System76 Will Disable Intel Management Engine On Its Linux Laptops

System76 is rolling out a firmware update for its recent laptops that will disable the Intel Management Engine altogether. The decision comes after a major security vulnerability was discovered that would allow an attacker with local access to execute arbitrary code. Liliputing reports: What's noteworthy in the System76 announcement is that the PC maker isn't just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME "provides no functionality for System76 laptop customers and is safe to disable." Right now the firmware update will only be available for computers running Ubuntu 16.04 or later or a related operating system with the System76 driver. But the company says it's working on developing a command line tool that should work on laptops running other GNU/Linux-based operating systems. System76 says it will also release an update for its desktop computers... but on those machines the update will patch the security vulnerability rather than disabling Intel ME altogether.

If it works

I'm glad that they are doing this, BUT, from what I know about the IME, it is extremely complicated and disabling it is not simple or straight forward -- otherwise someone would have done it a long time ago.

Re:If it works

[Narcocide]

I want to belieeeeeve!!! Save us system76 you're our only hope!!

Re:If it works

[cfalcon]

There was new-ish news about this from the summer. A few privacy-minded places are starting to shut the ME down in various ways, some by spoofing the flag the government uses to disable it on its own systems, others in other ways.

Re:If it works

[Z80a]

The problem was understanding what IME does as it is a encrypted black box piece of hunk.
But things are made quite a lot easier with the literal NSA bit that disables everything but the bare essentials to operate the machine.

Re:If it works

The government is insane to be using the same shit commodity hardware and software that consumers use.

Re:If it works

Why should they be using something better than I can?

Re:If it works

yeh, the government contractors with the most lobbyists could be making much money if they had to supply extra special super expensive government only HW/SW

Re:If it works

Not using better than yours, but then know how to use the hap switch. Just google "hap IME intel" to see how the hap switch was built-in to disable IME.

Re:If it works

[Hal_Porter]

It gets worse. Some of them are probably still using Thinkpads, even though they're made by Lenovo. Now you'll say "No worries, if they re-image them they can avoid any spyware Lenovo put in there at the behest of the Chinese government".

Uh yeah, that won't help. Lenovo uses the WIndows Platform Binary feature to reinstall it. Basically you put an executable file into one of the ACPI tables. Windows copies it to disk and then runs it. With Administrator access. Probably more than Administrator access actually - I bet a native executable has more privilege than one running with Administrator rights on the Win32 subsystem does.

https://www.theregister.co.uk/...

To pull this off, the LSE exploits Microsoft's Windows Platform Binary Table (WPBT) feature. This allows PC manufacturers and corporate IT to inject drivers, programs and other files into the Windows operating system from the motherboard firmware.

The WPBT is stored in the firmware, and tells Windows where in memory it can find an executable called a platform binary to run. Said executable will take care of the job of installing files before the operating system starts.

"During operating system initialization, Windows will read the WPBT to obtain the physical memory location of the platform binary," Microsoft's documentation states.

"The binary is required to be a native, user-mode application that is executed by the Windows Session Manager during operating system initialization. Windows will write the flat image to disk, and the Session Manager will launch the process."

Crucially, the WPBT documentation stresses:

The primary purpose of WPBT is to allow critical software to persist even when the operating system has changed or been reinstalled in a "clean" configuration ... Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions.

Oh dear. Secure as possible? Not in this case: security researcher Roel Schouwenberg found and reported a buffer-overflow vulnerability in the LSE that can be exploited to gain administrator-level privileges.

I.e. even if you reinstall them from a known clean image, they can still regrow the amputated LSE. And even if the LSE is not spyware, it contains exploitable vulnerabilities that a third party could use to install whatever they wanted. Lenovo didn't do this in Thinkpads, but they could.

At the moment the US is in the midst of media created paranoia about Russian hackers. Honestly if I were in charge of cybersecurity I'd be a lot more worried that the Chinese spy services would use something like LSE, with or without the cooperation of Lenovo, to spy on sensitive stuff.

And of course it's not just Lenovo laptops. There's Huawei phones and routers. Or indeed US brands which make routers in China could have either hacked firmware loaded onto them or the Chinese spy agencies could find an stockpile vulnerabilities in the manufacturer's firmware.

And then you have companies like XiaoMi with their young pioneer uniformed bunny signifying their devotion to the regime as a Taiwanese friend of mine pointed out

https://hungermarketingchina.w...

If you buy US stuff, you expect the US companies to cooperate with the NSA. If you buy Chinese stuff you expect Chinese companies to cooperate with its Chinese equivalents. XiaoMi's Young Pioneer bunny is none to subtle sign by the company that they're pro regime and it's not unreasonable to assume if the government asked them to help it out with national security they'd say yes.

Of course I can see

Re:If it works

[Gr8Apes]

All I can say is I forgot about the LSE/WPBT paths. It was mentioned long ago, and was another reason I tacked onto my list of why to never install Windows on a system, but the reasoning behind the "it's effectively a virus" listing was forgotten. Thanks for the reminder on why windows should never be installed on anything.

Re:If it works

It's a single bit flip, doofus.

Re:If it works

[Hal_Porter]

You could probably infect a Linux or Android installation from the firmware if you wanted to. All you need to be able to do is to write one executable file into the filesystem and get the OS to run it each boot.

The basic problem is that you trust the people who write the firmware. And if the people who write the firmware can always be forced to install spyware if the government of the jurisdiction their company operates in tells them forcefully.

In the US a US company can be sent a National Security Letter. In Russia or China it's probably more like the company had to suck up to the gangsters who run the place to even exist. And if those gangsters tell you to do something for 'national security' you know that not doing it means you end up like Mikhail Khodorkovsky. I.e. you lose a lot of money and end up in a hellish prison.

And even though conventional wisdom says malware only targets WIndows because that's where the volume is, that doesn't apply in this case. If you work for a company where the boss got an NSL or worries about being Khodorovsky'd you're going to find some code to read and write Linux/Android filesystems and hack into the firmware once he explains the consequences for not doing it.

Now IMO I'm less concerned about the US spying on me than Russia or China. So personally I'm OK with US kit. Same with UK or Taiwanese kit, because the US and UK are close collaborators and Taiwan is very much aligned with the US and against China. I'm not OK with Chinese or Russian kit. However the US kit *made* by a Chinese company is increasingly dangerous.

I.e. the issue is not OS. The issue is that the allegiance of your hardware vendor matters, because they can always inject malware into your OS. And there's a plausible motive why they'd do it, regardless of how hard you make it for them by picking a non mainstream OS.

Funny thing is as much as distrust Apple in other areas, they're actually very resistant to this sort of thing. They control both the OS and the firmware very closely. It's Windows, Linux, *BSD and which are vulnerable because the OS vendor and the hardware vendor don't share code. So a secure OS can be rooted by a malicious hardware vendor.

And I suppose the Android OEMs like Samsung, LG, HTC, Asus are too. They ship hardware and software together and control both. So if you trust them, you don't need to worry about a third party hardware vendor subverting their system.

Re:If it works

[Gr8Apes]

And even though conventional wisdom says malware only targets WIndows because that's where the volume is, that doesn't apply in this case.

The problem with windows is that it makes this type of attack trivial once the basics are worked out. I'm pretty sure last I checked that Linux is a much more heterogenous system even within the kernel itself, and that no bets can be made with any one piece of information about the installed OS to own it whereas with Windows - hey, write a small DLL here, inject into System32.DLL there and insert into the registry file under the run once key - takeover complete, and you have 80-90% of the desktops in the world at your bidding. It really is almost that simple. Now you have enough computing power to go after the real targets. It's absolutely scary how simple it is to own a windows system.

Re: If it works

[joemck]

Huh... If it's through the ACPI table, can't we bypass it similar to how the Daz Loader piracy tool works: run a "loader" binary before passing control to the usual Windows bootloader. The loader modifies the tables in memory to add or remove entries as needed, and the OS is none the wiser.

I will only buy non-Intel chips now

Intel has shown willingness to be underhanded. Computers are too important to allow them to have such a gaping issue. I will buy AMD until or unless they do something stupid.

Re:I will only buy non-Intel chips now

[Narcocide]

At this point all AMD has to do is willingly release the information to provably disable their own management engine equivalent and they can sweep the market.

Re: I will only buy non-Intel chips now

[lucasnate1]

Too late, amd has psp.

Re:I will only buy non-Intel chips now

Yeah like how when Windows 10 introduced telemetry it became the Year of the Linux Desktop...that's right isn't it?

Re:I will only buy non-Intel chips now

Yeah like how when Windows 10 introduced telemetry it became the Year of the Linux Desktop...that's right isn't it?

Joke all you want but windows 7 is still the most popular OS despite windows 10 not only being given away for free but forced upgrades too!

Re:I will only buy non-Intel chips now

[yuvcifjt]

Err no it's not.

I was quite surprised (and saddened) to discover that Win10 has been the most popular Windows OS in Western nations for several months now, including America and Europe,overtaking Win7 around the beginning of 2017.

And sadly, Win10 is now only 2% behind Win7 as being the most popular Windows OS in the World.

If people are sheep-enough to let Google use them with Android / Chrome, then it makes sense why Microsoft following their spying strategy will also succeed.

People simply don't know / don't care about their privacy.

Re:I will only buy non-Intel chips now

It always bugs me when people misuse the word "popular" to mean "most common".

