social.stefan-muenz.de

Search

Items tagged with: control

You're using an Nvidia graphics card and can't use the NVidia control app because it's not working? Download the standard driver at https://www.nvidia.com/Download/Find.aspx - this page is not linked on the main download page where only DCH and Game Ready drivers are listed, don't ask me why. They come with the old, integrated control which works as intended.

#nvidia #drivers #windows #control
 

When facts are uncertain, keep an open mind.

There are a ton of theories about what’s going on behind the scenes with this pandemic and the policies that are being put in place to respond to it. Some are smart and relatively well-founded, some are stupid and rooted in generalized paranoia or partisan idiocy, many contradict each other, and many could potentially fit together in some way.
#politics #economy #government #control #pandemic #opportunity #authoritarian #agenda #danger #virus
 

When facts are uncertain, keep an open mind.

There are a ton of theories about what’s going on behind the scenes with this pandemic and the policies that are being put in place to respond to it. Some are smart and relatively well-founded, some are stupid and rooted in generalized paranoia or partisan idiocy, many contradict each other, and many could potentially fit together in some way.
#politics #economy #government #control #pandemic #opportunity #authoritarian #agenda #danger #virus
 
I'd like to hear your thoughts on this. #privacy #surveillance #government #control
 
I'd like to hear your thoughts on this. #privacy #surveillance #government #control
 
#public #deutsch #english
Nicht weit entfernt vom Haupteingang der #Klinik hat eine #Frau mittleren Alters, in einer kleinen Gruppe von Leuten, #geheult. Ich saß relativ weit von ihr entfernt, wo sie stand. Ich musste meine #Emotionen stark unter Kontrolle halten. Ich kannte diese Frau nicht und habe von weitem nur ihre #Umrisse gesehen, da ich leicht kurzsichtig bin. Warum sie vor einem großen #Krankenhaus heult, kann man sich gut vorstellen.

Das letzte Mal habe ich wegen mir am 30.12.2005 oder 31.12.2005 geheult, als meine Exfreundin mit mir Schluss gemacht hat. Ansonsten habe ich immer nur wegen anderen Menschen geheult oder #Situationen in Filmen. Ansonsten verachte ich Menschen die heulen, weil an ihnen oder ihrem Leben etwas nicht gut ist. Man muss gut unterscheiden, welches Heulen Schwäche ist. Wegen anderen Menschen heulen, kann zwar auch eine Schwäche sein, aber nein, denn das hängt von noch mehr #Faktoren ab, ob es denn nun eine Schwäche ist.

Not far from the main entrance of the #clinic, a middle-aged woman cried in a small group of people. I sat relatively far away from her where she stood. I had to keep my emotions under strong #control. I didn't know this woman and from afar I only saw her outline because I am slightly nearsighted. You can imagine why she cries in front of a big #hospital.

The last time I cried for myself was on 30.12.2005 or 31.12.2005, when my ex-girlfriend broke up with me. Otherwise I always cried only because of other people or situations in movies. Otherwise I despise people who howl because there is something wrong with them or their lives. You have to distinguish well which howling is weakness. Howling because of other people can also be a weakness, but no, because that depends on even more factors, whether it is a #weakness or not.
 
Bild/Foto

Avoid Intel and AMD Universal Backdoors


Only use computers certified to Respect Your Freedom (RYF)

The #Intel #Management #Engine is present on all Intel #desktop, #mobile ( #laptop ), and #server #systems since mid 2006. It consists of an #ARC #processor core (replaced with other processor cores in later generations of the ME), #code and #data #caches, a #timer, and a secure #internal #bus to which additional #devices are connected, including a #cryptography engine, internal #ROM and #RAM, #memory #controllers, and a direct memory access ( #DMA ) engine to access the host operating system’s memory as well as to reserve a region of protected external memory to supplement the ME’s limited internal RAM. The ME also has #network access with its own #MAC #address through an Intel #Gigabit #Ethernet #Controller. Its #boot program, stored on the internal ROM, loads a #firmware “manifest” from the PC’s SPI #flash #chip. This manifest is signed with a strong #cryptographic #key, which differs between versions of the ME firmware. If the manifest isn’t signed by a specific Intel key, the boot ROM won’t load and execute the firmware and the ME processor core will be halted.

The Active Management Technology ( #AMT ) application, part of the Intel “vPro” brand, is a #Web server and application code that enables #remote #users to #power on, power off, view information about, and otherwise manage the #PC. It can be used remotely even while the PC is powered off ( via #Wake-on-Lan ). Traffic is encrypted using #SSL / #TLS libraries, but recall that all of the major SSL/TLS implementations have had highly publicized vulnerabilities. The AMT application itself has known #vulnerabilities, which have been #exploited to develop #rootkits and #keyloggers and #covertly gain #encrypted #access to the management features of a PC. Remember that the ME has full access to the PC’s RAM. This means that an #attacker exploiting any of these vulnerabilities may gain access to everything on the PC as it runs: all open #files, all running #applications, all #keys pressed, and more.

ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include an ME application for audio and video DRM called “Protected Audio Video Path” (PAVP). The ME receives from the #host operating system an encrypted #media #stream and encrypted key, decrypts the key, and sends the encrypted media decrypted key to the #GPU, which then #decrypts the media. PAVP is also used by another ME application to draw an #authentication PIN pad directly onto the screen. In this usage, the PAVP application directly controls the graphics that appear on the PC’s screen in a way that the host #OS cannot detect. ME firmware version 7.0 on PCHs with 2nd Generation Intel Core #i3 / #i5 / #i7 (Sandy Bridge) CPUs replaces PAVP with a similar DRM application called “Intel Insider”. Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the #omnipotent #capabilities of the ME: this #hardware and its proprietary firmware can access and #control everything that is in RAM and even everything that is shown on the #screen.

The Intel Management Engine with its #proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and #mouse movements, and even #capture or #display #images on the screen. And it has a network interface that is demonstrably #insecure, which can allow an attacker on the network to #inject #rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a #threat to #freedom, #security, and #privacy that can’t be ignored.

Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be #removed entirely from the flash memory space. Libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400. ME firmware versions 6.0 and later, which are found on all systems with an Intel #Core i3/i5/i7 CPU and a PCH, include “ME Ignition” firmware that performs some hardware #initialization and power management. If the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.

Due to the signature verification, developing free #replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. As previously stated, the ME firmware includes proprietary code licensed from third parties, so Intel couldn’t release the source code even if they wanted to. And even if they developed completely new ME firmware without third-party proprietary code and released its source code, the ME’s boot ROM would reject any modified firmware that isn’t signed by Intel. Thus, the ME firmware is both hopelessly proprietary and #tivoized.

