FSF-Endorsed Libreboot X200 Laptop Comes With Intel's AMT Removed

← Back to Stories (view on slashdot.org)

FSF-Endorsed Libreboot X200 Laptop Comes With Intel's AMT Removed

Posted by timothy on Thursday January 29, 2015 @10:43AM from the if-thine-eye-offends-thee dept.

gnujoshua (540710) writes "The Free Software Foundation has announced its endorsement of the Libreboot X200, a refurbished Lenovo ThinkPad X200 sold by Gluglug. The laptop ships with 100% free software and firmware, including the FSF's endorsed Trisquel GNU/Linux and Libreboot. One of the biggest challenges overcome in achieving FSF's Respects Your Freedom certification was the complete removal of Intel's ME and AMT firmware. The AMT is a controversial proprietary backdoor technology that allows remote access to a machine even when it is powered off. Quoting from the press release: "The ME and its extension, AMT, are serious security issues on modern Intel hardware and one of the main obstacles preventing most Intel based systems from being liberated by users. On most systems, it is extremely difficult to remove, and nearly impossible to replace. Libreboot X200 is the first system where it has actually been removed, permanently," said Gluglug Founder and CEO, Francis Rowe."

179 comments

Min score:

Reason:

Sort:

even when it is powered off. by kairis · 2015-01-29 10:50 · Score: 1

AMT has remote power up capability but if the system is off ... it is OFF (no idle or standby).
1. Re:even when it is powered off. by Anonymous Coward · 2015-01-29 10:59 · Score: 2, Informative
  
  AMT has remote power up capability but if the system is off ... it is OFF (no idle or standby).
  Yes. "Almost all AMT features are available even if PC powered is off, the OS is crashed, the software agent is missing, or hardware (such as a hard drive or memory) has failed" declares Wikipedia. http://en.wikipedia.org/wiki/Intel_Active_Management_Technology
2. Re:even when it is powered off. by fuzzyfuzzyfungus · 2015-01-29 10:59 · Score: 4, Informative
  
  That may differ between laptops and desktops, or between AMT versions. On the desktops I've seen the AMT stuff is active if the PC is plugged in, regardless of its power state. Some of the capabilities of the AMT system cannot be used if the host PC is off; but the system itself runs on a separate processor and only turns off if the PSU is unpowered. Laptops may need to be more conservative, for the sake of retaining battery life while inactive.
3. Re:even when it is powered off. by Zitchas · 2015-01-29 11:00 · Score: 1
  
  I kind of suspect that is the point: Low level functionality that allows them to actually turn on the computer, not just wake it up from standby or hibernation. It also grants access for BIOS updating, erasing and reinstalling hard drives, and other access like that.
  I suspect that the only "Off" that would actually block its activity would be the more absolute "the power bar is turned off" type security. Which is probably a good idea anyway, these days.
  
  --
  Z
4. Re:even when it is powered off. by Anonymous Coward · 2015-01-29 11:08 · Score: 1
  
  Not true. It can power on systems remotely.
  http://www.radmin.com/radmin/intel_amt_features.php ...really really scary.
5. Re:even when it is powered off. by kairis · 2015-01-29 11:25 · Score: 0
  
  From the link ... Radmin can turn on a remote computer if its power cord is plugged in. Note the 'if'.
6. Re:even when it is powered off. by kav2k · 2015-01-29 12:01 · Score: 1
  
  Quoting the same article
  
  For wireless notebooks on battery power, OOB communication is available when the system is awake and connected to the corporate network, even if the OS is down.
  So no magical "I'll maintain that WiFi connection even when asleep"
7. Re:even when it is powered off. by Anonymous Coward · 2015-01-29 12:03 · Score: 0
  
  The computer is then essentially useless if it has no power.
8. Re:even when it is powered off. by TechyImmigrant · 2015-01-29 12:12 · Score: 1
  
  Assuming you haven't disabled it in the bios.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
9. Re:even when it is powered off. by Anonymous Coward · 2015-01-29 12:18 · Score: 0
  
  Assuming an attacker isn't aware of the always-on-no-matter-what remote configuration ability.
10. Re:even when it is powered off. by Darinbob · 2015-01-29 14:43 · Score: 1
  
  Presumably "off" does not mean "powered down with no obvious source of energy"? A laptop has a battery but a desktop does not.
  What if a laptop disables wifi (I always do this), will the bios power it up against my will?
11. Re:even when it is powered off. by Darinbob · 2015-01-29 14:48 · Score: 1
  
  I have my desktop, monitor, speakers, etc, all plugged into a power control thingy, and I always turn that off. So the desktop can not power itself on without a finger pushing a button. Ya, I'm a bit paranoid, or maybe it's OCD, but I like to power things off for real rather than allow standby/vampire power which can amount to a lot of juice if you add up all the devices doing this.
12. Re:even when it is powered off. by fustakrakich · 2015-01-29 15:18 · Score: 0
  
  will the bios power it up against my will?
  Maybe
  
  --
  “He’s not deformed, he’s just drunk!”
13. Re: even when it is powered off. by Anonymous Coward · 2015-01-30 00:51 · Score: 0
  
  Yes, it is similar to ilo or drac. You preconfigure acceptable wireless settings and can access it via vnc.
14. Re:even when it is powered off. by GrumpySteen · 2015-01-30 01:12 · Score: 1
  
  Not at all. It still makes a great paperweight and can be used to bludgeon enemies in a pinch.
15. Re:even when it is powered off. by Anonymous Coward · 2015-01-30 03:35 · Score: 0
  
  Enemies approaching you dressed in a pinch s/b a fairly rare occurance
16. Re:even when it is powered off. by JohnFen · 2015-01-30 04:09 · Score: 1
  
  I work with AMT systems. AMT systems can be powered up from being completely off (not in standby, etc.). This is accomplished because AMT processors contain an entirely separate little computer that itself never turns off, even when the rest of the system (including the CPU) is.
17. Re:even when it is powered off. by Shirley+Marquez · 2015-01-30 05:41 · Score: 1
  
  Old school systems that had a physical Big Red Switch (including the original IBM PC, XT, and AT) really were completely off when they were off. But pretty much every computer these days has a soft switch, and depends on some part of the circuitry getting a bit of power to monitor the switch so it can turn the rest of the system on.
18. Re:even when it is powered off. by lsatenstein · 2015-01-30 08:01 · Score: 1
  
  That may differ between laptops and desktops, or between AMT versions. On the desktops I've seen the AMT stuff is active if the PC is plugged in, regardless of its power state. Some of the capabilities of the AMT system cannot be used if the host PC is off; but the system itself runs on a separate processor and only turns off if the PSU is unpowered. Laptops may need to be more conservative, for the sake of retaining battery life while inactive.
  On the desktop, when the system is powered off, it is not truly off. The powersupply is on, and other power, however minimal, is obtained from the router or the hub connection. The powersupply is often sustained to keep the RAM alive, and some reboot info.
  Want it off, disconnect it from the router. If it has wifi built-in (as some desktops do), use the powerswitch on the back of the computer to fully poweroff the system.
  
  --
  Leslie Satenstein Montreal Quebec Canada
19. Re:even when it is powered off. by cthulhu11 · 2015-01-30 12:06 · Score: 1
  
  So it's a service processor, like we've been using for decades. Big whoop.
The year of Linux? by roc97007 · 2015-01-29 10:51 · Score: 2

Are privacy and security issues the leverage that finally puts Linux in people's hands in significant numbers?"
(Are there enough people who *care* about these issues?)

--
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
1. Re:The year of Linux? by TWX · 2015-01-29 11:01 · Score: 3, Insightful
  
  (Are there enough people who *care* about these issues?)
  Not for $700+ for an obsolete laptop, there aren't.
  
  I've seen some niche things, but DAMN, this is takes the cake.
  
  We have an X301 at home. It was a great computer when we bought it new, but the battery life is terrible by modern standards, the Centrino processor is slow, and the screen is dim and low-res. The weight, presence of an optical drive (though just DVD) and keyboard are the plusses. We just bought a replacement for it; I may still upgrade the RAM to 8GB from the 2GB that it has now so that it's a nice around-the-house lappy, but it's never going to be the primary computer ever again.
  
  If they'd managed to do this treatment to a Thinkpad X1 Carbon or something else that's modern then I expect a lot more people would be interested, but somethis this old? For this kind of money?
  
  --
  Do not look into laser with remaining eye.
2. Re:The year of Linux? by future+assassin · 2015-01-29 11:06 · Score: 3, Insightful
  
  Untill they classify it as a tool for promoting terrorism.
  
  --
  by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
3. Re:The year of Linux? by Anonymous Coward · 2015-01-29 11:06 · Score: 0
  
  Are privacy and security issues the leverage that finally puts Linux in people's hands in significant numbers?"
  The real advantage is being able to modify it for whatever reason, the openness is just a means to the possibility of improvement, there is no benefit as it stands aside from allowing for curios people to take a peek inside, not that many people are interested in doing that. If somebody leverages that to create some sort of fantastic improvement that is really beneficial then other people may buy one in order to get that improvement on their own systems. Though I doubt it would have time to gain momentum before the proprietary manufacturers incorporate whatever improvement that is into their products as well.
  The free software aspect of this is mostly a curiosity, nobody understands even close to every part and vulnerabilities are guaranteed to exist throughout so you do need to trust people at some point but it is neat for tinkerers to find out how these things work and if this results in some great innovative improvement or feature then so much the better.
  But the real reason why this has taken so long is that it is a means to an end, not an end in and of itself.
4. Re:The year of Linux? by roc97007 · 2015-01-29 11:28 · Score: 1
  
  Ouch. Good point.
  