That's like saying heart attack is the most popular cause of death in people over middle age.

Re:I will only buy non-Intel chips now

[Rick+Schumann]

Hate to tell you but so far as I know AMD has it's own version of the Management Engine baked right into their silicon as well.

Re:I will only buy non-Intel chips now

> sweep the market.

BWA-HAHAHAH

You're deluding yourself if you think the average computer buyer has even *heard* of this story.

And even if you were to clearly explain the details of it, nobody, and I mean, NOBODY outside this industry, would ever give a fuck.

Same as Kaspersky Lab?

Sounds like the same thing that Kaspersky offers.
I think they are also releasing a fix for Windows machines.

Yawn

[Orgasmatron]

Wake me when they start shipping laptops with it physically removed or burned out.

Re:Yawn

Typical slashdot user who is never satisfied by any progress toward something nice...

Re:Yawn

[Narcocide]

Oh, admit it, you're thinking of drilling some holes in a few motherboards as a test, too.

Re:Yawn

[BronsCon]

I can't speak for the AC, but I'd be down to experiment with a pile of motherboards and a power drill if someone else is buying.

Re:Yawn

Not exactly possible atm. So stfu and get to work. Kidding, that shit is deep, yo. Deeeeep.

Re:Yawn

Not exactly possible atm. So stfu and get to work. Kidding, that shit is deep, yo. Deeeeep.

I found the idiot!

Re:Yawn

[Megol]

Technically what you found was a mirror.

System76

Call me crazy, but the name looks like the name of a gas station to me, and I expect to see product names like Unleaded $2.49^9 /gal (where the ^ is supposed to be superscript).

Re:System76

image search for phillips 76 for the braindead mods who downvoted this.

Thank you

Been waiting for something like this

Re:Easy way to cripple Intel AMT/ME

[Narcocide]

Second time I've seen this post, and I want to believe it's accurate and complete. Can any 3rd party verify this information in any way with a citation?

Sounds like the right way to go

[Snotnose]

I have yet to hear of a single useful thing IME gets me, and lots of bad things it gets me. Current laptop runs an AMD chip, when it dies/becomes obsolete in 5 years or so I'll use it to determine which CPU my new system will have.

/ Yeah, I said 5 years. This thing is 3-4 years old
// hard drive is less than half full, even though I have a NAS I'm not good at updating
/// I remember the 3 year updates, with a graphics card every 18 months. Times have changed

Re:Sounds like the right way to go

This thing is 3-4 years old

Your box is too new. You already have the AMD equivalent of Intel ME (AMD PSP).

AMD started putting this in their stuff in 2012.

I think Intel is going to get rewarded with purchases of their stuff (by people who care). Since, at least, theirs can be turned off.

Personally, I wish China would export consumer stuff based on their MIPS, Alpha, and Sparc knock-offs they've used in their super computers. Maybe there will be a freedom respecting RISC-V or ARM SOC implementation with decent perf.

Re:Good! Common-Sense tells you that, &?

[Narcocide]

Yea, the monitoring time is the real question I have here. Weeks... eh, slight confidence boost. Months... better. YEARS (multiple) and maybe we have reasonable confidence there isn't some timeout that waits before trying other outbound ports.

Re:Good! Common-Sense tells you that, &?

[AHuxley]

Re monitoring
Are clandestine services staging servers pushing very direct requests over 16992-16995 to an ip that get detected time to time?
Huge malware scans up and down ip ranges in a random attempt to find the hardware that responds as cover? Ty.

Having worked at Intel...

[GerryGilmore]

...IME was originally designed for servers only. Any OldFarts(TM) out there - remember crash carts? Yeah, the ability to remotely power-cycle servers was a really big deal when you're running hundreds/thousands of servers and VMs were just a pie in the sky. Also, basic front-end network management 101 handled security. There are still good reasons to allow IME in server deployments, but I see no good reason for including this in laptops. I suspect that this was brought into the Core line due to those people building servers needing remote management using i7, etc. chips, but that's just a guess.

Re:Having worked at Intel...

[viperidaenz]

Isn't IME on desktops and laptops for when they're used in corporate environments? Remote provisioning, updates, etc.

It lets, for example, computers be removed from the network until OS patches have been applied.

Re:Having worked at Intel...

Yes, it's ridiculously useful OOB management, like having a KVM built right in. While I think there should be a simple and transparent way to completely and verifiably disable it, having used it for many years, I can't agree with the many reactionary Slashdot commenters that it serves no purpose other than a convenient NSA back door. If it were to go away tomorrow, a lot of businesses would be severely impacted.

Re:Having worked at Intel...

[thegarbz]

but I see no good reason for including this in laptops.

Is that because you think the only equipment which needs managing is servers? Hell as someone who has a mother with a computer I'm personally hoping they'll introduce a HCF instruction that can be triggered remotely.

Ok facetiousness aside, IME is a "feature" based product which is why they charge extra for chips that have more IME functionality. Management of remote machines is customer driven. It's the same justification for things like bitlocker to be included in Microsoft's OS. These companies look to see what customers are paying others for and then seek to get in on the action.

Re:Having worked at Intel...

[tlhIngan]

I suspect that this was brought into the Core line due to those people building servers needing remote management using i7, etc. chips, but that's just a guess.

No, it was brought into the main chips because servers have stuff like IPMI and ILO for remote management, but employee PCs do not. And the same reason servers can be remotely managed can be applied to employee PCs and laptops. The only difference is servers are usually concentrated in a few areas, so it's much easier for 10,000 servers to be locally managed than 10,000 PCs, making the case for remote management of PCs even more critical.

You can do bare metal bringups - perhaps the employee got to their desk and their PC is dead - it won't load the OS and there's lots of error messages. IT's effectively ILO or IPMI for consumer grade machines.

Of course, you can't "disable" IME - you can neuter it. The firmware that controls power and boot and startup and all that must still run in order for the main CPU to be brought up, so you need IME to do that part. Neutering basically disables all the remore management while leaving the power management code still active.

Re:Having worked at Intel...

So do you have any tips on how to neuter it? Because the best hardware hackers on the planet are still in the dark on how to neuter this IME. Looks like it was designed so nobody can tamper or neuter it.

captcha: wailed

Re:Having worked at Intel...

Isn't IME on desktops and laptops for when they're used in corporate environments? Remote provisioning, updates, etc.

No, that's the well-documented AMT (Active Management Technology or something like that).

IME is the undocumented black box that will reset the machine if you try to disable it.

Re:Having worked at Intel...

I have seen this being waved around back in July. Seems to work in theory, but I do need Intel ME in my workplace, so I never did try it on an actual system.

Re:Having worked at Intel...

Or corporate can pay for that functionality as an add-in card / ROM, and consumers can save $0.03 cents per purchase on the lack of extra hardware in their machine, AND not have a gaping security hole in their machine to worry about.

If the idiot in the IT department can't follow corporate policy and buy systems that have the add-on installed, then he can be replaced with someone who can.

This isn't a problem for consumers to need to deal with, it's a problem for enterprises who want their cake (cheap workstations) and eat it too. (remote hardware management capability, which is an enterprise level feature) Let corporate pay for it. It's creating another exploitable point of failure in an ocean of points of failure for consumers, and it needs to stop.

Re:Having worked at Intel...

> The firmware that controls power and boot and startup and all that must still run in order for the main CPU to be brought up, so you need IME to do that part.

You're ignorant and stupid.

There is NO reason other than keeping stuff in the IME private to the IME only, that this cannot happen in the normal UEFI code that is run when the IME completes initialization.

Re:Having worked at Intel...

[Billly+Gates]

Unfortunately, the homebuilt Asus sabertooth system I assembled uses Intel ME due to Raid I need for running Hyper-V and VMWare Workstation Vms.

I use Intel RST for storage which uses the IME for my fakeRaid. I am hooked on it so to speak. Also Wake on LAN and certain UEFI functions that need to work when you disable BIOS emulation( CSM ) for fast booting need that horrible Intel ME/Minix to run properly.

So even on PC's some of it's functionality is used. AMD has zonetrust. My hunch is maybe something in the EFI firmware spec requires a ring -2 (under -1 VM and 0 for ring 0 kernel in linux speak) it to run. I do know my board I can set my UEFI without a CPU!

This is a mess. For customers such as hospitals or banks having this is unacceptable and should be banned by insurance companies. Maybe an open source equivalent or a ISO or IEEE standard for UEFI should take the role of IntelME and AMD zonetrust and the ARM equivalents where the user can set this shit up and then install an operating system on top? Or maybe an OEM can have one pre-setup like a template where business customers and geeks can with a spec change if we desire to do so?

IntelME came up as an wake up on lan on steroids but grown into a a monster like SystemD at the hardware level which is a no no.

most servers boards have ipmi with own nic

[Joe_Dragon]

most servers boards have ipmi with own nic most boards have a setting for combined or own. If intel wants to kill ipmi and go to IME they will need have so it can be put on it's own nic.

Re:most servers boards have ipmi with own nic

[MikeBabcock]

They'll just embed the NIC controller in the CPU alongside the memory controller and the VGA garbage.

Re:Easy way to cripple Intel AMT/ME

I can't VERIFY it as BEING TRUE *BUT* how do you KNOW they aren't watching you RIGHT NOW??!!!!!!!

