Intel ME vulnerable to HTTP exploit, allows arbitrary code execution

Yes, but then you can hardly call any networked machine an "air-gapped machine" if it has a logical connection to any internet. The stated purpose of an "air-gapped machine" is to have the machine physically disconnected from any internet usually for the purpose of ensuring the specific machines have zero internet access.

So literally every Jewtel CPU for the past 12 years or so?

Most, I don't see the old E5 Xeons on that list.

this, or coreboot without the blobs

Attached: bootsplash.jpg (1400x1050, 96.74K)

Attached: ea22b46c0d391295e2bb0b8494d4d8c835959c90c12614d457980ed09babdfbf.jpg (200x200, 11.11K)

Reminder that the last good Intel PC was a 286 with EGA card.

Attached: wang-pc240-3-286-desktop-computer-1.83__20005.1490095941.jpg (1280x960, 106.93K)

you're retarded. Any Amiga is better than 286 and ega. PC got gud only with 386 and vga.

Learn to read, pal. I was strictly talking of PC comptatibles. Also Amiga OCS > AGA. Suck it, bitch. All you lamers who want fancier graphics can get fucked on the botnet. You deserve it.

Anyone have a nice aggregation of all the Intel bugs?, I want to experiment on my cucked Celeron J1800.

This means that in no way a webpage could use it, right ?

TEMPLEBIOS WHEN

Attached: [Erai-raws]_Boku_no_Hero_Academia_3rd_Season_-_06_[720p][Multiple_Subtitle].mkv_snapshot_13.13_[2018.05.12_16.55.25].jpg (1280x720 304.44 KB, 1.19M)

I like the ocs, I own the a500

I really should move to using ppc.

Attached: 493a374d5e1a90d4e002f5bde7c95dff-imagejpeg.jpg (599x671, 170.25K)

So using core/libreboot will stop all these intel exploits for sure or does it "totally removes everything bad trust me"?

That's an actually good idea.
Or, we just go back to legacy BIOS.

...

Coreboot and Libreboot are software BIOS replacements. The Intel exploits are CPU level exploits meaning that the exploits run on the CPU without regard to any software booted such as the software BIOS or even the operating system.

gives (((them))) access to whatever I do and money
wat do

I guess I should have already given my 4790K a Viking funeral. My old Q9550 system probably isn't safe either.

It doesn't fix problems with intel's microcode but it does fix issues with ME and AMT, since on librebootable platforms ME can be completly removed and on corebootable platforms it can be "cleaned". Cleaned means it's still there, but it's gutted in such a fassion it has just enough code to boot up ME's processor, but then goes into a running error state. This way when the CPU sees ME's heartbeat and thinks everything is good. It doesn't know ME is just sitting there drooling on the carpet.

It needs to be in the same subnet, not physically in the same place.

REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

Attached: delet.jpg (973x1000, 125.4K)

Sounds like someone could use a VPN as a vector then.

Why not POWER9? feels good man

Attached: Screenshot at 2018-07-25 22-59-15.png (640x315, 30.13K)

Ouch.

So when will someone find out you can steal passwords from an Intel CPU by tapping some ancient Wakandan rythm on it to induce some undisclosed meme hardware edge case in the socket architecture that sends all your password to an unencrypted NSA server?
Anyone messed around with Jumpers and pins on Intel motherboards to see if there was a backdoored admin access to some iME debug menu?

Attached: 5515f2c8550f92468f575aa93f0c5542de0c8c26ec640f9d3d8f8dc5c93f9f85.jpg (1114x1024, 505.08K)

Stupid question maybe, but how about we get rid of all the rings.
If you don't have any rings, you can't have exploits that run in other rings.

...

Is there a thread for this? Any tips to do this from the ground up?

How bad would the Intel stock tank if Intel stopped playing games and came out and stated that there are cisco like back doors in the CPUs?

Attached: a5577bb72506b262977a75a63ffde02fb3a307a26bad59602063dd5f798cc974.jpg (2363x3150, 601.84K)

Microsoft outright admits it but I'm not seeing any normies rushing to burn Ubuntu ISOs on DVDs so they can get rid of the botnet.
fuck off sperg

Rings are a protection system with multiple privilege levels. Usually there are between 4 and 32 rings. x86 has 4 in the 286 and 32-bit modes. AMD64 only supports 2 "rings" which are designed to be used like RISC and PDP-11 modes. Rings make it easier to debug and fix problems because there aren't millions of lines of code running in ring 0. Instead, each driver and library only has access to the devices and data that they need. It's similar to a microkernel, which is what you would get if you did this on hardware that only supports two rings.

