:: Re: [DNG] The FSF seems to have fin…
Góra strony
Delete this message
Reply to this message
Autor: Taiidan@gmx.com
Data:  
Dla: Alessandro Selli, DNG
Temat: Re: [DNG] The FSF seems to have finally sold out
On 03/10/2018 05:49 PM, Alessandro Selli wrote:

> On 09/03/2018 at 00:05, Taiidan@??? ha wrote:
>> On 03/08/2018 11:34 AM, Alessandro Selli wrote:
>>
>>>     In fact it's just another take of Taiidan against Purism, it's his job.
>> You fail to mention that there are many people who are constantly promoting
>> purism, whereas I am the only one who provides constructive criticism.
>    You are as constructive on Purism as Trump is constructive on N Korea.

I am not really a fan but he did get them to back down right?
I don't see anyone else providing criticism and I have never encountered
potential purism customers on mailinglists who knew all the facts - they
believed purism's lie of "open source firmware" despite hw init being
performed entirely by Intel FSP.
>> I have told them that their marketing is dishonest many times, hell they
>> even agreed with me that it needed to be changed only they never did so.
>    I'd like to read this exchange.

It is on the coreboot ML with "yourness alaoui"
kakaroto@??? if you want to.
I also suggest examining his efforts to port an open source EC to their
laptops, although I can't understand why this is somehow a higher
priority than the hardware initiation itself or the firmware for a DMA
capable component.
>>>>> Purism is NOT free hardware and certainly not "grassroots" as their
>>>>> mysterious founder somehow has a bottomless pit of money to burn on
>>>>> hardware costs and propaganda campaigns.
>>> [...]
>>>
>>>> Are these things an illusion?
>>>>
>>>> https://puri.sm/posts/purism-integrates-heads-security-firmware-with-tpm-giving-full-control-and-digital-privacy-to-laptop-users/
>>>>
>>>>
>>>> https://puri.sm/posts/librem-now-most-secure-laptop-under-full-user-with-tamper-evident-features/
>>>>
>> They didn't make heads they simply install it on their laptops.
>    Did they write they made heads?  No, they gave credit to all those involved.

My point is that almost every blog post and effort of theirs is fluff,
porting something someone else made to their laptops rather than
creating something new such as open source hardware initiation - while I
think wasting time and money to free intel hardware is ridiculous that
is at least an attainable goal rather than the impossible and illegal
goal of freeing ME - as it is a "security"/DRM device they would simply
patch the exploit in the next release that is if they didn't simply send
purism a C&D as bypassing intel's DRM is illegal in america and ME has
PAVP intel insider etc.
>> Again my issue is that they claim to have "open source firmware" and a
>> "disabled" ME when they actually don't.
>    The firmware they use is Coreboot, so the firmware they use is as free as
> Coreboot is.

Yes but you can't claim open source firmware when all the hardware
initiation is done via black box binary blobs.
> ME they state (https://puri.sm/learn/intel-me/) is
> "neutralized *and* disabled" and provide with this pointers as proof:
>
> https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops/
>
> https://puri.sm/posts/todds-librem-13-with-coreboot-and-a-neutralized-me/
>
>    They claim they removed "over 90% of the Intel ME", "leaving only the very
> small section (120k) to initialize and configure the hardware."

How is that disabled? code still runs and the ME kernel is free to
perform any dirty tricks it wants such as an SMM rootkit.

The standard of disabled has now been reduced, on the X200 etc laptops
it was no ME ROM and thus the ME CPU stays off in the first place - now
"disabled" means that it runs but it supposedly shuts off and promises
not to do anything bad?
>    In detail, these are the removed partitions and what is still in place:

>
>     The remains

>
>     A question remains, however: “What exactly did we remove, and what
>     remains?” So I tried to dig into that as well.