Security pros HAVE been monitoring it... apk

Security pros HAVE been monitoring it for MANY months (however long it's been out as exploitable via blank logon). This has been out for a LONG time (& was posted about on this site a LOT but SOMEONE kept downmodding it - that was HOW I got wind of it & read on HOW it works to stop it as I noted because when I see something, like you have THIS POST of mine you liked? That's when I KNOW SOMEONE WANTS THAT INFORMATION BLOCKED TO ABUSE IT with what YOU ALREADY HAVE by blocking what it communicates on in ports I noted that came from security pros monitoring it).

APK

P.S.=> As to the ports I noted? Hell - there's TONS of that much online & afaik above my own tests?? Those are valid ports it uses... apk

Re:WRONG: Bert64 failed vs. me w/ that bs

you enjoy a good bout of remote abuse on your unfiltered port

Re:LOL! Not really (downmod me? I repost)... apk

[OrangeTide]

Your downmodded posts aren't hidden. They are correctly categorized as garbage. Some people will browse and see the 0 and -1 garbage, usually other mods or brave people with too much free time.

Reasons that APK deserves frequent downmoding:
  1. lacks an account and always posts as AC
  2. makes duplicate posts
  3. admits to trying to avoid moderation
  4. frequently posts off topic advertisements for his [free] products and services.
  5. talks like a git. really his English phrasing is bizarre.

It should be opt-in, not opt-out

[Picodon]

...I can't agree with the many reactionary Slashdot commenters...

...there should be a simple and transparent way to completely and verifiably disable it, ...

I think it’s a bit more than that. The feature may be useful, but the outrage is legitimate. Consumers, most of whom arguably have no need for such feature, fortuitously found out about its existence and that it is enabled in their computers. They had not been told about it, so they had no way to even try to use it. Other people (government, corporate, hackers) knew about it, so the malicious among those were in the position of abusing it (by exploiting its features and its security flaws). No wonder consumers are in arms over this. They are not over-reacting.

So, no, a way to disable it is not enough. This kind of feature requires full disclosure (before you buy), documentation (so that you can actually use the feature if you want) and, at least on systems sold to consumers who are unlikely to use it, it should be entirely disabled by default. Institutional customers who buy computers in quantity can (and indeed do) request the configuration that they want (including, for example, activation of Intel’s anti-theft protection).

Re:It should be opt-in, not opt-out

[AmiMoJo]

You can't even disable it. There is a disable flag you can set, but the ME is still used to bring the CPU up from cold and then you have to trust that the flag does what it claims to do. You can try to sabotage the ME by deleting all the firmware modules except the early boot stuff, but then you are still vulnerable to any flaws in that boot code.

This is a general problem with CPUs. Most modern ones run microcode which is updated by the BIOS and comes as a binary blob. They all have hidden code, hidden features for testing and debugging, hidden op-codes.

A truly free CPU would be great, but matching modern performance levels could be difficult and fabrication on any kind of modern process is extremely expensive. To that end it might be interesting to try to reverse engineer the microcode on something like Ryzen, but even that would probably take years and get hammered by DMCA notices (so better do it outside the US).

Re:It should be opt-in, not opt-out

[Megol]

You can't even disable it. There is a disable flag you can set, but the ME is still used to bring the CPU up from cold and then you have to trust that the flag does what it claims to do. You can try to sabotage the ME by deleting all the firmware modules except the early boot stuff, but then you are still vulnerable to any flaws in that boot code.

Just as one is vulnerable to flaws in the transistor layout.

This is a general problem with CPUs. Most modern ones run microcode which is updated by the BIOS and comes as a binary blob. They all have hidden code, hidden features for testing and debugging, hidden op-codes.

X86 have to use microcode but most other do not.
Microcode in itself isn't a problem. The reason is simple: if you don't trust the designer/manufacturer of your processor then not having microcode doesn't make any difference. If you do then signed microcode updates isn't a problem.

Open source microcode updates would only lead to problems as they are part of the microprocessor design, the code is targeting a design that can vary even within a family (when hardware is patched to fix a problem microcode touching that hardware have to be updated). This means the microcode is similar to reverse engineering a processor - actually it is part of the processor hardware.

This is assuming that the signed, encrypted microcode update path is secure of course.

A truly free CPU would be great, but matching modern performance levels could be difficult and fabrication on any kind of modern process is extremely expensive. To that end it might be interesting to try to reverse engineer the microcode on something like Ryzen, but even that would probably take years and get hammered by DMCA notices (so better do it outside the US).

RISC V?

Ryzen most likely have a encrypted (external) microcode format so first you have to break the encryption. Given that you have essentially no knowledge of the internal implementation (though older designs and plain logical reasoning will help see likely patterns) and that the encryption is probably AES 256+ class it will be hard to the level of practically impossible to do. And even so actually getting the CPU to accept a "free" update means going through a cryptographic signature check.

Not even having access to the advanced technology required to physically reverse engineer hardware is likely to help much assuming the crypto engine is competently designed for security. Using statistical techniques + a lot of processors can help but a huge cost.

Re:It should be opt-in, not opt-out

As I read and write this message, my core i5 mobile is running along at 800 MHz, the bottom rung of speed step. Most of what we do with email & web browsing can be done with an iphone. So, "modern performance" probably isn't needed by the home machine for most things. I would totally go for an open architecture system at this point, once I realized this.

Re:It should be opt-in, not opt-out

[AmiMoJo]

Microcode in itself isn't a problem. The reason is simple: if you don't trust the designer/manufacturer of your processor then not having microcode doesn't make any difference. If you do then signed microcode updates isn't a problem.

It is a problem, because unfixed microcode can change the behaviour of the CPU. Even if you do trust it, you can't be sure that it can't be backdoored by someone else. Signed updates help but are not bulletproof.

RISC V?

Maybe one day. For now the price/performance isn't there.

Re:It should be opt-in, not opt-out

Most consumers are not outraged.

Not really your laptop

if you can't control what's in it.

Re:LOL! Glad you sockpuppet self-upmodded yourself

[thegarbz]

The GP was unkind to you. I don't think you deserve to be censored. You provide a very good service. Personally I enjoy a good APK post with a side of LSD. The resulting colours in the sentence structure are amazing.

Re:/.ers clearly disagree OrangeTide FAKE name

[rot16]

I didn't know people like this existed. Until today. I feel like being extremely privileged.

Re:Easy way to cripple Intel AMT/ME

[Z00L00K]

It's APK, and I don't trust APK at all due to the spamming.

Minix more popular on laptops than Linux

[Keruo]

Isn't it mind-boggling that Minix is actually more used on laptops currently than Linux?

(The management engine runs custom version of Minix)

Re:Minix more popular on laptops than Linux

You say "popular" as if users actually had a choice about the Minix part.

Re:Minix more popular on laptops than Linux

Not quite: perhaps it's more COMMON, but it's certainly not more POPULAR, since nobody anywhere actually wants the fucking thing on their personal machine.

Re:Minix more popular on laptops than Linux

[Megol]

Please write Minix 3 as it isn't the same as previous versions, designed for different goals and with different design features.
Have seen many supposedly technical people being confused already, thinking that the ME runs what Linus Torvalds once used before making Linux.

Re:Minix more popular on laptops than Linux

[Hallux-F-Sinister]

Isn't it mind-boggling that Minix is actually more used on laptops currently than Linux? (The management engine runs custom version of Minix)

That might be true if no one used laptops anymore with older generations of Intel chips, before they put Minix code into them, or laptops that use AMD microprocessors, or that use some other microprocessor that doesn't run Minix; I think there are a few.

So really there are no reliable numbers of how many systems run Minix, and therefore no reliable numbers on the percentage of Minix installs versus anything else; at best you could know how many Intel MADE, if they published those figures, and you could take wild guesses about how many of those are still in use today, limited only by an upper bound in the form of the maximum number of processors running Minix, inasmuch as the number currently running it on account of being included in the ME stack of certain Intel chips, cannot exceed the number of Intel chips of the kind they put it in, released. That is, there may be OTHER systems running Minix in the total number that have nothing to do with the Intel ME, BUT, of the copies of Minix running because it was included with Intel chips, the maximum number is limited to the number of those chips manufactured, and in turn further limited by the number actually installed in a computer, and of THOSE, further limited to the number still in use, (and not retired/recycled,) etc.

Personally, if your computer was sold to you without disclosing this, and so your computer is doing things you'd like it not to, or has a vulnerability you'd like closed but can't get closed, it sounds as if Intel might be in violation of various laws preventing unauthorized use of other people's computers. (If I can go to jail for writing a virus, worm, trojan, etc., that makes your computer do something you wish it wouldn't, they should be eligible for jail time for this, since it's basically the same thing. Unbeknownst to users, Intel was cramming all kinds of things into processor chips that shouldn't be there, and running code we'd like them not to be.)

At the very least, a class-action lawsuit on behalf of owners or users of all computers this touches should probably be filed, and at least put a massive crimp in Intel's bottom line. Plus, I would like my Intel-processor-using computers scrubbed of this, or better still, the CPUs replaced at Intel's expense, and I think they should also have to pony up for the inconvenience.

But will any of this happen? Maybe... one day. But the way things go now, it'll take decades, and most of us will have died or forgotten about this by the time we get letters in the mail about how we have to accept our "share" of the proposed settlement, which will turn out to be a gift certificate for $5 off a new computer from any of this list of manufacturers, with Intel processors, (which we can't trust anymore anyway,) inside.

Anyone still stupid enough to think 'security through obscurity' is a good idea?

