1. 44

  2. 17

    “Tim put it best, though, when he said that “it’s going to allow people to trust their computers again.” “

    That is such BS. Great turn of events and write-up. You just can’t trust your PC to not be subverted: there’s ample hiding spaces but no way to know what lurks there. I wrote a little about that here in general and here on smartphones with points relevant to these products.

    The owner-controlled principle is a different improvement. I’m all for that. Looking at [mono/oligo]-polies w/ DRM and lobbyists, it might be more important than actually securing the computers given the damage that comes with transfer of power and control from the many to the rich, powerful few.

    1. 6

      Is there a market for a modern consumer CPU that can’t run Netflix? Even with a freely licensed ISA and reference implementation you probably couldn’t get a useful chip for much less than $10M.

      1. 9

        I find it sad that we’re so fixated on consumption of a particular category of big-budget media that we prioritize it above all else when choosing a computer. I was recently re-reading Hackers by Steven Levy, and I think we’ve largely lost sight of what wonderful, versatile machines computers truly are. The enthusiasm of the 70s Bay Area hardware hackers, as described in part 2 of that book, is particularly inspiring. Not because I want to hack on hardware, but because these people grasped how awesome computers are. Of course, personal computers were just starting to become available back then; now they’re commonplace. But I think we’ve lost some perspective if we’re going to dismiss an open CPU architecture like POWER9 because the digital distributors of Hollywood movies won’t target it.

        1. 6

          Exactly. Most Netflix customers are probably not on desktop computers anyway, they’re on smart TVs, tablets, phones… It’s sad that none of the hardware companies ever said “this is a professional product, it explicitly does not support DRM because it’s not for content consumption” about anything. Like, even the blue “pro” Radeons support HDCP, I’m pretty sure.

          It’s all because… well, it’s not worth it because the only people who care about this are just us. A thousand enthusiasts on a few online forums. The vast majority of customers are not bothered by DRM support at all even if they don’t consume DRM’d movies. Sad.

          1. 5

            This is why the “enthusiasts” need to get off our collective butts and find ways to make consumers care.

            “DRM means when you buy those 14.99$ films on Google Play they can take it away from you at any time without offering you a refund” is a great talking point and suddenly everyone I’ve talked to has started to care. Maybe not enough to change their lives immediately, but they start thinking more about where they are spending their money.

            1. 3

              There have already been significant events like that, at least for the Apple media store. It gets a blip of media coverage, everybody shrugs, and it passes.

              People don’t own their personal data, let alone their playable media. And they’ve decided that the tradeoff is worthwhile.

              Honestly, and I hesitate to bring this up since it smacks of politics, the best way to get people to care about this is to first ensure they make enough money to afford to care, and only then get into the anti-“media licensing” propaganda.

            2. 2

              Yea, looks like 70% of Netflix usage is on TV, with 15% on laptops/desktops.


          2. 8

            If the primary application is to run a closed source DRM video player on a platform that would philosophically find it anathemous, I don’t think any amount of money will fix that problem.

            1. 1

              I don’t like the DRM video player, but I can’t live with it if it’s properly sandboxed.

            2. 2

              Most people watch netflix on a tv, so probably I guess.

              1. 2

                As you see with Raptor, whatever you get will cost more while supporting less of common software. That’s how it works when competing against rich incumbents in hardware. Outside of OpenPOWER, the products will probably be a lot slower, too. Some might be in OpenPOWER just because there’s no JIT or hand-written assembly. This kind of thing is not a mass-market product if talking general-purpose computing. That’s why I keep recommending they sneak these CPU’s and alternative OS’s into appliances or “solutions.”

                1. 3

                  I’m sympathetic to this view, but then it never gets thought of as “general purpose,” and becomes just another boutique application-oriented CPU. I think there’s a role for Power in that, mostly because there already is, but I’m unconvinced that’s the way to break into the larger market consciousness.

                  1. 2

                    I was mostly countering your trust claim. Even people from backgrounds as different as @lattera and I agree current methods can’t work due to all the shared resources in hardware. The very definition of covert channels ensures that shared resources will be used against you unless you’ve put an enormous amount of effort into and had luck regarding them. That’s on top of all the regular hacks that keep coming in. So, no, you can’t trust the “open, owner-controlled” boxes either.

                    Go old-school with it like Cold War era. No or limited tech. Good hiding places. Disconnected from the net. Heck, one of my favorite movies this year, Captive State, illustrates many methods for doing so. I have a feeling that was intentional by whoever made it. If folks haven’t seen it, I’ll say that it spends some time introducing the characters/situation, activates the operation, and is 100% good/intense from that moment forward. Epic.

                2. 1

                  Movie DRM is mostly on the GPU side rather than CPU, isn’t it?

                  1. 1

                    Nope. The GPU mostly stays out of the way.

                    1. 1

                      Really? HDCP definitely requires GPU support (well, display adapter, not the GFX part of course), isn’t HDCP the most important component of modern DRM?