>
> ## Original ME modules :
> total 1.6M
> 8.0K -rw-r--r-- 1 kakaroto kakaroto 8.0K Feb 28 17:08 AFWS-20687000.mod
> 12K -rw-r--r-- 1 kakaroto kakaroto 12K Feb 28 17:08 BOP-20392000.mod
> 116K -rw-r--r-- 1 kakaroto kakaroto 116K Feb 28 17:08 BUP-200d4000.mod
> 16K -rw-r--r-- 1 kakaroto kakaroto 16K Feb 28 17:08 CLS-206e0000.mod
> 4.0K -rw-r--r-- 1 kakaroto kakaroto 4.0K Feb 28 17:08 ClsPriv-20716000.mod
> 12K -rw-r--r-- 1 kakaroto kakaroto 12K Feb 28 17:08 FPF-206b3000.mod
> 132K -rw-r--r-- 1 kakaroto kakaroto 140K Feb 28 17:08 FTPM-20777000.mod
> 60K -rw-r--r-- 1 kakaroto kakaroto 60K Feb 28 17:08 HOSTCOMM-20396000.mod
> 24K -rw-r--r-- 1 kakaroto kakaroto 24K Feb 28 17:08 HOTHAM-2032b000.mod
> 16K -rw-r--r-- 1 kakaroto kakaroto 16K Feb 28 17:08 ICC-203ad000.mod
> 272K -rw-r--r-- 1 kakaroto kakaroto 272K Feb 28 17:08 JOM-208c2000.mod
> 344K -rw-r--r-- 1 kakaroto kakaroto 344K Feb 28 17:08 KERNEL-200f8000.mod
> 28K -rw-r--r-- 1 kakaroto kakaroto 28K Feb 28 17:08 MCTP-20379000.mod
> 28K -rw-r--r-- 1 kakaroto kakaroto 28K Feb 28 17:08 ME_TUNNEL-203b4000.mod
> 52K -rw-r--r-- 1 kakaroto kakaroto 52K Feb 28 17:08 NET_STACK-20383000.mod
> 20K -rw-r--r-- 1 kakaroto kakaroto 20K Feb 28 17:08 NFC-208bb000.mod
> 196K -rw-r--r-- 1 kakaroto kakaroto 204K Feb 28 17:08 Pavp-20040000.mod
> 124K -rw-r--r-- 1 kakaroto kakaroto 124K Feb 28 17:08 POLICY-2034d000.mod
> 4.0K -rw-r--r-- 1 kakaroto kakaroto 4.0K Feb 28 17:08 ROMP-200d2000.mod
> 60K -rw-r--r-- 1 kakaroto kakaroto 60K Feb 28 17:08 SESSMGR-20719000.mod
> 44K -rw-r--r-- 1 kakaroto kakaroto 44K Feb 28 17:08 SESSMGR_PRIV-2015a000.mod
> 4.0K -rw-r--r-- 1 kakaroto kakaroto 4.0K Feb 28 17:08 UPDATE-2003e000.mod
> 32K -rw-r--r-- 1 kakaroto kakaroto 32K Feb 28 17:08 utilities-2036f000.mod
> ## Cleaned ME modules :
> total 120K
> 4.0K -rw-r--r-- 1 kakaroto kakaroto 4.0K Feb 28 17:15 ROMP-200d2000.mod
> 116K -rw-r--r-- 1 kakaroto kakaroto 116K Feb 28 17:15 BUP-200d4000.mod
>
>> You tell me I am "attacking them" since you care so much you can email them
>> to remove the dishonest marketing and sell their products *as they are* not
>> as they could be eventually - then I would have no issue with them
>    What is dishonest in what they write on their site?

"LibreM" their laptops are not libre at all
"open source firmware"
"disabled ME" their ME is not disabled - it still runs
"every chip hand selected to respect your privacy freedom and security"
- intel hardware doesn't and will never respect any of those, also their
laptops are probably re-badged whitebox models considering their volume
and pricing (selling re-badging whitebox hardware isn't wrong but I
don't like companies that lie about doing it)
> What is that they
> sell not as is but as "could be eventually"?

Look at the "roadmap to RYF" - 90% of the chart wasn't done by them and
most of the rest is impossible on a modern intel platform.

The only way they will get RYF on an intel platform is to bother the FSF
until they reduce the standards.

Purism's unrealistic goals are convincing the average power user in to
thinking they can have a brand new modern intel laptop that is entirely
open source and owner controlled with no black boxes and that simply
isn't true.
>>>>> I encourage everyone who cares about the future of free computing to
>>>>> contact the FSF about this.
>>>>> Here are posts that help explain the purism situation better than I can.
>>>>> https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/
>>>>>
>>>> In IT terms, that Reddit thread started a long time ago.... perhaps it
>>>> is irrelevant these days?
>> It is still relevant, purism claims to have "open source firmware" when all
>> the hardware init is done via binary blobs.
>    CPU microcode too is a proprietary binary blob.  Still, there are laptops
> that are considered free hardware and meet RYF criteria.