For years, #coreboot has been #struggling against Intel. Intel has been shown to be extremely uncooperative in general. Many coreboot #developers, and #companies, have tried to get Intel to #cooperate; namely, releasing source code for the firmware components. Even #Google, which sells millions of #Chromebooks (coreboot preinstalled) have been #unable to #persuade them.

Even when Intel does cooperate, they still don’t provide source code. They might provide limited #information (datasheets) under #strict #corporate #NDA ( #non-disclosure #agreement ), but even that is not guaranteed. Even ODMs and IBVs can’t get source code from Intel, in most cases (they will just integrate the blobs that Intel provides).

In summary, the Intel #Management #Engine and its applications are a #backdoor with #total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the Libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all #recent #generations of Intel hardware.

Recent Intel graphics chipsets also require firmware blobs


Intel is only going to get #worse when it comes to user freedom. Libreboot has no support recent Intel platforms, precisely because of the problems described above. The only way to solve this is to get Intel to #change their #policies and to be more #friendly to the free software #community. Reverse engineering won’t solve anything long-term, unfortunately, but we need to keep doing it anyway. Moving forward, Intel hardware is a non-option unless a #radical change happens within Intel.

Basically, all Intel hardware from year 2010 and beyond will never be supported by Libreboot. The Libreboot project is actively #ignoring all modern Intel hardware at this point, and focusing on #alternative platforms.

Why is the latest AMD hardware unsupported in Libreboot?


It is extremely unlikely that any post-2013 #AMD hardware will ever be supported in Libreboot, due to severe security and freedom #issues; so #severe, that the Libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the #problems described below, then you should get rid of it as soon as possible.

AMD Platform Security Processor (PSP)


This is basically AMD’s own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the #implementation is wildly different.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main #x86 core #startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the #x86 cores will not be #released from #reset, rendering the system #inoperable.

The PSP is an ARM core with TrustZone #technology, built onto the main CPU die. As such, it has the ability to #hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, #login data, #browsing #history, #keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the #network controllers and any other PCI/PCIe peripherals installed on the #system.

In theory any #malicious entity with access to the AMD signing key would be able to install persistent #malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD #firmware in the #past, and there is every #reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to #remotely #monitor and control any PSP enabled machine completely outside of the user’s #knowledge.

A reliable way to avoid Intel and AMD’s universal backdoors is to use computers with such spyware effectively removed or disabled like the ones certified to Respect Your Freedom (RYF).

#NSA #spyware #spy #mass #surveillance #FSF #GNU #GNULinux #RYF #technology #laptops #CPU #processor #universal #backdoor #malware #Corei3 #Corei5 #Corei7
 
Bild/Foto

Avoid Intel and AMD Universal Backdoors


Only use computers certified to Respect Your Freedom (RYF)

The #Intel #Management #Engine is present on all Intel #desktop, #mobile ( #laptop ), and #server #systems since mid 2006. It consists of an #ARC #processor core (replaced with other processor cores in later generations of the ME), #code and #data #caches, a #timer, and a secure #internal #bus to which additional #devices are connected, including a #cryptography engine, internal #ROM and #RAM, #memory #controllers, and a direct memory access ( #DMA ) engine to access the host operating system’s memory as well as to reserve a region of protected external memory to supplement the ME’s limited internal RAM. The ME also has #network access with its own #MAC #address through an Intel #Gigabit #Ethernet #Controller. Its #boot program, stored on the internal ROM, loads a #firmware “manifest” from the PC’s SPI #flash #chip. This manifest is signed with a strong #cryptographic #key, which differs between versions of the ME firmware. If the manifest isn’t signed by a specific Intel key, the boot ROM won’t load and execute the firmware and the ME processor core will be halted.

The Active Management Technology ( #AMT ) application, part of the Intel “vPro” brand, is a #Web server and application code that enables #remote #users to #power on, power off, view information about, and otherwise manage the #PC. It can be used remotely even while the PC is powered off ( via #Wake-on-Lan ). Traffic is encrypted using #SSL / #TLS libraries, but recall that all of the major SSL/TLS implementations have had highly publicized vulnerabilities. The AMT application itself has known #vulnerabilities, which have been #exploited to develop #rootkits and #keyloggers and #covertly gain #encrypted #access to the management features of a PC. Remember that the ME has full access to the PC’s RAM. This means that an #attacker exploiting any of these vulnerabilities may gain access to everything on the PC as it runs: all open #files, all running #applications, all #keys pressed, and more.

ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include an ME application for audio and video DRM called “Protected Audio Video Path” (PAVP). The ME receives from the #host operating system an encrypted #media #stream and encrypted key, decrypts the key, and sends the encrypted media decrypted key to the #GPU, which then #decrypts the media. PAVP is also used by another ME application to draw an #authentication PIN pad directly onto the screen. In this usage, the PAVP application directly controls the graphics that appear on the PC’s screen in a way that the host #OS cannot detect. ME firmware version 7.0 on PCHs with 2nd Generation Intel Core #i3 / #i5 / #i7 (Sandy Bridge) CPUs replaces PAVP with a similar DRM application called “Intel Insider”. Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the #omnipotent #capabilities of the ME: this #hardware and its proprietary firmware can access and #control everything that is in RAM and even everything that is shown on the #screen.

The Intel Management Engine with its #proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and #mouse movements, and even #capture or #display #images on the screen. And it has a network interface that is demonstrably #insecure, which can allow an attacker on the network to #inject #rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a #threat to #freedom, #security, and #privacy that can’t be ignored.

Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be #removed entirely from the flash memory space. Libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400. ME firmware versions 6.0 and later, which are found on all systems with an Intel #Core i3/i5/i7 CPU and a PCH, include “ME Ignition” firmware that performs some hardware #initialization and power management. If the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.

Due to the signature verification, developing free #replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. As previously stated, the ME firmware includes proprietary code licensed from third parties, so Intel couldn’t release the source code even if they wanted to. And even if they developed completely new ME firmware without third-party proprietary code and released its source code, the ME’s boot ROM would reject any modified firmware that isn’t signed by Intel. Thus, the ME firmware is both hopelessly proprietary and #tivoized.

For years, #coreboot has been #struggling against Intel. Intel has been shown to be extremely uncooperative in general. Many coreboot #developers, and #companies, have tried to get Intel to #cooperate; namely, releasing source code for the firmware components. Even #Google, which sells millions of #Chromebooks (coreboot preinstalled) have been #unable to #persuade them.

