Slashdot Mirror
Talos Secure Workstation Is Free-Software Centric — and $3100 [Updated]
jones_supa writes: These days, the motivation to use open source software for many people is to avoid backdoors placed by intelligence organizations and to avoid software that has hidden privacy-intruding characteristics. For the operating system and userspace software, open choices are already available. The last remaining island has been the firmware included in various ROM chips in a computer. Libreboot has introduced an open BIOS, but it is not available for newer systems featuring the Intel ME or AMD PSP management features. Talos' Secure Workstation fills this need, providing a modern system with 8-core POWER8 CPU, 132 GB RAM, and open firmware. The product is currently in a pre-release phase where Raptor Engineering is trying to understand if it's possible to do a production run of the machine. If you are interested, it's worth visiting the official website. Adds an anonymous reader about the new system, which rings in at a steep $3100: "While the engineers found solace in the POWER8 architecture with being more open than AMD/Intel CPUs, they still are searching for a graphics card that is open enough to receive the FSF Respect Your Freedom certification." Update: 02/08 18:44 GMT by T : See also Linux hacker and IBM employee Stewart Smith's talk from the just-completed linux.conf.au on, in which he walks through "all of the firmware components and what they do, including the boot sequence from power being applied up to booting an operating system."
Update: 02/08 23:30 GMT by T :FSF Licensing & Compliance Manager Joshua Gay wrote to correct the headline originally appeared with this story, which said that the Talos workstation described was "FSF Certified"; that claim was an error I introduced. "The FSF has not certified this hardware," says Gay, "nor is it currently reviewing the hardware for FSF certification." Sorry for the confusion.
Open == Auditable
With closed hardware you don't have the ability to verify that it's secure and trustworthy. With open hardware you would.
I have plenty of things to hide and I have broken no laws. I have a right to be secure in my papers. I have the right to hide communications I have made with my associates, especially when it comes to political communications.
You can take your fascist "IF YOU HAVE NOTHING TO HIDE" bullshit and shove it straight up your ass.
I didn't read this as saying "open == secure"; rather I read it as "secure -> open", which is a very different thing.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
How are you going to verify the silicon? Does the NIC send a few random packets to an ip address? You'd never know without auditing every packet sent.
Only the State obtains its revenue by coercion. - Murray Rothbard
Nobody ever said that Free Software = Cheap. "Free as in speech, not as in beer" is often heard. This is Free Software 101 stuff.
As for not imagining anyone spending that kind of money on a workstation, compared to what it'll get you in the Apple Store, some would call it a bargain. Note that it's being called a "workstation" and not a "desktop". For some people, there is a real difference.
if you want an open enough GPU card. It won't have much for GPU performance but it could be all open. Oh and don't forget to only use the fully open FPGA tools or kittens may die.
Quidquid latine dictum sit altum viditur
Does it run Microsoft Windows?
Help! I'm a slashdot refugee.
Does the purchase price come with some sort of bond or insurance if the system doesnt live up to the claim?
Certainly it can be done, but I'm not sure why one would want to do that. Did they mean 128GB? Or 32GB?
I've clicked through the links and I can't find anything that actually says how much RAM you get on this system.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
But ... but ... didn't the Empire outlaw Talos worship?
Lost at C:>. Found at C.
Can it run Crysis at a reasonable framerate?
Oh look, another shitstain of a person who probably whines up a shitstorm whenever some company loses his medical record to hackers or the like, but God forbid anyone try to secure their shit against five-eyed freaks or squinty-eyed chinks, because only terrorists and pedos want to protect their shit from being hacked.
Making some observations from recent events, I've noticed:
1) You can order a computer, and the delivery can be intercepted so that spyware can be installed. Especially laptops, which are difficult for the end user to peek inside.
2) The Intel management engine is essentially an attached microprocessor with complete and total remote control of your system, including access to all peripherals, the network, the disk data, and the ability to wake up and run while the main computer is off.
3) The Intel built-in programmable number generator was built in a way to be unverifiable. Essentially, the system reads physically generated random data and puts it through a hashing algorithm before giving it to the user. If the random number generator section is damaged (say, if someone modified the chip mask films before fab), you will get much less than the advertized 256-bits of entropy, but because the data is hashed there is no way to tell.
Buy American!
The thing you can audit is the firmware. At least in theory.
How do you verify that every bit of your food isn't poisoned/contaminated/adulterated in some way?