CPU microcode is much different than an "open source" firmware where all
the hardware init is performed via binary blobs.
>>>   No, it is not relevent, and Taiidan knows it, as he was explained time ago,
>>> in 2017-11-03:
>>> https://lists.dyne.org/lurker/message/20171103.162330.6499510a.en.html
>>>
>>>     He falsely writes that all Purism did was "running ME cleaner which they
>>> didn't make", while in fact what they did is this (quoting from the November
>>> email):
>> The HAP bit doesn't disable ME.
>    It leaves in place the hardware init.

The ME kernel runs which isn't at all "disabled", but I suppose changing
the previous standard of disabled is worth it to sell shiny laptops?
>    Everything else is removed:

>
> https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops/
>
>     The me_cleaner tool deletes most modules [...] pretty much
>     everything except the hardware initialization (BUP = Bring UP)
>     module in the ME image. After the BUP module is executed, it can’t
>     find the other modules, so it stops executing (as it has nothing to
>     execute into), but at that point the 30 minutes watchdog has already
>     been disabled by the BUP itself, so we can keep running. This is
>     already a great improvement!

>
>     [...]

>
>     I then checked the output of “cbmem”—coreboot’s debug log during the
>     boot sequence—and it showed that the ME was now stuck in “bring up
>     phase”, its state was “recovery” instead of “normal”.

>
>    What is dishonest in what they write?

>
>> Try removing the ME ROM from purism's firmware (I assume you have one) - the
>> laptop will shut off after 30 minutes.
>> If the ME really was disabled you could physically disconnect the ME cpu
>> core, or remove the  and have the laptop still function.
>>
>> The ME kernel runs, thus ME is not disabled.
>    They do acknowledge there is more work to do:

>
>     "We plan to go even further than that in the future and reverse-
>     engineer the remaining parts just so we can attain 100% freedom."

Which is an unrealistic goal.

By the time you reverse engineer a modern intel platform the world has
moved on, that was why purism was started in the first place as todd
didn't want a X200, X220 etc.
If any code execution exploits were discovered on ME intel would simply
patch them out and the hundreds of thousands spent on reverse
engineering would be absolutely pointless.
Freedom on x86_64 will never happen because intel, amd and hollywood
(DRM) are actively trying to prevent it.

For the amount of time and money it would take to do that it would be
easier and better to simply create a non-X86 laptop such as ARM, POWER etc.

It is possible to create a POWER mobile workstation style laptop by
downclocking the base 95W CPU and developing a custom motherboard, there
were suggestions about this on the coreboot ML and yourness thought it
was a good idea but unfortunately he isn't the one in charge.
>> As before they simply need to revise their marketing to say "Partially
>> disabled".
>    They already went beyond that: they detailed precisely what is gone and
> what is left.

True, but I have never met anyone who actually read those pages they
just see "disabled ME" and "open source firmware" on the home page and
proceed to buy a laptop.
>>>     He slants Purism because they allegedly have a "mysterious founder [who]
>>> somehow has a bottomless pit of money", provides with no proofs of his
>>> allegations.
>> It costs millions of dollars to make their supposidly custom hardware
>    So?  Does Talos' custom hardware cost peanuts?

No it doesn't but that isn't my point.

The T2 only exists because of corporate backing as the crowdfunding
community currently doesn't have millions to go around but somehow
purism can make three entirely custom fabbed laptops for only a million?
How is that possible?

There isn't anything wrong with selling re-badged whitebox laptops but
for some reason they claim they aren't doing it and I don't understand why.
>>> and smears FSF because they found out Purism's claims to be
>>> true and their hardware to be among the most free available today.
>> Their hardware is anything but free and there are a variety of other options
>> out there.
>    Smearing Purism is not just pointing out there are other options out there.

I am not making up anything - I am simply spreading the facts to a world
that would prefer to ignore them and pretend you can have a user
respecting modern intel laptop.
>>>    And he
>>> keeps peddling the hardware produced by Talos Engineering.  Let's compare
>>> Purism and Talos:
>>>
>>> 1) Purism is crystal about who run the company and who is working for them:
>>>     https://puri.sm/about/team/, https://puri.sm/about/board/
>>>
>>> 2) In the past they had Jacob Applelbaum and Stefano Zacchiroli (former
>>>      Debian Project Leader) in the Board of Advisors:
>>>      https://web.archive.org/web/20160322025039/https://puri.sm/about/
>> That doesn't mean anything or imply some type of endorsement of quality.
>    It does means something, it means they put their name and face on the
> project.  Or, do you have some statement of theirs where they criticized
> Purism after they could see how it was managed?