Even when Intel does cooperate, they still don’t provide source code. They might provide limited #information (datasheets) under #strict #corporate #NDA ( #non-disclosure #agreement ), but even that is not guaranteed. Even ODMs and IBVs can’t get source code from Intel, in most cases (they will just integrate the blobs that Intel provides).

In summary, the Intel #Management #Engine and its applications are a #backdoor with #total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the Libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all #recent #generations of Intel hardware.

Recent Intel graphics chipsets also require firmware blobs


Intel is only going to get #worse when it comes to user freedom. Libreboot has no support recent Intel platforms, precisely because of the problems described above. The only way to solve this is to get Intel to #change their #policies and to be more #friendly to the free software #community. Reverse engineering won’t solve anything long-term, unfortunately, but we need to keep doing it anyway. Moving forward, Intel hardware is a non-option unless a #radical change happens within Intel.

Basically, all Intel hardware from year 2010 and beyond will never be supported by Libreboot. The Libreboot project is actively #ignoring all modern Intel hardware at this point, and focusing on #alternative platforms.

Why is the latest AMD hardware unsupported in Libreboot?


It is extremely unlikely that any post-2013 #AMD hardware will ever be supported in Libreboot, due to severe security and freedom #issues; so #severe, that the Libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the #problems described below, then you should get rid of it as soon as possible.

AMD Platform Security Processor (PSP)


This is basically AMD’s own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the #implementation is wildly different.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main #x86 core #startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the #x86 cores will not be #released from #reset, rendering the system #inoperable.

The PSP is an ARM core with TrustZone #technology, built onto the main CPU die. As such, it has the ability to #hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, #login data, #browsing #history, #keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the #network controllers and any other PCI/PCIe peripherals installed on the #system.

In theory any #malicious entity with access to the AMD signing key would be able to install persistent #malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD #firmware in the #past, and there is every #reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to #remotely #monitor and control any PSP enabled machine completely outside of the user’s #knowledge.

A reliable way to avoid Intel and AMD’s universal backdoors is to use computers with such spyware effectively removed or disabled like the ones certified to Respect Your Freedom (RYF).

#NSA #spyware #spy #mass #surveillance #FSF #GNU #GNULinux #RYF #technology #laptops #CPU #processor #universal #backdoor #malware #Corei3 #Corei5 #Corei7
 
Bild/Foto

Evita ser víctima de las puertas traseras universales de Intel y AMD


Solo usa computadoras certificadas por la Fundación del Software Libre

La "Maquina Gestora de Intel" (Intel Management Engine) es una #computadora #autónoma e #integrada en todos los procesadores #Intel de computadoras de #escritorio, #portátiles y #servidores desde el año 2006. Consiste en un #procesador ARC (remplazado por otro tipo en versiones más recientes), #almacenamiento temporal, un temporizador y un #interfaz de comunicación cifrado que está conectado a otros #componentes adicionales tales como una unidad #criptográfica, unidades de almacenamiento #ROM y #RAM internas y la función de acceso directo a la memoria ( #DMA ) del #sistema #operativo anfitrión, así como también posee la habilidad de #reservar un #sector de la #memoria RAM externa para expandir la memoria limitada de la #máquina #gestora. Por si fuera poco, esta #puerta #trasera también cuenta con acceso independiente a la red ( #Internet ) con su propia #dirección #MAC diferente a la del #dispositivo de #red.

El #funcionamiento de la máquina gestora sucede de la siguiente manera: el #programa de #arranque que reside en un #componente #interno de solo lectura carga un "manifiesto" desde el chip #SPI y dicho #manifiesto contiene una #firma #electrónica #criptográfica que varia entre #versiones de la máquina gestora. Si este manifiesto no contiene una firma electrónica válida de Intel (por ejemplo, por haber sido modificado), el dispositivo de arranque no funcionará ni ejecutará los #programas de arranque y esto a su vez causaría que el procesador de la computadora deje de funcionar.

La aplicación #AMT (Active Management Technology), parte de la serie Intel "vPro", es un servidor web que permite que las #agencias de #espionaje y #atacantes #remotos puedan #encender o #apagar el equipo y #acceder a toda la #información de la computadora: en pocas palabras, esto permite que los #espías remotos tomen el #control #total del equipo. Esto lo pueden hacer aún cuando la computadora esté #apagada por medio de la #funcionalidad de encendido por red local ( #Wake-on-LAN ). Aunque el flujo de datos envíado a las agencias de espionaje esté cifrado con #SSL / #TLS (¡vaya consuelo!), es bien sabido que estos #protocolos han tenido #vulnerabilidades muy bien #documentadas que ya han sido aprovechadas para desarrollar #rootkits, #keyloggers y así lograr el control #secreto de todas las #funciones de la computadora. El tener #acceso a todos los #datos de la memoria significa que las agencias de espionaje tienen acceso a todos los #archivos abiertos, a todas las #aplicaciones, a un #registro de todas las #teclas oprimidas, etc.

Las versiones 4.0 y posteriores de la máquina gestora de Intel incluyen una aplicación de #grilletes #digitales ( #DRM ) llamada “Protected Audio Video Path” (PAVP). La operación de estos grilletes digitales se lleva a cabo cuando la máquina gestora recibe la #señal de #audio y #video cifrada del sistema operativo #anfitrión, decifra su #clave y la envía al dispositivo de video ( #GPU ) el cual descifra la señal y la reproduce. De esta manera la aplicación #PAVP controla directamente que #gráficos aparecen en la #pantalla de una manera que el sistema operativo del #usuario no puede ni #controlar ni #detectar.

En las versiones 7.0 de la máquina gestora en procesadores de #segunda #generación de Intel #Core #i3 / #i5 / #i7, la aplicación PAVP ha sido remplazada con una aplicación similar de grilletes digitales llamada "Intel Insider". Estas aplicaciones de grilletes digitales, que además son Defectuosas por Diseño, demuestran las #habilidades #omnipotentes de la máquina gestora debido a que estos componentes y sus programas #privativos pueden acceder y controlar todo lo que se encuentra en la memoria del equipo y #espiar todo lo que aparece en pantalla. Al igual que en sus versiones anteriores, la máquina gestora puede #encender o #apagar el equipo, #leer todos los #archivos #abiertos, #examinar todas las #aplicaciones en ejecución, #registrar todas las teclas oprimidas y los #movimientos del #ratón e incluso #capturar y #controlar todo lo mostrado en pantalla. De la misma manera, su #interfaz de #red insegura permite que atacantes informáticos inyecten rootkits que pueden infectar el sistema por #completo y permitir que espías remotos puedan #vigilar todas las #actividades llevadas a cabo en la computadora. Esto representa una #grave #amenaza a tu #libertad, #seguridad y #privacidad que no puede ser #ignorada.

