Uncorrectable freedom and security issues on x86 platforms

Sat Apr 23 21:05:06 UTC 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/23/2016 03:34 AM, Daniel Pocock wrote:
> There are also various other ways to approach this, for example, I
> started a discussion about ARM-based NAS devices on the debian-arm
> list[1].  This is one market where the hardware is readily available
> and the fact it is low power is considered a virtue by most purchasers.

The other thing I would encourage is MIPS-based platforms for routing
devices.  There are a number of options on the market already, some with
quite a number of GbE network ports built in.

> The ASUS C201 appears very weak in the specs.  Some things that bother
> me are the screen resolution (only 768 pixels high) and it is USB 2
> only.  I don't like the Chrome logo on it either (or is that a sticker
> that comes off?).  Are there slightly stronger alternatives?

It is fairly weak; there hasn't been a lot of push to create stronger
alternatives that still respect the owner's rights.  The POWER systems
are the only real option on the high end, leaving middle-ground users
(including higher-end laptop users) without any options.  This probably
won't change for a while due to razor-thin margins in the mid-range
arena and lack of overall demand.

That all being said, there are some stronger ARM Chromebooks coming down
the line this year.  Google Oak is one platform to watch; the SoC used
in those machines gives you ARM64 plus virtualization, but sadly that
machine is not yet available to the public.

> Another strategic topic on this theme: people won't necessarily see
> this thread and throw away all their x86 equipment the same day.
> However, how can these ideas be introduced to people at the times when
> they are making purchasing decisions?

You're correct, and we're not advocating that people dump their existing
machines, only that this is considered when purchasing another machine.
 What I personally would like to see is the major FOSS projects and
distros starting to think beyond x86, perhaps by compiling and testing
their software on ARM / POWER as well as x86, even if they are
continuing to develop on older x86 machines for the time being.  In the
case of router distributions (pfSense comes to mind) the developers
should start focusing on providing (at minimum) an ARM or MIPS port;
this would also have the bonus of lowering the power consumption of the
router package.

As you say, the current Opteron 4xxx/6xxx series devices are currently
adequate for most work.  The danger is complacency; 5 - 10 years from
now those chips will be wholly inadequate for many common tasks and
there may be no way to upgrade in performance without also sacrificing
freedom.

I should also point out that all recent AMD chips, including the
upcoming Zen Opteron CPUs and the modern FX-series devices, require
signed binary blobs to boot.  They are not free and, worse, by design,
they can never be freed.  AMD has also refused to release any
documentation on the A1200 series devices, and it is highly likely they
will also require a signed TrustZone binary to boot.

- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
http://www.raptorengineeringinc.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJXG+N+AAoJEK+E3vEXDOFbC7UH/0ZNYI07sZASF2z0fC/RuMe9
PnJcORL0uPYNJ8gMMO/sSRimW8U+/6RP4wJlaSy6cRX3TtnEjCh5r7p7TX9kJSSa
ITTtTnHQwpixNJA4t0ls2r5z9vk/XyIyvw7IMM7S7W/4XscmU5V94obMJxU7hG6H
bkhopZHa2+hvQGUlEPCpBpro41Pt+n8U3NYklWrhMygo3Q8IWQKMAfJn1w6zlnMR
FmuJxPuX2P5XwqHvkNbNLlTFYKtKxwAlM25Nne4fD/k30v6p9yQRLn04zJSu+8AF
kfXK5wPwbLK+1TYaxxrIbv0wKDjYIhEolzR3fA9Wjt3KGqR0gAbL2BgSxI+/QTU=
=Jsmo
-----END PGP SIGNATURE-----