1. 54
  1. 15

    The management engine (and other SMM shenanigans) have been a problem for a long time, but this last year or so has been particularly depressing on account of the slew of processor-level security issues. It really feels like Intel have been letting us down on the security front for a long time, at a deeply architectural level, and it’s all catching up with us now.

    The operating system can only do so much to combat a CPU which is willing to hand out the keys to the castle.

    1. 10

      On a related note, it’s also worth noting that the user control situation is even worse on mobile devices. You pretty much can’t buy phones or tablets with unlocked firmware that you can easily put your own operating system on.

      1. 10

        Well there is the Librem at least.

        https://puri.sm/shop/librem-5/

        1. 1

          It is my understanding that even this and Fairphone still require blobs and the baseband is totally opaque. The battle for complete user freedom on mobile still seems to be completely lost.

          1. 3

            This is correct. Purism routinely exaggerates about what they are able to provide in terms of openness, without any plausible way of actually delivering. It’s quite tiresome.

            Not only will Librem 5 have blobs, they’ve now shamelessly announced they intend to use a loophole to procure FSF RYF certification despite this. If this is allowed to stand, it also makes RYF rather meaningless.

        2. 7

          Also Fairphone:

          We offer the ability to choose between the Google experience and the freedom of open source. Both versions are officially supported by Fairphone and we will provide continuous software updates.

          In addition, and because the code is openly available, everybody is free to work on making other operating systems work on the Fairphone 2. The community already offers alternative operating systems like Sailfish OS, Ubuntu Touch and LineageOS.

          1. 2

            Fairphone requires proprietary firmware blobs anyway.

            1. 1

              Thanks, haven’t seen Fairphone before. I really hope there will be enough of a niche for companies like them and Librem going forward.

              1. 5

                As a Fairphone user: the market is made by buying the damned phones.

                I wish there was an official Sailfish distro. I’m a happy user of the community port, but I also tolerate some glitches. Like not being able to calibrate the proximity sensor or run android apps.

                But, as stated, they do have a non-Google android for those who want to be closer to the mainstream and a Google android for people who don’t care that much.

            2. 2

              You can unlock the bootloader on most Android phones and you can run LineageOS or other AOSP forks, sometimes Ubuntu Touch and Sailfish ports, or postmarketOS.

              You typically have to run the vendor android kernel fork if you want to have useful functionality, but some devices (Nexus 5, Nexus 7, Xperia Z2, Xperia Z2 Tablet) can run mainline Linux.

              https://wiki.postmarketos.org/wiki/Devices

              1. 1

                I know that you can unlock the bootloader, but I think that’s very far from ideal. Also the tools themselves tend to be closed source, and sketchy. You should be able to decide what runs on your phone without jumping through hoops.

            3. 5

              I’m not following the conspiracy theory with Hollywood. What evidence is available for that assertion?

              1. 30

                It’s not a conspiracy theory, it’s in plain sight.

                Firstly, Intel invented HDCP, a DRM technology. Source: https://www.digital-cp.com/about_dcp

                Secondly, Intel then added DRM functionality to their CPUs. Source: https://blogs.intel.com/technology/2011/01/intel_insider_-_what_is_it_no/ (Incidentially, we know this functionality is implemented via the ME, because the architecture of it is described in the book written about the ME by the guy who designed it, which is available for free here: https://link.springer.com/content/pdf/10.1007%2F978-1-4302-6572-6.pdf You want chapter 8.)

                This technology necessarily involves the development of a contractual relationship between Intel and industries whose interest is in precluding platform owners from controlling those machines fully, namely Hollywood. Intel’s DRM technology appears focused on video and is clearly aligned with the interests of this industry.

                Intel tries to frame this relationship as providing a benefit for its customers by enabling access to content Hollywood would otherwise be too skittish to provide; but this relationship is necessarily contrary to the essential interests of the platform owner in controlling their machine, and directly works to oppose it.

                1. 15

                  Intel Insider on the Intel blog. Their intentions on Hollywood side are clear. A 2008 article on Microsoft’s side of it. Schneier wrote about TCPA in 2005, too. I’ll note NSA was in on that with some of the sessions on its design decisions classified.

                  Some of that fed into the High Assurance Platform referenced in OP which wasn’t actually high assurance: low-to-medium assurance components like VMware and Red Hat mixed with secret stuff from NSA. It was sold as General Dynamics TVE Workstation but Google and GD are giving me garbage results right now. The high-assurance offering were separation kernels that ended up failing due to inherent vulnerabilities of desktop hardware. At least all that R&D accidentally gave us an option to partly turn off one backdoor, though. ;) Also, you can used embedded-style hardware with separation kernels for good results.