En versiones #anteriores a la 6.0, en sistemas del 2008 y 2009 o anteriores, la máquina gestora podía ser #desactivada escribiendo un par de #valores en la memoria SPI. Esto permitía que la máquina gestora pudiera ser #eliminada #completamente de la memoria fija. El proyecto #Libreboot ha logrado esto en los #modelos #compatibles de la serie 4 de Intel. Sin embargo, las #versiones 6.0 y #posteriores de la máquina gestora, presentes en todos los #sistemas con #procesadores Intel Core i3/i5/i7 incluyen un programa llamado "ME Ignition" que lleva a cabo #tareas de arranque y de #gestión de #energía. Dicho programa #verifica la #existencia y #validez de la firma electrónica de Intel y en caso de que esta firma no está #presente o no sea #válida, la computadora se apaga en 30 minutos.

Debido a la verificación de la firma electrónica, la #posibilidad de #desarrollar un remplazo del programa de la máquina gestora es básicamente #imposible. La única #entidad #capaz de #remplazar dicho programa es Intel. La máquina gestora incluye código privativo sujeto a #licencias de #terceras #partes, por lo que Intel no podría #revelar el código #legalmente aunque así lo quisiera. Aunque otras #personas desarrollen programas para remplazar para la máquina gestora, estos no funcionarían si no son #firmados #digitalmente por Intel. Por lo tanto, la máquina gestora de Intel es #irremediablemente #privativa y tivoizada.

Por años el #proyecto #Coreboot ha estado #presionando a Intel, pero este se ha #negado #rotundamente a #cooperar. Muchos #desarrolladores de Coreboot y otras #compañías han tratado de #presionar a Intel para que coopere; es decir, que publique el #código #fuente de la máquina gestora. Incluso #Google, compañía que vende #millones de #computadoras #Chromebooks (con Coreboot pre-instalado), no ha podido lograr #persuadir a Intel.

Incluso cuando Intel ha llegado a cooperar, este no publica el código fuente y solo da #información #limitada ( #especificaciones #técnicas ) bajo #estrictos #acuerdos de #confidencialidad. Ni siquiera las #empresas #fabricantes de computadoras reciben el código fuente de Intel y se ven #obligadas a incluir las #porciones #binarias ( #blobs ) tal como se las da Intel.

En #resumen, la máquina gestora de Intel y sus programas son #puertas #traseras #universales con acceso y control total de la computadora y representan una #terrible #amenaza para la libertad, seguridad y privacidad de sus usuarios. Por lo tanto, el proyecto Libreboot #recomienda firmemente que se #evite su #uso #completamente. Debido a que en todas las versiones recientes de procesadores Intel esta puerta trasera no puede ser eliminada, esto #implica #evitar #usar todas las generaciones recientes de procesadores de Intel.

¿Y qué hay con AMD?


#AMD tiene su #propia #versión de la máquina gestora llamada AMD Platform Security Processor ( #PSP ) que presenta las mismas amenazas de seguridad que la de Intel. El PSP es un procesador #ARM #autónomo e #integrado en el procesador #principal y como tal tiene la #habilidad de #ocultar su propio código de #ejecución, obtener los #datos de la memoria RAM como #claves de #cifrado, datos #personales #confidenciales, #historial de #navegación, teclas oprimidas, etc. En teoría, cualquier #entidad #hostil que cuente con la clave de firma digital de AMD puede #instalar #software #maligno que solo podría ser eliminado por medio de #herramientas #especializadas y una versión #íntegra del programa PSP. Además, al igual que con Intel, se han descubierto diversas vulnerabilidades que ya han sido #demostradas en el #pasado y lo más #probable es que haya más en el código privativo del PSP. Dichas vulnerabilidades permiten que agencias de espionaje y #criminales #informáticos logren #monitorear y controlar cualquier computadora que tenga el PSP de AMD sin que el usuario tenga #conocimiento de ello.

Es muy poco probable que los procesadores AMD posteriores al año 2013 puedan alguna vez ser #compatibles con Libreboot y por esa razón también se recomienda evitar usar #todos los procesadores AMD recientes.

¿Entonces qué puedo usar?


Por ahora la manera más #sencilla y #confiable de evitar las puertas traseras universales de Intel y AMD es usar únicamente computadoras que han obtenido la certificación RYF de la Fundación del Software Libre. Aunque estas computadoras certificadas aún contienen modelos anteriores de procesadores Intel o AMD, las puertas traseras en ellos han sido eliminadas o desactivadas y por lo tanto proveen mayor seguridad y privacidad siempre y cuando se utilicen única y exclusivamente con sistemas operativos completamente libres.
#NSA #CIA #inteligencia #Snowden #Wikileaks #laptops #ordenador #criptografía #hardware #CPU #tecnología #libre #GNU #GNUlinux #FSF #SoftwareLibre #soberanía #ñ #español #Mexico #México #España #Colombia #Argentina #Perú #Peru #Venezuela #Chile #Ecuador #Guatemala #Cuba #Bolivia #Guatemala #RepúblicaDominicana #Honduras #ElSalvador #Paraguay #Nicaragua #CostaRica #PuertoRico #Panamá #Panama #Uruguay
#computadora #autónoma #integrada #Intel #escritorio #portátiles #servidores #procesador #almacenamiento #interfaz #componentes #criptográfica #ROM #RAM #DMA #sistema #operativo #reservar #sector #memoria #máquina #gestora #puerta #trasera #Internet #dirección #MAC #dispositivo #red #funcionamiento #programa #arranque #componente #interno #SPI #manifiesto #firma #electrónica #versiones #programas #AMT #agencias #espionaje #atacantes #remotos #encender #apagar #acceder #información #espías #control #total #apagada #funcionalidad #Wake-on-LAN #SSL #TLS #protocolos #vulnerabilidades #documentadas #rootkits #keyloggers #secreto #funciones #acceso #datos #archivos #aplicaciones #registro #teclas #grilletes #digitales #DRM #señal #audio #video #anfitrión #clave #GPU #PAVP #gráficos #pantalla #usuario #controlar #detectar #segunda #generación #Core #i3 #i5 #i7 #habilidades #omnipotentes #privativos #espiar #leer #abiertos #examinar #registrar #movimientos #ratón #capturar #completo #vigilar #actividades #grave #amenaza #libertad #seguridad #privacidad #ignorada #anteriores #desactivada #valores #eliminada #completamente #Libreboot #modelos #compatibles #posteriores #sistemas #procesadores #tareas #gestión #energía #verifica #existencia #validez #presente #válida #posibilidad #desarrollar #imposible #entidad #capaz #remplazar #licencias #terceras #partes #revelar #legalmente #personas #firmados #digitalmente #irremediablemente #privativa #proyecto #Coreboot #presionando #negado #rotundamente #cooperar #desarrolladores #compañías #presionar #código #fuente #Google #millones #computadoras #Chromebooks #persuadir #limitada #especificaciones #técnicas #estrictos #acuerdos #confidencialidad #empresas #fabricantes #obligadas #porciones #binarias #blobs #resumen #puertas #traseras #universales #terrible #recomienda #evite #uso #implica #evitar #usar #AMD #propia #versión #PSP #ARM #autónomo #integrado #principal #habilidad #ocultar #ejecución #claves #cifrado #personales #confidenciales #historial #navegación #hostil #instalar #software #maligno #herramientas #especializadas #íntegra #demostradas #pasado #probable #criminales #informáticos #monitorear #conocimiento #todos #sencilla #confiable #NSA #CIA #inteligencia #Snowden #Wikileaks #laptops #ordenador #criptografía #hardware #CPU #tecnología #libre #GNU #GNUlinux #FSF #SoftwareLibre #soberanía #ñ #español #Mexico #España #Colombia #Argentina #Perú #Venezuela #Chile #Ecuador #Guatemala #Cuba #Bolivia #RepúblicaDominicana #Honduras #ElSalvador #Paraguay #Nicaragua #CostaRica #PuertoRico #Panamá #Uruguay
 