Speaking only for myself, I'd like to see System76 either switch to a different processor free of this, or make their own, because yeah, how DO we trust that it's been deactivated, and won't either spontaneously reactivate itself, or be able to BE reactivated during an attempt to exploit? (How awesome will it be if 10 years from now, System76 has claimed the crown of world's largest PC maker, makes their own custom chips, (preferably open source,) and this event was what started it all and put them on the path to greatness?)

Re:Minix more popular on laptops than Linux

[zwarte+piet]

Tanenbaum's revenge on Linus, Muhahaha!

Good! Common-Sense tells you that, &?

See subject & TEST IT YOURSELF (no different than "security pros" do) via https://it.slashdot.org/comments.pl?sid=11425437&cid=55656205/

* Yes, it's THAT EASY to do & IF you DON'T KNOW how that's done? Heck - There's a TON OF "LIVE EXAMPLES" ON YOUTUBE you can use to guide you!

APK

P.S.=> Monitor away, I did for WEEKS (security pros have been for FAR longer) - & my technique worked as I outlined it to you WORKED - I saw no in/out on anything but PORTS I ALLOWED in/out via port filtering in my modem... apk

Trust my technique being upmodded then... apk

See subject & https://it.slashdot.org/comments.pl?sid=11050927&cid=55109115/ & spam? See https://slashdot.org/comments.pl?sid=11424811&cid=55655675/ , https://slashdot.org/comments.pl?sid=11424811&cid=55655691/ & https://slashdot.org/comments.pl?sid=11424811&cid=55655719/ where our /. peers shut you down speaking FOR me against your bs outnumbering you by MANY orders of magnitude as they both LIKE & USE my work - not yours - you're not capable of being useful, troll.

* Period!

APK

P.S.=> Too bad you never come up with something that works like I do Z00L00K - you're not capable of THAT either but I am - you WISH you were me, lol... apk

Re:kindly get lost, spammer

Dear APK,

We all know how to make our own /etc/hosts files, and we don't need your help.
There's no way in hell any of us would pay you money for what you're offering.

With kindest regards, please go die in a fire.

(Signed by everybody on Slashdot)

Re:LOL! Not really (downmod me? I repost)... apk

lacks an account and always posts as AC

So fucking what? This site allows anonymous posting. That is not a reason to downmod anything. Anonymous comments already start at 0. Just because you think everything online has to be tied to an account doesn't make it so.

Old farts already had a solution:

Remember PCWeasel from RealWeasel? A small, nice ISA (yes, *that old*) card which made the PC think it had video and keyboard and then...

Well, I'd much prefer such a solution, where I can change the vendor than a deeply integrated operating system with a (*GAH*) web server down there in the chip. And always to get those blank stares when I protest it.

You're a nameless nobody unidentifiable troll

See subject & get on topic: You solve this topic's problem Intel AMT/ME - I can & did https://it.slashdot.org/comments.pl?sid=11425437&cid=55656269/ ("your kind", an unidentifiable trolling "ne'er-do-well" worm NOBODY can't)!

Signed by 'everybody' per YOU? You're a NOBODY nothing fool! A do nothing fool no less - see subject!

* Additionally - I don't charge for THIS solution vs. Intel's AMT/ME that works (& yes - that IS the topic you know, Intel AMT/ME, you UNIDENTIFIABLE & obviously illiterate offtopic dumb troll - not hosts) & I don't charge money for my hosts file program - it's free.

(Trying to misinform others & LIE too? Puh-leese - that's weak!)

APK

P.S.=> What am I saying? You can't HELP but be WEAK - you are in all phases of your life & it shows - you can't even identify yourself to have the balls to stand behind your words, worm, lol... apk

Re: You're a nameless nobody unidentifiable troll

This reads like an angry bottle of Dr. Bronnerâ(TM)s Magic Soap

WRONG: Bert64 failed vs. me w/ that bs

Easily proven: Router/modem log monitoring + testing a blank password/username vuln AMT/ME has YOURSELF & see what it uses! You know anyone by that name? Do you trust him?? LOL - of course YOU do, it's you.

* Yes it's THAT easy & EXACTLY what the security folks out there DO to check it - do it yourself (want a job done right? Do it yourself).

(No other ports noted vs. what I wrote THAT STOPS IT EASILY w/ what you odds are ALREADY HAVE (port filtering in modems) https://it.slashdot.org/comments.pl?sid=11425437&cid=55656269/ )

There's even GUIDES ON YOUTUBE to follow to do the monitoring "live" to show you how (easy).

APK

P.S.=> What they USED to test is EXACTLY what made it dangerous - ANYONE can login to it REMOTELY & abuse you but not if you FILTER OFF the way in/out of it as I noted in the link above by yours truly - it WORKS! apk

Re:WRONG: Bert64 failed vs. me w/ that bs

Show some actual proof that it cannot use any method of communication other than the ports you blocked?

Re:LOL! Glad you sockpuppet self-upmodded yourself

I forgot to mention, I like to suck my own asshole and when I suck the shit out of it, I like to spit it back at the people around me.

APK

PS => OF COURSE there are reasons why my shit tastes like rotten bananas thats where I put them in my ass when I'm done fucking myself with them (*thats increase my view of life of course)

Good job

System76 seems to be one of very, very few American manufacturers that can be trusted. But one issue still remains - have they received any NSA court orders, compelling them to subvert the systems they sell?

Re:Good job

That doesn't make much sense. They develop, as such, an open/free linux-based operative system (Pop! OS), but when you buy their computers you can choose to have Ubuntu instead. And you can download either one from the internet (if you think the one installed in the laptop has been tampered).

Re:Good job

they don't manufacturer their own motherboards, etc. though they are getting into making their own cases and maybe more. they are clevo resellers, IIRC.

Re: LOL! Not really (downmod me? I repost)... apk

He has perfect English. You on the other hand sound like a retard

Re:WRONG: Bert64 failed vs. me w/ that bs

OK I admit it. I'm as ass-sucking babboon APK P.S.=> What they USED to test is EXACTLY what made it dangerous - ANYONE can login to it REMOTELY & abuse you but not if you FILTER OFF the way in/out of it as I noted in the link above by yours truly - it WORKS! apk

/.ers clearly disagree OrangeTide FAKE name

See subject & our /. peers put you away w/ ease in 3 links vs. your bs https://slashdot.org/comments.pl?sid=11424811&cid=55655675/ https://slashdot.org/comments.pl?sid=11424811&cid=55655691/ & https://slashdot.org/comments.pl?sid=11424811&cid=55655719/ & I've got DOZENS MORE on my program alone & 550++ other upmods of mine too on other topics.

* That's right i post AC - I'm not a FAKE NAME for a FAKE LIFE (like you) being a "ne'er-do-well" DO-NOTHING like you!

(PROVE you've got others saying great things about something YOU MADE YOURSELF, soyboy? LOL - let's see that!)

I read your post history & I am also going to tear you apart on your lies on your 'job' + also RTF bs I burnt you on before, again!

APK

P.S.=> Being a "registered 'luser'" FAKE NAME for a FAKE LIFE makes you an EASILY TRACKED SHEEPLE in your post history + a SLAVE to scripts that do WHO KNOWS WHAT HERE (& yes, whipslash tries to 'stall me' with scripts & who KNOWS what else & he won't let you see /.'s current code either - so I don't use them - lol, pisses him off I made him look like a FOOL here recently https://politics.slashdot.org/comments.pl?sid=11409789&cid=55632521/ ) & YOU'RE ALSO A SLAVE to cookies that track you too, 'soyboy'... apk

EZ way to cripple Intel AMT/ME

Stop it's ability to send info. outward via router port filtering ports 16992-16995 + 623-625 Intel AMT/ME uses in a modem/router external to OS/PC.

Intel ME/AMT operates from your motherboard but has NO CONTROL OF YOUR MODEM/ROUTER!

(This stops it cold talking in/out permanently OR being able to remotely 'patch' it to use other ports by Intel OR malicious actors/malware makers etc.!)

Additionally, once you disable the AMT engine's software interface (ez via software articles note)? A malware to 'repatch' this = impossible (bios updaters require it in usermode ware, e.g. ASUS).

(I only allow 80, 8080 & 443 in/out here on a SINGLE stand-alone system (no home LAN but TCP/IP connected online in BOTH my modem or router port filters or software firewalls))

HOWEVER - Be CERTAIN your modem/router's internal ware is "solid" too (turn off things like UPnP etc. & CHECK router/modem HAS NO KNOWN BACKDOOR EXPLOITS (tons do unfortunately)) - get it patched ASAP if it's KNOWN exploited & TONS of routers, ARE https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/

* GOOD ROUTERS/MODEMS HAVE PORT FILTERING OPTIONS (crappy ones don't)!

APK

P.S.=> Good luck - it's the BEST EASIEST & CHEAPEST DEFENSE using what you already have (hopefully, again as not ALL modems have port filtering but most do & certainly GOOD ONES DO) vs. this threat by stopping it being able to communicate in/out period, from OUTSIDE of the INTEL chipset external to it via a router/firewall hardware... apk

Re: /.ers clearly disagree OrangeTide FAKE name

What in holy hell is happening here

Impersonating me now OrangeTide?

