Apple

I think I know the answer to this, but I want to hash it out and make sure ...

So, let's say I have a recent (2014) macbook air and I load a completely free-as-in-freedom Linux distro on it.

On the one hand I have a free, open source OS with free open source programs (sshd, screen, xterm, etc.), so that's nice.

But on the other hand, the macbook air is incapable of running libreboot or some other free bios replacement, so there could be a very, very deep backdoor or malicious code running on my system at a very deep level that I can never do anything about.

And then on top of that, presumably there are some hardware pieces (wifi card, sound card, whatever) that don't have free drivers, so then I need to use black-box binary blobs (or just not have sound or something).

Is that it ? Suspicious black box bios and (possibly) suspicious black box hardware drivers ... are there any other pieces I am missing here ?

No, you should not use an Apple product if you desire a free-as-in-freedom distro.

Firmware, both something akin to EFI, which is what your Macbook would use, and firmware 'blobs' loaded onto your wireless, sound and video cards, is no different than firmware directly on your devices like mice, disk controllers etc.

If you want a completely free computer, you're shit out of luck my friend, because blobs are everywhere. Read this to fully understand this paradoxical bullshit by the FSF: https://marc.info/?l=openbsd-misc&m=143355112811564&w=2

In any case, try something else. Apple isn't where you want to start.

Well... let me elaborate by saying that I am not necessarily looking for a "perfect" computing environment that has no non-free components.

Right now I am running OS X on a macbook air, so obviously I can compromise quite a bit.

What I *am* interested in doing is figuring out precisely where the dial is set. If I load a linux distro on a mac laptop, just where am I setting that dial ?

What components (besides BIOS, which we know for sure) would require non free-as-in-freedom code ?

I might even still use them. I probably will. I just want to *know*.

jsloan wrote: are there any other pieces I am missing here ?

Yes. The whole system architecture.
The northbridge on these systems, supplied by Intel, contains a separate processor called the Managability Engine that is totally invisible to the OS and bypasses all its access controls. It can be accessed remotely over the Internet to gain full, undetectable, control of the machine and cannot be turned off.
This on top of the 386SL System Management Mode, which executes invisibly to the OS and is still present in every x86 sold.

There's firmware in just about every corner of any computer these days. Ever heard of BadUSB ?

jsloan wrote: If I load a linux distro on a mac laptop, just where am I setting that dial ?

Somewhere slightly past the first green mark. Most third-graders probably couldn't hack in.

Let's face it : there's no way to know what's inside any modern computer. But we do know the NSA, Google, Apple and Mickeysoft (among others) are not our friends. Therefore, any real security means, "don't put anything in your computer that you don't want painted on the bathroom wall down at the Greyhound station."

When I first read 1984 there were obvious flaws in the mechanics. But since then we've conquered those barriers. Between Wikipedia, Facebook and Bank of America, George would be smiling and handing out ceegars. People now spend goodly sums of time and money buying their own telescreens.

Who is number one ?

robespierre wrote:

jsloan wrote: are there any other pieces I am missing here ?

Yes. The whole system architecture.
The northbridge on these systems, supplied by Intel, contains a separate processor called the Managability Engine that is totally invisible to the OS and bypasses all its access controls. It can be accessed remotely over the Internet to gain full, undetectable, control of the machine and cannot be turned off.
This on top of the 386SL System Management Mode, which executes invisibly to the OS and is still present in every x86 sold.

Ok, thank you. This is the kind of answer I was interested in.

Isn't this true of any laptop though ?

I think the Bunnie Huang laptop has a northbridge in it. There are one or two "golden" old thinkpads that the super-free diehards always recommend, but I don't know if those are old enough to not have northbridge.

How would you avoid this ?

Using an older laptop that's too stupid to have these kinds of things?

PowerPC forever.

(I'm only being half-facetious.)

jsloan wrote: How would you avoid this ?

Standard, time-tested methods - trust no one, keep a low profile, don't make waves, keep any of yer damn individualist idears very very quiet, when they kick you in the teeth smile and say, "thank you, sir !". Them niggers all had it coming to them anyhow. Fucking protesters made me late for work, damn them. Vote republican, vote democrat, applaud Bruce Jenner who has always been a woman inside and all the other ridiculous politically-correct horseshit you are supposed to be occupied with. (I have personally always been a giraffe inside, but I can't afford the surgery ) But whatever you do, don't think about what the assholes you are voting for really do. The Trans-Pacific Partnership is really about 'free trade ! and a glorious future for all beings !' not a transparent attempt to control the world like a mentally-retarded twenty-first century Roman Empire. We have always been at war with Communism ! Bang that drum ! Wave that bloody shirt ! Run in circles crying and screaming The Tewwowists are cumming ! the Tewwowists are cumming ! Oh waht shall we do ?! Hep me ! hep me ! Lock me nekkid in a cage, butt-rape me three times a day, anything, just please sir keep me saaaafe ! Waaah ! waaah ! Go to lots of sports events and cheer loudly. Parrot all the stupid crap printed in the press. Join Faceblob and twitter endlessly about what your cat ate for breakfast. Be a good little serf and maybe you won't get disappeared. Buy lots and lots of Apple products, the more pretentious and useless the better. Avoid thinking at all costs, it shows in your eyes.

Just the usual.

hamei wrote:

jsloan wrote: How would you avoid this ?