These Intel ME and SMM exploits have nothing to do with rings. Intel ME is a separate processor on the chip. SMM runs special code that circumvents the ring system. For reasons unknown to me, certain people make up bullshit terms like "ring -1" and "ring -3" that make rings look bad. People think "rings are unsafe" because they associate these exploits with rings, when the only thing they have to do with rings is that they completely avoid them. It's the fact that these exploits ignore the rings that makes them so dangerous.

multicians.org/protection.html

Hell, Unix even -encourages- this phenomenon. Contrast whathappens on ITS or a Lisp Machine or Multics when a programerror happens, with what happens on Unix. On ITS, LispMachines or Multics your program suspends and you are giventhe opportunity to debug the problem and perhaps fix it andproceed. You are given the chance to assign some blame. OnUnix -- *blam* -- core dumped. -Maybe- you can debug it,but you certainly can't proceed, so why bother? Ignore that(huge) core dump file and move on to your next task.Note that users -like- this behavior. No kidding. Ask halfthe graduate students at MIT these days -- they -hate- theLisp Machine debugger. All those blasted -choices-. Allthose explainations and questions. They don't want to knowwho to blame -- all they want to know is that it what theywere doing didn't work so they can try something else.So if I want to -think- about who to blame for my problems,I'll go use a Lisp Machine (or an ITS or a Multics). Butthese days I use Unix, where I don't have to think. - A Satisfied Customer

why the fuck does a CPU even have the word HTTP associated with it

...that in itself should be considered a vulnerability

You don't need rings at all on a single-user PC. Neither my 8-bit computers, nor my Amiga 500 ever got exploited. The worst thing that ever happned is I once had the "Stoned" virus on a floppy disk someone gave me, and it was forever quarantined to that disk, because I simply powered the machine off after using it. There was no writable firmware on these computers. Once you powered off, it was back to the same clean state as when you first turned it on after unboxing. Even the HDD on my A500 had an individual power switch, so I could boot the computer as a floppy-only system. Floppy disks of course could also be write-protected.
Now look at how things are today: nothing can be protected at the hardware level, because the user has no control over what's write-protected, and all kinds of firmware inside devices can be written to as well. Malware can embed itself so deep that even your CPU can't know about it, much less do anything. And instead of giving the power and control to the user and keeping the hardware, OS, and software simple, they instead have the big security theatre going on, where no actual security exists, but a bunch of people make money selling snake oil and/or writing stupid ass "white papers" for acadamics to jack off to, and plebs to be impressed by (because complicated things impress them).

Attached: GVP_1991-11_6.jpg (644x900, 87.65K)

THIS
Why do you have fucking HTTP on a energy management ARM processor managing the x86_64 processor? Why do you have a energy management processor? I highly doubt I need one for stand by and turning it on or off. Otherwise the energy management processor would need one too right? And that one too until we have eternal management processors in our PCs.
This gay shit has to stop.
Always new complicated shit solutions for simple problems.
Now people have their OS's bricked by forced updates when all they wanted to do was write something in a word processor.
Should I be able to write to my hardware without at least flipping some physical switch?
NO. I don't want to change the firmware of my CPU.
There are bugs? Well it's HARDware. Maybe you should have taken care of them before it became HARD!
You probably can't actually solve most of the CPU bugs anyways because they're physical.

Is there another crash protection that isn't based on rings but another approach?

Corporate customers have a demand for networked CPUs. It is far cheaper from a manufacturing and design standpoint to include these networked features on all CPUs than it is to create lines of product that are distinguished without them.

Bullshit. You can have that stuff on the wafer of your consumer CPUs, but actually activating it and having to test it costs you money. Especially since it prevents you from binning enterprise chips where that shit does not work as consumer chips.

There is the official documentation, it's not rocket science:
>libreboot.org/docs/

You could argue that for everything except gaymen, system requirements for desktops and laptops are in principle so low that if you just keep a line running producing 5 or even 10 year old chips on an old/cheap node consumers wouldn't even care.
For laptops all you would need is using a more energy effecient design.
The only exception is multimedia encoding and decoding which is much better done in hardware anyway.
Even something like a Athlon XP from 15 years ago would be fast enough if you could offload decoding to an fpga and run non retarded software.

So anyway, cost isn't an issue, since all the cpu tech we need can be produced for a few dollars. See the sjw pi for example.

This. I don't give a shit about the latest security features. Give me full control of my hardware so I can implement them my own in software.

Rings are massive hardware bloat. Systems with "ring" models and CISC instructions is what made UNIX thrive on them.

Except Intel already has made a distinction. VPro.

What? CISC =/= complex.

Didn't say it does, but

It has complex in the name; but if you bothered to read even the Wikipedia page, you'd understand that it's not inherently more complex than RISC.
>As CISC became a catch-all term meaning anything that's not a load-store (RISC) architecture, it's not the number of instructions, nor the complexity of the implementation or of the instructions themselves, that define CISC, but the fact that arithmetic instructions also perform memory accesses.
Also, you're essentially saying that security being built into the hardware is "bloat" -- that's silly.

