1. 28
  1.  

  2. 6

    Why have computers at all?

    There does not seem to be anything that can be purchased which is not 100% broken.

    I guess this is as good of a time as any to bring up RISC-V:

    https://riscv.org

    1. 3

      The Talos II website still seems to be taking pre-orders (even though it was supposed to end Sept 15th). They expect to ship at the end of this year! https://www.raptorcs.com/

      The CPUs are IBM’s POWER9 architecture. Not quite as open as RISC-V, but quite a lot of source code comes with this motherboard: even the CPU microcode!

      1. 1

        I’m really hopping they pull it off since POWER9 is probably the only thing competitive with x86 on desktop. ISA diversity is something I miss from the old days. That said, their software page looks like what you’d expect from the people who shipped the Talos I. ;)

        https://www.raptorcs.com/content/base/software.html

        1. 2

          Ha yeah, no software is listed on the new website. I wonder why they’re not using their established website at raptorengineering.com. Perhaps the workstation business is being isolated as a separate entity. They do have software listed on the old site.

          I’m pretty hopeful the Talos II will ship. Their Talos I URL advertises that Talos II is “Direct to market, no crowdfunding, same libre ideals,” so there is no crowdfunding campaign to collapse this time.

          1. 1

            I remembered them having some kind of software. Forgot it was a different URL. Yeah, they’re probably doing it for branding purposes. The new one looks nice outside the software page. I just thought a software offering of whitespace from company behind some vaporware was kind of funny.

        2. 1

          $2,400 at the cheapest (motherboard+cpu), though. As much as I’d like to push for processor diversity, I have nowhere near that amount of money to spend on computers.

        3. 3

          It’s still a bit early to get real physical hardware instead of VHDL bitstreams, but I’ve been keeping an eye on the J-Core Project, which is offering clean-room Hitachi SuperH compatible CPUs.

          Of particular note in this thread is Landley’s comment that fabs are particularly interested in their SH1 design to offer as cost-equivalent to 8-bit MCUs.

          1. 3

            Got some even better ones out there:

            https://github.com/freechipsproject/rocket-chip

            https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/

            http://www.gaisler.com/index.php/products/processors/leon3

            http://www.oracle.com/technetwork/systems/opensparc/opensparc-t2-page-1446157.html

            http://parallel.princeton.edu/openpiton/

            Both Leon3 and Rocket are designed for easy customization, too. Of these, Leon3, OpenSPARC, Rocket, and PITON are all silicon-proven in ASIC’s. It’s not like we don’t have CPU cores. We just don’t have individuals, companies, or governments turning them into usable products. The folks behind them did their part making them available. Just need the demand side or product suppliers to do their part.

            1. 2

              If you’re looking at the Gaisler cores, there’s LEON4 too: http://www.gaisler.com/index.php/products/processors/leon4

              There was also this fork of the OpenSPARC-T1 http://www.srisc.com/

              RISC-V Rocket is the one to be excited about, I think. Can’t wait for ASICs to come out.

              1. 2

                I have hopes for RISC-V since big players are backing it. Far as Leon4, I left it off since it didnt mention GPL. The Leon3 page explicitly does. I dont know if Leon4 is freely licensed.

          2. 3

            Well, if it’s about keeping secrets, I tell people pencil, paper, and trusted couriers are much better. Far as computers, the reason we don’t have more secure computers widely available is people don’t buy them. There are methods for both hardware and software to vastly improve reliability during faults or security (esp isolation or argument checks). There were examples of both in the market esp from the 60’s to 80’s. For reliability & security, the start was Burroughs B5000 which is still available from Unisys without hardware enforcement because customers wanted that:

            http://www.smecc.org/The Architecture of the Burroughs B-5000.htm

            For system security, there were two approaches either doing MLS or capability-based security:

            http://www.cse.psu.edu/~trj1/cse443-s12/docs/ch6.pdf

            http://www.cs.washington.edu/homes/levy/capabook/index.html

            Customers usually chose whatever had most features (esp complicated), supported legacy software, ran with most raw speed, or was cheapest. The low volume meant providers of such systems had to spend several times more on development and verification while getting scraps in return. Most removed their security assurance, switched to defense only at high unit prices, or bankrupted. CompSci continues to develop things companies could implement but customers won’t buy them so why implement? The only thing that worked in past and present was regulation that forced both building and buying things done like this. Politics usually eliminates that, though.

