If I want a secure computer should I go with an older one with no intel ME or a newer one with secure boot and TPM?

  • Registration closed, comedy forum, Internet drama, Sneed, etc.

Likely

kiwifarms.net
Joined
Dec 29, 2013
I am NOT jumping into this pool of spergery, but I got curious and started doing some research on ME today.

There's lots of resources available, and hacker conferences about messing with it.
The long story short is that if it were malicious, you would not expect it to be designed the way it is. It's a modular system and different parts can be turned off (and by that I mean completely wiped out) independently without interfering with the boot process. It's not tamperproof in the way that you would expect an espionage system to be. On newer generations it can be turned off easily(ish) if you have the right equipment.

Despite all the claims I've heard, it's not encrypted, just encoded to save space. People have gotten around this without too much headache.

I am NOT making the claim that it's not a backdoor. I am saying that it's a very oddly designed backdoor if it is one.
It's a suboptimal design from a personal privacy perspective; however, extremely useful for businesses to have to manage their fleet. It's hardened and intel (and amd with the psp) likely are not giving the feds backdoors. Although they likely have built and signed a compromised version for the NSA with the intent exemption of it only being used in lab/forensic scenarios. China, Russia, etc that deploy intel boxes at scale probably verify the firmware as part of oob. Also, that's why china pours so much money into homegrown x86 and riscv shit - even though that stuff is still kinda garbage, it's open and you can be sure the US doesn't have their hooks into it.

The NSA probably has some good intel ME exploits that they sit on and deploy against iran, best korea.

I think most privacy experts are more nervous about the precedent, than the actual implementation.
 

Spasticus Autisticus

kiwifarms.net
Joined
Dec 4, 2013
If you're interested, Purism makes new laptops with ME disabled, though they are expensive and I can't personally vouch for them as a company. I can give my opinions on the similar company Pine64, however: stay the fuck away.
What's up with Pine64? I have been looking at their RockPro64 as a more powerful alternative to the Raspberry Pi. The only thing I can find about them that might be a problem is they are in Hong Kong, but everything comes out of China at some point anyway.
 

Rusty Crab

cowboy hats are crab hats
kiwifarms.net
Joined
Jun 20, 2020
What's up with Pine64? I have been looking at their RockPro64 as a more powerful alternative to the Raspberry Pi. The only thing I can find about them that might be a problem is they are in Hong Kong, but everything comes out of China at some point anyway.
My customer experience with them has been horrible in the most baffling ways. I got their (at the time) most expensive phone and it simply did not function at all. You could not survive an hour without it crashing or the battery meter going sine wave mode.

I came to their community and developers directly with these problems and was met with "lol yeah that happens a lot"

????????
 

Spasticus Autisticus

kiwifarms.net
Joined
Dec 4, 2013
My customer experience with them has been horrible in the most baffling ways. I got their (at the time) most expensive phone and it simply did not function at all. You could not survive an hour without it crashing or the battery meter going sine wave mode.

I came to their community and developers directly with these problems and was met with "lol yeah that happens a lot"

????????
Oh, yeah, the Pinephone was kind of a disaster from what I hear. But I figure the RockPro64 has been around for so long, they've probably got the kinks worked out of that, plus it's not as intricate as a smartphone. I just wish the RPi4 wasn't still on such a slow SoC. I wanted to turn one into a scanner with SDR dongles but it couldn't decode digital trunking fast enough.
 

Govt. Shitposting Machine

Spread the love, give a family member HPV today
kiwifarms.net
Joined
Feb 27, 2020
If whatever you're doing is actually important enough to warrant this much worry tbh I'd just use multiple computers, each with a specific purpose in mind. Kinda like this fella.
Also I'd go with no Intel ME, I think there's some laptops/MBs that still have Secure Boot and the like without the CPU backdoor but I may be stupid so you should look into that yourself.
Also also invest in carrier pigeons. You can never go wrong with that. Trust me. You will need them.
My customer experience with them has been horrible in the most baffling ways. I got their (at the time) most expensive phone and it simply did not function at all. You could not survive an hour without it crashing or the battery meter going sine wave mode.