                  Far as backdoors, I kept advocating people and/or companies raise money to get AMD to do a semi-custom design that removes the backdoor, maybe some legacy baggage, and maybe adds some security extensions from CompCi. They and Intel were doing such customized CPU’s/SoC’s for a lot of companies. The recent Chinese licensing of pretty much the whole of AMD processors, which blew my mind, makes me think the semi-custom deal is less far-fetched. Hell, might even be able to do it with the Chinese company even cheaper or at least on paper to bypass any contractual obligation AMD has.

                  1. [Comment removed by author]

                    1. 1

                      But I can watch movies on my AMD machine too?

                      1. 7

                        See the article. Most of what is said also applies to AMD, and according to the linked Phoronix post, they entered into similar agreements to be able to provide the same DRM functionality.

                  2. 4

                    Customers do not care what deals Intel/AMD have made with whom.

                    The second a competitor comes along that doesn’t have this nonsense built-in, companies that sell computers will begin to source their CPUs from them. It has already begun with RISC-V, some ARM CPUs, POWER9, etc.

                    Computer security has never been more important than it is now, and its importance is only increasing. Security experts, IT experts, their friends, and their families, etc., will vote with their money.

                    Meanwhile, these companies will be dealing with lawsuits for intentionally selling customers faulty, backdoored malware. Have fun with that.

                    1. 11

                      I certainly hope you’re correct that the market will demand better. I think it’s possible, but I’m not as optimistic as you. Getting end users to care about security, even when the lack of it directly harms them, isn’t easy.

                      1. 0

                        Getting end users to care about security, even when the lack of it directly harms them, isn’t easy.

                        I am optimistic because it’s simply the reality. The “users don’t care about privacy/security” refrain is just one of those things some people like to say. It’s total nonsense.

                        People use insecure, poorly designed technologies only when well designed, secure versions of those technologies do not exist. It’s just a market cycle. Poorly designed tech where engineers cut corners comes out first, and then the properly designed versions come out later. The instant they go on the market everyone abandons what’s broken and upgrades to the newer and better tech. This has always been the case.

                        1. 3

                          Engineers cutting corners is one thing. Entire industries conspiring to preclude any alternatives is another beast altogether.

                      2. 9

                        The second a competitor comes along that doesn’t have this nonsense built-in, companies that sell computers will begin to source their CPUs from them.

                        There’s been competitors to Intel without the nonsense built in, with simpler architectures, faster at one point, and so on. Many went bankrupt, the products were withdrawn, or the company got acquired. So, your claim has to be assumed false by default given the market history is exactly the opposite. The combo of monopolistic tactics by Intel/IBM/Microsoft and the lock-in to x86 software made that happen. On x86 side, it was mostly the same with AMD happening because IBM forced it to happen. There’s one, surviving, third party that focused on lowest, energy usage. The Centaur’s were sold by VIA but VIA was losing boatloads of money. So, you don’t have a lasting, success story that was able to do non-coerced license of x86 for high-performance chips.

                        The good news is the prevalence of doing everything in the browser already got hardware diversity in via netbooks and tablets. The new architecture having excellent browser and codec support might be enough to get some of that market. Throw in sync with all devices plus online, private backups. There’s some potential. I’ve also been toying with ideas about cloud servers (esp for web stuff), network appliances, kiosks, and so on. Whereas, taking down Intel/AMD will require x86 support for legacy, x86-optimized apps. Intel publicly threatened to use patent suits on any company that does that.

                        “People use insecure, poorly designed technologies only when well designed, secure versions of those technologies do not exist.”

                        That’s nonsense. There are easy-to-use, private solutions in a number of areas. Let’s just say search, chat, email, and backups. The market at large uses the insecure offerings, even those with harder UI. That’s because they thought they were a good deal for every reason but the one you gave: truly private or secure. They don’t care about that. I think the easiest counterpoint is that the top providers of email and ways to hang out with friends are surveillance companies. They know it, private IM’s or group messages aren’t so hard, and they still use the surveillance platforms anyway. That’s hundreds of millions to billions of people. Where’s your market data backing your point a similarly-sized number of people cared enough to switch to DuckDuckGo, Signal, or SpiderOak? I’m cherry-picking things advertised as private that are easy to use with media coverage.

                        1. 2

                          taking down Intel/AMD will require x86 support for legacy, x86-optimized apps. Intel publicly threatened to use patent suits on any company that does that

                          Microsoft implemented their version of qemu-user into Windows on ARM. Is Intel going to sue them? :)

                          1. 1

                            I doubt it. We’ll see how far that goes given the performance difference. Also, we goes from one sue-happy, ISA monopoly to another. Least the SoC’s themselves are more diverse.

