Viewing a single comment thread. View all comments

kore wrote

there was a really good CCC talk about this, basically explaining that you need to verify your hardware at the silicon level to really ensure that it isnt comprimised.

https://youtu.be/Hzb37RyagCQ

4

a_perfect_map OP wrote

Yeaaaa what up CCC! Yes totally, supply chain security is a big deal. But it is also a map/territory problem. I'm not really sure you can ever solve hardware security, short of getting a shovel and mining semiconducting materials yourself, haha. That's OK because it is a misconception that anyone can actually have airtight security period; the best you can shoot for is reasonable mitigation of risk and cross your fingers.

1

kore wrote

i agree. i wonder what the risk level of hardware backdoors is for the average *nix user.

also, security culture can be kind of difficult to get into for people who dont have technical skills. i think its important for the people with technical skills to make barriers to entry very low. computing and especially hardware/networking is a very white cis male dominated field

you talk of libreboot, maybe something like a free (as in gratis) service for anarchist orgs so they can get a laptop to manage their organization with.

I plan on looking into coreboot for my T430. you make a good point about the intel AME, i have the so-called advanced settings bios and you can disable it there. I also have an X60 (libreboot compatible) but those things are slow for general purpose computing (i.e. modern web browsing) even my x200s cant really handle it. any good project ideas for how to repurpose an old laptop? obviously theres stuff like an mpd server but id want to do something more oriented towards organizing.

2

a_perfect_map OP wrote (edited )

Hard to say how bad exactly but hardware backdoors are a problem for the average user, as, like any unpatched exploit, criminals have started exploiting them remotely.

https://securityaffairs.co/wordpress/58656/hacking/intel-management-engine.html

Yeah the tech industry hates women, bunch of jerks really. I don't get it. And you're right, there's this problematic white male dominance in tech in general. Silicon Valley are a bunch of sociopaths too IMO, really toxic place.

Fundamental computational education is pretty bad in the US relative to say, India, I think that's a big barrier too.

Cool on coreboot, that contains mystery binary blobs but its a big improvemnt I'm sure.

Old laptop project? How about a dedicated I2P router? Or, depending on your location, a mesh network node? At any rate, I think an open firmware router would be very useful.

Pinebook looks pretty sweet too!

1