Bild/Foto

Evita ser víctima de las puertas traseras universales de Intel y AMD


Solo usa computadoras certificadas por la Fundación del Software Libre

La "Maquina Gestora de Intel" (Intel Management Engine) es una #computadora #autónoma e #integrada en todos los procesadores #Intel de computadoras de #escritorio, #portátiles y #servidores desde el año 2006. Consiste en un #procesador ARC (remplazado por otro tipo en versiones más recientes), #almacenamiento temporal, un temporizador y un #interfaz de comunicación cifrado que está conectado a otros #componentes adicionales tales como una unidad #criptográfica, unidades de almacenamiento #ROM y #RAM internas y la función de acceso directo a la memoria ( #DMA ) del #sistema #operativo anfitrión, así como también posee la habilidad de #reservar un #sector de la #memoria RAM externa para expandir la memoria limitada de la #máquina #gestora. Por si fuera poco, esta #puerta #trasera también cuenta con acceso independiente a la red ( #Internet ) con su propia #dirección #MAC diferente a la del #dispositivo de #red.

El #funcionamiento de la máquina gestora sucede de la siguiente manera: el #programa de #arranque que reside en un #componente #interno de solo lectura carga un "manifiesto" desde el chip #SPI y dicho #manifiesto contiene una #firma #electrónica #criptográfica que varia entre #versiones de la máquina gestora. Si este manifiesto no contiene una firma electrónica válida de Intel (por ejemplo, por haber sido modificado), el dispositivo de arranque no funcionará ni ejecutará los #programas de arranque y esto a su vez causaría que el procesador de la computadora deje de funcionar.

La aplicación #AMT (Active Management Technology), parte de la serie Intel "vPro", es un servidor web que permite que las #agencias de #espionaje y #atacantes #remotos puedan #encender o #apagar el equipo y #acceder a toda la #información de la computadora: en pocas palabras, esto permite que los #espías remotos tomen el #control #total del equipo. Esto lo pueden hacer aún cuando la computadora esté #apagada por medio de la #funcionalidad de encendido por red local ( #Wake-on-LAN ). Aunque el flujo de datos envíado a las agencias de espionaje esté cifrado con #SSL / #TLS (¡vaya consuelo!), es bien sabido que estos #protocolos han tenido #vulnerabilidades muy bien #documentadas que ya han sido aprovechadas para desarrollar #rootkits, #keyloggers y así lograr el control #secreto de todas las #funciones de la computadora. El tener #acceso a todos los #datos de la memoria significa que las agencias de espionaje tienen acceso a todos los #archivos abiertos, a todas las #aplicaciones, a un #registro de todas las #teclas oprimidas, etc.

Las versiones 4.0 y posteriores de la máquina gestora de Intel incluyen una aplicación de #grilletes #digitales ( #DRM ) llamada “Protected Audio Video Path” (PAVP). La operación de estos grilletes digitales se lleva a cabo cuando la máquina gestora recibe la #señal de #audio y #video cifrada del sistema operativo #anfitrión, decifra su #clave y la envía al dispositivo de video ( #GPU ) el cual descifra la señal y la reproduce. De esta manera la aplicación #PAVP controla directamente que #gráficos aparecen en la #pantalla de una manera que el sistema operativo del #usuario no puede ni #controlar ni #detectar.

En las versiones 7.0 de la máquina gestora en procesadores de #segunda #generación de Intel #Core #i3 / #i5 / #i7, la aplicación PAVP ha sido remplazada con una aplicación similar de grilletes digitales llamada "Intel Insider". Estas aplicaciones de grilletes digitales, que además son Defectuosas por Diseño, demuestran las #habilidades #omnipotentes de la máquina gestora debido a que estos componentes y sus programas #privativos pueden acceder y controlar todo lo que se encuentra en la memoria del equipo y #espiar todo lo que aparece en pantalla. Al igual que en sus versiones anteriores, la máquina gestora puede #encender o #apagar el equipo, #leer todos los #archivos #abiertos, #examinar todas las #aplicaciones en ejecución, #registrar todas las teclas oprimidas y los #movimientos del #ratón e incluso #capturar y #controlar todo lo mostrado en pantalla. De la misma manera, su #interfaz de #red insegura permite que atacantes informáticos inyecten rootkits que pueden infectar el sistema por #completo y permitir que espías remotos puedan #vigilar todas las #actividades llevadas a cabo en la computadora. Esto representa una #grave #amenaza a tu #libertad, #seguridad y #privacidad que no puede ser #ignorada.

En versiones #anteriores a la 6.0, en sistemas del 2008 y 2009 o anteriores, la máquina gestora podía ser #desactivada escribiendo un par de #valores en la memoria SPI. Esto permitía que la máquina gestora pudiera ser #eliminada #completamente de la memoria fija. El proyecto #Libreboot ha logrado esto en los #modelos #compatibles de la serie 4 de Intel. Sin embargo, las #versiones 6.0 y #posteriores de la máquina gestora, presentes en todos los #sistemas con #procesadores Intel Core i3/i5/i7 incluyen un programa llamado "ME Ignition" que lleva a cabo #tareas de arranque y de #gestión de #energía. Dicho programa #verifica la #existencia y #validez de la firma electrónica de Intel y en caso de que esta firma no está #presente o no sea #válida, la computadora se apaga en 30 minutos.