>
> https://twitter.com/ioerror/status/546321378249809920
>
>     Jacob Appelbaum
>     ‏ @ioerror

>
>     I've been emailing with the #Purism folks. I'm really impressed with
>     their vision, their commitment to Free Software (FL/OSS) and
>     privacy.
>     07:09 - 20 dic 2014

I wonder what he thinks about their actual hardware.
> Stefano Zacchiroli is still tweeting positively about Purism:
>
> https://twitter.com/zacchiro
>
>     Stefano Zacchiroli ha ritwittato
>     Purism
> ‏    @Puri_sm
>     8 mar

>
>     Purism Partners with Cryptography Pioneer Werner Koch to Create a
>     New Encrypted Communication Standard for Security-Focused Devices

>
>     https://puri.sm/posts/purism-collaboration-with-cryptography-expert-werner-koch
>>> https://web.archive.org/web/20170105163722/https://puri.sm/about/advisory-board/

>>>
>>>
>>> 3) Talos is shrouded in secrecy, as nowhere in their site is available
>>>      a list of who's who: https://www.raptorcs.com/
>> It is a marketing company of raptor engineering which is owned by timothy
>> pearson.
>    Why is this not stated on their site?

It is, there is a link at the bottom of every page.
> Who are you and how do you know
> this? How reliable are you as a source of information concerning anything
> about Talos?

I am obsessed with libre firmware and I follow all the latest developments.

I currently own 5 open hw init coreboot systems 2 of which are running
firmware from the company behind talos.
I also contributed to the successful crowd-funding campaign to port
OpenBMC to the two last and best owner controlled x86_64 motherboards
(KGPE-D16 and KCMA-D8 which I both have)
>>> 4) They are backed by IBM, according to Taiidan:
>>>    https://www.mail-archive.com/dng@lists.dyne.org/msg17532.html
>>>     "They didn't have corporate backers before, now they do."
>>>     [...]
>>>     "Getting corporate backing isn't fishy, IBM wanted to support a POWER
>>>     workstation project via the OpenPOWER foundation."
>>>
>>>     As this is nowhere stated on talos' website I wonder how does Taiidan know
>>> that IBM is behind them: does he work for Talos?
>> Because I am on the TALOS IRC and have asked the owner of raptor many
>> questions?
>    On Internet Relay Chat?  Hardly a dependable, public source of corporate
> information.

>
>>> 5) Whatever Purism develops, they release and publish under an opensource
>>>     license and contribute code to Coreboot;
>> They currently have not contributed anything that does more than help them
>> sell their own products (ie: you can't use it on any other motherboard)
>    Of course you can use it on any motherboard equipped with the same chipset
> and processor.

Which no one else is going to have as their chips are hand selected.
> In fact Purism was the first company to invest in Coreboot
> development for current, not ancient Intel chips:

If they have contributed any actual hardware initiation code I am
currently unaware of it.
I will be impressed if they reverse engineer Intel FSP and publish the
results, in that case I would consider their laptops to be partially
free and worth recommending for those who have no choice but to use x86_64.
> https://puri.sm/coreboot/timeline/
> (excerpts)
>
>     Prologue

>
>     “A beginning is a very delicate time.”

>
>     In the summer of 2014, a few months prior to the launch of Purism,
>     Todd Weaver posted to the coreboot mailing list for input on
>     possible hardware choices to run a fully freed coreboot on, and to
>     offer contract work to the coreboot community. Various coreboot
>     contributors pointed out that there were no great hardware choices
>     out there to meet these requirements.

>
>     Initial Negotiations and Development Work

>
>     In the middle of 2015, Purism then brought on a coreboot developer
>     requesting to remain anonymous, working under the pseudonym “Larry
>     Moberg”. Anonymous Larry began testing coreboot and publish his
>     findings regularly on the coreboot and Purism blogs. After three
>     months of progress, anonymous Larry disappeared (stopped working and
>     ended any communication with Purism or the public).