I came to their community and developers directly with these problems and was met with "lol yeah that happens a lot"

????????
Yeah Pine64 has shit communication between them and customers, staff (and people experienced in mobile Linux) assume everyone else but them is retarded and tell them to RTFM even though sometimes, just sometimes, they do send duds.
Also I hate how their most active place is that huge Telegram/IRC/Discord server, sometimes I've found fixes for important things that weren't posted anywhere else deep within the chat and had to search and scroll for hours...instead of just yknow posting it on the forum, so it'll be easier for people to find, instead of locked behind two walled gardens and IRC which lol good luck finding old posts.
idk about the battery issues but I'll say crashing is mostly because software right now is dog shit and unoptimized, if you're not a programmer your best bet is to wait it out or use it for whatever you would have used a RasPi for, not because it's useful it's just funny on a tiny phone
 

DaddyDickDown

နပငင
kiwifarms.net
Joined
Jul 29, 2021
lol yea man get that old shit because I’m sure you’ll be able to patch any bug you come across.
 

Badungus Kabungus

Z
True & Honest Fan
kiwifarms.net
Joined
May 6, 2020
Oh, yeah, the Pinephone was kind of a disaster from what I hear. But I figure the RockPro64 has been around for so long, they've probably got the kinks worked out of that, plus it's not as intricate as a smartphone. I just wish the RPi4 wasn't still on such a slow SoC. I wanted to turn one into a scanner with SDR dongles but it couldn't decode digital trunking fast enough.
Eh, the Pinephone came with several disclaimers for a reason. The Braveheart edition was never meant as a daily driver. But yeah, mine's fucked too until I take a soldering iron to it.

I'm using the Pinebook Pro very often though, it's worth a look.
 

AlephOne2Many

the late nightmare special
True & Honest Fan
kiwifarms.net
Joined
Jan 5, 2015
From what I've seen the only truly secure way to use a desktop or laptop is with an operating system that doesn't have persistence.
 

Likely

kiwifarms.net
Joined
Dec 29, 2013
the Pinephone was kind of a disaster from what I hear.
I think the soy electronics press kinda picked it up as like a workable, free alternative to android. When in fact it's a developer device with literally every corner cut just so it can get into the hands of developers. I think it's probably fine if you're doing alternative OS development.

From what I've seen the only truly secure way to use a desktop or laptop is with an operating system that doesn't have persistence.
Eh, there are still attacks on a system without persistence. Lol.
 

Bat Dad

Do not cross the Bat Daaad!
True & Honest Fan
kiwifarms.net
Joined
Aug 9, 2019
When in fact it's a developer device with literally every corner cut just so it can get into the hands of developers
IDK about the Pinephoine, but when you go to buy the PineBook there was a huge warning disclaimer with exactly this sentiment. The Pine64 forums were full of people who did not heed that advice. So then you get a bunch of salty devs there and customers get a poor user experience. I've seen that happen too many times with kickstarter and IGG projects (Pebble, PocketCHIP etc)

Edit: I didnt click throught the process to buy, but this is on the product page
Screenshot 2021-11-10 014722.png
 

Rusty Crab

cowboy hats are crab hats
kiwifarms.net
Joined
Jun 20, 2020
IDK about the Pinephoine, but when you go to buy the PineBook there was a huge warning disclaimer with exactly this sentiment. The Pine64 forums were full of people who did not heed that advice. So then you get a bunch of salty devs there and customers get a poor user experience. I've seen that happen too many times with kickstarter and IGG projects (Pebble, PocketCHIP etc)

Edit: I didnt click throught the process to buy, but this is on the product page
View attachment 2704030
This disclaimer is an extreme understatement. Probably to the point of a class action lawsuit if people cared enough. The device hardly works by any metric, even as a development toy.

I could deal with the Linux distro just fine. I could not deal with the random hardware resets and the screen dying every few minutes. I was told this was completely normal.
 

XYZpdq

fbi most wanted sskealeaton
True & Honest Fan
kiwifarms.net
Joined
May 25, 2013
iirc basically back to Pentium 1 there's enough unique markers that you're fucked when you put it online
keep it offline or don't store your catrape on it
 

Spasticus Autisticus

kiwifarms.net
Joined
Dec 4, 2013
iirc basically back to Pentium 1 there's enough unique markers that you're fucked when you put it online
keep it offline or don't store your catrape on it
Pentium III was the first one with unique identifiers if I recall correctly. I remember the huge stink that created in the tech press at the time. Now everyone just kind of accepts that every device we own has more or less a manufacturer-embedded rootkit.
 

Blood Bath & Beyond

Russian Bot
kiwifarms.net
Joined
Mar 21, 2019
Get a Linux distro, don’t run sus applications, don’t fall for scams and don’t go out of your way to do shit that is going to get the Feds looking into you. Congrats, you’re secure*.

*secure as you can reasonably be. given enough time and skill anyone can be pwned.