Debido a la verificación de la firma electrónica, la #posibilidad de #desarrollar un remplazo del programa de la máquina gestora es básicamente #imposible. La única #entidad #capaz de #remplazar dicho programa es Intel. La máquina gestora incluye código privativo sujeto a #licencias de #terceras #partes, por lo que Intel no podría #revelar el código #legalmente aunque así lo quisiera. Aunque otras #personas desarrollen programas para remplazar para la máquina gestora, estos no funcionarían si no son #firmados #digitalmente por Intel. Por lo tanto, la máquina gestora de Intel es #irremediablemente #privativa y tivoizada.

Por años el #proyecto #Coreboot ha estado #presionando a Intel, pero este se ha #negado #rotundamente a #cooperar. Muchos #desarrolladores de Coreboot y otras #compañías han tratado de #presionar a Intel para que coopere; es decir, que publique el #código #fuente de la máquina gestora. Incluso #Google, compañía que vende #millones de #computadoras #Chromebooks (con Coreboot pre-instalado), no ha podido lograr #persuadir a Intel.

Incluso cuando Intel ha llegado a cooperar, este no publica el código fuente y solo da #información #limitada ( #especificaciones #técnicas ) bajo #estrictos #acuerdos de #confidencialidad. Ni siquiera las #empresas #fabricantes de computadoras reciben el código fuente de Intel y se ven #obligadas a incluir las #porciones #binarias ( #blobs ) tal como se las da Intel.

En #resumen, la máquina gestora de Intel y sus programas son #puertas #traseras #universales con acceso y control total de la computadora y representan una #terrible #amenaza para la libertad, seguridad y privacidad de sus usuarios. Por lo tanto, el proyecto Libreboot #recomienda firmemente que se #evite su #uso #completamente. Debido a que en todas las versiones recientes de procesadores Intel esta puerta trasera no puede ser eliminada, esto #implica #evitar #usar todas las generaciones recientes de procesadores de Intel.

¿Y qué hay con AMD?


#AMD tiene su #propia #versión de la máquina gestora llamada AMD Platform Security Processor ( #PSP ) que presenta las mismas amenazas de seguridad que la de Intel. El PSP es un procesador #ARM #autónomo e #integrado en el procesador #principal y como tal tiene la #habilidad de #ocultar su propio código de #ejecución, obtener los #datos de la memoria RAM como #claves de #cifrado, datos #personales #confidenciales, #historial de #navegación, teclas oprimidas, etc. En teoría, cualquier #entidad #hostil que cuente con la clave de firma digital de AMD puede #instalar #software #maligno que solo podría ser eliminado por medio de #herramientas #especializadas y una versión #íntegra del programa PSP. Además, al igual que con Intel, se han descubierto diversas vulnerabilidades que ya han sido #demostradas en el #pasado y lo más #probable es que haya más en el código privativo del PSP. Dichas vulnerabilidades permiten que agencias de espionaje y #criminales #informáticos logren #monitorear y controlar cualquier computadora que tenga el PSP de AMD sin que el usuario tenga #conocimiento de ello.

Es muy poco probable que los procesadores AMD posteriores al año 2013 puedan alguna vez ser #compatibles con Libreboot y por esa razón también se recomienda evitar usar #todos los procesadores AMD recientes.

¿Entonces qué puedo usar?


Por ahora la manera más #sencilla y #confiable de evitar las puertas traseras universales de Intel y AMD es usar únicamente computadoras que han obtenido la certificación RYF de la Fundación del Software Libre. Aunque estas computadoras certificadas aún contienen modelos anteriores de procesadores Intel o AMD, las puertas traseras en ellos han sido eliminadas o desactivadas y por lo tanto proveen mayor seguridad y privacidad siempre y cuando se utilicen única y exclusivamente con sistemas operativos completamente libres.
#NSA #CIA #inteligencia #Snowden #Wikileaks #laptops #ordenador #criptografía #hardware #CPU #tecnología #libre #GNU #GNUlinux #FSF #SoftwareLibre #soberanía #ñ #español #Mexico #México #España #Colombia #Argentina #Perú #Peru #Venezuela #Chile #Ecuador #Guatemala #Cuba #Bolivia #Guatemala #RepúblicaDominicana #Honduras #ElSalvador #Paraguay #Nicaragua #CostaRica #PuertoRico #Panamá #Panama #Uruguay
#computadora #autónoma #integrada #Intel #escritorio #portátiles #servidores #procesador #almacenamiento #interfaz #componentes #criptográfica #ROM #RAM #DMA #sistema #operativo #reservar #sector #memoria #máquina #gestora #puerta #trasera #Internet #dirección #MAC #dispositivo #red #funcionamiento #programa #arranque #componente #interno #SPI #manifiesto #firma #electrónica #versiones #programas #AMT #agencias #espionaje #atacantes #remotos #encender #apagar #acceder #información #espías #control #total #apagada #funcionalidad #Wake-on-LAN #SSL #TLS #protocolos #vulnerabilidades #documentadas #rootkits #keyloggers #secreto #funciones #acceso #datos #archivos #aplicaciones #registro #teclas #grilletes #digitales #DRM #señal #audio #video #anfitrión #clave #GPU #PAVP #gráficos #pantalla #usuario #controlar #detectar #segunda #generación #Core #i3 #i5 #i7 #habilidades #omnipotentes #privativos #espiar #leer #abiertos #examinar #registrar #movimientos #ratón #capturar #completo #vigilar #actividades #grave #amenaza #libertad #seguridad #privacidad #ignorada #anteriores #desactivada #valores #eliminada #completamente #Libreboot #modelos #compatibles #posteriores #sistemas #procesadores #tareas #gestión #energía #verifica #existencia #validez #presente #válida #posibilidad #desarrollar #imposible #entidad #capaz #remplazar #licencias #terceras #partes #revelar #legalmente #personas #firmados #digitalmente #irremediablemente #privativa #proyecto #Coreboot #presionando #negado #rotundamente #cooperar #desarrolladores #compañías #presionar #código #fuente #Google #millones #computadoras #Chromebooks #persuadir #limitada #especificaciones #técnicas #estrictos #acuerdos #confidencialidad #empresas #fabricantes #obligadas #porciones #binarias #blobs #resumen #puertas #traseras #universales #terrible #recomienda #evite #uso #implica #evitar #usar #AMD #propia #versión #PSP #ARM #autónomo #integrado #principal #habilidad #ocultar #ejecución #claves #cifrado #personales #confidenciales #historial #navegación #hostil #instalar #software #maligno #herramientas #especializadas #íntegra #demostradas #pasado #probable #criminales #informáticos #monitorear #conocimiento #todos #sencilla #confiable #NSA #CIA #inteligencia #Snowden #Wikileaks #laptops #ordenador #criptografía #hardware #CPU #tecnología #libre #GNU #GNUlinux #FSF #SoftwareLibre #soberanía #ñ #español #Mexico #España #Colombia #Argentina #Perú #Venezuela #Chile #Ecuador #Guatemala #Cuba #Bolivia #RepúblicaDominicana #Honduras #ElSalvador #Paraguay #Nicaragua #CostaRica #PuertoRico #Panamá #Uruguay
 