Of course, if you gave up eating altogether, that uncertainty would go away.
Il n'y a pas de Planet B.
Probably not.
There is firmware in the BMC - the hard drives, several other places - are they making the claim that ALL of these have open source code? Open microcode?
I didn't see any mention of Linux Bios.. hate getting information via videos.. You really don't need a separate processor to start up the main one - and it provides huge security holes when you do.
I've wondered what systems the spooks use for their security - there are hints about power 8 - not sure.
and I have broken no laws
Oh, but you have.
I promise you that you have.
Everyone has.
It's been more than a decade since there his been a non x86 cpu that is comparable in performance. Good stuff!
love is just extroverted narcissism
Agreed, but at least you can be sure that there is no built-in spyware.
Well, no, you can't, unless you build and burn the firmware yourself. Binary code being different from the alleged source code has happened before.
The same hardware running closed source software is likely to cost even more...
Software can easily be free of cost, but that's much harder to do with hardware because there is a cost associated with each and every unit produced.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
It's about 1½ times what I paid a couple of years ago to have someone build me an x86_64-based workstation with 8x2 cores (Haswell IIRC), 16GB RAM, a heap-big SSD, and a few other choice goodies.
So... What kind of porn did you say do you like to watch? And what's it worth to you not to have the answer revealed, whether or not you feel like responding to the question?
Il n'y a pas de Planet B.
I've been wanting to buy a reasonably powerful and reasonably priced open machine for a while. You used to be able to get MIPS machines running Loongson CPUs, but they don't seem to be available any more.
Anyone know of anything suitable?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I was originally modding, but I feel compelled to point out that the RAM does not appear to be included in that $3100 - just slots. It's just a motherboard, power supply, and the CPU for $3100.
So what you stated doesn't appear to be accurate in the least.
Additionally, a previous Phoronix article stated they only got remote access for testing this thing - so at present this is basically the equivalent of a Kickstarter promise.
It's an interesting idea if you have enough cash, though.
#DeleteChrome
Okay, seems the $3100 is just for the mainboard + CPU. SO maybe not quite as good a deal as I originally thought.
Il n'y a pas de Planet B.
I still have Mac Mini (Freescale PowerPC G4) which I used for Debian development for half a decade, and which is now idle with a FreeBSD 10.2 install at present, and while I went to Intel and AMD for my last two systems, I'd certainly welcome a return to an affordable POWER system. I've been pretty disappointed in the state of open hardware for a good while.
I was looking at the offer for an OpenPOWER system from Tyan (http://www.tyan.com/campaign/openpower/) but I'd prefer a workstation rather than a rackmount unit. If it can run FreeBSD, then even better. The only rub is the graphics support; if I can stick in an AMD board and have it work with OpenFirmware and the current open drivers, I'd be quite happy.
Well, if you audit your food you will be disgusted...
http://www.fda.gov/food/guidanceregulation/guidancedocumentsregulatoryinformation/sanitationtransportation/ucm056174.htm
If that's too long, CBS made a little photo tour
http://www.cbsnews.com/pictures/11-revolting-things-government-lets-in-your-food/
and then there is water, no simple chart from the EPA on that...
http://www.epa.gov/dwreginfo/drinking-water-rule-quick-reference-guides.
We got to the point that you have to roll your own BIOS. So we have already lost, for if we go to all that trouble, we will have the only secure machine, as far as we know... and what will we hook it to?
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
(Disclosure: IBMer working in Power Systems, opinions my own)
For the BMC, it appears that they're looking to use OpenBMC, a project started by Facebook and now being continued by IBM.
They're also going to use the OpenPOWER firmware stack - Hostboot for system initialisation, Skiboot for runtime firmware/BIOS and the OCC firmware for on-chip thermal and power management. All of this is Apache-licensed.
POWER8 processors do require an external CPU to boot them - either an IBM Flexible Service Processor or a third-party BMC. This is the case with all current Power Architecture server chips, though not with Power embedded (Book 3E) chips. Booting a POWER8 chip is a bit more complex than comparable Intel CPUs in this regard, but as far as I'm aware it's primarily a design choice to put the initialisation complexity in firmware rather than hardware.
Can't comment about the other components of the system - I imagine it'd be fairly challenging to find a hard drive with open source firmware, but I wish them luck... FSF will still certify them as Respects Your Freedom nonetheless, I imagine. I'm still quite excited by this machine, as POWER8 is definitely the best choice for a high-performance libre system.
