If I want a secure computer should I go with an older one with no intel ME or a newer one with secure boot and TPM?

  • 🔧 Actively working on site again.
Rusty Crab said:
I am NOT jumping into this pool of spergery, but I got curious and started doing some research on ME today.

There's lots of resources available, and hacker conferences about messing with it.
The long story short is that if it were malicious, you would not expect it to be designed the way it is. It's a modular system and different parts can be turned off (and by that I mean completely wiped out) independently without interfering with the boot process. It's not tamperproof in the way that you would expect an espionage system to be. On newer generations it can be turned off easily(ish) if you have the right equipment.

Despite all the claims I've heard, it's not encrypted, just encoded to save space. People have gotten around this without too much headache.

I am NOT making the claim that it's not a backdoor. I am saying that it's a very oddly designed backdoor if it is one.
Click to expand...
It's a suboptimal design from a personal privacy perspective; however, extremely useful for businesses to have to manage their fleet. It's hardened and intel (and amd with the psp) likely are not giving the feds backdoors. Although they likely have built and signed a compromised version for the NSA with the intent exemption of it only being used in lab/forensic scenarios. China, Russia, etc that deploy intel boxes at scale probably verify the firmware as part of oob. Also, that's why china pours so much money into homegrown x86 and riscv shit - even though that stuff is still kinda garbage, it's open and you can be sure the US doesn't have their hooks into it.

The NSA probably has some good intel ME exploits that they sit on and deploy against iran, best korea.

I think most privacy experts are more nervous about the precedent, than the actual implementation.
 
  • Like
  • Informative
Reactions: lemmiwinks and Bongocat
Rusty Crab said:
If you're interested, Purism makes new laptops with ME disabled, though they are expensive and I can't personally vouch for them as a company. I can give my opinions on the similar company Pine64, however: stay the fuck away.
Click to expand...
What's up with Pine64? I have been looking at their RockPro64 as a more powerful alternative to the Raspberry Pi. The only thing I can find about them that might be a problem is they are in Hong Kong, but everything comes out of China at some point anyway.
 
Spasticus Autisticus said:
What's up with Pine64? I have been looking at their RockPro64 as a more powerful alternative to the Raspberry Pi. The only thing I can find about them that might be a problem is they are in Hong Kong, but everything comes out of China at some point anyway.
Click to expand...
My customer experience with them has been horrible in the most baffling ways. I got their (at the time) most expensive phone and it simply did not function at all. You could not survive an hour without it crashing or the battery meter going sine wave mode.

I came to their community and developers directly with these problems and was met with "lol yeah that happens a lot"

????????
 
  • Like
Reactions: Spasticus Autisticus
Rusty Crab said:
My customer experience with them has been horrible in the most baffling ways. I got their (at the time) most expensive phone and it simply did not function at all. You could not survive an hour without it crashing or the battery meter going sine wave mode.

I came to their community and developers directly with these problems and was met with "lol yeah that happens a lot"

????????
Click to expand...
Oh, yeah, the Pinephone was kind of a disaster from what I hear. But I figure the RockPro64 has been around for so long, they've probably got the kinks worked out of that, plus it's not as intricate as a smartphone. I just wish the RPi4 wasn't still on such a slow SoC. I wanted to turn one into a scanner with SDR dongles but it couldn't decode digital trunking fast enough.
 
If whatever you're doing is actually important enough to warrant this much worry tbh I'd just use multiple computers, each with a specific purpose in mind. Kinda like this fella.
Also I'd go with no Intel ME, I think there's some laptops/MBs that still have Secure Boot and the like without the CPU backdoor but I may be stupid so you should look into that yourself.
Also also invest in carrier pigeons. You can never go wrong with that. Trust me. You will need them.
Rusty Crab said:
My customer experience with them has been horrible in the most baffling ways. I got their (at the time) most expensive phone and it simply did not function at all. You could not survive an hour without it crashing or the battery meter going sine wave mode.