See subject: Afraid of what's going to happen when I expose your bullshit on RTF per https://it.slashdot.org/comments.pl?sid=11425437&cid=55656687/ OR just pissed off I figured out a VALID WORKING WAY to stop Intel AMT/ME here & you can't stupid https://it.slashdot.org/comments.pl?sid=11425437&cid=55656927/

* Take your pick you HOT AIR BLOWHARD (I am going to rip you apart after taking a peek @ your post history bitch - I talk like a "git" eh? At least I am not a FAKE NAME bullshit artist for your FAKE LIFE bitch like you are punk liar!)

APK

P.S.=> I am going to have a FIELD DAY on your ass fucker... apk

OrangeTide the little cocksucker is what

See subject: He likes flapping his cocksucker off topic hassling me https://it.slashdot.org/comments.pl?sid=11425437&cid=55655837/ & now I'm going to rip his BLOWHARD homo SanJose boy ass apart publicly in front of you all (worse than my post asking for proof of his 'greatness' for TRYING vainly to cut me down off topic).

* He's done... mark my words.

(I hope that little off topic FAKE NAME bitch opens his piehole again... lol!)

APK

P.S.=> He broght it on himself (& I hate bullshitter BLOWHARD do-nothing NO PROOF "talkers" like him - all hot air, lies & bullshit is all he is & I''ll further prove it)... apk

maybe not

There's two flavors of disablement out there. One is to let the ME boot the computer then turn it off. The other is to never use it all. nearly all of the "disablements" currently in use are the former not the latter so the ME is still there at boot. However there are some people who can turn it off totally. So it remains to be seen what they mean.

Re:LOL! Not really (downmod me? I repost)... apk

6. Stalks users to repost the same message over and over again, or to point to one of his previous posts, as if to demand you to respond until... LOOK SHINY!

By the way, I fully expect him to stalk you in the next little while over this.

Re:Easy way to cripple Intel AMT/ME

[yuvcifjt]

Hate to defend an illegible spammer like APK, but he appears to be right in blocking certain ports used by Intel AMT.

No UNIDENTIFIABLE anonymous weasel

See subject: You show ME proof it can - I never saw evidence of it using port redirectors!

YOU saw it using ports other than what are noted by myself & security researchers galore? ANSWER THAT with solid-proof (you can't, didn't & won't is my MORE than guess).

APK

P.S.=> Burden of proof's on YOU you pissant little do-nothing "ne'er-do-well" trolling scumbag... apk

Impersonating me AGAIN, loser?

See subject: IF the "best ya got" is vainly trying to "impersonate me", you are truly a loser & you KNOW it - 2nd time now you did that, 1st was here https://it.slashdot.org/comments.pl?sid=11425437&cid=55656997/ you juvenile little bitch.

APK

P.S.=> No questions asked - you ARE a fucking loser... apk

Hey, system76!

[nightfire-unique]

Design a model of your laptop with the original IBM 7-row keyboard and trackpoint, and you've got a customer for life here!

Re:Hey, system76!

[Ayano]

They get their laptops from the generic laptop manufacturer that supplies both Clevo and Sarger.

The only real add they have is a small crack driver support team and a little customization before shipping it to you.

That said, it's guaranteed to work with the hardware, and I've had several s76 laptops both personally and purchased on my behalf at the workplace. Not really sure how I feel about them, but I do like their mobile workstations (a 'special' kind of laptop).

OrangeTide's pissed I cut him to bits before

See subject: OrangeTIde you're a bullshitting buffoon I tore up before for your error & I was right (RTF) https://slashdot.org/comments.pl?sid=11101863&cid=55187525/

SAY 1 THING CHICKEN-DICK - I will publicly ANNIHILATE YOU on your total f'ing lies there & FAR more (like your 'job' history jobhopper liar) ... & I've never SEEN such utter horseshit from ANYONE trying to "save face" & 'weasel out' of being caught WITH YOUR PANTS DOWN as I did to you there!

Come on BLOWHARD - you like to "talk big" BUT CAN'T SHOW ANYTHING DECENT YOU HAVE EVER ALLEGEDLY DONE loser & cut me down calling ME a fool (git)?

This 'git' has done MORE of good note in the eyes of others than an UNEDUCATED DROPOUT like you EVER has & UNLIKE YOU I CAN PROVE IT EASILY blowhard bullshitter (& you are a no education low paid penniless owning nothing FOOL).

Guess what else I found? You EVEN complimented me on hosts being effective for you in your post history stopping ads in videostreams (I could've told you that - I never see YouTube ads, or rarely until I block the server serving them up, easy to find) - but NOW you give ME SHIT?

Fuck you. You're done. NO small wonder you won't post now - I have YOUR ASS & you KNOW it.

APK

P.S.=> Your job history is going to HUMILIATE YOU THE MOST THOUGH - SAY 1 THING LIAR - you're just still "butthurt sore" I tore you apart for your stupidity in the link above & yes, it's SO obvious! apk

Others disagree unidentifiable douche... apk

See subject & LEARN TO READ/Get your "Hooked on Phonics" out stupid -> https://it.slashdot.org/comments.pl?sid=11425437&cid=55656725/ & DO BETTER THAN I HAVE (you can't - you're a useless "ne'er-do-well" TROLL swine & nothing more) https://it.slashdot.org/comments.pl?sid=11425437&cid=55656405/ bitch!

APK

P.S.=> Between impersonating me (which I always catch & did twice here https://it.slashdot.org/comments.pl?sid=11425437&cid=55656997/ & here https://it.slashdot.org/comments.pl?sid=11425437&cid=55657707/ you little loser & DOWNMOD BOMBING ME @ least 30x yesterday to today (which I easily override & post my posts again nullifying your bullshit 1 effete useless 'weapon')? You're a punk loser boy... apk

Re:LOL! Not really (downmod me? I repost)... apk

[OrangeTide]

So fucking what? This site allows anonymous posting. That is not a reason to downmod anything. Anonymous comments already start at 0. Just because you think everything online has to be tied to an account doesn't make it so.

Sure, it's fine to post as AC. It's an integral part of this site. But mods are going to down mod ACs if they post horseshit. And in APK's case, he's not really anonymous. He's signed everything and chooses not to post under an account in an attempt to manipulate the comment system. He's done this for years with limited success.

PS - I've not spent a single mod point on this thread (obviously I cannot). This account is old enough that if I had multiple accounts I would more likely have the mod points on this account than some newer account, so it cannot be a sockpupper mod either.

PPS - I do use APK's host file on all my systems at home. His persistence and technical abilities work well for maintain host files. But he's less effective at communicating with other human beings on this forum. Either by his own choice or by his own limitations.

Re: /.ers clearly disagree OrangeTide FAKE name

[OrangeTide]

It's OK. I knew he'd bring out personal attacks when I responded to him with my account. Usually people reply AC to him and he ignores them after a while. He'll be fuming for a day or two before he finds something new to do. I've dealt with him before, and I've dealt with others on /. that were worse with boundaries than APK, to the point of filing police reports. At least APK usually only tries to discredit or embarrass me.

Thanks yuvcifjt... apk

See subject & I post on hosts when they help (usually unless do-nothing "ne'er-do-wells" who CAN'T show a thing that's good to their name vs. myself being able to easily, even in /.ers eyes harass me & I ask OrangeTide prove he did better https://it.slashdot.org/comments.pl?sid=11425437&cid=55656895/ - He can't!).

OrangeTide even talked WELL of using hosts & credited me BUT then started 'cutting me down', often behind my back (i cut him apart on RTF & he tried LYING his way out https://it.slashdot.org/comments.pl?sid=11425437&cid=55657815/ ).

APK

P.S.=> Call me a "git" (fool)? OrangeTide is (he won't say a DAMN THING TODAY if you haven't noticed, & he usually posts ALL day (bullshit jobhopper loser)) - Does he get complimented on HIS non-existent work by our /. peers WHO LIKE & USE HIS WORK ? Folks do mine & I don't see him putting up a BETTER FIX than I have for AMT/ME BUT I HAVE ON TOPIC - He came here offtopic trolling me... apk

A trainwreak - for /.ers viewing pleasure

[OrangeTide]

Guess what else I found? You EVEN complimented me on hosts being effective for you in your post history stopping ads in videostreams (I could've told you that - I never see YouTube ads, or rarely until I block the server serving them up, easy to find) - but NOW you give ME SHIT?

You don't seem to understand that one thing has nothing to do with the other. I can appreciate your persistence and technical abilities, while finding your posts inscrutable and bizarre.

You seem upset, but I gave you a very fair enumeration of why people tend to down mod your posts. I'm not orchestrating some down mod conspiracy against you, but I did draw a reasonably accurate picture of how mods independently come to the same conclusion.

If you want to take my old resume and do something with it. I'll let you know that it is copyrighted material, and authorization to reproduce that material is not automatic and must be obtained. I've granted others to reproduce it, but I have not granted you those same rights. (obviously)

Calling me a "git" (fool) isn't personal attack?

See subject & show us YOU have come up with a way to stop Intel ME/AMT as I did https://it.slashdot.org/comments.pl?sid=11425437&cid=55656927/ or that others like YOUR non-existent work https://it.slashdot.org/comments.pl?sid=11425437&cid=55656405/ job-hopper weasel!

7 yrs. on SAME job eh?

Doesn't add up per https://slashdot.org/comments.pl?sid=10868527&cid=54826087/ AFTER this from your post history (of bullshit) https://slashdot.org/comments.pl?sid=10519411&cid=54283899/ & 15 yrs. on that job too?