It is. When this "security" (I.E technology designed to lock the user out of controlling his machine that he paid for with his own money) fails to even protect you then why waste the silicon die for something that only exists as a vector for CIA/MOSSAD/FSB? IntelAviv and all other Israel Lisp machine companies should stop making me pay just to be a cattle to them.

Is there any actual difference between Libreboot and deblobbled Coreboot?

Show me on this foreskin where the rabbi touched you.

Since everything is shit, he has a point.
Linux is better than Windows, but hardly the best personal computing can be.

ARC != ARM, they are entirely different instruction sets. The only thing they have in common is that they both started out life as a coprocessor addon for a 65-whatever based system.

When will Purism succeed at making FSF-endorsed laptops with current hardware? I'd pay lots of money for that.

Intel forced them to stop removing malware from their processors. Purism might go for AMD, but ARM would be a better target. Currently the only promising device they're working on is Librem 5.

You might want to look into this, if you haven't already.
powerpc-notebook.org/en/

Rings are for increasing speed for certain kinds of OS, like Multics, VMS, and VME. You won't need 8 or 16 rings on a single-user PC, but x86 has 4 and there are a lot of ways to use them even with a single user, like keeping drivers separate from the kernel so they can only access the hardware they need instead of everything on the computer.

That's a load of bullshit. Rings only add a few extra bits to some CPU table entries and registers (e.g. page tables). Instead of a user/system bit, it uses 2, 3, or 4 bits for a ring number. UNIX and C are associated with RISC and don't benefit from most of the CISC instructions. UNIX only uses 2 rings because of the 2 PDP-11 protection modes. Maybe you're confusing UNIX with Multics.

That's fearmongering. Lisp machines are more secure than any Intel or RISC, but they don't lock the user out of anything.

That's FUD. These are C and MINIX vulnerabilities that have nothing to do with Lisp machines. If Intel was a Lisp machine company, they would give you full control over the microcode, ME code, and every other part of the system, but Intel's not a Lisp machine company.

Up until recently, we owned everything from the hardware to the microcode to the applications. We could fix anything that broke at any level; we could evolve wonderful new systems. How do we "fix" the X11 releases or the SMTP protocol or SunRPC?? In my opinion, things got the way they are because market forces completely overwhelmed technological forces. Because UNIX was free (or nominally licensed) it came into wide use, first in CS and EE departments and later in the world. To some, moving from MS-DOS or worse, it seemed like a win. To those of us who have been around for a while and are aware of the alternatives, it seemed like a nightmare. We thought it would go away when users came to their senses. We were naive. Sigh. Meanwhile, thanks to BSD, UNIX grew like Topsy, or more like barnacles encrusting a sunken ship. Ultimately, UNIX began to be viewed by decision makers who were not technically competent as a panacea for competing technologies.

Thank you for correcting me. Must have misread or misremembered that.

Laptop when?

False. Intel stopped Purism from distributing a specific Intel technical document. Purism is perfectly welcome to remove malware from Intel. What Purism are not allowed to do is distribute that specific Intel document because Intel doesn't hold all the copyright on that document.

So why isn't intel using their own hardware subsystems in their own CPU's? Who owns the copyright? Why does the NSA not want this to be known?

It would be a shame if someone forgot to secure a sever with that file accessible.
I hope it never happens.

Do you know how far purism has gotten in its quest to kill ME and motherboard firmware? Last time I checked they managed to get rid of most of ME and install coreboot, but I think that intel FSP is still a problem.

That looks cool too, but it doesn't seem to be real yet.

Yes, it would be incredibly awful because if that were to happen, Purism would probably be held responsible. They would be sued into oblivion and thus unable to further their project; all the while, a bunch of no-talent larpers realize that they don't have the skillset necessary to make use of that document.

...

lol eat shit intel

That's what Libreboot is.

Librecore = Libreboot without the tranny shitshow.
Use it to fight Intel ME, bruv

Nice LARP.
librecore.org redirects to Vikings.net, which sells devices with Libreboot.

Moore's law is fucking dead so who cares, your 10 year old processors will be "faster" than new chips before you know it unless NVCTs open up a new era of bloated obsolescence in the near future.

Yeah, and it will take some time. They have four the timeline with steps and donations needed explained on their website.
They go for a laptop, but a board only, they will place it in an oem case. I think the first round of donations was enough to get the preliminary design started.
And just a few days ago they got their devboard working with a radeon card.

On a related note, why is there no powerpc sbc yet? Those nxp chips, e5500 or e6500 start as low as 50 euros.
Slap one of those on a board and you have a budget Raptor. It shouldn't have to cost more than 250 euros right? Similar to what an intel nuc or similar amd would cost.