>
>     Todd Weaver met again with various coreboot contributors (including
>     Stefan Reinauer, Ron Minnich, David Hendricks, and a few others),
>     handing them four Purism Librem 13 units to help continue the
>     porting efforts.

>
>    The aim at the time was porting Coreboot to Xeon E3:

>
> https://mail.coreboot.org/pipermail/coreboot/2014-August/078520.html
>
>     Todd Weaver todd at m2n.com
>     Thu Aug 28 20:09:48 CEST 2014

>
>     On Aug 28, 2014, at 10:36 AM, David Hubbard
>     <david.c.hubbard+coreboot at gmail.com> wrote:
>     >> The truth here is that we NEED to have a blob-free version
>     >> (libreboot), so I have a lot of work ahead of me :)
>     >
>     > The reality is that Intel has no plans to release code for Xeon
>     > E3-1200 v3 and HM86 Express. Coreboot's progress so far has been
>     > to integrate the blobs.

>     
>     That is helpful to know, I was considering funding coreboot
>     development, coupled with a libreboot (to deblob it) dual effort,
>     and now I know it will be more than just a consideration.

>
>
>>> 6) Talos promises to let specs be public in the future, but there is nothing
>>>     available right now: https://www.raptorcs.com/content/base/software.html
>>>     And Taiidan is aware of this:
>>>     https://www.mail-archive.com/dng@lists.dyne.org/msg17532.html
>>>     "the public will get the spec sheets and HDL's when the hardware is
>>>     released"
>>>
>>>      This too I cannot find on their website, and no date is set.
>> Currently you have to email them for it, but there is a page being set up as
>> seen in the support section.
>    So, there is no official statement, nothing the public can know.  Why is this?

>
>>>     Why is
>>>      this?  How does Taiidan know what they are going to do in the future?
>> I do my research and I read the TALOS IRC.
>    Do you understand this is *not* the way you run a business and attract
> investors and customers?  Hell, even Novena, Pyra/Pandora and many more
> manage communication a lot better, and they sell much cheaper products!

I don't like it either.

Smooth marketing and customer communication is one of the things purism
is very good at.
>>>     Why are people supposed to trust this anonymous poster?
>>>
>>> 7) Purism strives to produce a fully libre system, so much so that they
>>>      axed an initial plan to equip their laptops with NVidia GPUs.
>> If they really were "striving" they would have never had that plan in the
>> first place, the only reason they decided not do use a nvidia gpu is because
>> of community pressure - no one wanted to buy something so obviously non-free.
>>>     At Talos
>>>      instead they value more vendor-bashing that producing the most libre
>>>      possible system:
>> I don't work for or receive money for anyone - I am unemployed right now.
>    You could state anything about yourself, as no one knows who you are.

I have been providing tech support on various mailinglists for years.
>
>> It is ironic that you say that considering how many times purism has bashed
>> minifree as seen in my archived links.
>    What links?  What did they write about minifree?

Here they are again.
https://web.archive.org/web/20161010100959/https://blogs.coreboot.org/blog/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/
https://web.archive.org/web/20150816183411/http://i0.wp.com/blogs.coreboot.org/files/2015/08/purism_attacks_minifree.png
Todd claims it was an "unapproved tweet" instead of owning up to it and
admitting he made a mistake.

When purism came on to the scene they were constantly attacking the "old
thinkpad laptops", someone with no hardware engineering skills
constantly insisting that not only can modern slick shiny laptops can be
libre but that people should ignore those that currently are and buy
ones that might be someday.
>> The FSF says that the T2 is still able to be RYF certified with that issue
>> without diluting the current rules (as an IOMMU isolates the networking
>> controllers, and that is the only drawback of the system) - whereas purisms
>> laptops will never be able to be RYF certified without diluting the standards.
>>
>> Compare having a black box supervisor processor and not having any free
>> hardware initiation at all to having free hardware init for everything but
>> an IOMMU isolated component.
>    At Purism they are aware of this, and they are open about it.  As for
> everything else, the do state on their web site (not on IRC, non to personal
> emails):

>
>     https://puri.sm/coreboot/timeline/

>
>     Current Work and Future Plans

>
>     3. Finish reverse engineering work towards freeing the remainder of
>      the Intel ME binaries

>
>     4. Continue to push Intel for a ME-less design

Google tried this and ignore ignored them, if a billion dollar company
can't do it then who can?
Todd met an intel engineer at a developer conference and he thought that
> or consider alternative architectures (such as RISC-V, i.MX6, etc.) as potential solutions.