The only plus side is the generous RAM. I think there is plenty of room in the x86-64 space for that amount of RAM at that price point.
That price does not include the RAM...or GPU or SSD/HDD or case.
For around $3,100 USD, security-minded individuals and corporations can own a Talos Secure Workstation mainboard with an entry-level 8-core 130W POWER8 CPU, heatsink / fan assembly, and ATX I/O shield.
https://raptorengineeringinc.com/TALOS/prerelease.php
For 3100 we could get a quad core Mac Pro with dual graphics cards. This Talos thing is just a bunch of RAM. Does it even come with flash storage?
I suspect the comparison to a Mac Pro is not really the point, but no it doesn't come with flash storage. In fact that RAM figure is just the amount that is supported, it doesn't actually come with any.
Yes but still vastly cheaper than the power stuff used to be. Those CPUs have mostly been priced out of anything other than military budgets. I think at one point a very sleazy sales guy was trying to sell me an 8 core power machine for around the price I could get three 64 core opteron machines with four times the memory. For some stuff the former would be faster, but still impossible to justify in dollar terms.
I'm waiting for the Talos IV. I hear it'll be killer.
I don't suffer from insanity, I enjoy every minute of it! --Longbottle
I dunno about all the rest but I just recently had a new laptop built and shipped to me. Well, it's not a laptop per se - it's a mobile workstation. At any rate, I've yet to figure out what to do with more than 16 GB of RAM. I don't notice much of a speed increase when I go from there to 32 GB of RAM. My laptop has 64 GB of RAM and, try as I might, I've not yet found one useful way to use that RAM and I've not noted one bit of speed increase from 32 GB - at all.
Oh, it's fast. It's blazingly fast. It has a couple of SSDs in there so I can keep the OS and /home on one drive and I've not actually got it configured with a /swap at all. I have the OS set to push about as much as it possibly can to RAM and have a dozen applications open, across three virtual desktops, and a few browsers on top of that and I'm at 7.5 GB of reported RAM usage.
WTF are they doing on a workstation that needs that much RAM? (Not wants, needs.) That's well into fairly healthy server territory.
"So long and thanks for all the fish."
java -Xmx132000m ....
I have 20 tabs open in Opera, that's based on Chromium. Currently, it indicates that I'm running 6.7 GB. I think I've seen it peak at around 14 GB as I recall - with normal usage. It can eat a bit more when compiling or something similar but that doesn't even really eat a whole lot. Then again, I really don't do as much with a computer as I used to. So much of my time is just as a passive consumer. I'm working to change that - thus the excuse to buy this laptop. It's pretty damned sexy.
Go stupid with the configuration at this site:
http://www.titancomputers.com/...
I got to skip an OS and software but I tweaked the rest and spent a silly amount of money but it's worth it, in my opinion. Then again, I probably wouldn't have bought it if my opinion was not that it was worth it. So, there's that. However, have a look if you want. I gotta tell you... I've been *very* pleased with my purchase. It runs Lubuntu just fine and I've not even had to install the proprietary drivers - even the camera works. Hell, I don't actually use the camera for anything but I tested it and it's surprisingly good. It's not easy to find a good, full size, laptop. I splurged and got a couple of external drives from them - including the optical drive. I could have picked those up anywhere and at a better price but, what the hell.
At any rate, it's a fantastic piece of equipment but far more power than I use. Even as I sort of move back to the point where I'm less of a consumer, it's still more power than I need. Even if it would be slow, I could probably manage just fine on 4 GB of RAM and 8 would be enough. As I mentioned above, there's some difference when I go to from 16 to 32 as I do, sometimes, use more RAM than that. But, normally that's not the case and I don't believe I've done so on this laptop yet. I've had it for more than a month and I really don't think I've gone above 14 GB or so. So, I've put 64 in a few boxes and this laptop has 64 but I'm still trying to figure out what someone would do, meant to be done on a workstation - which is kind of a specific category, that would take 256 GB of RAM.
To be fair, I thought it was 128 GB at first. That doesn't change the nature of the beast. Video rendering gets farmed out or done on an in-house server. Video editing, maybe? I thought that was being pushed to a server and run by remote now? Even compiling is now done on a server and not on the workstation. They've got dedicated "build boxes." Maybe CAD? What CAD software has been compiled to run on this architecture?
I still don't get it. :/
"So long and thanks for all the fish."