No.

Attached: 2018-08-02-144221_585x320_scrot.png (585x320, 52.03K)

The CPU design might be non-sense and Moore's Law might seem like the driving factor but the real issue is software. Humans are still fighting over concepts with prototypical industrialized toys: C, C++, Java, PHP, ... What is all of this for?
Software is so badly designed and the tools so bad the hardware manufacturers convinced a whole lot of people they need better, and better, and better, and ..., ...

Humans come into a stressed and demotovated life. They do things for profit: financial profit, emotional profit, ... Stitching stuff up because the boss required it so, and one sees the need of a paycheck ...

If Humans valued their life and knew who to give their lives to, things would have been different. They would be having fun and work would be so well done it'll be infinite bliss 24/7, no financial motivation. The universe is all free - fruits grow and trees ask not for taxes.

Humans chose to see life otherwise. That's the outcome of such a choice.

I like how you went from Moore's law to the nature of the universe and happiness. How bohemian.

We forget that that is the basis of our life.

The hardware isn't made out of /dev/null, those Intel chips require sand and other raw materials which are mined from this planet with polluting machines or using human labor causing tremendous suffering for the sake of a piece of bread. Humans must wake up from their self centric view of life where money is God and open their little monkey minds to a much humbling view.

A much higher mind looking at all of this will find the human situation childish and amusingly destructive. Though the planet doesn't seem to be amused by Human habits.

Humans enjoy dreaming for the cosmic reality doesn't seem enough. But in the end, reality prevails and the dreams are shown for what they truly are - unsustainable.

So what you're saying is essentially philosophical drivel with no value whatsoever? Good to know.

It plateued for single core nearly a decade ago, now it's about making moar coars. You can argue that Moore's law only applies to single core performance because if you count multiple cores then you might as well count multiple machines, and at that point it's entirely irrelevant because you could've built a cluster of any computational power at any year if you had sufficient budget.

Diminishing returns. Basic economics, and it works for technology as well. You can't expect to just keep doing the same thing again and again forever and keep getting proportionally identical results. Even if Moore's law did work forever, at some point people simply wouldn't have a need for more performance. I think we are already way past that point right now, actually. If your hardware is too powerful to ever be useful, that's actually bloat, in a weird way. You are spending too many resources on a benefit that you have no use for. It's wasteful. People are way too addicted to this kind of "progress". Meanwhile, developing security and privacy doesn't even seem to be a concern, and shitty normalfag software creates an artificial need for "better" hardware. No one gives a shit about quality either.

Maybe you don't understand what Moore's law is? The chart I posted shows that it has not plateued. It still looks fairly linear to me.

Philosophical? You're a dreamer if you can't see it for yourself. Humans aren't necssary and their tech is toys, everything else is concepts you try to abide by, but you'll be disappointed at some point. As a matter of fact this place exists because of Human disappointment of what's there and it is bringing much disappointment given most people in here are disappointed by something. You are, as Humans, emotionally retarded on your way to learn it the hard way.

No value is how you humans see the world. Barbaric Earth rapists unaware of their own footprint. That mentality goes everywhere, even in chip design. A deep malaise that the Human tries to paliate with toys and make a whole big deal out of to feal self important.

You want things and you don't even know why you do? A sense of urgency drives you and moves you away from reality.It moves you to another dimension of survival, thinking compulsively about what to do to avoid the suffering of ignorance and destroyng everything that makes your life pleasant in the process.

You live in fear! Fear of seeing the objects of your emotional attachments broken.

How should the world be?

If you even try to answer this question, you're more than asleep and philosophy is your sugar.

Guys like Alan Kay must think they are living in hell.

Attached: alan kay.jpg (500x375, 110.14K)

Then why don't you go back to them?

No, they are vulnerabilities in software built to run on MINIX.

MINIX itself doesn't have things like a webserver, its just a kernel, the end user (Intel in this case) writes that.

Let it go dude, we get it that things like x86 and UNIX derivatives are shit and that we could be doing a lot better than we currently are, but mass adopting Lisp machines isn't going to fix those issues even if Lisp had some good ideas.

You are correct but not for the reasons you think.

Moore's law relates specifically to the number of transistors on the chip, the shrinking of the process just lets you fit more in the same area.

Moore's law isn't dead but its slowing down, it was once a doubling every 18 or so months but now its 24 or more depending on whats actually being made.

Because I don't have them anymore, after countless moves across countries and different continents over the past few decades (and some cases where I had to start over from scratch with almost nothing). Anyway I was using them to point out how older hardware design was inherently safer than the modern situation where everything is wide-open to exploitation, no matter how many layers of mitigations your OS my have. And nothing will change much until the user once again has complete control over what his hardware is doing.

What does libreboot do?

Where were you for the past year OP?!?