26 votes

Why Intel will never let owners control the ME

Tags: intel

14 comments

  1. [9]
    starchturrets
    Link
    Sad how even our hardware is bundled with spyware. By the way, that site is an awesome example of minimalist web design.

    Sad how even our hardware is bundled with spyware.

    By the way, that site is an awesome example of minimalist web design.

    14 votes
    1. [3]
      acr
      Link Parent
      I always find it funny that it can be hard to get basic things like drivers and firmware to work well with Linux, but they sure as hell get that spyware to where it will work with any operating...

      I always find it funny that it can be hard to get basic things like drivers and firmware to work well with Linux, but they sure as hell get that spyware to where it will work with any operating system. They'll be sure to put a lot into that.

      13 votes
      1. [3]
        Comment deleted by author
        Link Parent
        1. acr
          Link Parent
          That's pretty Twisted. That read was really eye-opening thank you. That's ridiculous I didn't even let him know.

          That's pretty Twisted. That read was really eye-opening thank you. That's ridiculous I didn't even let him know.

          2 votes
        2. sqew
          Link Parent
          His take on that is really interesting. Almost seems like he resents Linux and the other major operating systems for being more widely used than MINIX and only tacked on that note about spying as...

          His take on that is really interesting. Almost seems like he resents Linux and the other major operating systems for being more widely used than MINIX and only tacked on that note about spying as a bit of CYA later.

          1 vote
    2. [6]
      Comment deleted by author
      Link Parent
      1. unknown user
        Link Parent
        Even simply setting a maximum body width can go a long way to enhancing readability; usually for article-style reading, it's been suggested up to 75 characters makes for an optimum.

        Even simply setting a maximum body width can go a long way to enhancing readability; usually for article-style reading, it's been suggested up to 75 characters makes for an optimum.

        9 votes
      2. [3]
        cptcobalt
        Link Parent
        I completely agree, and I'm not on a 5K display either. I get why some people are finding the web to be over designed, but I don't think the counter-response—nor the definition of "minimal" in...

        I completely agree, and I'm not on a 5K display either. I get why some people are finding the web to be over designed, but I don't think the counter-response—nor the definition of "minimal" in this context—is to militantly under-style a website. Typographic and layout considerations should still be taken into account to provide a good experience on all devices.

        2 votes
        1. [2]
          Crespyl
          Link Parent
          On the other hand, leaving the barest styling does make it much easier for the user to set up their own preferred default styles, or for browser "reader modes" to identify the important content to...

          On the other hand, leaving the barest styling does make it much easier for the user to set up their own preferred default styles, or for browser "reader modes" to identify the important content to present in a standard format.

          I do prefer a comfortable max column width around 80-100 characters, but much beyond that and it just starts to remind me of all the overdesigned, scroll-hijacking, faddish, and nigh-unusable "modern" sites.

          There's a sweet spot somewhere in between of course, but all things being un-equal, I'll take the site with zero styling.

          2 votes
          1. MacDolanFarms
            Link Parent
            I don't really like that it's on the site I'm viewing to tell me how it should look, rather than it just telling me semantic information and my browser making sane design choices for it. There's...

            I don't really like that it's on the site I'm viewing to tell me how it should look, rather than it just telling me semantic information and my browser making sane design choices for it. There's no technological reason why that couldn't be done, since pages like this give me all the info I need.

            1 vote
      3. MacDolanFarms
        Link Parent
        That site is still far more bloat (in comparison at least) to the original post, at around 1.1 KB versus ~350 bytes. But a tiny bit of style goes a long way. Even just setting body { max-width:...

        That site is still far more bloat (in comparison at least) to the original post, at around 1.1 KB versus ~350 bytes. But a tiny bit of style goes a long way. Even just setting

        body {
            max-width: 45em;
            margin: 1em auto;
        }
        

        makes it look much more readable.

        1 vote
  2. teaearlgraycold
    (edited )
    Link
    Well if this is the case it's all for nothing. A private tracker I'm a member of has 500 movies in 2160p quality ripped from BluRay sources. If there's DRM there it has been broken. And to be...

    As far as I'm aware, Ultra-HD Blu-rays depend on this Intel DRM functionality; essentially, neither your OS nor the applications running on it ever see decrypted content, it's decrypted on the ME, which doesn't trust the OS to be secure (against you), and passed securely to your GPU. (I'm to understand GPUs have similar accommodations.)

    Well if this is the case it's all for nothing. A private tracker I'm a member of has 500 movies in 2160p quality ripped from BluRay sources. If there's DRM there it has been broken. And to be clear - these are not re-encodes coming from an HDCP stripper. These are decrypted BluRay filesystems and remuxes.

    Edit:

    I asked around and learned that this is the DRM cracking software used for UHD BluRays.

    9 votes
  3. patience_limited
    Link
    I'm less concerned about the DRM than the fact that embedded proprietary firmware is essentially a gateway for the whole world to pwn you. Useful discussion here:...

    I'm less concerned about the DRM than the fact that embedded proprietary firmware is essentially a gateway for the whole world to pwn you.

    Useful discussion here: https://itsfoss.com/fact-intel-minix-case/ and here: https://www.troopers.de/downloads/troopers17/TR17_ME11_Static.pdf

    I had a long interaction with a nameless (because NDA) hardware vendor about their buggy Linux-based firmware for an embedded ILO subsystem - I'm not especially sophisticated, but there were half a dozen different ways it could be used to mirror data externally, subvert authentication, and inject code in the running operating system.

    This was a situation where the manufacturer was actively releasing updates, at least, even if their public disclosure was faulty. For Intel ME, you'd never have known that the embedded system was vulnerable without an active security community reporting on the problem and demanding action.

    8 votes
  4. [3]
    PloniAlmoni
    Link
    AMD said their PSP (equivalent of Intel ME) will have an option to disable it in BIOS in the future, but are leaving it up to motherboard OEMs to implement it.

    AMD said their PSP (equivalent of Intel ME) will have an option to disable it in BIOS in the future, but are leaving it up to motherboard OEMs to implement it.

    6 votes
    1. [2]
      kiyoshigawa
      Link Parent
      Since it's closed source, is there any real way to know if it's actually disabled? I'm not super familiar with the x86 architecture or what, specifically, the ME/PSP does computationally, so I may...

      Since it's closed source, is there any real way to know if it's actually disabled? I'm not super familiar with the x86 architecture or what, specifically, the ME/PSP does computationally, so I may be asking a stupid question.

      3 votes
      1. PloniAlmoni
        Link Parent
        You could attempt to connect to it using the PSP remote management protocols. If it fails, it's disabled. The open-source alternative, coreboot, does not run on most conventional computer...

        You could attempt to connect to it using the PSP remote management protocols. If it fails, it's disabled.

        The open-source alternative, coreboot, does not run on most conventional computer motherboards made in the last 5+ years I think, the last time I looked at it.

        2 votes