I do program a little bit but I am not a programmer - even though I have done a lot of programming in the past. While I was programming I was not really a very good programmer. Oh, it worked. Eventually. It even did much of what I wanted, in some fashion. I had someone with me at the start, he was a CS grad who did more "ops" than "dev." I just kind of asked him if he wanted to help so he doesn't really count for this metric. The first person I hired, after the business was running, was a programmer.
I programmed in C but I did some Perl, some BASIC, even some QBASIC at one point. Oh, I can bang out bad code in a handful of languages even today. I am not a programmer. I do not even have a passing familiarity with Java though, funny enough, I've been talking about learning it lately because I have a project at hand and it's more difficult than I thought it would be. I turns out, there are no handy dandy libraries for what I want to do in C. However, Java has a library for everything. Java has a library to optimize the efficiency of a sock gnome, complete with web interaction and remote hosting. And yes, you can bundle it into a .jar and have it work across all the major platforms...
At any rate, I mention that to basically tell you that I have no idea what you're talking about. So, I went to the all-knowing Google. The whole phrase as a search query was not refined enough. I took out the "Java" and it returned one result. That result might mean something - as it appeared to be sort of topical. It was a bug, on RedHat's bug-tracker about JBoss using too much memory.
https://bugzilla.redhat.com/sh...
I read it and I am still not entirely sure what is going on. It looks like they're setting some sort of Java setting via the terminal. At first blush, it looks like they're setting Java to use more than 128 GB. So, unless I'm missing something then I am lost. 'Cause I'm not exactly sure why you'd need to set Java to use that much RAM. I'm usually pretty imaginative but I can't even think of why someone'd want to do that on a workstation or a server. Being exactly the opposite of an expert, I'm pretty sure that if you're using 128 GB of RAM with your Java app then you're either doing something brilliant or you're doing something horribly wrong.
I guess I could benchmark it and use a burn-in test to get the RAM to peg out at full. I don't think I've done a benchmark or burn-in for a lot of years. I just don't bother any more. Hmm... I need a good forum to show them off. What's the point of doing all that if you can't show off the numbers? ;-)
But, really, I'm not really sure why anyone would want to run your command. Someone probably has a good reason. Not me. :/
"So long and thanks for all the fish."
http://hardware.slashdot.org/story/16/01/20/171226/open-source-gpu-used-for-research
it was a joke. java (jvm) will eventually fill all available memory if you allow it to (with that -Xmx switch). if you just want to see your ram filled up, simply use java software like cassandra, elasticsearch or hello_world and wave your memory bye bye.
i also have 64 gigs of ram and it often isn't enough when i play with virtual machines.
That would be this article?
How do you make the equation "only getting remote access" EQUALS "the equivalent of a Kickstarter promise."?
The company are reasonably well-known (I looked at them several years ago when I was considering replacing my day-to-day laptop with one whose video chip hadn't just got static-fried), and they're very open about saying that they're evaluating options for building an entry into this market (see footnote). So they probably have a total of TWO systems at the moment - the one they're experimenting on, and a second one for testing and promotions and customer evaluation. So, are they going to spend hundreds of dollars shipping one of those two systems around a series of publicity sites, giving them (say) 2 days with the machine, and several times a week having to say "we DID tell you you need a 220V power supply. What, it's not booting ... describe the output form the BIOS ..." you're talking tech support hell, and you'll have crippled your development programme.
The alternative is to set the machine up with remote access via a VPN and displaying the screens remotely on their terminals. Then all hardware issues you have your own technical people on hand. Timing and benchmarking can be carried out just as well. IF the customer has (per my example in the footnote) a data library they want to do a test on, they can send you the hard drive in advance and book a slot on the machine to run their tests next Thursday afternoon.
Hang on - have you ever actually worked on a time-shared system? One where you prepare your job set one week, and get the tapes of the run and the error logs back a few days later? That's what I think of when I hear "workstation".
Footnote
I see workstations like this hauled to site for data acquisition routinely - a few terabytes of new raw data per day, but you need to process it and incorporate it with terabytes of existing data from the surrounding area which has been subject to months of detailed evaluation and interpretation. Someone asked upthread what you'd need to use 128GB of RAM for : seismic data processing will eat that happily. And with a boat for data acquisition running about a half million dollars a day and a crew of 50-odd, you're not going to quibble at tens of kilo-bucks for a workstation or several.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"