  --
  Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
5. Re:The year of Linux? by CODiNE · 2015-01-29 11:33 · Score: 3, Insightful
  
  Let's not forget back in the day when Linux and the GPL was "communist".
  
  --
  Cwm, fjord-bank glyphs vext quiz
6. Re:The year of Linux? by bill_mcgonigle · 2015-01-29 11:56 · Score: 1
  
  Not for $700+ for an obsolete laptop, there aren't.
  It would be a decent one for a CA, to keep in the safe.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
7. Re:The year of Linux? by Gr8Apes · 2015-01-29 17:01 · Score: 1
  
  Are privacy and security issues the leverage that finally puts Linux in people's hands in significant numbers?"
  (Are there enough people who *care* about these issues?)
  Nah, BSD will be on the desktop before Linux makes it. Wait, it already has...
  
  --
  The cesspool just got a check and balance.
8. Re:The year of Linux? by Anonymous Coward · 2015-01-30 01:22 · Score: 0
  
  Surely it all depends on how highly you value your freedom (in computing). RMS has said he would rather not use a computer at all if there was not a free option available.
  As to how many people care about these issues, it only matters to the person selling them and whether they are trying to make a living from it.
  If you don't care for your freedom when using a computer, why worry?
9. Re:The year of Linux? by idontgno · 2015-01-30 02:36 · Score: 1
  
  It's a snowclone.
  "If you install linux, the X win!"
  "X" is the bogeyman of the day. Historical examples include Communists, kiddy porn users, Terrorists, Anarchists, Freemasons, Jacobites, and immigrants.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
10. Re:The year of Linux? by AmiMoJo · 2015-01-30 03:07 · Score: 1
  
  Actually it seems quite reasonable for the money, assuming that the battery is new (re refurbed quality replacement cells). It's no screamer but a Core 2 Duo is plenty for most desktop stuff. The 1280x800 resolution is fine for a 12" display on an ultra-portable. 8GB of RAM max, and with an SSD it should be pretty quick. Even the GPU isn't bad.
  Plus you get a nice Thinkpad keyboard, still pretty hard to beat, and Thinkpad build quality. If you want a secure laptop for business or general desktop stuff I'd say it is pretty good. Where else are you going to get something even half as trustworthy? In the EU all electrical items have a minimum 2 year warranty as well.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
11. Re:The year of Linux? by Anonymous Coward · 2015-01-30 03:59 · Score: 0
  
  Sad. Linux is all about freedom. What could be more American than that?
12. Re:The year of Linux? by caseih · 2015-01-30 04:13 · Score: 1
  
  I have an X200 and specwise it's hardly any different from the current X220. Same processor (i5), same speed, same memory options. I bought it only last year specifically because it had a real keyboard. So, no the X200 is still a great laptop. And $700 is a good price, about par with used X200s.
  When I got the X200, I wiped it and put Linux on it. Now months later, I was fiddling with the BIOS and discovered that the Lojack stuff is activated, and cannot be deactivated (fortunately it does nothing on Linux, so far as I've been able to read). In order to deactivate it I need to contact the company who makes the malware and provide them with proof of purchase, and they'll give ma code to deactivate it, provided of course it's not been reported stolen (always a risk when buying used laptops, even on reputable sites). The catch is that I have to be running Windows to deactivate it. Sigh. So my ears perked up when the article mentions they've replaced the firmware. Wonder if that can be done to existing laptops without too much trouble.
13. Re:The year of Linux? by Anonymous Coward · 2015-01-30 06:10 · Score: 1
  
  Possibly unknown to many of you, but Gnu/Linux is used by the U.S. Department of Defense.
14. Re:The year of Linux? by caseih · 2015-01-30 06:16 · Score: 1
  
  My bad. The X200 is a much older laptop. The X220 is what I have and it's practically identical to the X230, which is the latest shipping version that has the chicklet keyboard that I can't stand.
15. Re:The year of Linux? by Anonymous Coward · 2015-01-30 06:42 · Score: 0
  
  Its not just about privays and security, its about freedom to choose, learn, and modify. If one depends on a company to drive innovation forward, one will stagnate. When people are empowered to collaborate and innovate then an awsome power is created which drives innovation and future of humanity.
16. Re:The year of Linux? by vandamme · 2015-01-30 09:14 · Score: 1
  
  Which America were you referring to? 1776?
17. Re:The year of Linux? by MagicFab · 2015-02-01 02:38 · Score: 1
  
  I agree it's absurd to pay such a price for something Intel could be doing. Why is Intel's problematic setup the default in the first place?
  The higher-than-ebay cost for this machine basically covers maintaining a proper commercial operation for existing formware/BIOS modification, distributing and seliing the system, including:
  * Upgraded with an 802.11n wireless card (Atheros AR5B95, AR9285 chipset), ensuring full compatibility with free drivers in Trisquel GNU/Linux-libre.
  * The Gluglug ships to USA, Canada and European countries at no extra cost. Other countries may vary.
  * Each sale directly supports the Libreboot project, helping to fund further development of the software.
  If you want an X1 Carbon with such changes, have you written to ask Intel if/how they are working with the FSF? I sure hope the FSF has, but while we're waiting for Intel to do the right thing, I am happy to pay Gluglug to provide a faster way to get a system with better freedom.
  
  --
  Notepad specialist & FAT administrator, group training available
18. Re:The year of Linux? by RockDoctor · 2015-02-04 12:00 · Score: 1
  
  Not for $700+ for an obsolete laptop, there aren't.
  
  I got one of their previous offerings - an X60 with 3GB ram and a 320GB hard drive which I promptly replaced with a TB one I already had - for IIRC Â£220, and after a bit over a year I've had to spend another Â£20 to put a bigger battery into it. I dont' know what that translates into in dollars, whichever dollar you're using.
  Everything works properly, and without hassles.
  In contrast I spent half as much again on a brand new piece of shit at about the same time for the stepdaughter after she fried her laptop video with static. That had some piece of shit called Windows 8 on it which has been and endless source of problems.
  GlugLug seemed to struggle a bit with fulfilling orders after they last got a big write up in a UK-based Linux magazine. It took about 2_1/2 weeks from order to arrival.
  Bigger screen than the current machine ... hmmm, considering it.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
19. Re:The year of Linux? by RockDoctor · 2015-02-04 12:03 · Score: 1
  
  Coming soon (in a future libreboot update):
  ProteanOS BusyBox/Linux-libre operating system pre-installed directly in the SPI flash chip, alongside Libreboot. This will mean that the user has a full operating system available at all times (as part of the boot firmware) as a boot menu option for recovery or any other purpose such as updating libreboot, even if the HDD or SSD is removed from the machine. Those who order today will receive this as a software update when available, with installation instructions.
  OK, I'll put that idea on hold for a bit then.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
20. Re:The year of Linux? by Anonymous Coward · 2015-02-07 06:43 · Score: 0
  
  The x220 is currently supported by coreboot, but libreboot does not support it and may very well never i am sorry to tell you...
  Core 2 Duo/ 4-series chipset may quite possibly be the last intel cpu/chipset generation that can be booted without iniatializing the Mangement Engine (which is actually a small arc core implemented on die in the platform controller hub {used to be called the north bridge} - See Igor Skochinsky's awesome presentation for all the gory details of this 'intel inside').
  Intel's post core2duo stuff now use a fairly roboust cryptographically signed booting process which make bypassing the ME intialization stage incredibly difficult if not altogether impossible (thanks intel/nsa).
  There is some speculation it can by bypassed on the 5-series chipsets but the proof has yet to be seen. Check out the efforts for porting the x201 to libreboot for more details... If this succeeds (and I certainly hope it does), Nehalem/Westmere (1st gen Core series) may very well be the final generation of libre-compatible intel hardware...
  you can thank the asshats at nsa/darpa/intel/google/facebook/et al...
Since when is AMT controversial? by ArmoredDragon · 2015-01-29 10:55 · Score: 5, Interesting

I've always found AMT useful. It's turned off by default, so I'm not sure how it's a security risk. What I like about it is the following:
- Allows you to remotely manage client PCs in a work environment, up to and including re-formatting the HDD with a new OS, including being able to remotely mount a local ISO image to install the OS.
- Works even when some of the most critical system components don't work, such as CPU, RAM, etc, as it's an independent subsystem. Even if you don't want the remote management features, this is a huge deal when you have a seemingly dead system and aren't sure exactly how to fix it. AMT helps you figure out the EXACT problem FAST, and you don't even have to have the computer in your hands to do so.
- Integrates with LDAP (including Active Directory, Samba, etc)
- Provides the ability to power on and remotely wipe the laptop if it was stolen and contains sensitive data.
So what's so controversial about it?
1. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 11:03 · Score: 0
  
  It's turned off by default
  How do you know if you don't have the source?
2. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 11:03 · Score: 0
  
  "So what's so controversial about it?"
  You've listed a nice bunch of ways it can be used. Great.
  How is it secured?
  How do you authenticate and what is the history of that authentication pathway?
  Have you audited the silicon to check that other keys/passes aren't accepted by default?
  Because when you think about it, being able to do all those things is pretty damn scary. Imagine you have a rogue operator in your company that can do all those things to all of the systems? I'm sure you guard everything carefully, but holy fuck!! Forget all the crap hacking scenes in movies with thumbdrives and copy-progress bars and crap like that.
  If a rogue operator has AMT access. You. Are. FUCKED. Period.
3. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 11:04 · Score: 0
  
  I'm not sure how it's a security risk
  While it may have nice features, isn't it a security risk in the same sense as any other piece of proprietary software is? Especially one that can accept connections from the outside world? Source code under a free license please (and for the BIOS while you're at it.)
4. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 11:04 · Score: 1
  