Doesn't add up considering YOU GOT DROPPED (or left) IN THAT SAME TIMEFRAME TOO LIAR / & "laid off" https://slashdot.org/comments.pl?sid=9353695&cid=52467363/ YOU GOT DROPPED/FIRED https://slashdot.org/comments.pl?sid=7851425&cid=50324991/ - IN THAT TIMEFRAME TOO - YOU are busted lying!

You also COMPLIMENTED ME ON HOSTS HELPING YOU STOP VIDEOSTREAM ADS https://slashdot.org/comments.pl?sid=8727955&cid=51479315/ yet talk behind my back too loser putting me down as you did today https://slashdot.org/comments.pl?sid=8506505&cid=51157011/ TOTALLY OFF TOPIC!

Come up with a BETTER fix for Intel AMT/ME or have USERS HERE SAY THEY LIKE & USE YOUR WORK as I can easily show https://it.slashdot.org/comments.pl?sid=11425437&cid=55656405/ blowhard, ok?

THEN, talk!

FILE A POLICE REPORT "Bugs Bunny" FAKE NAME for your FAKE LIE OF A LIFE weirdo liar - cops LAUGH @ trolls like YOU - go for it. If somehow you DO get it thru? I have an attorney on retainer, I will findout WHO you really are & go from there pal... try it.

APK

P.S.=> You're STILL 'butthurt sore' I ripped you up on RTF (which I was correct on RTF 1999 1.6 std. (say in WordPad) or its precursor in MS-Write earlier RTF std. too) & you tried bs'ing ME (your senior & SUPERIOR in this field by far & I can prove it, you can't talker) https://slashdot.org/comments.pl?sid=11101863&cid=55187525/... apk

You came here offtopic crapping on me

See subject: I also understand your "phantasyland resume" has NO substance & you can't do better than I https://slashdot.org/comments.pl?sid=11425437&cid=55658211/ FAKE NAME for your FAKE LIFE (your job history is that of a JOB HOPPER who can't hold a job & LIES ON TIMEFRAME OF YOUR ALLEGED "JOBS" too - all in that link & I am not even DONE finding all your bullshit in your post history).

* Priceless & CLASSIC you complimented me saying I was right on hosts files though - many do /https://it.slashdot.org/comments.pl?sid=11425437&cid=55656405/

& IF I SHOWED YOU MY RESUME JUNIOR (you are younger but not by much & a little smaller than I too - you spill a lot in your post history)? You'd NEVER be able to match it (in publication alone & puny kernelmode shit you ALLEGEDLY do which I don't believe? F'ing please - ANYONE CAN LOOK IN %WinDir%\system32\drivers & SEE HOW TINY THOSE ARE (big deal doing filtering layered drivers or block device ones - toolkits do MOST of the job & templates in DDK/SDK - do you THINK YOU CAN 'browbeat fool' ME like you try with others? LMAO, no - you can't (I've done it myself & TONS more)).

APK

P.S.=> Don't "play victim" either YOU SMARMY LITTLE WEASEL - YOU started it & I am only showing WHY you did - YOU started it & I am only showing WHY you did as I CUT YOU TO PIECES ON RTF LIES YOU TRIED https://it.slashdot.org/comments.pl?sid=11425437&cid=55657815/ - & I am finishing YOU off with it too, easily... apk

Re:You came here offtopic crapping on me

Just because you're smarter and more experienced than me doens't automatically make what you say right. Nor does your technical prowess give you the right for you to bully and intimidate people online. Just because hosts file is useful doesn't mean it is OK to spam it several times to this forum. If we all chose to cut & paste unreleased messages to every Slashdot article, the site would be a useless heap of trash. What you are doing is not constructive or helpful to the site.

Interesting choice words btw -
    browbeat, v - intimidate (someone), typically into doing something, with stern or abusive words.

OT

Re: LOL! Not really (downmod me? I repost)... apk

The behavior, statements, and style of writing of this anonymous "apk" fellow suggests he/she may suffer from schizophrenia.

Inadequate fix

Intel CPUs still run a blob at initialization called the FSP. This is sometimes entangled with the ME, but is separate and is not getting disabled. The blob is usually writable for updates and must run before any user-supplied code, so it's an ideal spot to put persistent malware to evade verified boot anti-persistence schemes. The AMD equivalent is called the PSP.

Thanks - OrangeTide's getting his now... apk

See subject & "OrangeTide" FAKE NAME for s FAKE LIFE turn into "Forrest CHUMP" doing "Run, Forrest:RUN!!!" https://slashdot.org/comments.pl?sid=11425437&cid=55658211/

* He's a LIAR of tremendous magnitude but a little "Cardinal Richelieu" technique via his post history (the price of being a "registered 'luser'" he is with his bugs bunny fake name) is doing the job on him JUST fine!

(That & despite all his TOTAL BULLSHIT (1 trick pony C coder, MAYBE only (can't even handle C++ OOP, lol), some of the shit I see in his post history made me go "Bullshit" *cough* "Bullshit" & take a look @ the link above, see what I mean).

You're right he's RETARDED - a no degree DROPOUT & imo, a liar about his alleged 'job' (see that link & laugh).

APK

P.S.=> He's sore over f'ing up vs. me on RTF & also the fact he can't come up w/ a better fix as I have on topic - no the douchebag comes in OFF TOPIC hassling me? F' that - He had all that's in the link coming (one day, guys like him end up with a broken jaw - but then, fake name GITs like him (what he called me)? Don't DO that in the REAL world - only online where a LYING loser like him does it hiding behind his FAKE name))... apk

How will this affect HDCP?

[Rick+Schumann]

Having worked at Intel for a while testing graphics drivers, I know that the Management Engine is also leveraged to perform HDCP (High Definition Content Protection) as well as remote-management functions; any idea how disabling it at the firmware level will affect that? If HDCP is disabled as well then some AV content might not be playable on Intel platforms.

Re:How will this affect HDCP?

[Hallux-F-Sinister]

Having worked at Intel for a while testing graphics drivers, I know that the Management Engine is also leveraged to perform HDCP (High Definition Content Protection) as well as remote-management functions; any idea how disabling it at the firmware level will affect that? If HDCP is disabled as well then some AV content might not be playable on Intel platforms.

System76 laptops run GNU/Linux, I think... or at least of the ones that do, that's kind of the selling point. SO... does HDCP work under/with GNU/Linux? I thought HDMI worked but HDCP didn't. Am I wrong? Is there a way to play encrypted Blu-ray movies, for example, on a computer running GNU/Linux, and at full/max resolution? (It's not a sarcastic or rhetorical question... I didn't know they had any that would. I'm not saying they don't, only that I didn't know anyone had managed to do that.)

Re:How will this affect HDCP?

What made you think that if you were using an unapproved OS to playback the media file that HDCP would be necessary? Most of the time, unless it's been approved of by the media cartels, it won't playback one of their files without breaking the protection in someway. Linux is notorious for this, but that's just because most in the "It's mine" industry, have an irrational fear of "/sbin/su", and any uid that equals 0.

OrangeTide started it - I finish him w/ it

See subject & no questions asked I destroyed him as I said I would with solid proof of it a few times https://slashdot.org/comments.pl?sid=11425437&cid=55658211/ & then HE tries to "play victim" after ATTACKING ME PERSONALLY 1st calling me a "GIT" (fool)? NO. I won't allow it. Mod bombing me to hell too? I override that easily nullifying that bullshit too (no post limits here, none - even as AC).

Hey - I'm the guy with a SOLID FIX here vs. Intel AMT/ME (OrangeTide isn't). I'm able to show I do good work from OUR /. PEERS SAYING SO (& that's FAR from complete) - OrangeTide can't!

I even show him complimenting my hosts technique & also where he TRIED 'weaselling out' of RTF issues I nailed him on.

APK

P.S.=> OrangeTide = ONLINE lying TRASH behind a FAKE NAME for his FAKE LIFE (especially his JOB HISTORY, holy hell he makes mistakes that catch his lies in his post history on that much YOU WOULDN'T BELIEVE, lol - it's all there in the links above + others)... apk

Re:OrangeTide started it - I finish him w/ it

Not so much "weaselling out" as I clearly stated my position with citations and generally people have responded positively to my post on RTF, thanks to your linking to it. I've not responded because I thought the discussion was over. But you have latched onto this in an unhealthy way and have continuously showed a disproportionate response.

Compared to the downright foul names you've called me in this thread alone, calilng you a "git" might as well be a cheerful hello.

OT

You start it. I finish it + call u what u are

OrangeTide you called me names 1st offtopic: Did you figure how to block Intel AMT/ME as I did https://it.slashdot.org/comments.pl?sid=11425437&cid=55656927/ ON TOPIC troll?

NO!

OrangeTide DO OUR /. PEERS LIKE & USE YOUR NON-EXISTENT WORK complimenting it as they do mine (VERY partial list only, want more? Ask) https://slashdot.org/comments.pl?sid=11424811&cid=55655675/ https://slashdot.org/comments.pl?sid=11424811&cid=55655691/ & https://slashdot.org/comments.pl?sid=11424811&cid=55655719/?

Again no.

WHEN YOU CAN PROVABLY DEMONSTRATE CONCRETE EVIDENCE AS I DO ON TOPIC MINUS STARTING UP YOUR OFFTOPIC TROLL CRAP?

&

THAT YOU DO BETTER PROGRAMS THAN I DO?