                            1. 2

                              re: performance — it’s not intended to be the primary way to run apps, it’s more of a transitional step, like Rosetta was for Apple. The plan is probably something like:

                              • Microsoft says to customers: “you can buy this, this is real Windows, not like RT was. It runs Photoshop!”
                              • People buy the devices, get somewhat disappointed with the performance of heavier apps, but still keep the devices
                              • Developers port their apps to AArch64 and ship native compiled versions to increase performance
                              1. 1

                                Now, that’s a great idea! There’s still going to be a legacy base whose stuff won’t port. I think the larger part of the market is using stuff that’s still getting updated. So, that strategy could gradually pull them off x86 if ARM chips get good enough for those users. I’m thinking more like cost-effective with nifty features their SoC’s support more than performance. The multimedia and sensor stuff on a SnapDragon is an example.

                          2. 1

                            There’s been competitors to Intel without the nonsense built in, with simpler architectures, faster at one point, and so on. Many went bankrupt, the products were withdrawn, or the company got acquired. So, your claim has to be assumed false by default given the market history is exactly the opposite.

                            I’m pretty sure you’re making an elaborate strawman argument to my point. The Intel ME thing is only recently in the news relative to the timeline you’re considering. It was not a factor back then. Now it is.

                            Where’s your market data backing your point a similarly-sized number of people cared enough to switch to DuckDuckGo, Signal, or SpiderOak? I’m cherry-picking things advertised as private that are easy to use with media coverage.

                            DuckDuckGo’s search results were (and are) historically poor compared to Google’s. So it’s not “well designed”. I chose my words and criteria carefully.

                            As far as Signal goes, it has a very large and growing userbase, but it too, doesn’t offer the same (or better) level of quality that the popular messaging services offer. It’s pretty darn buggy. Nevertheless, I use it almost exclusively with all of my friends. These technologies don’t go from zero to out-competing incumbents in a day. It obviously takes some amount of time. Facebook is losing users (to a service that advertises privacy as its #1 feature, albeit misleadingly), Signal and Telegram are gaining users.

                            As for SpiderOak, I can’t comment on that. Apple’s Time Machine backups are a better idea than cloud backups, no matter who your provider is, and I’m guessing Apple’s Time Machine has more users than whatever it is you have in mind.

                            1. 4

                              The Intel ME thing is only recently in the news relative to the timeline you’re considering.

                              People have been talking about Intel and DRM for a long time. I have a comment in this thread with links. That the markets ignored the risks to keep buying Intel isn’t a strawman so much as what they actually did. You were talking the hypothetical stuff that might cut into whatever their current, public revenues are. Hasn’t panned out yet if you’re talking secure processors or something like that.

                              re competition had issues. Most of the big, tech companies had products with issues when they started. Some of the biggest were trash-talked as garbage by many developing for them. They still got tons of users because those wanted or had to use what they offered. It seems like anywhere from most to all the companies focused on privacy or security that actually works vs checklist BS have failed to accomplish anything. You can get rich via sales or VC off a shitty, non-security app many times over before one, secure app will get high uptake. Must be some underlying principle or principles at work, yeah?

                              It’s why these days I tell people wanting private/secure apps to hide or embed that in a product sold on every other kind of benefit that people actually jump on. Enough people doing that might give us what we need. It will probably take a lot of time and cooperation, too.

                              1. 2

                                People have been talking about Intel and DRM for a long time. I have a comment in this thread with links. That the markets ignored the risks to keep buying Intel isn’t a strawman so much as what they actually did.

                                This is not true. I repeat myself: the problems of Intel ME were unheard of and out of the public’s consciousness only until recently, and even now, still, many are unaware of its existence. This is fact.

                                Likewise it is fact that Facebook is losing users to more private platforms, again proving the point that users do care about privacy and security.

                                One need only look at the security of computers over time to see that it’s constantly improving, just as it is with every other technology, be it cars, trains, spaceships, airplanes, whatever.

                                1. 2

                                  You’re right that there’s increased awareness. You’re right that this could affect sales. The thing you’re leaving off is that anyone that cared about privacy could’ve just googled the AMT thing on their box to find out it was a backdoor. They didn’t care enough to do that. Whereas, privacy-conscious, lay people were already avoiding that shit years ago. They used to show up in forums talking about it, running SandboxIE, using NoScript for surfing, and so on.

                                  My argument is most didn’t care, don’t, and won’t. If they buy a private-ish alternative, it will be for other reasons like apps, features, luxury, etc. Apple iPhone being pushed for privacy is an example. Apple succeeded for every other reason. That’s just after the fact that might bump sales up a bit.

                                  1. 1

                                    One cannot care about something that one is unaware of. So increased awareness = more caring, because of course users care about privacy and security. Many of them just aren’t computer experts like you and I who have the time to sift through all of the b.s. “privacy” marketing claims that companies like Facebook make.