  It's not possible to turn it off. Among other things it handles the "Protected Video Path" on Intel GPUs (aka it implements DRM).
5. Re:Since when is AMT controversial? by tlhIngan · 2015-01-29 11:10 · Score: 1
  
  So what's so controversial about it?
  It's not controversial. it's just it's another computer in your computer that's running Non-Free Software(tm). So they get rid of it and thus they have a computer that is Completely Free Of Proprietary Software.
6. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 11:10 · Score: 0
  
  It's not controversial, but it is a security risk. All remote access interfaces are security risks.
  Does it solve more problems than it causes? That depends on your needs. There's probably a non-trivial market for AMT-castrated laptops.
7. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 11:13 · Score: 5, Insightful
  
  God fucking christ dammit.
  How can you trust any hardware unless you audit the design and the machinery used to implement that design on silicon?
  The fact is that you can't.
  There are almost certainly undocumented Intel instructions or I/O ports which will enable software to bypass OS level protections. I imagine they are used almost never, but when they're used, you can be damn sure it makes a huge difference to the party with the privilege to know them. What can we do about it? Sweet fuck all until we get over the idea of trusting big business/government contractor (but I repeat myself) and develop and implement hardware the way we develop software. Won't the start-up cost be prohibitive? Eventually no.
  In the meanwhile, un-Clippered encryption will be outlawed, and hardware licensed to require backdoors.
8. Re:Since when is AMT controversial? by Rennt · 2015-01-29 11:25 · Score: 5, Insightful
  
  However you slice it, AMT is a backdoor. If you control the backdoor on your own equipment then you can do some cool tricks, but implementing a backdoor massively increases the attack surface of the system.
  The question is whether the cool tricks are worth the risk. For managed corporate drone PCs the answer is probably yes. For everyone else it is definitely no. For a personal laptop it's an emphatic FUCK NO.
  Badly written Hollywood movies used to give crackers stupid computer-superpowers. Now that AMT is here those kind of fantasies become reality.
9. Re:Since when is AMT controversial? by Obfuscant · 2015-01-29 11:25 · Score: 1, Informative
  
  It's not controversial. it's just it's another computer in your computer that's running Non-Free Software(tm). So they get rid of it and thus they have a computer that is Completely Free Of Proprietary Software.
  And also Completely Free Of Full Remote Management capabilities.
  I have a bunch of servers that all have iDrac or other management connections, and it sure is a lot easier to talk to a malfunctioning system when there is a dedicated remote console server. I've had people go wild using memory resources on some compute servers to the point that memory management is killing parts of the operating system. Parts that are required to remotely log in. Dedicated remote management means I can get a console to at least identify the problem (scrolling "killed" reports, e.g.) and then reset the system, without having to go find the physical system I need to poke.
  I can't recall a single laptop I've had that has an active network connection when it is off, so how would someone use this AMT on a Lenovo laptop to turn one back on to do anything to it? If you don't want remote access to a laptop that's turned off, unplug the network cable. Set a password on the remote access. End of problem. I call FUD on this fear.
10. Re:Since when is AMT controversial? by fuzzyfuzzyfungus · 2015-01-29 11:48 · Score: 2
  
  Any remote management tool would be a 'backdoor', except that it is put in place by the owner for their convenience and with their consent.
  
  AMT is a particularly powerful, and somewhat opaque, management tool. Anyone who suspects the possibility that(deliberately, or by mistake) those very, very, useful capabilities might be available to others under some circumstances would naturally be suspicious of it.
  
  And, for the FSF and those who share their concerns, the fact that it is a wholly proprietary(and tricky to remove or replace) blob embedded in the brainstem of their computer is not something that would make them happy.
11. Re:Since when is AMT controversial? by AK+Marc · 2015-01-29 11:53 · Score: 0
  
  I can't recall a single laptop I've had that has an active network connection when it is off,
  So because you've never had a computer with AMT, AMT doesn't exist? That's some weird logic you have. If your computer has WoL (most do) it has an "Active" network connection (as in a passive listening connection), even when you disable WoL, it's still listening, it just doesn't do anything. You don't have to electrically light your "transmit" wires to hear what's on the receive wires.
  
  so how would someone use this AMT on a Lenovo laptop to turn one back on to do anything to it?
  http://lmgtfy.com/?q=wake+on+l...
  
  --
  Learn to love Alaska
12. Re:Since when is AMT controversial? by halivar · 2015-01-29 11:55 · Score: 3, Funny
  
  Oh, I can see it now. Some Linux enthusiast (wait, no, a GNU/Linux enthusiast; run-of-the-mill Linux enthusiasts are too corrupted by pragmatism) poring over hundreds of giant sheets of chip diagrams, nodding sagely at incomprehensible engineering spaghetti he doesn't even understand. "Hmmm... yes... this all seems to be in order..."
13. Re:Since when is AMT controversial? by unixisc · 2015-01-29 12:03 · Score: 0
  
  THIS!!!! All the 'Libre' crowd rants about the source code of the software, but somehow gives a pass about the hardware not being open (here, RMS prefers the term 'open' to 'free', even while he rants at the term 'open source' for software).
  And this laptop - a lenovo - how is it preferable to the Librem laptop discussed here a few days ago, which was built from the ground up to be made w/ only publicly documented parts?
14. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 12:05 · Score: 1
  
  It'd be a security risk even if AMT were open source.
  It's an entire other operating system running on what is basically an entirely different computer that has complete control over your server. Do you bother updating it? You spend how many hours making sure your server software is up-to-date, and yet it's all for naught if a hacker breaks in through AMT.
  Same thing goes for IPMI. Heck, some vendors were shipping boxes with IPMI enabled, _and_ with SSH enabled to IPMI, _and_ with a default password.
  It's an insane state of affairs.
  Sure this stuff is convenient for a certain class of administrators. But it's most convenient for hackers.
  You don't need to be paranoid about hidden backdoors in AMT. It's inherently a backdoor, with or without nefarious activity by vendors or the government.
15. Re:Since when is AMT controversial? by Obfuscant · 2015-01-29 12:11 · Score: 2
  
  So because you've never had a computer with AMT, AMT doesn't exist? That's some weird logic you have.
  Didn't say that. I said I can't recall ever seeing it. Sorry the difference escapes you.
  
  If your computer has WoL (most do) it has an "Active" network connection (as in a passive listening connection), even when you disable WoL, it's still listening, it just doesn't do anything.
  It's hard to listen on an interface that has been shut off. Or on one that has been unplugged, which if you recall was what I suggested to deal with an always-on laptop network connection. Seems like I admitted they existed, which contradicts the words you tried putting in my mouth earlier.
  I know what "wake on lan" is, and I also know that it is a BIOS setting to enable and disable it. Still, you can't "wake on lan" a system that isn't connected to a lan, now can you? That seems like a simpler solution if you are scared of the boogeyman turning your powered-down laptop back on. It's not like you have to crawl under the desk to get to the network connection when you unplug a laptop.
  But using the simple solution doesn't allow for an "oh noes, the gov'mint can turn my laptop back on and monitor me, must buy a special laptop to be safe!" FUD campaign.
16. Re:Since when is AMT controversial? by unixisc · 2015-01-29 12:14 · Score: 1
  
  So is AMT hardcoded into the silicon - is it a part of the CPU, or is it something that's a part of the firmware in the flash, but in the boot section, thereby making it unremovable?
17. Re:Since when is AMT controversial? by TechyImmigrant · 2015-01-29 12:16 · Score: 2
  
  It's off by default. What have you been smoking?
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
18. Re:Since when is AMT controversial? by fuzzyfuzzyfungus · 2015-01-29 12:35 · Score: 4, Informative
  
  A mixture of both. The AMT system includes a dedicated ARC cpu, which runs its own OS and functions independently of the host to a large degree; but also can see into, and sometimes make use of, some of the hardware visible to the host system(details depend on version). For communication, for instance, the AMT system has access to the wired NIC below the OS's view(wireless NICs are more complex, I think AMT can do a direct connection to a trusted AP if configured to do so; but can't do VPN without piggybacking on the host OS), and it also has enough hooks into the various peripherals that it can do remote KVM in hardware, by emulating HID devices and snooping the framebuffer, mount an .iso as though it were a connected SATA device, and access some storage and memory locations that are also accessible to the host OS or programs, in order to gather data on system health, software versions, etc.
  
  I'm not exactly sure how the BIOS/UEFI flash and the flash that stores the AMT firmware are related to one another. On computers with AMT, a 'bios update' will often flash both; but I don't know if that's because they are just different areas of the same SPI flash chip, or whether it's just a convenience bundling of two nearly unrelated updaters.
19. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 12:36 · Score: 0
  
  It's a mixture of hardware and firmware. The hardware is something like an embedded ARM processor in the chipset with some extra signal paths so that it can be a parasite on the network and video links, initiate host power state changes, etc. It is very nice in theory, if you can control it and secure it, and very scary in practice when you consider that someone else can control it and you cannot secure it.
  The firmware includes a bastard web server and SOAP endpoints to allow remote management. The problem is that this is not an open and standard interface that anyone can review or maintain. It's a typical vendor-specific, embedded system crapfest. The firmware looks just as bad as your typical SOHO router firmware, likely riddled with security vulnerabilities and with no sensible update/patch mechanism in the field other than being updated when BIOS is reflashed.
20. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 12:39 · Score: 0
  
  That's cute. So just because you toggled an option in the BIOS you assume that it disabled it entirely. Per chance are you interested in a bridge in Brooklyn I'm selling?
  Reason #192839238 why nobody should be an IT administrator unless he's also a seasoned software developer who understands the distinction between a piece of software reporting one thing and actually doing that thing.
21. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 12:51 · Score: 0
  
  As I said, it's impossible to turn it off. Google around for protected video path and ME.
22. Re:Since when is AMT controversial? by K.+S.+Kyosuke · 2015-01-29 12:54 · Score: 1
  
  All the 'Libre' crowd rants about the source code of the software, but somehow gives a pass about the hardware not being open
  You must be living on a different planet.
  