            Btw, here’s one you, err defense contractors, can actually buy that has fault-tolerance and a separation kernel built in with mathematical methods used to prove general correctness and security:

            https://www.rockwellcollins.com/-/media/Files/Unsecure/Products/Product_Brochures/Information_Assurance/Crypto/AAMP7G_data_sheet.ashx

            You’re covered if you’re good with a 100MHz processor. Here’s an academic one that could probably be merged with RISC-V Rocket core with some loss of its 1.4GHz. Already runs FreeBSD capability-secure. Nobody building it as always. ;)

            https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/

            1. 2

              I wish we could buy a riscv board of desktop-class performance, even 10-years-ago desktops.

            2. 5

              You can disable Intel ME 11, through NSA’s secret switch: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

              AMD’s Platform Security Processor (now called “Secure Processor”), on the other hand, can not be disabled right now.

              1. 3

                Many people cannot disable ME because of boot guard. You need an old processor to be able to do it.

                Read all the disclaimers and FAQs here: https://github.com/corna/me_cleaner

                1. 1

                  Different concept. The NSA switch is a newer discovery and does a complete disabling of the god-mode extra CPU, not just a partial firmware delete like me_cleaner.

                  1. 1

                    It doesn’t totally disable the ME. Only after the board has booted:

                    [The undocumented NSA switch is] a mechanism that can disable Intel ME after hardware is initialized and the main processor starts […] The disappointing fact is that on modern computers, it is impossible to completely disable ME. This is primarily due to the fact that this technology is responsible for initialization, power management, and launch of the main processor.

                    1. 1

                      And what do you think happens to an exploit at the ME level after the post-initialisation disabling?

                      1. 1

                        I’m just saying that neither is a complete solution. With me_cleaner, the firmware is partially deleted all of the time. With the High Assurance Platform bit, the firmware is disabled some of the time.

              2. 2

                The Management Engine (ME) in x86-based computers just rids myself of any desire to study the security of this architecture anymore. I mean, what is the point, if you play against the hardware designer?

                1. 2

                  Protecting a massive amount of people and companies that are using x86. In case of legacy systems, they’re doing it possibly against their will since they can’t justify the risk of crashing the whole business totally changing all their internal systems and processes. So, a percentage of the security field works on x86-based solutions to mitigate what they can of that with another set doing monitoring and recovery solutions to pick up where first set leaves off.

                  Same for mainframe-based stuff. Same for ARM TrustZone now even though it’s already been quite broken based on a link I just submitted.

                  https://lobste.rs/s/ordicj/clkscrew_exposing_perils_security

                2. 2

                  “libreboot project recommends avoiding all modern Intel hardware”

                  https://libreboot.org/faq.html#intel

                  1. 3

                    Please stop publicising libreboot. ’Tis a silly project that simply copies and cripples coreboot. Go here instead: https://www.coreboot.org/Intel_Management_Engine

                    1. 3

                      Cripples how?

                      Coreboot is a rolling release only. Libreboot periodically takes snapshots of Coreboot, cleans the tree, and maintains that stable version for a while.

                      Personally I found Libreboot a lot easier to configure and compile. Stable versions help, and there also seem to be fewer knobs to adjust.

                      1. 0

                        Cripples how?

                        By removing code, data and functionality.

                        there also seem to be fewer knobs to adjust

                        Big surprise there. If you remove functionality, you remove configuration options. Libreboot should go back into obscurity. Coreboot is where the actual development happens.

                        1. 5

                          Less code is usually a positive in my book. Libreboot can boot my system, which is the most important functionality.

                          There’s some more justification at their FAQ: easier to compile, guaranteed to never include blobs, and documentation aimed at non-technical users.

                          They also acknowledge their role as redistributor rather than developer, and recommend development happens upstream:

                          All new coreboot development should be done in coreboot (upstream), not libreboot! Libreboot is about deblobbing and packaging coreboot in a user-friendly way, where most work is already done for the user. For example, if you wanted to add a new board to libreboot, you should add it to coreboot first.

                  2. 1

                    A bit late for the discussion, but would buying an Intel CPU without vPro let me avoid being vulnerable?

                    1. 0

                      Correct me if I’m wrong, but this can probably take down several countries, right?

                      sits back, waits for the apocalypse

                      1. 3

                        sits back, waits for the apocalypse

                        /grabs popcorn/ There won’t be any grand reveal, just a slow sputter and further erosion of trust.

                        I suspect the Chinese had figured this was out there, or soon would be, and that spurred efforts on the Longsoon and encouraged Zhaoxin Semiconductor to partner with Via and use what IP there was from Centaur to get an x86 compatible.

                        1. 1

                          Skylake did just ship, so they might not have entirely upgraded yet.