Standard, time-tested methods - trust no one, keep a low profile, don't make waves, keep any of yer damn individualist idears very very quiet, when they kick you in the teeth smile and say, "thank you, sir !". Them niggers all had it coming to them anyhow. Fucking protesters made me late for work, damn them. Vote republican, vote democrat, applaud Bruce Jenner who has always been a woman inside and all the other ridiculous politically-correct horseshit you are supposed to be occupied with. (I have personally always been a giraffe inside, but I can't afford the surgery ) But whatever you do, don't think about what the assholes you are voting for really do. The Trans-Pacific Partnership is really about 'free trade ! and a glorious future for all beings !' not a transparent attempt to control the world like a mentally-retarded twenty-first century Roman Empire. We have always been at war with Communism ! Bang that drum ! Wave that bloody shirt ! Run in circles crying and screaming The Tewwowists are cumming ! the Tewwowists are cumming ! Oh waht shall we do ?! Hep me ! hep me ! Lock me nekkid in a cage, butt-rape me three times a day, anything, just please sir keep me saaaafe ! Waaah ! waaah ! Go to lots of sports events and cheer loudly. Parrot all the stupid crap printed in the press. Join Faceblob and twitter endlessly about what your cat ate for breakfast. Be a good little serf and maybe you won't get disappeared. Buy lots and lots of Apple products, the more pretentious and useless the better. Avoid thinking at all costs, it shows in your eyes.

Just the usual.

you named it all..."BROT UND SPIELE (Copyright Joseph Goebbels)"

jsloan wrote: How would you avoid this ?

I don't know whether the chipsets from AMD, VIA etc have something equally nasty, at least they don't advertise that they do.

jsloan wrote: I think the Bunnie Huang laptop has a northbridge in it. There are one or two "golden" old thinkpads that the super-free diehards always recommend, but I don't know if those are old enough to not have northbridge.

I have an x220, runs well enough. It meets my needs for games and music but if you are seriously concerned about security, don't use a computer. At all. I hardly ever even browse the web anymore, unless I have to email and I'm not at work. It is about the same size as my old macbook air but faster than even my big mac pro.

Just keep using your macbook with OSX, which is presumably why you bought the damned thing in the first place. Keep it up to date and try not to think about our corporate and government overlords too much. I still have a macbook at the office and it meets my needs although boring but work tools are supposed to just do their job and get out of the way, which it does a very good job of.

The x220 is thinkpad #4 for me, after an a21,x30,x40. All of them I have fond memories of. I'm sure there are bad thinkpads but I haven't seen any. Avoid anything too old and anything 'gamer' oriented unless brand new. Mine was refurbished with warranty and windows professional license for $280 from the local e-recycler. It looks brand new

Paranoid much are we? Let's face reality for a second - Short of something like a Leemote you aren't going to find a fully open system. And are you really that paranoid about binary blobs? If you're that concerned with security...then act like it. Have a decent firewall, with IPS/IDS running (they can be separate machines from the firewall). Get yourself a copy of Nessus (disclaimer, I am a former employee of Tenable Network Security) and run regular scans on all of your hardware (including your network equipment) for vulnerabilities. Get a copy of PVS while you're at it, and examine your network traffic replays on a regular basis. Only allow internet traffic on a whitelist basis, etc.

I have a number of responses to the above postings, but I want to first discuss the computer-within-the-computer that is the Intel manageability engine (or whatever it is called in 2015) ...

It looks like there are a lot of tools for updating, configuring, and managing the IME ... or do I misunderstand with my google searching ?

I *think* I don't want to dive into that rabbit hole and introduce that complexity into my life ... but am I correct that if I did, there is in fact a way to control and monitor the behavior of the IME ?

In fact, it appears that the IME is sort of there for corporate IT to manage assets and access control and so it makes sense that there are super-super-user tools for managing and monitoring the IME ...

Comments ?

armanox wrote: Paranoid much are we?

We didn't get our turn in the Kool-Aid line so we think power that would give Joseph Goebbels a hard-on as big as a telephone pole is not a good thing. But hey, you're probably right, our Leaders are such honest, ethical people concerned for nothing but our welfare that any doubts are purely paranoia. No one in government or the corporate world (is there a difference ?) would ever screw us over. Absolutely not. No, never. Well, hardly ever ...

God damn, "hamei".... "Avoid thinking at all costs, it shows in your eyes" ... that is the face of communism ... and i've been there ...
After 25 years of democracy or maybe "learning democracy" i can say that the things that we don't see are the ones that matter ... the others are just obvious distractions ...
The thing that shocked me was that the people that i taught they were decent, intelligent and maybe mindful were in fact immensely stupid, careless and chaotic ... fear does that ... hides all that.
No ... a "reduced" world is not the answer ... because it reduces everything ...
Maybe the answer is to be in two places at once ... pretending you're in the middle but also looking from outside ... measuring, thinking ... making corrections.
The fact that the vast majority of people are sub-mediocre is the answer to this alter-control side of things ... put yourself in those (slick) shoes ...
To be able to create such programs ... to access that level of control for a chipset is a commodity for a very small group of people ...
I'm an electronist and i graduated the microelectronic section ... that means building and programming at low level (firmware) ...
I can tell you this is no job for everyone ...
My big concern is not that ... at all ... the problem is that more and more this techniques are less known and ... more and more the group of the people involved in building these systems are smaller ... and therefor less known ...
In fact i see the future something like ... huge majority of customers ... and a very small fraction of builders ... huge dependence on technology that is no longer transparent to ordinary people (for reasons of security and other bullshits) ... that scares me ...
Think of the movie "soylent green" ... a handful of corporation people manages to reduce the vast majority of the people to a cattle level ... use them against themselves ... and profit ... we're not that far ... this kind of idea will be always vivid in the sick mind of some people ... the same that strives for whole life to lead ... to make big decisions for others ...
But ... meanwhile ... think of the computer you use (to be in touch with the world) .... a "shared unsecure device" that could be used against you ... and the only two privileges you have are: that you can put it anywhere you like ... and you can destroy it anytime you like (of course destroy it at a very low level).