  --
  Ezekiel 23:20
23. Re: Since when is AMT controversial? by Anonymous Coward · 2015-01-29 13:16 · Score: 0
  
  And IPMI itself has had security problems.
  Bruce Schneier has written about the remote management systems: https://www.schneier.com/blog/archives/2013/01/the_eavesdroppi.html
24. Re:Since when is AMT controversial? by TheDarkMaster · 2015-01-29 13:17 · Score: 1
  
  The problem is that it is a too powerful tool that if used for evil can cause impressive havoc and no one would know until too late. And a too powerful tool where you are not sure if you have the control you should have. Usefull, yes, but a too big security risk for my taste.
  
  --
  Religion: The greatest weapon of mass destruction of all time
25. Re:Since when is AMT controversial? by hermitdev · 2015-01-29 13:33 · Score: 1
  
  Not to be pedantic or argumentative, but how are you sure your open hardware design isn't manipulated or back-door'd after you hand it over to a 3rd party for manufacturing? There is no single person in the world that build a useful general purpose (in today's standards) computer from hardware to software, guaranteeing that no one else has had an opportunity along the way to manipulate it in some fashion. At some point, you have to start trusting people/organizations/companies. The fewer involved, the greater level of trust you can reasonably assume. We've already seen how the "many eyes" postulation may be flawed (see: openssl). I chalk that up more to human nature: everyone assumes everyone else is looking, so until you personally have a problem, you don't look, you just assume & trust. I know I do this; I only read others' code when I'm bored or have to. Once I'm sufficiently bored by reading others' code that I'm not paid to read, I get back to my regular job.
26. Re:Since when is AMT controversial? by Miamicanes · 2015-01-29 13:34 · Score: 1
  
  As I understand it, at the bare-metal hardware level, AMT is basically a networked JTAG programmer grafted onto the ethernet controller that can do things like read & write values into RAM, stuff values into the CPU's registers, update the BIOS NVRAM, and override the normal boot process as long as you have physical ethernet access to the same network as the target computer & can present AMT with credentials it's satisfied with. It basically starts with the foundation provided by Wake-on-Lan & PXE, and adds the JTAG-like capabilities and security on top.
27. Re:Since when is AMT controversial? by jhantin · 2015-01-29 14:05 · Score: 2
  
  Exactly. How is this materially different from an integrated remote-access card and baseboard management controller? I'm at a loss why Intel used an Argonaut core for it, though. I'd have expected a lightweight x86, or maybe an ARM. However, all that is beside the point.
  The main reason for all the hullabaloo is that the Intel firmware that normally runs on this coprocessor is delivered as a closed-source blob, which raises trust issues given how pervasive its access to the machine is. It's also had its share of bugs and exploits, some of which work even if AMT is turned off in the BIOS, since the coprocessor may still be doing mundane baseboard tasks like fan control.
  
  --
  ...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
28. Re: Since when is AMT controversial? by Anonymous Coward · 2015-01-29 14:08 · Score: 0
  
  Why not just disable the nic. Wires are nice but they defeat the purpose of using a laptop to begin with.
29. Re:Since when is AMT controversial? by unixisc · 2015-01-29 14:47 · Score: 1
  
  I agree w/ you, and the same argument goes for software. RMS and the FSF supporters tell us that we need the source code for the 4 GNU freedoms. Well, even hardware - particularly at chip level - has hardware description languages, or HDL code that defines it, both in a structural level and behavioral level. Yet, the same people argue that they are circuits, since they cannot be changed. Why not? Just get the HDL code, put it on an FPGA, and recode it whenever needed.
  For the record, I agree w/ the Open Source guys - focus on the advantages of FOSS code, and accommodate the business modifications needed to the licenses. That's the pragmatic approach, as opposed to the Copyleft cult of the FSF. And I have no problems w/ binary blobs, or closed drivers, or exceptions to the FOSS rule.
30. Re:Since when is AMT controversial? by Darinbob · 2015-01-29 14:51 · Score: 2
  
  But the instructor at the certificate course assured me that it was safe!
31. Re:Since when is AMT controversial? by Darinbob · 2015-01-29 14:53 · Score: 1
  
  So the whole point is to avoid walking to the client's desk? I remember when that used to be the majority of my social life...
32. Re:Since when is AMT controversial? by Fjandr · 2015-01-29 15:52 · Score: 1
  
  Even then, you can't really be sure unless you inspected the silicon wafers yourself.
33. Re:Since when is AMT controversial? by PopeRatzo · 2015-01-29 15:52 · Score: 3, Insightful
  
  At some point, you have to start trusting people/organizations/companies.
  
  What you're really saying is, "You don't have a choice, so just suck it up, princess. Privacy is so 20th century."
  No, you don't have to trust people/organizations/companies who have not earned your trust. You are the one paying. Use the power you have as a consumer. Weaponize your purchasing power.
  And always, always reserve the right to just say "Nope, I don't need it, I don't want it, and I'll find another way."
  
  --
  You are welcome on my lawn.
34. Re:Since when is AMT controversial? by PopeRatzo · 2015-01-29 16:07 · Score: 2
  
  There are reasons beyond the "4 GNU freedoms" to oppose these devices being installed into all new computers.
  I'll bet your not so sanguine about having a device installed in your car that allows for remote shutoff, location reporting and monitoring of your driving habits.
  Because the real question is not "what is so controversial?" but rather "how secure are these systems?" It's not about what a sysadmin can do with the power to remotely turn on your computer, but what some miscreant can do with that power when he inevitably gets his hands on it. And the computer in question is not the one on your desktop at work or your business laptop (that your company paid for anyway), but the one you have at home for your taxes/banking/personal communications.
  
  --
  You are welcome on my lawn.
35. Re:Since when is AMT controversial? by tepples · 2015-01-29 16:25 · Score: 2
  
  So the whole point is to avoid walking to the client's desk?
  Perhaps the point is to avoid flying to the client's desk in another country.
36. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 17:33 · Score: 1
  
  A locksmith can change a lock and then claim to give you all the keys to your lock. It's very possible that the locksmith has an ulterior motive, withhold a key to your lock and lie to you about it. You could now spend your life with this possibility in mind and do nothing about it, you can act to find evidence that this key exists, or you can choose to trust your locksmith that he isn't cheating you.
  Tell me, do you personally change your own locks and personally cut the corresponding keys or do you trust that your locksmith is not cheating you?
37. Re:Since when is AMT controversial? by MikeBabcock · 2015-01-29 18:04 · Score: 1
  
  May I direct you to the other closed-source firmware story of the day about DLink routers having remote DNS admin capabilities without password? You can't trust remote admin features on hardware when you can't see or have someone you trust see the software its running.
  
  --
  - Michael T. Babcock (Yes, I blog)
38. Re:Since when is AMT controversial? by TechyImmigrant · 2015-01-29 19:03 · Score: 1
  
  Yes, please keep lecturing me about products I design. I'm sure I'll learn more by 'Googling around'.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
39. Re:Since when is AMT controversial? by Ungrounded+Lightning · 2015-01-29 19:23 · Score: 1
  
  All the 'Libre' crowd rants about the source code of the software, but somehow gives a pass about the hardware not being open ...
  You haven't been watching very closely.
  *I* have been ranting on slashdot about AMT for years. Look it up.
  
  --
  Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
40. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 20:30 · Score: 1
  
  So I gather this version of GNU/Linux doesn't support SSH etc? or are they performing the usual BS double standard of it is only a remote backdoor if it isn't our endorsed tech.
41. Re:Since when is AMT controversial? by gnupun · 2015-01-29 20:46 · Score: 1
  
  wait, no, a GNU/Linux enthusiast; run-of-the-mill Linux enthusiasts are too corrupted by pragmatism) poring over hundreds of giant sheets of chip diagrams,
  They don't do that (poring) even for software, that they can read and understand, hence all these critical bugs. Why should manufacturers spill their millions of dollars worth secrets to a bunch of freeloaders? Vendors are fully within their rights to keep their designs secret -- If you don't trust their products, don't use it.
42. Re:Since when is AMT controversial? by Troed · 2015-01-29 21:06 · Score: 1
  
  What's controversial?
  Heard of humanity's latest hero - Snowden?
  On my personal computer there's no IT department that needs any of the things you mentioned. Thus it should be configurable.
  It's not.
  