"Taking back control" seems to have morphed into "handing control over to the USA". Soon the Brexiteers will claim that's what people voted for and that they knew what they were voting for.
US tells Britain: Fall into line over China and Huawei, or no trade deal
#Brexit #UK #EU #USA #politics #trade #tradedeal #deal #economy #control #takingbackcontrol
(PS slightly surprised to read this in the Brexit cheerleader paper Torygraph)
 
"Taking back control" seems to have morphed into "handing control over to the USA". Soon the Brexiteers will claim that's what people voted for and that they knew what they were voting for.
US tells Britain: Fall into line over China and Huawei, or no trade deal
#Brexit #UK #EU #USA #politics #trade #tradedeal #deal #economy #control #takingbackcontrol
(PS slightly surprised to read this in the Brexit cheerleader paper Torygraph)
 
Bild/Foto

The Intel Management Engine: an attack on computer users' freedom and privacy


The #Intel Management Engine (frequently abbreviated as ME) is a separate #computer within Intel computers, which denies users #control by forcing them to run #nonfree #software that cannot be modified or replaced by anyone but Intel. This is #dangerous and #unjust. It is a very serious #attack on the #freedom, #privacy, and #security of computer users.

The Management Engine started to appear in Intel computers around 2007.

It could, for instance, be used to remotely:
  • Power the computers on and off.
  • Boot computers from remote #storage located on the system administrator's #machine or on a #server, and take control of the computer that way.
  • Retrieve and store various #serial #numbers that #identify the computer hardware.
Over time, Intel #imposed the Management Engine on all Intel computers, removed the ability for computer #users and #manufacturers to disable it, and extended its control over the computer to nearly 100%. It even has access to the main computer's #memory.

It now constitutes a #separate computing environment that is designed to deny users the control of their computer. It can even run #applications that implement Digital Restrictions Management ( #DRM ). See Defective by Design to learn why DRM is bad.

The remote administration is done through applications running inside the Management Engine, such as AMT (Active Management Technology). AMT gives #remote system administrators the same control they would have if sitting in front of the computer. AMT can also control Intel #Ethernet #interfaces and #Wi-Fi cards to #filter or #block #network traffic from going in or out of the computer.

We could correct all these problems if the users were able to run fully free software on the Management Engine, or at least, make it not run any code, effectively disabling it. The former is impossible because the Management Engine will only run code that is #cryptographically signed by Intel. This means that unless someone finds a flaw in the #hardware that enables users to bypass the signature check, users are effectively denied the ability to #install the software they wish in the Management Engine.

Despite all Intel's efforts to make the Management Engine inescapable, software developers have had some success with preventing it from loading code. For instance, the #Libreboot project disables the Management Engine by removing all the code that the Management Engine is supposed to load on some #Thinkpad computers manufactured in #2008, including the R400, T400, T400s, T500, W500, X200, X200s, and X200T.

Also, many Intel computers manufactured in 2006 have the ancestor of the Management Engine which is disabled from the start, such as the Lenovo Thinkpads X60, X60s, X60 Tablet and T60, and many more.

A free software program named intelmetool is capable of detecting if the Management Engine is absent or disabled. With more recent hardware, it is not yet possible to fully disable the Management Engine, as some of the hardware needs to be initialized by it. It is however possible to limit the amount of nonfree software running on the Management Engine by removing parts of the #code and/or by configuring it to not run some code.

Independently from the Management Engine, other issues affect computers users in very similar ways:

Many computers use nonfree boot software (like #BIOS or #UEFI or equivalent) and/or require it to be cryptographically signed by the hardware manufacturer. This raises similar concern for the freedom, privacy, and security of computer users because the boot software is responsible for loading the operating system, and has more control over the computer than the operating system. This issue also affects computers using other architectures such as #ARM.

#AMD computers made after 2013 also have a separate computer within the computer, called PSP (Platform Security Processor), which has similar #issues.

Because of Intel's attack on users' freedom, to avoid being denied freedom, privacy, and security, computer users wanting to use a machine with an Intel processor must use older computers with no Management Engine, or whose Management Engine is disabled.

Whenever companies follow Intel's path, we will need to design our own hardware to keep being able to escape such attacks on freedom, by ensuring that users can run fully free software on it. This will also create the necessary building blocks that will enable users to benefit from hardware #freedoms in the #future, when manufacturing technologies are easily available to end users.

At the moment the only way to avoid this universal backdoor is to use computers that have been certified to respect your freedom (RYF).


#NSA #spyware #spy #mass #surveillance #technology #laptops #CPU #processor #universal #backdoor #malware #Corei3 #Corei5 #Corei7
 
Bild/Foto

The Intel Management Engine: an attack on computer users' freedom and privacy


The #Intel Management Engine (frequently abbreviated as ME) is a separate #computer within Intel computers, which denies users #control by forcing them to run #nonfree #software that cannot be modified or replaced by anyone but Intel. This is #dangerous and #unjust. It is a very serious #attack on the #freedom, #privacy, and #security of computer users.

The Management Engine started to appear in Intel computers around 2007.

It could, for instance, be used to remotely:
  • Power the computers on and off.
  • Boot computers from remote #storage located on the system administrator's #machine or on a #server, and take control of the computer that way.
  • Retrieve and store various #serial #numbers that #identify the computer hardware.
Over time, Intel #imposed the Management Engine on all Intel computers, removed the ability for computer #users and #manufacturers to disable it, and extended its control over the computer to nearly 100%. It even has access to the main computer's #memory.

It now constitutes a #separate computing environment that is designed to deny users the control of their computer. It can even run #applications that implement Digital Restrictions Management ( #DRM ). See Defective by Design to learn why DRM is bad.