I came to their community and developers directly with these problems and was met with "lol yeah that happens a lot"

????????
Click to expand...
Yeah Pine64 has shit communication between them and customers, staff (and people experienced in mobile Linux) assume everyone else but them is retarded and tell them to RTFM even though sometimes, just sometimes, they do send duds.
Also I hate how their most active place is that huge Telegram/IRC/Discord server, sometimes I've found fixes for important things that weren't posted anywhere else deep within the chat and had to search and scroll for hours...instead of just yknow posting it on the forum, so it'll be easier for people to find, instead of locked behind two walled gardens and IRC which lol good luck finding old posts.
idk about the battery issues but I'll say crashing is mostly because software right now is dog shit and unoptimized, if you're not a programmer your best bet is to wait it out or use it for whatever you would have used a RasPi for, not because it's useful it's just funny on a tiny phone
 
  • Like
  • Informative
Reactions: Spasticus Autisticus and Bongocat
lol yea man get that old shit because I’m sure you’ll be able to patch any bug you come across.
 
Spasticus Autisticus said:
Oh, yeah, the Pinephone was kind of a disaster from what I hear. But I figure the RockPro64 has been around for so long, they've probably got the kinks worked out of that, plus it's not as intricate as a smartphone. I just wish the RPi4 wasn't still on such a slow SoC. I wanted to turn one into a scanner with SDR dongles but it couldn't decode digital trunking fast enough.
Click to expand...
Eh, the Pinephone came with several disclaimers for a reason. The Braveheart edition was never meant as a daily driver. But yeah, mine's fucked too until I take a soldering iron to it.

I'm using the Pinebook Pro very often though, it's worth a look.
 
  • Like
Reactions: Lord Xenu and Spasticus Autisticus
From what I've seen the only truly secure way to use a desktop or laptop is with an operating system that doesn't have persistence.
 
  • Like
Reactions: Mullti Port RDRAM
Spasticus Autisticus said:
the Pinephone was kind of a disaster from what I hear.
Click to expand...
I think the soy electronics press kinda picked it up as like a workable, free alternative to android. When in fact it's a developer device with literally every corner cut just so it can get into the hands of developers. I think it's probably fine if you're doing alternative OS development.

NumberingYourState said:
From what I've seen the only truly secure way to use a desktop or laptop is with an operating system that doesn't have persistence.
Click to expand...
Eh, there are still attacks on a system without persistence. Lol.
 
  • Like
  • Agree
Reactions: Spasticus Autisticus and Lord Xenu
Likely said:
When in fact it's a developer device with literally every corner cut just so it can get into the hands of developers
Click to expand...
IDK about the Pinephoine, but when you go to buy the PineBook there was a huge warning disclaimer with exactly this sentiment. The Pine64 forums were full of people who did not heed that advice. So then you get a bunch of salty devs there and customers get a poor user experience. I've seen that happen too many times with kickstarter and IGG projects (Pebble, PocketCHIP etc)

Edit: I didnt click throught the process to buy, but this is on the product page
Screenshot 2021-11-10 014722.png
 
  • Like
Reactions: Spasticus Autisticus
Bat Dad said:
IDK about the Pinephoine, but when you go to buy the PineBook there was a huge warning disclaimer with exactly this sentiment. The Pine64 forums were full of people who did not heed that advice. So then you get a bunch of salty devs there and customers get a poor user experience. I've seen that happen too many times with kickstarter and IGG projects (Pebble, PocketCHIP etc)

Edit: I didnt click throught the process to buy, but this is on the product page
View attachment 2704030
Click to expand...
This disclaimer is an extreme understatement. Probably to the point of a class action lawsuit if people cared enough. The device hardly works by any metric, even as a development toy.

I could deal with the Linux distro just fine. I could not deal with the random hardware resets and the screen dying every few minutes. I was told this was completely normal.
 
  • Informative
Reactions: Lord Xenu
iirc basically back to Pentium 1 there's enough unique markers that you're fucked when you put it online
keep it offline or don't store your catrape on it
 
XYZpdq said:
iirc basically back to Pentium 1 there's enough unique markers that you're fucked when you put it online
keep it offline or don't store your catrape on it
Click to expand...
Pentium III was the first one with unique identifiers if I recall correctly. I remember the huge stink that created in the tech press at the time. Now everyone just kind of accepts that every device we own has more or less a manufacturer-embedded rootkit.
 
Get a Linux distro, don’t run sus applications, don’t fall for scams and don’t go out of your way to do shit that is going to get the Feds looking into you. Congrats, you’re secure*.

*secure as you can reasonably be. given enough time and skill anyone can be pwned.
 
  • Like
Reactions: Wright
You must log in or register to reply here.
Back