* Then talk hotair blowhard.

APK

P.S.=> Yea, plenty of TROLLING sockpuppets of yours (or other trolls) "LIKE YOUR POST" off topic trolling me too https://it.slashdot.org/comments.pl?sid=11425437&cid=55655837/

Are you "proud" of being an off topic TROLL inferior of mine? Prove you're not (you can't)... apk

Re:You start it. I finish it + call u what u are

[OrangeTide]

OrangeTide you called me names 1st offtopic:

You've called me names and bullied me for YEARS. Also read carefully, I did not call you a git.

5. talks like a git. really his English phrasing is bizarre.

No Intel AMT/ME on my ARM, so it's not really a problem that I've looked into. Given my networking background and multi-system household I probably would have attacked the problem using routing tables rather than hosts file, certainly disadvantages to routing tables but easily centralized and it's what I am familiar with.

Good on you for finding a solution that anyone can make use of and for sharing it. But that doesn't justify your abusive behaviour for the last several years.

I even show him complimenting my hosts technique & also where he TRIED 'weaselling out' of RTF issues I nailed him on.

Please paste the link where you nailed me on "RTF issues". We haven't seen any proof.

Doesn't add up considering YOU GOT DROPPED (or left) IN THAT SAME TIMEFRAME TOO LIAR / [slashdot.org] & "laid off" https://slashdot.org/comments.... [slashdot.org] YOU GOT DROPPED/FIRED https://slashdot.org/comments.... [slashdot.org] - IN THAT TIMEFRAME TOO - YOU are busted lying!

You screwed up the with your assumptions. The post from 2016 refers to being laid off in 2001. Which I was out of work for about a year and doing random consultant gigs to pay the bills.

YOU GOT DROPPED/FIRED https://slashdot.org/comments.... [slashdot.org] - IN THAT TIMEFRAME TOO - YOU are busted lying!

My post in 2015 is about my quitting Amazon in 2009.

7 yrs. on SAME job eh? [...] Doesn't add up per https://slashdot.org/comments....

I've been at NVIDIA for 7 years. Started in 2010.

AFTER this from your post history (of bullshit) https://slashdot.org/comments.... [slashdot.org] & 15 yrs. on that job too?

Yes, I've been working in IT since 1996 and as an embedded SW engineer since 1999. That's over 15 years. I have worked a few places as full time, and a lot of places as contractor. The paperwork in California to work as a contractor for more than 2 years is complicated so I usually move on but sometimes I convert to full time. You could describe that as being a "jobhopper", although it has more to do with the legal requirements in my state than any lack of commitment on my part.

So no lies there. I've certainly made mistakes in my life and online. I'm certain I have embarrassing posts on slashdot, I vaguely recall writing several. But you've failed to turn up anything damning.

I think your lack of reading comprehension, inability to contextualize and wild assumptions have a lot to do with your emotional and mental state. Do you have difficulty empathizing with other people? Is it hard to read the motives of other people? Are you suspicious that people are plotting against you?

Well it's not true. I'm not plotting against you. I'm not your enemy. And I tried very hard to have a two way discourse in spite of threats, walls of texts, off topic rants and repetitive statements.

This has not been a two-way discussions, it's been you shouting at me the entire time. Thank you for your participation, in the future learn to let others people participate in the discussion as well.

OrangeTide started it: I finish it & him w/ it

See subject & no questions asked I destroyed him as I said I would with solid proof of it a few times https://slashdot.org/comments.pl?sid=11425437&cid=55658211/ & then HE tries to "play victim" after ATTACKING ME PERSONALLY 1st calling me a "GIT" (fool)? NO. I won't allow it. Mod bombing me to hell too? I override that easily nullifying that bullshit too (no post limits here, none - even as AC).

Hey - I'm the guy with a SOLID FIX here vs. Intel AMT/ME (OrangeTide isn't). I'm able to show I do good work from OUR /. PEERS SAYING SO (& that's FAR from complete) - OrangeTide can't!

I even show him complimenting my hosts technique & also where he TRIED 'weaselling out' of RTF issues I nailed him on.

APK

P.S.=> OrangeTide = ONLINE lying TRASH behind a FAKE NAME for his FAKE LIFE (especially his JOB HISTORY, holy hell he makes mistakes that catch his lies in his post history on that much YOU WOULDN'T BELIEVE, lol - it's all there in the links above + others)... apk

OrangeTide you start it & I finish it + you

OrangeTide you called me names 1st offtopic: Did you figure how to block Intel AMT/ME as I did https://it.slashdot.org/comments.pl?sid=11425437&cid=55656927/ ON TOPIC troll?

NO!

OrangeTide DO OUR /. PEERS LIKE & USE YOUR NON-EXISTENT WORK complimenting it as they do mine (VERY partial list only, want more? Ask) https://slashdot.org/comments.pl?sid=11424811&cid=55655675/ https://slashdot.org/comments.pl?sid=11424811&cid=55655691/ & https://slashdot.org/comments.pl?sid=11424811&cid=55655719/ ?

Again no.

WHEN YOU CAN PROVABLY DEMONSTRATE CONCRETE EVIDENCE AS I DO ON TOPIC MINUS STARTING UP YOUR OFFTOPIC TROLL CRAP

&

THAT YOU DO BETTER PROGRAMS THAN I DO?

* Then talk hotair blowhard.

APK

P.S.=> Yea, plenty of TROLLING sockpuppets of yours (or other trolls) "LIKE YOUR POST" off topic trolling me too https://it.slashdot.org/comments.pl?sid=11425437&cid=55655837/

Are you "proud" of being an off topic TROLL inferior of mine? Prove you're not (you can't)... apk

Who're you trying to fool? Sockpuppets... apk

Don't TRY bs that there aren't sockpuppeteers here (easy to setup via free emails & proxies) & that others don't use them (you probably too) so you COULD be posting as others & up/downmodding too.

I do what I do to DRY UP sockpuppet & limited downmodpoints in an EASILY CHEATED so-called "moderation system" is all.

LIMITED SUCCESS?

Hey - It's demonstratably MORE THAN YOU HAVE e.g. (FAR from complete, if you want more? Ask & "ye shall receive" to your own FURTHER public dismay) https://slashdot.org/comments.pl?sid=11424811&cid=55655675/ https://slashdot.org/comments.pl?sid=11424811&cid=55655691/ & https://slashdot.org/comments.pl?sid=11424811&cid=55655719/?

APK

P.S.=> I communicate FINE & only diff. between myself & "SMARMY" bastards?

I GIVE IT BACK LIKE I GOT IT GIVEN TO ME 10x worse & you started w/ me, no questions asked, off topic trolling (see above)... apk

Purism

They're a bit late to the party - Purism has been offering ME-disabled machines for some time (it's actually pretty much their raison-d'être

https://puri.sm/

System76 is basically just a Clevo reseller anyway

http://www.clevo.com.tw/

Re:Purism

[Sri+Ramkrishna]

This is not a fair statement to make. It is akin to the same mentality from people who say "why do I need IT? I can just go to a store and buy a laptop and self support.". What goes into the clevo shell is still done by System76, making sure they work with Linux, have a customer support framework around it, and so forth. Plus there are contributing upstream with fixes to GNOME, fixes to Ubuntu, and is part of the eco-system. You might also consider that Purism doesn't make their own laptops either.

Prove it - provide links... apk

WHERE'd I call you names before you started this? Prove it by providing links to it predating YOU saying I talk like a "git" (fool) here.

* I want to see this, because I really don't recall ever interfacing with you here @ all whatsoever before your shenanigans here.

(The rest of what you wrote doesn't matter @ this point - I want to see when/where I gave you any guff & IF I DID I would remember IF I KEPT IT UP - you don't "ring any bells" like say, BarbaraHudson would've - we had a 'feud' going which YES she started & kept up with all her 'allies' but that eventually stopped (she left /. after ArmoredDragon, another user here, 'rode her clean out of town'...)

APK

P.S.=> Centralized control is a central SINGLE point to easily attack & down or subvert... apk

Re:Prove it - provide links... apk

APK fails in these respects:
* demands respect, but unable to respect other people.
* assumes that success in one area means success in all areas. (i.e. if you compliment his hosts file, he assume you must agree with everything else he says)
* has a disproportionate response to anything he takes offense to
* locks in on an attack strategy early on. (i.e. proving someone is a liar by digging through 2-3 year old posts. His goal is to "nail" his opponent, even if it is not relevant to the discussion)
* believes repetition is the key to being right. A cut and paste warrior.
* he is very concerned about how others view his technical abilities.
* does not understand mods don't conspire together, they just all find him annoying. and the few that up mod him get meta-moderated down because meta-mods find him annoying too.
* starts what he believes to be feuds very easily, even if they are one sided. (I bear him no ill will, I just want him to modify his behavior)
* he's a bully, who uses threats and intimidation to shut people down.
* is not above doxxing his enemies in order to intimidate them.
* is very paranoid about "sockpuppets". Either through prior experience in his "feuds" or just a general behavior pattern with him.
* despite being paranoid about tracking, is attention seeking by signing his co-called anonymous posts.
* demonstrates revenge seeking behavior.
* frequently attempts to redirect the discussion away from aspects critical to him points.
* when he makes mistakes, he drops them and no longer discusses them. no apologies received, just immediate switched to a new set of personal attacks.