  --
  it's in my head
43. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 21:17 · Score: 0
  
  >You don't have to electrically light your "transmit" wires to hear what's on the receive wires.
  Actually you do (for tp ethernet at least). You must send link pulses on the transmit pair to make the other end do anything other than transmit link pulses on the receive pair.
  But of course, most network cards can do this without the host running (eg WoL)
44. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 22:02 · Score: 0
  
  My Lenovo T430 with i5 purchased in 2012 has three BIOS options for vPro.
  1) Enabled.
  2) Disabled.
  3) Disable permanently.
  I thought that was very very strange. Why the (3)? If (2) worked then why need the (3) option?
45. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 22:15 · Score: 0
  
  Copyright holders are the biggest freeloaders. All "innovation" is 99% building on millennia of others' work.
46. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 22:22 · Score: 0
  
  since it exists.
  even if off by default, one can hardly verify it's status. you have to believe what computer says.
47. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 22:27 · Score: 0
  
  No, that isn't what he's saying. He's saying that while the desire for privacy is reasonable, don't be a faggot in the pursuit of 100% total privacy (which isn't even feasible).
48. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-29 23:24 · Score: 0
  
  Fuck you shill.
49. Re:Since when is AMT controversial? by gl4ss · 2015-01-29 23:34 · Score: 1
  
  that's like saying that crotchless pants are great for easy access when traveling on the subway
  
  --
  world was created 5 seconds before this post as it is.
50. Re:Since when is AMT controversial? by jabuzz · 2015-01-30 00:06 · Score: 1
  
  I don't trust the locksmith. So I actually fit the lock myself, and when it comes to getting keys cut the locksmith has no idea where the lock for the key I am getting cut is going to be located because I don't tell them or even give them my home address. In fact they don't even know my name because I paid in cash.
51. Re:Since when is AMT controversial? by jones_supa · 2015-01-30 00:23 · Score: 1
  
  We wouldn't have the screaming-fast modern computers with zigabytes of jibberies and Gordon Freeman if it wasn't for copyrights and patents creating business interest to put astronomical amounts of money and engineering into specialized proprietary research.
52. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-30 00:25 · Score: 0
  
  My apologies. I shall get off your lawn.
53. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-30 00:29 · Score: 0
  
  the difference is in who has the keys to the backdoor
  with SSH that's you, with proprietary AMT it's who-the-fuck-knows (but in all likelyhood it includes NSA, GHCQ and similar organisations)
54. Re:Since when is AMT controversial? by WillRobinson · 2015-01-30 00:52 · Score: 1
  
  I absolutely agree with you. Looking back and remembering what we thought technology would turn into from the 80's and looking at it today's light, things have gone to hell in a hand basket compared to what we thought these technology's would become. Remembering back to some of the first hacks we read about, I never thought we would be spending so much energy on securing every point, as either someone was trying to abuse the system or our own or other governments and entity's trying to monitor us or steal from us.
  I have unfortunately became my own father, "trust nothing you read, trust nothing you hear, and only trust half of what you actually see"
55. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-30 01:23 · Score: 0
  
  Oh, forgot to mention: the AMT system also exposes some features(like the 'serial port' that it provides as serial-over-LAN for management) to the host OS, so (again, depending on the version) a system with AMT in the hardware, and the software configured for use with AMT, will also have some OS drivers in communication with the AMT system.
  
  There are also 'programmable timers', which are essentially watchdog timers, provided by the AMT and maintained independent of the host OS, that allow for more robust 'agent presence' detection. Software on the host OS can trigger the timers; but not otherwise modify them, and the AMT system will register and report any misses, where a timer isn't triggered within the allotted amount of time. If supported by your software, this allows things like antivirus clients or those awful "clean access agents" to be assigned a timer to trigger, markedly increasing the odds that IT will know, quickly, if either malice or accident successfully disables the software and causes it to stop triggering the timer.
  
  I'm afraid that my descriptions are all either hyper-specific(if I've personally played with the function on a machine I've had access to) or fairly vague(there are 9 major versions, not sure how many minor versions, and some hardware configurations may lack certain capabilities for product differentiation reasons or because they don't have supported(read 'Intel') hardware in the correct location, the KVM feature, for instance, only works on Intel integrated graphics, it either cannot or Intel doesn't want it to be able to, snoop the framebuffer of a discrete GPU). There's some nontrivial complexity in the system(just ask about the various 'provisioning modes' if you want a heap of fun), and the state of the documentation and Intel support suggests that they really want AMT to be dealt with by vendors of corporate client management/security/etc. software and systems, rather than individuals going directly to Intel and working from there.
  
  It's not so much that it's all behind an iron wall of NDA(indeed, there are some patches of very informative material); but it's really patchy and somewhat cryptic. The capabilities are(while painfully nonstandardized) undoubtedly powerful, though. At least as punchy as many server LOM cards; but available in 'business' desktops.
56. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-30 03:04 · Score: 0
  
  Most likely, BIOS/UEFI changes force them to update the AMT firmware to keep everything working.
  AMT firmware is stored on the mainboard (for current/previous implementations anyway), so most likely they have one installer that accesses both flash EEPROMs. If they are even stored in separate ROMs--- which I doubt, since it's usually cheaper and easier to use a bigger ROM instead of designing a board with an additional ROM.
57. Re:Since when is AMT controversial? by mrchaotica · 2015-01-30 03:41 · Score: 1
  
  Tell me, do you personally change your own locks and personally cut the corresponding keys
  I do. All it takes is a screwdriver, you know. Some of the newer locks (e.g. Kwikset SmartKey) are even designed to be easily re-keyed by the owner.
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
58. Re:Since when is AMT controversial? by TechyImmigrant · 2015-01-30 15:41 · Score: 1
  
  Its the difference between "turn it off" and "I don't want this to be on my computer in the future".
  It's a benefit to you if you want to prevent someone with physical access to be able to turn it on then use it as a remote attack vector later.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
59. Re:Since when is AMT controversial? by Anonymous Coward · 2015-01-30 22:18 · Score: 0
  
  ... it's only a remote backdoor if you didn't install it or don't have the source.
60. Re:Since when is AMT controversial? by RockDoctor · 2015-02-04 12:16 · Score: 1
  
  And also Completely Free Of Full Remote Management capabilities.
  I have a bunch of servers that all have iDrac or other management connections,
  I suspect that you're not the target audience for this system.
  I have an 18-wheler truck for sale. Would that be good for your daily commute to the building with the underground par park?
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Now that all the secure everything is gone... by Anonymous Coward · 2015-01-29 11:00 · Score: 4, Insightful

Can we put it all back, under our control?
I want a computer that secureboot's my signed bootloader that boots my signed kernel that executes my signed init and starts a signed console with a signed login and logs me into a signed bash.
I want the promise fulfilled: that I know with cryptographic certainty that as long as my key is secure, "They" have not tampered with my persistent environment.
A far cry from what it has become: the MAFIAA knowing with cryptographic certainty that I have not tampered with my environment.
1. Re:Now that all the secure everything is gone... by Anonymous Coward · 2015-01-29 15:20 · Score: 1
  
  "They" are the ones manufacturing the computers. Like the one you used to post that crap, for example.
  Secure Boot was only ever meant to do two things, neither of which involve security or booting:
  1) Make it more difficult for anything other than Windows to run without minor to major headaches on a PC.
  2) Give Microsoft a means of providing a license key per copy of Windows in an area that the end-user can't get at. It's an extension of the "no used games" idea they had for the XBONE that people freaked the fuck out over...oddly enough, though plenty of red flags were raised about TPM and Microsoft closing in their monopoly on the PC market, there wasn't much of a fuss made about Secure Boot until it was too late to do anything about it.
  Again, note that neither of those involves protecting your privacy. It doesn't involve booting -your- signed kernel, it involves booting whatever kernel Microsoft permitted to be signed. If it weren't for the inevitable backlash I'm certain that Microsoft would steam straight ahead and just outright refuse to sign any other kernel than their own. "Linux on the desktop" and others now owes its existence to Microsoft "allowing" Linux to run on said device. Own an Android tablet? No problem. They regularly rattle their sabres at Android device manufacturers with vague threats about patent violations and as a result, over a billion dollars in revenue per year comes from Android...which comes from Linux. Microsoft is indirectly claiming ownership of Linux through aggressive litigation, essentially forcing companies into paying for a product they should be getting for free. If that sounds familiar, it's because they tried to do it by proxy, funding SCO until they ran themselves into the ground. Now they don't need companies like SCO in their back pocket, the only thing secured by Secure Boot is Microsoft's monopoly over the PC market. Now they're waving a free Windows 10 upgrade in people's faces to try and tempt them into hopping back on the Microsoft upgrade train...you think that a Windows 10 computer will be under your control? Here's a hint as to what's coming down the pike; Bitlocker, the only available option for full disk encryption for Windows at this point, uploads the encryption keys to Microsoft's servers for "backup" purposes. Oh, I'm sure it's all benign, they wouldn't misuse something like that. I'm sure not once has Microsoft ever turned over a user's encryption keys as a result of some "national security letter" or a briefcase full of cash from one of the three-letter-agencies like the NSA.
  To answer your question? No, you can't put it back under your control. You had your chance to fight TPM and Secure Boot, the same way that you fought CISPA/SOPA from being passed...didn't work this time. Now Microsoft has control...and whoever has control of Microsoft, by extension, controls you.
  You will never know with "cryptographic certainty" that "they have not tampered with" your "persistent environment." Unless you inspect every line of code, study every IC down to the micron level, audit each and every piece of the system you're running, your "promise" will never be fulfilled. If you don't know how a given system will react under all circumstances, you have to assume that it's potentially insecure. Hell, take a brief look around the front page for the Intel AMT article. You really think that the same administration who pondered a "kill switch" for the entire internet would abandon that idea just because of bad publicity? The CIA torture report was bad publicity to say the very least...yet it was a news story for all of about a week. They have their kill switch, they have a reliable means of powering on and accessing low-level system functionality, remotely. In addition to that, they have going for them a mostly apathetic populace, who are more concerned with their Facebook posts than the fact those Facebook posts are being collected and analyzed by foreign and domestic intelligence agencies. All the US need do to cripple a developed nation would
2. Re:Now that all the secure everything is gone... by yuhong · 2015-01-30 10:11 · Score: 1
  
  This is full of errors. For one thing, the way the Win8 license key is stored in the ROM has nothing to do with Secure Boot. I think it uses ACPI.
Inquiring minds want to know by Qzukk · 2015-01-29 11:01 · Score: 3, Funny

But does it run Windows?