                      1. 1

                        Yeah it’s more about the display output pipeline than the GPU. Key management is also a big deal.

                        But whatever, my point was that there are things that virtually all consumers want to do with their general purpose computers that are incompatible with my aspirations for freedom. This makes it hard for me to see how such CPUs will be produced at a volume they makes them economical.

              2. 6

                So what does all this mean? In practice it seems the only architectures one runs across are x86-64 and ARM. Is anyone here using Openpower? What is your use case?

                1. 24

                  I’m typing this (and wrote up the post) on a Talos II. It’s my daily driver computer. I wanted something I could trust, and I didn’t want to feed the x86 monoculture, and I have more money than sense.

                  It’s great. I like it a lot. It just works. (Fedora 30.)

                  1. 6

                    can you share some impressions on power consumption and noise? I’m not asking for specifics (unless you measured it already and have the data handy) but because I live in a small single bedroom flat and the only place I could place it is in the living room, so if it is too noisy it is bad. Power also plays a big role because if it is like the dual G5 it will add a ton to my usage.

                    1. 12

                      This dual-4 T2 pulls around 170W. The earliest firmware was deafening, but the current firmware is pretty much silent. It’s much less noisy than the Quad G5 sitting next to it, even when the G5 is throttled down.

                      That said, in your situation given that it’s a big EATX hulk, you’d probably be happier with a Blackbird. It’s smaller (mATX, though I’d strongly advise a standard ATX case for it) and cheaper. My notes on my own Blackbird are here ( https://www.talospace.com/2019/06/a-semi-review-of-raptor-blackbird.html ) but the TL;DR is budget for a single-8 and a GPU and you’ll be very happy with it.

                      1. 3

                        thanks for the tips and the link : )

                    2. 2

                      Why are these things so expensive? Nearly $3k for a single 4-core CPU + motherboard? How does it compare in speed to other commercially available processors?

                      1. 6

                        Economies of scale. AMD and Intel are shipping ~a million times more units.

                        1. 0

                          Yep, and I can get a Raspberry Pi for $35. $3k is absurd regardless of scale. Also, IBM seems to be behind a lot of this? It’s not like it’s being produced out of someone’s basement (which still wouldn’t justify $3k). Sounds like people ripping you off. :)

                          1. 15

                            Running an obscure architecture is always going to cost (much) more than a mainstream one (which is why I don’t, personally).

                            Yep, and I can get a Raspberry Pi for $35

                            ARM chips have much better economies of scale even than x86.

                            It’s not like it’s being produced out of someone’s basement

                            Setup costs dominate in a chip fabrication run. If you only sell 10k units, you have to sell them for quite a bit more to cover those costs.

                            1. 5

                              Why is everyone here talking about the chips? The POWER9 CPUs are relatively reasonable, $400-500 for the 4-core is similar to Ryzen 7 1800X launch price. It’s the Raptor mainboards that are extremely expensive.

                              1. 3

                                They aren’t extremely expensive. They’re cheaper than the low-volume RISC workstations from SGI and Sun that came before them. They were quoting me five digits for good workstations. Anyone wanting many CPU’s would pay six to seven. What people are missing is the Non-Recurring Engineering [1] [2] expenses are huge, must be recovered at a profit, and are divided over the number of units sold. The units sold are many times less than Intel, AMD, and ARM. These boards are also probably more complex with more QA than a Pi or something.

                                So, they’ll cost more unless many times more people buy them allowing scale up with lower per-unit price to recover NRE costs. If they don’t and everything gets DRM’d/backdoored, then everyone who didn’t buy the non-DRM’d/backdoored systems voted for that with their wallet to get a lower, per-unit price in the past. Maybe they’re cool with that, too. Just their choice. Meanwhile, higher-priced products at low volume are acceptable to some buyers trying to send the market a different signal: give us more-inspectable, high-performance products and we’ll reward you with higher profit. That’s Raptor’s market.

                                [1] http://hardwarestartupblog.com/hardware-product-development-manufacturing-cost-vs-nr-cost-nre/

                                [2] https://predictabledesigns.com/the-cost-to-develop-scale-and-manufacture-a-new-electronic-hardware-product/

                                1. 1

                                  Ah, that’s good to know! Thanks for clarifying :)

                                  I was mostly asking about the CPU + motherboard combo, and I didn’t see that you could buy them individually. Are there other motherboards that also work w/ it?

                                  1. 1

                                    Only Raptor sells boards standalone, others are part of very expensive servers, e.g. from IBM itself

                                2. 1

                                  Sure, this all makes sense as a producer - but seems like a lot to ask of consumers.

                                  I guess it’s working, though. 🤷

                                3. 1

                                  That Pi probably doesn’t come close to a POWER in performance, esp single-threaded. Intel and AMD are only real comparisons.