So with this information we can conclude that:
* anyone with a Slashdot account, at a time and place of own their choosing, can provoke APK into a frothing rage with trivial effort.
* can perhaps lead to dangerous behavior if he loses control in his heighten emotional state
* is not generally respected on Slashdot due to his malicious behavior.
* may attack even during a friendly discussion. He may be unable to interact normally with other people.

Re:Prove it - provide links... apk

You forgot:
* threats of violence bordering on criminal behavior

No - Lazarus technique (vs downmods I repost)

See subject: They always DOWNMOD my posts to effetely TRY "hide them" (most here see them anyhow but I do what's in my subject - NO LIMITS posting here, even as AC poster - lol, & 'the powers that be' here? DO NOT LIKE THAT but I do - makes me laugh @ them!).

* FUNNIEST PART IS - you can 'downmod' me all you like BUT my 'downmodding detractors' NEVER PROVE ME VALIDLY TECHNICALLY WRONG!

(Additionally - Most here browse below the -1 bogus 'downmoderation system threshold' here, a system built by WEASELS for WEASELS, lol - they don't even ID who does the downmodding, hence that last statement of mine - proof of whimps that can't stand behind their words - they say "But, but, but - we'd have FLAME WARS!" well dumbasses? YOU DO HERE ANYWAY!)

APK

P.S.=> They hit me with 30 downmods today, I reposted my posts,& they are OUT OF DOWNMOD "bullets" that merely BOUNCE OFF ME, lol (nothing's MORE FUN than running weasels DRY of their downmodpoint ineffectual 'bullets')... apk

LMAO - Bullshit & this thread proves it

OrangeTide came in here calling me all kinds of names & I finished him based on that alone - I don't see him fixing the issue here w/ Intel AMT-ME but I did & did well https://it.slashdot.org/comments.pl?sid=11425437&cid=55656927/ UPMODDED to +2 Interesting (would be a +4 but it's been DOWNMOD BOMBED 2x already - & you morons hit me w/ 30++ downmods between this & another thread the past 2 days - no big deal though, lol - I just repost overriding your bs, everyone sees my posts that way ANYHOW & I get the "last laugh" nullifying your effete useless downmod 'weapon' hahaha).

* That's WHY you post UNIDENTIFIABLE anonymous - I've CRUSHED YOU BEFORE under your "registered 'luser'" accounts (1 of many of your sockpuppet fake name accounts no less) - IF you do it under your fake names? I will throw it @ you REPEATEDLY & PUBLICLY to humiliate you for starting w/ me - but then, I forget that "YOUR KIND" (lowest of the LOW in life) is USED to shitting on yourselves (hence why you misbehave the way you do).

You're reprehensible (+ weak & you KNOW it constantly proving it to all of us).

APK

P.S.=> The day you useless dolts can do better than I can is the day hell freezes over - yes, it IS your fault you're useless & obviously miserable swine! apk

Tuxedo did it months ago...

[Herve5]

When we migrated from macs to linux laptops one year ago, I first considered buying System76 machines. I quickly understood they'd never offer the non-US keyboard in use here (I went up to asking them if a separate procurement would be feasible... no)
Then I discovered, much closer to my home, the German guys from Tuxedo. Smaller company, not the same surface on internet. But brilliant products. And localized keyboards.
Well, when the Intel-mgt-bug was discussed (first on LWN, months and months ago) I contacted Tuxedo asking if they'd upgrade things. Basically, the thing was already disabled on the recent machines I just bought.
As some other said, Syst76 are VERY late at the party...

Re:LOL! Not really (downmod me? I repost)... apk

[KingBenny]

well, actually , its a rating, not moderation ... nothing gets censored but people are free to filter as they please, thats about it, i think this is still one of the best if not THE best forum/site on the whole wide wwwebs

APK's behavior

If you carefully read the earlier post, it shows that I did not call APK names, only that I enumerated why people downmod him. He continues to talk foolishly and with weird syntax (talking like a git). And he has decided to take this very personally, I have not taken it personally. I urge him to modify his behavior if he expects his treatment to improve.

Unfortunately APK's demands of me will not be met. I will not provide him links to his earlier statements because I do not have the ability to search years of his anonymous and nearly untraceable posts. He clearly has archives of everything he has said, and possibly all of Slashdot. I can only access about the last two dozen of my own posts. If the demands were material to the discussion I would take them more seriously and concede the point, but they aren't. I do feel slighted by him but what he does not grasp that I am not required to provide proof for every detail he decide to zoom in on. Especially as participation in personal attacks has clearly been one way this entire time.

He continues to make demands that are not related to the original discussion. And I would argue that he never participated in a debate. He only shouts down his opponents and attempts to discredit them, as predicted. If he demands some kind of apology every time he react disproportionately, he is going to be very disappointed. This off topic thread has always been about his extreme behavior, even though he tried to deflect and project it onto other people.

There is one apology I do owe APK. I waited a while for him to link heavily to the parent of this post. That was perhaps a bit manipulative on my part, and I am sorry for using my insights into his likely behavior against him. But it was for a greater good of trying to get a well known bully to take a look at his own abhorrent behavior and learn to control himself.

Posting ac again OrangeTide? UR caught lying

Why not backup your bs w/ proof OrangeTide https://it.slashdot.org/comments.pl?sid=11425437&cid=55663429/ provide proof of me picking on you 'for years' as you said in the post parent to mine in that link I just posted - you can't.

I don't respect punks like you starting shit w/ me - I dish it right back 10 fold & apparently your ac post reaction shows you can't take it though you dish it out.

(If I had issues w/ you I'd have bookmarked it & I never have before YOU came in calling me a "git" (fool) starting hassles!)

* See you there (somehow I don't think I will & you will continue to embarass yourself as you did starting garbage with me - I am going to let YOU finish YOURSELF boy)

Additionally - SEE SUBJECT: CLASSIC & PRICELESS! I also CAUGHT YOU posting UNIDENTIFIABLE AC vs. using your registered 'lusername' yet you point to YOUR POST that was done under your REGISTERED 'lusrname' claiming it too (YOU = FLATOUT-BUSTED -> https://slashdot.org/comments.pl?sid=11432439&cid=55667787/ )

SEE YOU DOWNMOD HID THIS 6x TIMES I POSTED IT TOO https://slashdot.org/comments.pl?sid=11430293&cid=55668641/ & https://slashdot.org/comments.pl?sid=11433711&cid=55669021/ + https://slashdot.org/comments.pl?sid=11432725&cid=55669055/ https://slashdot.org/comments.pl?sid=11432725&cid=55669519/ https://slashdot.org/comments.pl?sid=11430293&cid=55669493/ https://slashdot.org/comments.pl?sid=11432483&cid=55666417/ - weak trying to hide it!

Best of all since I know you post ac (see evidence above)? You're "ReAcTiNg" poorly doing AC posts again OrangeTide you SMARMY little wannabe!

APK

P.S.=> This is the 18th time you've done a "Run, Forrest: RUN!!!" vs. it OrangeTide - why's that? I caught you lying?? Cat got your tongue??? Yes, obviously - pitiful... apk

YOU ARE A LIAR MOTHERFUCKER... apk

See subject & PROVE otherwise you flimsy little SMARMY whimp https://slashdot.org/comments.pl?sid=11432439&cid=55667787/

* This is NOT going to stop & I will expose you you LITTLE fake name FUCK...

APK

P.S.=> You brought this on YOURSELF (call me a 'git' will you? FUCK YOU) & it won't stop (unless you can backup that I called you names for years & picked on you - FUNNY YOU CAN'T BACK THAT UP, eh, FUCKER? Not - you're SHIT behind your FAKE NAME for your FAKE LIAR LIFE)... apk

You jerks always screw w/ me 1st

You jerks always screw w/ me 1st & the root of this IS such an example from OrangeTide who runs from https://it.slashdot.org/comments.pl?sid=11425437&cid=55663429/

* I LOVE IT!

(You try "twist things" & "play victim" but you make YOURSELVES the victim of me making YOU my BITCHES!)

WHAT "Threat of Violence? You're PROJECTING you KNOW YOU DESERVE THAT though!

I merely pointed out how I got rid of Coren22 via some pals of mine helping me "zero-in" on "your kind" (either UNIDENTIFIABLE anonymous losers like you that I've cut to pieces before due to YOUR ERRORS, not mine, OR the FAKE NAME for FAKE LIES OF LIVES kind like OrangeTide).

The best part is, you are "ReAcTiNg" & don't LIKE BEING EXPOSED for your lies & other "not men" whimp bullshit - don't worry, it won't stop OrangeTide... you'll leave eventually!

APK

P.S.=> You do it to yourselves & no amount of post burial OR downmods I run you DRY of everytime can stop me exposing that little smarmy loser OrangeTide & you KNOW it - lmao! apk

classic apk

Opening up with insults like software janitor and "bitch" is your style.

See you won't answer my question lol!

See subject & MY style unlike your UNIDENTIFIABLE anonymous troll one? /.ers speak for me https://mobile.slashdot.org/comments.pl?sid=11432635&cid=55668071/

* How about you?

QUESTION - Do /.ers speak well of your creations (oh, that's right - "your kind" doesn't HAVE any - lmao!)

APK

P.S.=> Backup your bs w/ proof OrangeTide https://it.slashdot.org/comments.pl?sid=11425437&cid=55663429/ - provide proof of me picking on you 'for years' as you said in the post parent to mine in that link I just posted - you can't... apk