--
If I have been able to see further than others, it is because I bought a pair of binoculars.
1. Re: Inquiring minds want to know by Anonymous Coward · 2015-01-29 11:11 · Score: 0
  
  Can AMT play Crysis?
2. Re:Inquiring minds want to know by Anonymous Coward · 2015-01-29 11:12 · Score: 0
  
  The previous one (the X60) did not because the stuff Windows needs to boot were not present. I assume it's the same situation for this too.
3. Re: Inquiring minds want to know by Anonymous Coward · 2015-01-29 11:36 · Score: 0
  
  not with intel shit on board video,
4. Re:Inquiring minds want to know by Anonymous Coward · 2015-01-29 11:39 · Score: 1
  
  So in other words I'm not free to choose which user-space operating system I want.
5. Re:Inquiring minds want to know by Anonymous Coward · 2015-01-29 18:56 · Score: 0
  
  You are perfectly free to chose, the differences with vanilla PCs are well documented.
  The fact you can't because Microsoft doesn't allow you to fix their OS with the HW is your problem.
  But for example FreeBSD will run on it.
6. Re: Inquiring minds want to know by Anonymous Coward · 2015-01-29 19:58 · Score: 0
  
  So show me how to boot BSD with stock LibreBoot.
  BTW you can boot Windows or BSD but you have to change payload from GRUB to SeaBIOS.
OLD Hardware by Anonymous Coward · 2015-01-29 11:08 · Score: 0

Let me know when I can buy one that isn't 5+ years old hardware.
Thanks!
1. Re:OLD Hardware by unixisc · 2015-01-29 12:16 · Score: 1
  
  Why not go w/ the Librem, discussed here a few days ago?
2. Re:OLD Hardware by j0se_p0inter0 · 2015-01-30 05:05 · Score: 1
  
  Different guy here: I would love to get one of those but they are significantly more expensive (granted the hardware does look very nice, it's probably worth it). I'm tempted to pick up a Libreboot X200 sometime soon, with 8GB RAM and an SSD it should be more than adequate for running a lightweight desktop and doing all the stuff I typically do. The keyboard looks very nice.
3. Re:OLD Hardware by Anonymous Coward · 2015-01-30 12:34 · Score: 0
  
  Purism hasn't been able to fully free the BIOS yet. "Intel includes an FSP binary into the BIOS (Purism is working to have that binary freed)." We don't know for sure that they will succeed.
AMD by Atmchicago · 2015-01-29 11:09 · Score: 3, Interesting

Would it be easier to go with an AMD laptop? Do they have similar firmwmare concerns?

--
You can lead a horse to water, but you can't make it dissolve.
1. Re:AMD by Anonymous Coward · 2015-01-29 11:40 · Score: 0
  
  Sadly AMD implements something very similar
2. Re:AMD by Anonymous Coward · 2015-02-01 00:45 · Score: 0
  
  I was thinking the same thing. Just ditch intel
So... by Chas · 2015-01-29 11:09 · Score: 0

$550-750 for a 6 year old, low-resolution, low memory laptop?
I mean, if I absolutely HAD to have something FSF-compliant without the possible security risk of AMT...
But, honestly, that same amount of money will get you a MUCH better NEW laptop and there are ways to secure a system around AMT.

--

Chas - The one, the only.
THANK GOD!!!
1. Re:So... by TWX · 2015-01-29 11:15 · Score: 1
  
  ...if I absolutely HAD to have something FSF-compliant...
  Such requirements are only self-imposed requirements. Even defense contractors like Boeing use stock computers from large OEMs like Dell.
  
  I can't think of a single instance when something being FSF-compliant matters at all, except maybe if you want to work for Richard Stallman. If Wikipedia is to be believed then there are exactly twelve people in the world affected.
  
  --
  Do not look into laser with remaining eye.
2. Re:So... by Anonymous Coward · 2015-01-29 11:31 · Score: 0
  
  These backdoors are mandated by the US government for all future computers. It will be interesting to see if this laptop remains distributable. However: the choice is stark: we either face a world where the US government can, at a whim, disable all computers in a foreign nation, or one where we choose to use computers like these laptops. If you wish to have any policy choices made by your government or community that aren't "do exactly as the US government tells you and don't complain about it" -- these laptops are a necessity.
3. Re:So... by Anonymous Coward · 2015-01-29 12:20 · Score: 0
  
  Even NAVY R&D use's off the shelf computers from places like dell. course my group take security very serious and we have a shielded and isolated network with zero Wi-Fi , Bluetooth ect allowed. hell even USB ports are removed...like from the Pc board itself so they couldn't do anything with AMT if they wanted but still....
4. Re:So... by Anonymous Coward · 2015-01-29 12:54 · Score: 0
  
  As a Billy-Bob Parent with a home network, I'm very disturbed by this revelation as it means none of the computers on the network are secure.
  What this means to me and many other end-users (not business users) is that someone can access our computers w/o our knowledge (spam bots anyone?) though as they've figured out how to completely remove the feature from the firmware, they should now have an idea how to do it on later hardware and I hope they push it quickly. My Q87 based system - sub $100 board - would get this replacement firmware once it's assured to be stable. I just checked the Windows Device Manager and although it's supposedly disabled in the firmware, Windows wants to load a driver (non found) for it. Impressive isn't it?
  It's these kinds of actions by Intel and all the damn 2+ letter Agencies that makes us wonder what they're up to. It also means I have to really consider replacing the entire system with an AMD based Opteron just to avoid this firmware mess (are they any better?).
5. Re:So... by TheDarkener · 2015-01-29 13:01 · Score: 1
  
  I can't think of a single instance when something being FSF-compliant matters at all
  Except for ones own piece of mind, of course. Which I guess doesn't matter.
  
  --
  It is pitch black. You are likely to be eaten by a grue.
6. Re:So... by tshawkins · 2015-01-29 13:10 · Score: 1
  
  Interesting, the first time they did that, it would trigger a wave of replacement world wide, so you get the situation where they wont because they dont want to burn that card.
  It long past the point where the world needs a reliable supply of non-US based technology components, i now consider almost everything originating from the US as being irrevocably compromised. And china is not much better.
  We have sold our souls to the devil for the nice tunes he plays, and now we have to pay.
7. Re:So... by AHuxley · 2015-01-29 14:03 · Score: 1
  
  Re: "It long past the point where the world needs a reliable supply of non-US based technology components, i now consider almost everything originating from the US as being irrevocably compromised"
  Yes this is the first small positive steps that keep the networked computing side. The user gets new firmware, hardware and an OS thats more understood. The hardware also has some of the more remote friendly aspects looked at.
  The next step for nations is a box with a chip and motherboard that is fully understood as designed. Beyond that is paper, a typewriter, one time pads and number stations.
  Projects like this will help a lot of people and nations :)
  
  --
  Domestic spying is now "Benign Information Gathering"
8. Re:So... by AHuxley · 2015-01-29 14:13 · Score: 1
  
  Re: "But, honestly, that same amount of money will get you a MUCH better NEW laptop and there are ways to secure a system around AMT."
  The issues with the newer systems is the remote low level access thats part of the "NEW laptop" or computer system.
  If a person is seen and tracked outside away from their networked computer that would give time to access that networked computer.
  Some of the needed tools are are built into the hardware as sold and powered waiting for the remote commands.
  After a system is altered all the owner would see in their own logs is the soft sleep or shutdown and their own use.
  Projects like this remove some of that built in, waiting, easy remote access as sold. A remote system that could have granted easy network access might now need physical access or other network access that might be more a bit more difficult to hide.
  
  --
  Domestic spying is now "Benign Information Gathering"
9. Re:So... by Chas · 2015-01-29 15:34 · Score: 1
  
  This is where the whole notion of risk management comes into play.
  Now, if you're a world famous nuclear scientist working on spurting-edge fusion power experiments, a stupid-rich CEO of an unpopular company or a politician with even more dirty laundry than your AVERAGE political hack, you're probably a FAR bigger target than "Joe Familyguy".
  I'm not saying "don't secure your shit.
  But at some point, the risk/return equation simply becomes unacceptable for most people.
  Technically, if you disassembled your machine, broke it down to component parts, sealed each part inside an air/water-tight safe (a different safe for every part), and buried each part in a location only known to you in a concrete and rebar cage. Your shit would be REALLY fucking secure.
  But actually using the system (let alone accessing the data) becomes an unacceptable hassle.
  So, at some point, there's ALWAYS tradeoffs between security and usability. ALWAYS. Anyone telling you different is selling you a line of high-grade BULLSHIT.
  
  --
  
  Chas - The one, the only.
  THANK GOD!!!
10. Re:So... by Anonymous Coward · 2015-01-29 22:31 · Score: 0
  
  So you are going to switch to equipment with backdoors installed by the mandate of the Chinese government instead. Brilliant!
11. Re:So... by RockDoctor · 2015-02-04 12:32 · Score: 1
  
  I make it a smidgin under $400, since I've got bigger hard drives already available. Assuming you're talking about US dollars.
  Say you wanted to spend $750 on a newer laptop, then needed to spend 10 hours researching it and working out how to disable all remote management things and remove proprietary blobs from the firmware. Oh, and add in a modern WIFI chip too. That would be implying that you value your time at ~$35/hour.
  If you value your time more highly than that ... well, it may become worthwhile to look at a solution like this.
  Will a modern (last couple of years) laptop really let you get your work done more rapidly?
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
12. Re:So... by RockDoctor · 2015-02-04 12:41 · Score: 1
  
  Even defense contractors like Boeing use stock computers from large OEMs like Dell.
  
