a mental exercise for him.

              He dabbled in dealing in shares with a little success towards the end of his career.

            2. Charles 9 Silver badge

              Re: Everybody's ethical

              "Under Communism the State is supposed to wither away, and people will have evolved to the point at which they voluntarily work for the good of everybody."

              Which as reality notes is probably too utopian to be believable. It goes against the primal human instinct to compete. After all, the world's not infinite, and another primal desire is to be the one to leave progeny instead of the neighbor. That's likely why human social structure doesn't stay too stable beyond tribes and clans.

              Communism requires everyone to play nice, which isn't going to happen. Pure libertarianism is similarly too utopian, though from a different angle.

  15. lifetime security

    Intel has been very secretive about a lot of their code but a vendor that used Intel code in a certain processor turned of static code analysis (Klockwork) because it was giving 'Too many errors'. When we went to a white hat hacking company they found 14 P0 vulnerabilities without access to the source code in 3 days. Intel denied that they had problems.

  16. Snowy
    Holmes

    Sure

    What one command disables another turns back on again.

  17. Anonymous Coward
    Anonymous Coward

    Does anyone truly know what is running in that binary blob which is needed to get 15 million raspberry pis booted?

  18. Doctor Syntax Silver badge

    "Does anyone truly know what is running in that binary blob"

    Of course. The team that wrote it.

    1. Charles 9 Silver badge

      Not necessarily. Does the left hand know what the right hand is doing and so on?

  19. Lomax
    Big Brother

    I don't trust any computer - much less when it's connected to other computers.

    1. Anonymous Coward
      Anonymous Coward

      Given that one could easily extend this to people (they're computers in a sense, too) AND that you're a person, does that mean you don't even trust yourself?

      1. Lomax
  20. Updraft102 Silver badge

    AMT is not supposed to be enabled in "consumer" CPUs; if these are the ones used in any given PC, doesn't the problem take care of itself?

    I tried the Intel AMT checking tool on my PCs, and the one I am using now, the Sandy Bridge/Cougar Point PC, as well as my Merom/Crestline laptop. The Sandy affirmed that AMT did not respond to requests and is thus free of the bug, and the Merom said that it could not figure out if AMT was there or not. Merom is Core 2 Duo, a generation earlier than Nehalem, which has been cited in the media as the earliest platform that has the AMT bug, FWIW.

  21. Anonymous Coward
    Anonymous Coward

    Apple doesn’t ship AMT

    AMT is not shipped on any Apple MacBook or Mac

  22. Anonymous Coward
    Anonymous Coward

    Now, let's see:

    Quote: "Nonetheless, Chipzilla will disable this administrative window [...] in its CPUs for demanding government customers."

    This presents a slight mystery: surely, if it's such a brilliant thing for the end user, they'd be turning it /on/ for "demanding customers", and only in exchange for extra money, rather than the opposite. :-)

    1. tom dial Silver badge

      Re: Now, let's see:

      HP, for what it's worth, offers AMT on business-targeted PCs and laptops. By my recollection, it is a non-default option offered at a cost somewhere between 0 and around $15. I do not recall seeing it available on consumer grade equipment. Other vendors may differ.

  23. dlc.usa
    Happy

    Relevance of Link to https://haspoc.sics.se/material/HASPOC_platform_overview.pdf

    This is not documenting the NSA HAP specification based upon Intel x86_64/ME motherboards. Rather, it provides an overview of an apparent parallel effort to design a High Assurance Platform by an organization named High Assurance Security Products On COTS platforms (HASPOC) using a Swedish domain and, most interestingly, their design is based upon ARM, not x86_64. I do not know why this was cited in the article, but I am quite happy you brought this group and their work to my attention.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019