                                  1. 5

                                    Yeah, POWER9 is a big hot chip, while the Pi can run without a heatsink. But the latest Pi, upgraded to Cortex-A72, is pretty much “ultrabook grade” performance. Totally desktopable :) I’m writing this from a quad A72 system in fact (with 8GB RAM though, and a big AMD GPU).

                                    The Pi has a software advantage: e.g. Firefox has a full IonMonkey JIT for aarch64 enabled out of the box. For POWER, there’s only a WIP unofficial baseline JIT port by /u/classichasclass. My ARM system might even beat the POWER9 in some JavaScript benchmarks right now :)

                                    1. 1

                                      I know they’re impressive cuz I did some web browsing on my Pi 3 at the house. They’re just not a POWER9. The difference comes from full-custom design that costs a fortune. The POWER’s will have higher per-unit prices due to the much lower volume vs x86’s.

                                      1. 2

                                        The performance of the Pi4 is supposed to be 4x that of the Pi3 at the same price-point, so the Pi3 isn’t really a reasonable method for comparing with.

                                    2. 1

                                      Sure, so that’s where my original question gets to. What does this compare to? Is it intended to compete w/ Xeons? Intel extreme CPUs? Which ones? I was just asking for a means of comparison, which seems hard to find.

                                      1. 2

                                        Xeons and EPYC’s that I can tell. High-end performance, esp multi-threaded. IBM’s material. A questionable attempt at a benchmark. Throw in side benefit that almost all malware targets x86. That will continue to be true so long as POWER-based desktops remain niche.

                                        Since it’s RISC, you can also get better performance on some security mitigations due to fact that x86 optimizes for specific usage. For example, implementing a reverse stack where data flows away from stack pointer might require more indirection on x86 stack-based design than POWER. There was also work in OpenBSD on reducing ROP gadgets or something that got way more done on ARM than x86 for similar reasons. Could be true for POWER, too.

                                        I’m also wondering about acceleration possibilities from modifying microcode (i.e. custom opcodes) if it’s as open as they claim. Karger et al modified VAX’s microcode to both speed up and boost security of their VMM’s fast path. One team long ago had a HLL-to-microcode compiler, too. I figure there might still be NDA’s involved in that, though.

                                        1. 2

                                          work in OpenBSD on reducing ROP gadgets or something that got way more done on ARM than x86 for similar reasons

                                          Yeah, because x86 instructions are arbitrary length, polymorphic gadgets are a thing (jumping into the middle of an instruction to interpret everything from there as unintended instruction). Any ISA that’s not ridiculous-length doesn’t have this “feature” :)

                                4. 6

                                  You were looking at the more expensive offer, here is board+cpu for $1450: https://www.raptorcs.com/content/BK1B01/intro.html

                                  1. 3

                                    Ah! That’s a bit more reasonable. Still, my original question was more about what other kinds of CPUs these should be compared against. In terms of performance/watt, are they competing w/ the Xeon line? or like i7 extremes? Is that the right way to compare them or does it give someone an unfair advantage? That’s more what I was curious about.

                              2. 14

                                I use it as my desktop computer as well (ubuntu 19.04), and everything basically just works for me as well. For me, there are two main reasons for using it. One is that all the firmware is open source (Apache licence) w/o any tivotisation (this includes the firmware that is somewhat akin to the Intel Management Engine or AMD’s PSP), so it is truely “owner-controlled” and free. The other thing that makes it very appealing to me is the Power ISA itself, which doesn’t have a lot of the insanity you find in x86. As an added benefit, they have a very well documented and interesting microarch with Power9.

                              3. 4

                                I tried to understand the clickbait “RISC-V sweating gallons” in the article title. There’s nothing in the article beyond the title to support that.

                                1. 5

                                  It’s an attempt at humor and hyperbole. The RISC-V people want to sell open chips. They’re more open than OpenPOWER. Yet, Raptor is actually selling workstations whose open cores are more open than most people buy. POWER itself has been selling for a long time. A bunch of companies got involved in OpenPOWER, too. They’re definitely competing with RISC-V for a market and winning. There’s probably RISC-V proponents or companies worried that OpenPOWER or newly-open MIPS with strong ecosystems might sway people over to them instead of RISC-V.

                                  So, there’s some truth in it.

                                2. 1

                                  For those of us who are only following this in a very cursory manner, does anybody have a quick rundown on the upsides and downsides of RISC-V vs OpenPOWER? My internet searching did not turn anything up that was relevant.

                                  1. 2

                                    My bias is clearly with Power, but I find RISC-V promising, and I think it will get in the performance ballpark eventually. I don’t think it’s there yet, though, and if you want a non-x86 system in the Intel/AMD performance range then Power is your choice. That’s the big difference.

                                    There are various arguments about which ISA is more pragmatic and where their deficiencies lie, but frankly other than their various idiosyncrasies I think both are adequate. It’s just that POWER9 is big and beefy and here today. Combine that with my long familiarity with the arch and it was a no-brainer for me.