This is what they need to be doing and what myself and others have
suggested many many times.
As I said above there was a conversation on the coreboot ML between
tpearson of raptor and yourness of purism in which it was suggested that
there be a POWER laptop collaboration - that hypothetical product really
would be all their marketing promises and would redeem them in the eyes
of the community.
>>> 8) Taiidan spreads FUD, disinformation and plot conspiracies against Purism
>>>     and provides with no evidence to back his claims:
>>>
>>>      "Purism is NOT free hardware and certainly not "grassroots" as their
>>>       mysterious founder somehow has a bottomless pit of money to burn on
>>>       hardware costs and propaganda campaigns.
>> What exactly about purism is free hardware?
>    They detailed throughout how much free their hardware is.  Potential
> customers have all they need to take an informed decision.  They are crystal
> that they still have work to do, that there is some binary firmware inside
> the systems they sell, and are open on a platform change in case progress
> stops on this front.

>
>> Their hardware initiation is entirely done by binary blobs and there is
>> hardware enforced code signing on the boards black box supervisor procesor
>> (ME),
>    As far as I understand the workings of ME, on Purism systems ME stops
> after hardware init, before any code signature verification.  Could you
> provide with pointers on this matter?

>
>> the only way that is "free" hardware is if you change the meaning of
>> free.
>>>       Purism donates to their own crowd-funding campaigns to make them seem
>>>       more successful and whenever negative facts about them are posted on the
>>>       internet some random guy shows up to insist that the person is
>>>       mistaken."
>> https://www.phoronix.com/scan.php?page=news_item&px=Libre-13-Self-Funding
>> "It turns out that it looks like the Librem 13 is being self-funded by Todd
>> Weaver, the CEO of Purism, in order to meet their goal with the crowd-funded
>> campaign ending on 17 September."
>> "Recently, the campaign seemed to surge by around 90,000 USD in a day.
>> Looking at the page before the surge and the live page, it showed only 4
>> extra names.
>    I am not really enthusiastic about self-funding a crowd-funded campaign,
> however:

>
> 1) Todd Weaver put his own name on the contributions, i.e. he did not try to
>    conceal the fact he was putting his own money in the crowdfunding;
> 2) he's putting his money where his tongue is.

Most people aren't going to examine the list of funders they will just
see "750K" and want to get on the band-wagon.
>> The first one in that list is Todd Weaver, the CEO of Purism. Basically,
>> Todd has unfairly contributed a large sum to his own campaign."
>    He acted openly, he put his own name on his contributions, why do you
> state he was unfair?

Instead of having a lower crowd-funding goal he makes his campaign seem
more successful and I don't believe that a name that no one will notice
is acting openly, being honest about that would be mentioning it in the
first sentence of the main page but it wasn't mentioned anywhere.

By doing that he also sacrificed 5-10% of his money to crowdsupply,
people don't do that no reason.
>>>      "they claim to have "disabled" ME [...] they have not as disabling ME is
>>>      both impossible and illegal."
>>>      (see https://puri.sm/learn/intel-me/ and
>>>      https://puri.sm/posts/deep-dive-into-intel-me-disablement/ to read how
>>>      this was done)
>>>
>>>      "(archived due to the powers that be removing these posts after
>>>      receiving political pressure)"
>>>
>>> 9) How much does it cost you believing anonymous people's promises about
>>>     their allegedly free and open hardware (except for components that are
>>>     open but are from Intel)?
>> So what exactly is open about anything that comes from intel?
>>>     https://secure.raptorcs.com/content/TL2WK2/purchase.html $4,925.00
>>>
>>>      Buying from proven.
>> Proven by whom? someone who works for purism?
>    By the thousand people who bought their systems.

Just because a lot of people are doing something doesn't make it a good
thing.
>> The developers of ME cleaner and the researchers who have found the HAP bit
>> state that it doesn't disable ME.
>    Purism detailed very clearly what they took away and what is left inside.

On the details page yes but I haven't ever met any prospective customers
who actually read that far, everyone I have met thinks their firmware/me
situation is equal to the "old thinkpads" due to the power of marketing
and a slick website.