The remote administration is done through applications running inside the Management Engine, such as AMT (Active Management Technology). AMT gives #remote system administrators the same control they would have if sitting in front of the computer. AMT can also control Intel #Ethernet #interfaces and #Wi-Fi cards to #filter or #block #network traffic from going in or out of the computer.

We could correct all these problems if the users were able to run fully free software on the Management Engine, or at least, make it not run any code, effectively disabling it. The former is impossible because the Management Engine will only run code that is #cryptographically signed by Intel. This means that unless someone finds a flaw in the #hardware that enables users to bypass the signature check, users are effectively denied the ability to #install the software they wish in the Management Engine.

Despite all Intel's efforts to make the Management Engine inescapable, software developers have had some success with preventing it from loading code. For instance, the #Libreboot project disables the Management Engine by removing all the code that the Management Engine is supposed to load on some #Thinkpad computers manufactured in #2008, including the R400, T400, T400s, T500, W500, X200, X200s, and X200T.

Also, many Intel computers manufactured in 2006 have the ancestor of the Management Engine which is disabled from the start, such as the Lenovo Thinkpads X60, X60s, X60 Tablet and T60, and many more.

A free software program named intelmetool is capable of detecting if the Management Engine is absent or disabled. With more recent hardware, it is not yet possible to fully disable the Management Engine, as some of the hardware needs to be initialized by it. It is however possible to limit the amount of nonfree software running on the Management Engine by removing parts of the #code and/or by configuring it to not run some code.

Independently from the Management Engine, other issues affect computers users in very similar ways:

Many computers use nonfree boot software (like #BIOS or #UEFI or equivalent) and/or require it to be cryptographically signed by the hardware manufacturer. This raises similar concern for the freedom, privacy, and security of computer users because the boot software is responsible for loading the operating system, and has more control over the computer than the operating system. This issue also affects computers using other architectures such as #ARM.

#AMD computers made after 2013 also have a separate computer within the computer, called PSP (Platform Security Processor), which has similar #issues.

Because of Intel's attack on users' freedom, to avoid being denied freedom, privacy, and security, computer users wanting to use a machine with an Intel processor must use older computers with no Management Engine, or whose Management Engine is disabled.

Whenever companies follow Intel's path, we will need to design our own hardware to keep being able to escape such attacks on freedom, by ensuring that users can run fully free software on it. This will also create the necessary building blocks that will enable users to benefit from hardware #freedoms in the #future, when manufacturing technologies are easily available to end users.

At the moment the only way to avoid this universal backdoor is to use computers that have been certified to respect your freedom (RYF).


#NSA #spyware #spy #mass #surveillance #technology #laptops #CPU #processor #universal #backdoor #malware #Corei3 #Corei5 #Corei7
 

Do Social Networks really censor Conservatives?

“I tell you, I have many, many millions of followers on Twitter and it’s different than it used to be,” Drumpf said. “Things are happening, names are taken off, people aren’t getting through. You’ve heard the same complaints. And it seems to be, if they’re conservative, if they’re Republicans, if they’re in a certain group, there’s discrimination and big discrimination. I see it absolutely on Twitter and Facebook, which I have also, and others I see.”

While it waits on the second suit, Prager University is actually outpacing left-leaning channels in searches for certain terms associated with the left. As of Tuesday, the channel was in the top three YouTube results for searches on “social justice,” “socialism,” “leftism,” and “leftist.” The resulting videos (“What is Social Justice?” “Capitalism vs. Socialism,” “The Left Ruins Everything,” and “Why You Can’t Argue with a Leftist”) each have millions of views.
Beside that, the question is: Is it worth arguing with someone who speaks like these titles? Provoking is a rhetoric tool, true, but this goes far beyond the fine use of tools and simply whacks you all the time. This is agitation, and frankly not worth my time.
Meanwhile Media Matters, the left-leaning organization that conducted the study on Facebook traffic, recently had a YouTube video removed “for violating YouTube’s policy on harassment and bullying,” a YouTube notice reads.
And it also wasn't restored. So long for you, whining pseudo-Conservatives.
#Censorship #Internet #RightWing #RightWinged #Conservatism #PseudoConservatism #Crybaby #WhiyWhimp #Politics #LeftWing #LeftWinged #Algorithm #Regulation #Control #Bias #Facebook #Youtube #Twitter

Via @Frederick Wilson II (cannot tag, sorry)
 

Do Social Networks really censor Conservatives?

“I tell you, I have many, many millions of followers on Twitter and it’s different than it used to be,” Drumpf said. “Things are happening, names are taken off, people aren’t getting through. You’ve heard the same complaints. And it seems to be, if they’re conservative, if they’re Republicans, if they’re in a certain group, there’s discrimination and big discrimination. I see it absolutely on Twitter and Facebook, which I have also, and others I see.”

While it waits on the second suit, Prager University is actually outpacing left-leaning channels in searches for certain terms associated with the left. As of Tuesday, the channel was in the top three YouTube results for searches on “social justice,” “socialism,” “leftism,” and “leftist.” The resulting videos (“What is Social Justice?” “Capitalism vs. Socialism,” “The Left Ruins Everything,” and “Why You Can’t Argue with a Leftist”) each have millions of views.
Beside that, the question is: Is it worth arguing with someone who speaks like these titles? Provoking is a rhetoric tool, true, but this goes far beyond the fine use of tools and simply whacks you all the time. This is agitation, and frankly not worth my time.
Meanwhile Media Matters, the left-leaning organization that conducted the study on Facebook traffic, recently had a YouTube video removed “for violating YouTube’s policy on harassment and bullying,” a YouTube notice reads.
And it also wasn't restored. So long for you, whining pseudo-Conservatives.
#Censorship #Internet #RightWing #RightWinged #Conservatism #PseudoConservatism #Crybaby #WhiyWhimp #Politics #LeftWing #LeftWinged #Algorithm #Regulation #Control #Bias #Facebook #Youtube #Twitter

Via @Frederick Wilson II (cannot tag, sorry)
 
Bild/Foto

The general citizenry had neither the time, the ability nor the inclination to inform itself on important questions. Society was too complex, the power of stereotypes too great, man’s immediate environment too dominant. The remedy had to be boards of experts who could distill the evidence and offer the residue facts.

Since the real effect of most laws are subtle and hidden, they cannot be understood by filtering local experiences through local states of mind. They can be known only by controlled reporting and objective analysis.


Walter Lippmann, Public Opinion, 1922 summarized by Jørn Henrik Petersen
#media #control #experts #news #quote
 
Later posts Earlier posts