  I don't know about defence contractors, but I'll be in the offices of an oil major tomorrow lunch time because they wipe the hard drives of all their OEM laptops and re-image them with a heavily customised version of XP, Vista or Win7 with all sorts of weird different networky things. Pain in the arse, but that costs them money - I go into their office for a videoconference meeting (because their laptop won't work on anyone else's network), and they pay a day's day-rate.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
A Perfect Metaphor For the FSF/GNU... by Anonymous Coward · 2015-01-29 11:09 · Score: 0

These RYF (Respects Your Freedom) laptops are a perfect metaphor for the FSF/GNU. Old, tired, retreads that are overly expensive and innovate nothing. Back in the 80's and 90's GNU was innovating and inventing, can you name the last innovation/invention coming from GNU? Red Hat (for better or worse), OpenBSD, FreeBSD have all been putting in massive work and the FSF/GNU has been all politics, and I can't even think of any political work they've made a difference on.
I can boot, run, and be productive on FreeBSD and Fedora on my UEFI booting MacBook and W530 ThinkPad. I'm not spending $540 + shipping for old tech just because it gets an FSF endorsement. The FSF is teetering on irrelevancy.
1. Re:A Perfect Metaphor For the FSF/GNU... by Anonymous Coward · 2015-01-29 11:31 · Score: 1
  
  Newer Intel things are much harder to free (for example, removing AMT from later Intel boards makes it reset every 30 minutes like clockwork.) At least people are trying to do something though. Instead of bashing on these efforts, why not focus on getting Intel and AMD to free those proprietary bits of software? Then it would not be necessary to waste months of effort on older hardware only to have someone bash on them that it's not good enough.
2. Re:A Perfect Metaphor For the FSF/GNU... by unixisc · 2015-01-29 12:26 · Score: 1
  
  I fully endorse this! I visited a Linux conference in my city several months back, and all the booths had something interesting or the other. Only exception was the FSF - except for slogans like iBad and posters & stickers, they really had nothing worth showing. And how can they be, when they've completely discounted the importance of good products, and made liberated products the only criteria by which to endorse? Other companies make products around Linux or the BSDs, while all these guys do is take a fully functional Linux, cripple it some b'cos the software that makes it better ain't liberated, and then they expect people to pay equal or inflated prices for those.
  What are all the GNU programs I have on my computer? Most of them - GTK+ ones - now conquer my whole screen and are usually difficult to resize, except under GNOME. Functionality - less than other standard BSD or Linux programs. If GNU wants to be relevant, there is one way they could do it - have their cadres focus on writing great software, as opposed to being the Software industry's equivalent of the OCCUPY crowd.
Isn't it just easier to avoid Core vPro? by Anonymous Coward · 2015-01-29 11:13 · Score: 0

Why not just buy a laptop with either an AMD CPU or an Intel Core that is NOT a vPro series (which is nearly 100% of all consumer retail laptops)?
Intel vPro CPUs typically only make it into corporate purchased laptops.
This is a solution looking for a problem.
1. Re:Isn't it just easier to avoid Core vPro? by Anonymous Coward · 2015-01-29 11:18 · Score: 0
  
  They come with a proprietary BIOS. This machine doesn't. That's the point.
Hey Insane RMSDSer, yes YOU! by Anonymous Coward · 2015-01-29 11:25 · Score: 0

You suffer from RMSDS, Richard M Stallman Derangement Syndrome. This is a mental illness typified by behaviour such as a disturbing fascintaion with RMS's personal habits, to a paranoid absurd delusion that RMS has never accomplished anything and GNU is a failure.
Whatever your accomplishments, RMS's fully eclipse yours, and he will be remembered as an important historical figure for centuries to come. His name will live on, and be celebrated. To contrast, you have no name, so you won't even be forgotten.
1. Re: Hey Insane RMSDSer, yes YOU! by Anonymous Coward · 2015-01-29 11:49 · Score: 0
  
  I think in your case RMSDS stands for something entirely different. I think you take the church of emacs and saint ignutius stuff too seriously.
2. Re: Hey Insane RMSDSer, yes YOU! by borknado · 2015-01-29 12:07 · Score: 1
  
  I agree, for me it stands for RMS Decidedly Successful. He's on the level of Alan Turing. Turing was driven to kill himself by people against who he was back then. Same thing for some people now with RMS. His philosophy of freedom as in libre will be common sense in 100 years, and people like you will be looked back on in shame.
3. Re: Hey Insane RMSDSer, yes YOU! by Anonymous Coward · 2015-01-29 12:17 · Score: 0
  
  THIS is why I don't like RMS or his minions. Disagree and it's "shameful" or "evil". Its worse than any religion out there. I KEEP ALL THE COMMANDMENTS. I say GNU/Linux, I say Free/Libre and NEVER say open source, I don't use flash, I boycott Sony, Apple, Amazon, and never use streaming services. I still use gnewsense I haven't even switched to Trisquel yet, but because I think RMS' fans are worse fanboys than Apple's,or worse than any bible-thumper, I must be an enemy. Keep your stupid RMS god worship. I do fight for libre, but I don't worship RMS nor do I follow it like some stupid religion.
4. Re: Hey Insane RMSDSer, yes YOU! by borknado · 2015-01-29 13:35 · Score: 1
  
  Funny how when its RMS, it's "religion" and "god worship" but when it's Einstein or Newton it's just appreciating the immense contributions made by a gifted intelligent individual. I hear the same thing with anti-Obama nutbags, calling anyone who has admiration for him a stupid "worshiper" who "drank the Koolaid". Ah, the convenience of self-justifying logic. How nice that must be for you.
5. Re: Hey Insane RMSDSer, yes YOU! by Anonymous Coward · 2015-01-29 14:13 · Score: 0
  
  I don't see a lot of people saying "His name will live on, and be celebrated. To contrast, you have no name, so you won't even be forgotten." or "you will be looked back on in shame" or other ad hominem attacks on those who point out Newton's flaws. Face it, you're a religious zealot, but for RMS.
  and as a side note, if people are claiming you "drink the koolaid" over or "worship" Obama, or anyone else, maybe you just have a tendency to worship people. It's pretty plain to see you worship him here.
6. Re: Hey Insane RMSDSer, yes YOU! by Anonymous Coward · 2015-01-29 14:19 · Score: 0
  
  I think the quote at the bottom of /. is fitting for someone like you "They laughed at Einstein. They laughed at the Wright Brothers. But they also laughed at Bozo the Clown. -- Carl Sagan" RMS is a clown. An unfunny clown who has stupid meltdowns and delusions of delusions of grandeur
  youtube.com/watch?v=jskq3-lpQnE
7. Re: Hey Insane RMSDSer, yes YOU! by Anonymous Coward · 2015-01-29 14:28 · Score: 0
  
  RMSDS Alert. The above slashdotter (AC) is exhibiting acute mental illness.
8. Re: Hey Insane RMSDSer, yes YOU! by borknado · 2015-01-29 14:31 · Score: 1
  
  lol, I had you pegged. Anyone who likes someone you don't like is a "religious zealot". Face it, you just resent RMS, and Obama, who are in your face about being good people and doing good things, and you can't do anything about it. You're the very picture of abject impotence..
9. Re: Hey Insane RMSDSer, yes YOU! by Anonymous Coward · 2015-01-29 14:42 · Score: 0
  
  I do resent RMS, I loathe the FSF and GNU, I loathe that they think if not for them, Libre/Free wouldn't exist, (Debian and OpenBSD seem to be doing more), they push out brilliant people like Miguel de Icaza over crappy politics (RMS calling Icaza a traitor is when I gave RMS the boot) you are completely wrong about my views on Obama.
10. Re: Hey Insane RMSDSer, yes YOU! by borknado · 2015-01-29 15:34 · Score: 1
  
  Icaza is an interesting person. I loathed him during the Novell days. He was doing evil in my view. Now, at Xamarin, I think he is doing immense good. But, he is only doing that good because he was stopped from doing any more evil. Sometimes brilliant people need to be contained and redirected. Icaza is a prime example.
11. Re: Hey Insane RMSDSer, yes YOU! by Anonymous Coward · 2015-01-29 15:57 · Score: 0
  
  Even though "contained and redirected" sounds awfully non-freedomy, you are right. And RMS needs to be contained and redirected As does the FSF and GNU. But with so many people buying lock-stock into his BS and being yes people, it makes it impossible to contain and redirect him/them. Despite our bickering, I bet we're close in our ideology, I just think that people worshipping him like you seem to, makes it harder to contain and redirect him, the FSF and the GNU project.
  One of my favorite people from President Obama's administration was Van Jones. He said we need to "drop the radical pose for the radical ends" and RMS' immature hatred of Microsoft and Apple, refusing to call it Windows because WIN is a positive thing, and Windows isn't positive, and all the immature "Micro$oft" stuff and calling it iBads instead of iPads, it's all radical pose. Microsoft opened .NET. Azure runs Linux. None of this is because of RMS. It's more likely Icaza, and Torvalds, et. al.
12. Re: Hey Insane RMSDSer, yes YOU! by Anonymous Coward · 2015-01-29 22:44 · Score: 0
  
  When you call people evil for applying their talents and making a career in a way you don't personally approve of, go look at yourself in the mirror. You are the one who is evil demanding other people only work on projects you have personally handpicked as being morally acceptable. Just like with communism, communist governments give you the illusion of choice, but the only choice they will allow you to make is communism. The same thing goes with Richard Stallman's concept of free software. He would throw people into gulags for developing a project with the not free enough license if given enough power.
13. Re: Hey Insane RMSDSer, yes YOU! by borknado · 2015-01-30 06:30 · Score: 1
  