This isn't a perfect world where people do their research and examine
the fine print, you could print "heart healthy*" on a package of bacon
and the average person would buy it over the identical package that
isn't heart healthy because they didn't read the small text at the bottom.
>> The ME kernel still runs
>    120 KB of the 1,5 MB execute the hardware init.  Then it sits unable to
> execute anything else.

How do you know that? it is a black box with DMA and SMM access.
Would you say the linux kernel without any applications is "unable to
execute or do anything else"?
>> and can do as it pleases, the HAP bit supposedly
>> shuts it off after it is more than able to add a backdoor to the system -
>> how is that disabled?
>    It cannot open a backdoor.

Yes it can, it is a black box and no one has any idea about what it can
and can't do.
> All the ME networking stack is gone.

You don't need a networking stack to communicate over the network or to
the main CPU/RAM.
I doubt a hypothetical nation state backdoor would be that primitive
that it would need a networking stack to transmit data to outside the
machine.

There was research a few years back about using a modified graphics card
firmware to perform a P2P DMA to a networking controller and thus be
able to communicate outside the computer without a network stack and
while those laptops probably have an IOMMU the ME core is entirely
exempt from all IOMMU restrictions.

I will attempt to find that paper and send it to you in case you are
interested...
>> Disabled is being able to physically disconnect the ME core and have the
>> system still function.
>>> documentedly IME-disabled provider Purism costs you
>>>     $1,599 for their top-of-the line laptop.
>> The TALOS 2 board and CPU combo costs $2.5K which is a standard price for
>> server hardware in that performance class.
>>
>> Non-free x86_64 servers from the major vendors such as Dell, HPE, SuperMicro
>> with comparable performance etc start at 5K for a barebones high performance
>> server and go up from there.
>    You are comparing apples to oranges.  Purism sells finished laptops, not
> "barebone high performance server"s.

We have both made the same comparison.
>>> Truth is, Purism has been delivering products for years, their statements
>>> are verifiable, just like their code, while Talos has nothing to show for
>>> their words, sorry, for Taiidan's words, as their hardware offering page did
>>> not progress beyond the "Pre-Order Acceptance" status:
>>>
>>> Today: https://www.raptorcs.com/content/base/products.html
>>> https://web.archive.org/web/20170707122844/https://www.raptorcs.com/content/base/products.html
>>>
>> They have been shipping them out to customers for months now, one of the
>> buyers had one on display at FOSDEM.
>> https://syslog-ng.com/blog/centos-dojo-fosdem-2018/
>> If you were to buy one you would be per-ordering part of the next batch of
>> motherboards which is generally how small batch hardware purchasing works to
>> prevent having too much unsold stock
>    Sorry, other than costing way too much for what I can afford, I really
> need portable systems, as I do 90% of my job on laptops on different
> premises (my employers' and their customers).  And I do not want to spend
> 4.900$ on a system that I cannot find details on what software it runs on
> the motherboard

Here are the TALOS 2 sources
https://git.raptorcs.com/git/
> that nowhere is stated that the IMM's BIOS was removed or
> that is was opensourced.

All of the OpenPOWER machines use the IBM OpenBMC.
https://github.com/openbmc/openbmc
>>>    A previous crowdfunding of theirs was turned down by the free hardware
>>> community:
>> It wasn't "turned down", there was a lack of publicity for the type of
>> people who had the money to spend on it - the first TALOS cost too much and
>> the T2 is much less expensive and thus an actual shipping product.
>>
>> It takes around $4M to do a full motherboard production run, that isn't
>> exactly chump change.
> And those $4M are evil when Purism puts them on the table

Purism never raised anywhere near that much which is why I can't
understand how they can make supposedly custom laptops.
> while they're a
> blessing when Talos does it?

There is no "talos" company.
>> I would really like to know as to how purism is able to make multiple custom
>> laptops for much less than what it normally costs to produce a motherboard.
>    Would it change what it's inside them and what Purism states is inside
> them?  Since when did it become evil having the money to start a hardware
> company?

They are telling people that you can do an entirely custom laptop for a
few hundred thousands and simply that isn't the case - a fab wont even
talk to you for that little money.
>>> 14% funded
>>> 495 backers
>>> $516,040 raised of the $3,700,000 goal.
>>>
>>>    Purism instead managed to capitalize from it's increasing popularity on
>>> the crowdfunding front, too:
>>>
>>> https://puri.sm/shop/librem-5/
>>>
>>> 155.26% funded
>>> 4,339 backers
>>> $2,328,966 raised of the $1,500,000 goal.
>>>
>>> They are Purism's source of funding, together with their customers, not
>>> just the not any "mysterious founder", Mr. Todd Weaver.  The only mysterious
>>> people and money are Taiidan and those behind Talos.
>> Cheaper products receive more backers and thus more total money (who would
>> have thought?)
>    Right, money matters.  Didn't you know?

