Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

MINIX: ​Intel's hidden in-chip operating system
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

MINIX: ​Intel's hidden in-chip operating system

Buried deep inside your computer's Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It's slow, hard to get at, and insecure as insecure can be.

http://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/

Thanked by 3Yura Pwner erkin
«1

Comments

  • NeoonNeoon Member
    edited November 8

    There are actually multiple operating systems, Google released some stuff about it:

    https://schd.ws/hosted_files/osseu17/84/Replace UEFI with Linux.pdf

    https://osseu17.sched.com/event/ByYt/replace-your-exploit-ridden-firmware-with-linux-ronald-minnich-google

    Interesting to read.

    AMD FX, the old CPU gen does not have such a backdoor, Ryzen does.

    Thanked by 2Yura netomx
  • YuraYura Member

    cunts

  • AidanAidan Member

    asterisk14 said: Tagged: microsoft government spying backed-up-by-nsa

  • WSSWSS Member

    Pretty sure that the Core2Duo was the last-of-breed that didn't have a way to fuck with the underlying system transparently to the OS.

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

  • mkshmksh Member

    @WSS said: Pretty sure that the Core2Duo was the last-of-breed that didn't have a way to fuck with the underlying system transparently to the OS.

    As far as Intel is concerned i think you are right. AMD has some "newer" CPUs without the management crap though iirc.

  • quickquick Member

    I am tagging @Intel

    Thanked by 1bugrakoc
  • deankdeank Member

    And I am tagging @endisnigh

    LET-Lives-Matter | I am a sarcastic troll and has a fetish in PMS. For kids, PMS means "Premenstrual syndrome" and guys can have PMS.

  • vishvish Member

    @jesus this is scary

  • rm_rm_ Member
    edited November 8

    mksh said: AMD has some "newer" CPUs without the management crap though iirc.

    Yep, all the way through the aforementioned 4.0 GHz 8-core FX-8350.

    Probably the FX-9370 and FX-9590 are safe as well, but those are rare, hot and expensive (and are nothing but factory-overclocked, voltage-hiked versions of the 8350).

    Thanked by 1mksh
  • I'm dain bramaged today: is this in the actual CPU itself? Or is this UEFI? If I have a hybrid board and disable UEFI, does this still execute?

    Thanked by 1hostdare
  • mfsmfs Member

    Interestingly enough this article comes out right when I was fiddling with me_cleaner...

    puts tinfoil hat on

  • It's like Tannenbaum's revenge. "OK, you won that USENET argument, but now you can't run your precious Linux except on top of my MINIX!"

    My Advice: VPS Advice

    For LET support, please click here.

    Thanked by 3scaveney emg vimalware
  • WSSWSS Member

    @raindog308 said: It's like Tannenbaum's revenge. "OK, you won that USENET argument, but now you can't run your precious Linux except on top of my MINIX!"

    Do you remember his shit-talking to Linus way back when- saying a monolithic kernel was a shitty stupid design?

    I do. It was one of the better run-ins. Personally, though, I still prefer the jkh vs deraadt IRC dramas. Those were fucking hilarious.

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

  • @Damian said: I'm dain bramaged today: is this in the actual CPU itself? Or is this UEFI? If I have a hybrid board and disable UEFI, does this still execute?

    Both. uefi adds a massive shit layer but much of it is in modern bioses, too. Plus, of course intel amd.

    That said, it's not simply a matter of "intel (somewhat more) and amd (somewhat less) are eeeevil!!".

    Most of that shit has grown over more than a decade and mainly based on two factors, a) large corp clients ("we want centralized remote management!") and b) what I call the "us american model", i.e. an unhealthy mix of incompetence, ignorance, make-shift rather than engineering, and above all profit greed without limits. And hey, it worked and until recently almost nobody complained.

    And don't you worry. Technically the evil inventor is neither intel nor amd. It's arm who invented the "trustzone" cancer which has become the core at intel and amd, too.

    As for Tanenbaum/Minix vs linus/linux: Tanenbaum has already forgotten more about OSs than linus could ever hope to learn. When Tanenbaum talks I listen, when linus talks I laugh. So, while that fame is somewhat smelly I'm very pleased to see that Tanenbaums work is used in by far more systems than linus' funny computer game.

    My favourite prime number is 42. - preferred payment: vague promises of rich great-grand-children supported by a mod.

  • WSSWSS Member

    @bsdguy said: preferred payment: vague promises of rich great-grand-children supported by a mod.

    What? You don't take miners built in PHP that need to be executed as root anymore!?

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

  • @WSS said:

    @bsdguy said: preferred payment: vague promises of rich great-grand-children supported by a mod.

    What? You don't take miners built in PHP that need to be executed as root anymore!?

    Bullshit! Of course I do. It's just that I enhanced sakkurity by putting the whole thing into a browser plugin, you clueless cunt.