                                    So, again, users do care very much, and once they’re made aware they’ve been lied to, precisely because they care they will ditch these companies.

                                    1. 3

                                      Many of them just aren’t computer experts like you and I

                                      That’s right. So, the ones that cared asked us on security forums what we thought. They’d get a basic assessment of overall risks, what defense to use, which products were better, and so on. Again, I’m talking about what privacy-conscious laypeople were doing for the past ten years or so I’ve been on security forums. They also usually found it hard to get friends and family using the better stuff. It didn’t have feature X, shiny emoji Y, and so on. They didn’t care. Same with literally over a 1,000 people I’ve tried to market that stuff to face-to-face.

                                      “ So increased awareness = more caring, “

                                      This can happen. I’m even hoping for it. The general public does respond to what’s in the media, esp scary stuff. The thing is, it’s not really an informed response so much as a reaction. They jump at buzzwords and false assurances en masse. So, what privacy-pushing suppliers need to do is keep good products ready for those events. Then, when it makes waves, they have media campaigns targeted at those people. The bullshitters already do this. The honest suppliers will only get so many amidst the competition. The numbers can gradually go up with each media wave while they do more positive type of marketing on a regular basis advertising features, privacy, and good service. Sales from that can drive new products. Even better if they’re nonprofits or public benefit corporations to reduce odds they themselves become the villains down the line.

                              2. 2

                                DuckDuckGo’s search results were (and are) historically poor compared to Google’s. So it’s not “well designed”. I chose my words and criteria carefully.

                                How about StartPage? Exact same results as Google. Where are all their users?

                                Consumers won’t care about additional choice if everything they care about is packaged into what they already use.

                                1. 1

                                  That’s a good point, I think many people just don’t know it exists. Those who are aware do use it over Google.

                                  I would be curious to know, for example, why Apple doesn’t make it or DDG the default search in Safari. Perhaps some form of collusion going on there.

                                  1. 3

                                    Apple gets paid for the search engine default. I don’t know if I’d call that ‘collusion’. I think it’s bad – it’s one of many small profit seeking behaviours that Apple engages in to the detriment of their users and their platform as a whole (see also: the 30% cut they take on the App Store).

                                    1. 3

                                      For default on iOS, I can give you three, billion reasons they’d keep Google. ;)

                                      1. 0

                                        I think Apple foresees that there would be user backlash. At this point, Google is expected as a default, and providing anything to the contrary is considered presumptive. That would be a huge change; perhaps one day it will be in the forefront of Apple’s attention to take on that change, but for now, we will have to wait, and perhaps do the best we can do as individuals.

                                        1. 1

                                          I doubt that’s the reason. Apple’s users would praise Apple for the switch. It must be something else, and I’m guessing it’s more along the lines of what @jfb said.

                                          I’ll note one other thing, and that’s that even if users are aware of StartPage, that’s often not enough for them to use it. It isn’t clear at all how to change the default search engine in Safari, especially on iOS, and iOS doesn’t even allow StartPage in Safari AFAIK. So companies like Apple deliberately put roadblocks to adoption.

                                          This doesn’t mean users don’t care. It means big profit-seeking companies don’t care about their users, and this creates an opening for competitors to do a better job. This is why browsers like Brave are a thing and are taking users away from Safari, IE, Firefox, etc.

                                          1. 1

                                            Apple’s users would praise Apple for the switch.

                                            See the headphone jack debacle. Everything is an inconvenience to somebody; you don’t know how many until you ask.

                                            …companies like Apple deliberately put roadblocks to adoption.

                                            Where would you place that feature in order to guarantee discoverability? Do you think that change would make for a good user experience?

                                            Anecdote: I personally use Safari because it uses the least battery life on my computer, responsiveness stays the same up to a given number of tabs, and the user interface is understandable and consistent; as opposed to Chromium derivatives, which are huge CPU/battery hogs, tend to lag a bit at times, and don’t really mesh well with the rest of macOS (my use of which I could defend similarly). I admire the steps taken by other options such as Brave or qutebrowser, but they forego some basic QoL considerations that are important to users like me. I think that is Apple’s primary consideration.

                                            1. 1

                                              Where would you place that feature in order to guarantee discoverability?

                                              In the search bar when you search.

                                              Do you think that change would make for a good user experience?

                                              Yes.

                                              1. 1

                                                I agree that that’s probably the best way to do it. That being said, if I were Apple, I’d be trying to cut down on the number of flow-interrupting pop-ups that occur on performing a simple action such as a web search.

                                                1. 1

                                                  Who said anything about a popup? Even Firefox (on Desktop) does this pretty well today. No popups.

                                                  1. 1

                                                    Oh, a dropdown menu? Now I understand what you were saying. That’s fair. I think Safari used to have that, actually. They’ve really been on a minimalist crusade, haven’t they?