  Your comment shows the basic confusion people like you suffer from, and RMS has a one-liner that encapsulates it perfectly: "The freedom to remove another person's freedom is not a freedom at all, it's tyranny." If your software project's "success" means the loss of freedom for a lot of people, then your project should fail. It's basic ethics and morals. Comcast would post amazing returns to its investors if everyone was forced to use them for broadband... why shouldn't we let them have a monopoly?
14. Re: Hey Insane RMSDSer, yes YOU! by borknado · 2015-01-30 06:39 · Score: 1
  
  We probably are close in ideology. But consider this, if RMS was any less of a clever zealot, would the Novell project have failed like it should have? Would Microsoft be playing nice now? Would Linux exist as it does? Would people even have a free c compiler? Do you really want to roll those dice? With the Snowden revelations, and ever new threats to our freedom emerging every day as tech changes, don't we need some unwielding force for libre, so that the middle we end up in is somewhat tolerable, like it is now? I personally use all sorts of proprietary code, and I write proprietary code, but I am glad RMS is doing exactly what he is doing, so that overall I live in a (somewhat) free world of technology. Ugh, imagine if GNU/Linux didn't exist, and all we had were IIS servers! As for Microsoft, remember that the .NET project was originally just another one of their "Embrace/Extend/Extinguishi" shticks. Now it can actually so some good because it will simply never be dominant.
Snore. by Anonymous Coward · 2015-01-29 11:38 · Score: 0

Someone installed libreboot and Trisquel on an ancient laptop. Stop. The. Presses.
I use Trisquel on a new ThinkPad. I disabled AMT. Can I have my own headline?
1. Re:Snore. by unixisc · 2015-01-29 12:30 · Score: 1
  
  Get the FSF/RMS to do some ass-smooching, and then you too will get your /. headline
Um, let me get this straight... by Anonymous Coward · 2015-01-29 11:40 · Score: 0

For better security I should pass on all the more reputable systems out there because they have an Intel back door... and go to a machine produced by the Communist Peoples' Liberation Army which could (and probably is) be stuffed full of counterfeit chips some of which might contain some very nasty undocumented and as-of-yet undiscovered backdoors... and THIS is endorsed by the FSF????????
Methinks the hard-left ideology of some of the people at FSF have made them blind to certain risks which come from the extreme left.
People need to pressure Intel to make these functions HARDWARE disableable (like with a processor pin going to a switch or jumper) just as pressure was put on them to get rid of the unique processor ID stuff they were pushing back in the 80x386 era; that worked. I'm not sure there is ANY amount of pressure westerners could apply that would make the Chinese PLA back down on any bad stuff THEY are building into the computers they are selling into the west.
For safety, put anything important on systems that have NO connection to the web, and only connect systems to the web that contain nothing important.
1. Re:Um, let me get this straight... by unixisc · 2015-01-29 12:34 · Score: 1
  
  I've wondered that as well. Why do these laptops need to be based on an x86? Use something like RMS' previous fav - a Loongson CPU, or an Allwinner - the same thing being used for some Android tablets. That way, one can get a fully documented thing. Of course, it would be illegal to sell that in the US due to laws violating IP, but since when has that stopped RMS, or the FSF, which is his sock puppet?
What about CPU microcode? by Balial · 2015-01-29 13:04 · Score: 2

If you're going to drop the Intel ME, Intel could still put something together in the CPU microcode patches. Or, you know, just in the silicon itself.
This product is a sham. "Only free software -- until it's not".
1. Re:What about CPU microcode? by gnujoshua · 2015-01-29 15:31 · Score: 1
  
  Except that the Intel Microcode on the CPU has been wiped no Intel Microcode patches or updates are applied to the CPU on the Libreboot X200. So "it is free software and it continues to be free software?"
2. Re:What about CPU microcode? by yuhong · 2015-01-30 10:08 · Score: 1
  
  Microcode don't run when the computer is powered off and can't connect to a network directly.
3. Re:What about CPU microcode? by The+Finn · 2015-01-31 06:35 · Score: 1
  
  CPU microcode still exists even if the blobs aren't included. You're just limited to the version that's included with the stepping of your CPU. I believe the management engine (ME) on the chipset is the same way. (On the server side, at least, the chipset won't allow the CPUs to boot without an ME blob.)
  Just because your software doesn't include any blobs doesn't mean that there aren't any blobs on the hardware.
  
  --
  NetBSD: the cathedral vs the bizzare.
Sold as enterprise machines by Anonymous Coward · 2015-01-29 15:35 · Score: 0

The market for this is the enterprise. Say you have a Snowden employee. You can wrap around the PC software and monitor all traffic in and out. You can detect an unauthorized OS such as booting from memory stick. You can remotely re image a drive that has been severely compromised by malware. You can shut down a machine attacking your network from the inside such as the ransomware file encryption.
If you own a business this is an IT department God mode saving many trips out to the machines in a multi-national deployment.
If you buy one for your own personal use and don't have access to the God mode shell and your laptop is either stolen or compromised, then you are pretty much not needing or wanting this.
If you do buy one and it does log into your network and is stolen, then you can do everything such as keylog, sniff passwords, copy files, change passwords, etc.
The question is who is in charge of the God mode?
Since Intel a private corp made it, I presume they don't want the NSA into their IP either, so unless the interface is exposed, they should be relatively secure from the NSA, but never trust the NSA other others from gaining access.
Re:Walking to the client's desk by Anonymous Coward · 2015-01-29 15:43 · Score: 0

For the enterprise this was designed for, this is not always an option. Intel Oregon for example has RA campus of D1B, D1C, D1D, D1X, RA1, RA2, RA3, then 5 more campuses including Cornell Oaks, Jones Farm, Aloha, etc. Add a few VPN clients and you can see the value.
I am actually excited about Intel AMT by iamacat · 2015-01-29 17:00 · Score: 0

If I understand it correctly, I would be able to power on, fix or reimage my home desktops/laptops while at work or away on a trip. Or fix my moms crashed computer from half way around the globe. And, since all communication is authenticated with a TLS certificate, there is little danger of other taking over my hardware.
I understand people's right to be paranoid or want 100% open systems, and hope that appropriate choices remain available. But even for most Linux kernel developers a failsafe way to repair an unbootable system from remote is a good thing.
1. Re:I am actually excited about Intel AMT by Anonymous Coward · 2015-01-29 19:56 · Score: 0
  
  You are a paid shill.
  No one in F/L/OSS would want this backdoor.
  No one.
  Ok, maybe feminists and systemders, but noone else.
2. Re:I am actually excited about Intel AMT by Anonymous Coward · 2015-01-29 20:36 · Score: 0
  
  You are a moron, many of us want and USE this even with OSS. when supporting a large fleet of desktops across multiple regions or even countries this sort of technology saves companies millions of dollars.
3. Re:I am actually excited about Intel AMT by gnupun · 2015-01-29 21:00 · Score: 1
  
  If I understand it correctly, I would be able to power on, fix or reimage my home desktops/laptops while at work or away on a trip. Or fix my moms crashed computer from half way around the globe.
  And govt agencies and hackers would also be able to do this and we don't want that. As far as fixing your mom's computer, a simple video chat using some mobile phone can be used to fix the computer, without the invasive spyware.
4. Re:I am actually excited about Intel AMT by Anonymous Coward · 2015-01-29 22:48 · Score: 0
  
  The OP is a unemployed neckbeard living in his mothers basement. He has no need to do remote admin because he never leaves his house.
5. Re:I am actually excited about Intel AMT by Anonymous Coward · 2015-01-29 23:13 · Score: 0
  
  You are a paid shill, as I said.
6. Re:I am actually excited about Intel AMT by iamacat · 2015-02-04 10:48 · Score: 1
  
  Have you ever actually tried to fix an unbootable computer over "simple video chat" with a non-technical person? Hehe.
  I would install a pre-shared key and not give it "govt agencies and hackers". If they have a secret backdoor into TLS or intel hardware, I am screwed anyway.
Intel AMT = business-class laptop IPMI? by Anonymous Coward · 2015-01-29 18:45 · Score: 0

I don't see the issue (if it's disabled by default). Just like server class IPMI, you shouldn't allow access over the internet. Of course, that doesn't stop morons from doing so. Quick google search easily gets me a list of IPMI login pages, most often with default credentials. >_
This guy is a shill. Paid. by Anonymous Coward · 2015-01-29 19:49 · Score: 0

It can always be remotely re-enabled. Didn't you even read the docs?
It exists to fight terrorism and pedophillia because feminist police state is the most important value to modern (wo)man.
Why would one want to live without feminist police state. Both the feminist and the police state part are key to modern life.
Without them there would be men marrying cute young girls. Can't have that. Also the men would be in control of women and girls.
Embedded controller by Anonymous Coward · 2015-01-29 22:27 · Score: 0

What about the firmware on the embedded controller in the laptop. It manages things like the leds and some power management. It is quite a beefy blob of code on thinkpads (at least on my X200s). IIRC it has access to main memory in order to carry out its ACPI duties.
Intel Active Management Technology .. by lippydude · 2015-01-29 23:22 · Score: 1

" Intel Active Management Technology: Known Vulnerabilities and Exploits"

What is needed is another OOB security-sub-system to protect the Intel Active Management Technology from getting compromised :)
What's so controversial about AMT? by lippydude · 2015-01-29 23:31 · Score: 1

@ArmoredDragon: "I've always found AMT useful. It's turned off by default, so I'm not sure how it's a security risk."

Either by accident or design, it allows for a backdoor into the system. I wouldn't be suprised it it didn't come with its own backdoor ref.
who? by Anonymous Coward · 2015-01-30 02:48 · Score: 0

oh, right...a nobody company with a nobody computer...