>
>> and todd contributes to his own campaigns to make them appear
>> more successful as referenced above.
>    While I do think a crowdfunded campaign should not be funded by the same
> person who launched it unless it's stated from the start that the should the
> campaign fall short of the target the difference is going to be covered by
> those behind it, I do not think it's wrong that Todd uses his own money to
> fund a project and a company he believes in.

>
>> I doubt that purism can make a custom phone for that price, it is probably a
>> whitebox rebadge.
>    They are clear how they're moving ahead on this project:
> https://puri.sm/shop/librem-5/

>
>    It's going to be a custom hardware that:

>
> * Does not run Google Android
> * Does not run Apple iOS
> * Runs PureOS by default, can run most GNU+Linux distributions

It has a closed source baseband controller and the mainboard has no DMA
protection so it is just as insecure as any off the shelf phone with
open source firmware thus your mobile company can easily root you with a
few modem commands even if there isn't an actual func_backdoor on your
baseband controller.
>    So, no rebadging of a pre-existent smartphone.

I still don't get how they can make a custom board for such little money.
>    They have development boards based on i.MX 6:
> https://puri.sm/posts/librem-5-roadmap-to-imx8/
>    Are now switching to i.MX 8 Vivante.  They chose this CPU/GPU because it
> has the best opensource software support among the alternatives, that is:
> Mali, Adreno, PowerVR and Tegra.

>
>> There is no mystery about "those behind talos" - all that information is
>> freely available on the coreboot mailinglist
> Do you realize how strange it is that a company selling 4,900$ desktops is
> only available on a mailing list of a different project, not run by the
> company itself, or on IRC and their website has no information about these
> channels?
> https://www.raptorcs.com/content/base/contact.html

On the bottom of the site there is a link to the parent engineering
company which is one of the leaders in the open source firmware
development field, they have made many coreboot ports, the fam10/fam15h
init code, the d8/d16 facebook openbmc port and a variety of other
codebases.
>> where raptors founder
>> frequently posts to help people with coreboot development and answer questions.
> How is one supposed to know who is one who writes something on a ML or IRC
> channel running on a different domain, related to a different project than
> Raptor? Do you realist they have serious communications problems and are
> not addressing them any way?

Yeah they really do and I have mentioned and let them know about this
previously.
>> It is a modified IBM romulus development board made available to the general
>> public by raptor engineering/computing systems, IBM assisted raptor with
>> their efforts via the OpenPOWER foundation as they wanted to get a POWER
>> workstation to market for those who develop POWER software.
> Honestly, I'd like to see them succeed, but I doubt they will because they
> do not show what they are doing and who they are

It does bother me that the T2 effectively appeared out of a mirage, how
were they able to do it this time but not before? who is the mysterious
rumored corporate backer?

Somehow a quality product has appeared out of the blue with zero
publicity and that makes absolutely no sense, why is there no press
coverage? where has the money come from? etc.

If they weren't such a trusted and respected leader in the field and
weren't actually shipping boards I would be quite bothered right now and
would have made one of my posts - no one is above criticism.
> their web site seems to
> only have static and old information yet they sell very expensive hardware
> and there is no public way to see the code of what they're putting inside
> the systems' motherboard.

Here are the TALOS 2 sources (in case you didn't see the other links)
https://git.raptorcs.com/git/
They are listed on both the product page and one of the first results on
google.
> How in the world do you expect people to want to
> contribute to their efforts, to believe what they say about their systems
> and buy them?
>
> And please know that you are paying them a big disservice when you
> repeatedly launch smear campaigns against their competitors from an
> anonymous email address claiming you know things and people that are nowhere
> available on the project website, https://www.raptorcs.com/.

Facts are not a smear campaign and I also didn't want this thread to be
about anything but the issue with the FSF.

Bottom line I want purism to stop their dishonest marketing and I will
continue informing people until they do - I do not understand why they
persist as people would have bought their laptops anyway and there
wouldn't have been so many turned off by them.