    My favourite prime number is 42. - preferred payment: vague promises of rich great-grand-children supported by a mod.

  • WSSWSS Member

    If you don't stop calling me cunt, I'm going to send @ricardo to live with you.

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

  • @WSS said: If you don't stop calling me cunt, I'm going to send @ricardo to live with you.

    Miguel is still alive?

    Dont'TalkAboutLETClub There is this thing called hoopla.

  • WSSWSS Member

    @AuroraZ said: Miguel is still alive?

    As is custom, someone else took over the dormant account. Squaturd rights, and all.

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

  • @WSS said:

    @AuroraZ said: Miguel is still alive?

    As is custom, someone else took over the dormant account. Squaturd rights, and all.

    Ahhh gotchas.

    Dont'TalkAboutLETClub There is this thing called hoopla.

  • WSSWSS Member

    How goes the pooping? Had some fruit today, so I'm pretty pleased with myself. Didn't even leave a ring around the grundies.

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

  • Mostly the same of course need to eat to poop so.......there's that

    Dont'TalkAboutLETClub There is this thing called hoopla.

  • WSSWSS Member

    but if you eat the poop then can you crap out food?

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

  • WSS said: but if you eat the poop then can you crap out food?

    Intel seems to think so.

    Thanked by 2WSS scaveney
  • Hmm... so Intel installs backdoor into people's PCs and you can't do much about it without risking the chance of bricking the system... Well.... you learn something new everyday!

    Powered by: Virmach - LEB30 for 30% off!

  • WSSWSS Member

    @Edmond said: Hmm... so Intel installs backdoor into people's PCs and you can't do much about it without risking the chance of bricking the system... Well.... you learn something new everyday!

    Or, you know, ten years ago..

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

  • Meanwhile AMD EPYC has Secure Memory Encryption and Secure Encrypted Virtualization. They still have an ARM TrustZone though I believe but that's to be expected I suppose.

  • @WSS said: If you don't stop calling me cunt, I'm going to send @ricardo to live with you.

    Inacceptable. You are much more handsome than him; he's not even a cunt, cunt!

    My favourite prime number is 42. - preferred payment: vague promises of rich great-grand-children supported by a mod.

  • WSS said: Pretty sure that the Core2Duo was the last-of-breed that didn't have a way to fuck with the underlying system transparently to the OS.

    I'm curious if you have any more details like that, or a link. I just put together a new Tor box and deliberately used an Intel Pentium 4 511 on a 915GEV mother board. That's probably safe and it certainly is plenty powerful for secure communication and basic browsing.

  • @WSS said:

    @Edmond said: Hmm... so Intel installs backdoor into people's PCs and you can't do much about it without risking the chance of bricking the system... Well.... you learn something new everyday!

    Or, you know, ten years ago..

    K, probably have known but didn't really care enough to try and hope I don't brick my PC. Happy now?

    Powered by: Virmach - LEB30 for 30% off!

  • Puri.sm is the newest breed of manufacturer that got Intel ME disabled. So, I believe they could save us. Or go with good old T400 laptops and Libreboot and a free/libre OS on top of it.

  • JarryJarry Member
    edited November 9

    It seems there is already working attack on Intel ME. This one is local (over usb), but it is just a matter of time when similar attack over eth appears...

    http://securityaffairs.co/wordpress/65327/hacking/intel-management-engine-flaw-hack.html

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5689

  • NeoonNeoon Member

    Get a chrome book, these run on ARM and google runs there own solution on there, put Debian on, problem solved.

    But no idea how good this performs.

  • rm_rm_ Member
    edited November 9

    Neoon said: Get a chrome book, these run on ARM and google runs there own solution on there

    Nah, as said above:

    Technically the evil inventor is neither intel nor amd. It's arm who invented the "trustzone" cancer which has become the core at intel and amd, too.

    Modern ARM contains TrustZone, which is a small separate CPU in a CPU, running proprietary secret code. Who knows which backdoors it might contain. Maybe ARM is not worse than Intel, but it's not any better either.

  • NeoonNeoon Member

    So, we are doomed, crap. Go and buy AMD FX.

    Thanked by 1netomx
  • @Neoon said: So, we are doomed, crap. Go and buy AMD FX.

    Oh, that's just the part (tip of the iceberg) that happened to be discovered...

    My favourite prime number is 42. - preferred payment: vague promises of rich great-grand-children supported by a mod.

    Thanked by 1netomx
  • NeoonNeoon Member
    edited November 9

    I am waiting for the moment, when they use the Network exploit and open Servers and Desktops like tin cans.
    Thats gonna be fun

    Thanked by 1netomx
  • JarryJarry Member

    Such exploit might exist already...

  • NeoonNeoon Member

    @Jarry said: Such exploit might exist already...

    I am sure that it already exists, just the question of time when it goes BIG.

    Thanked by 2default netomx
  • Thanked by 1netomx
  • WSSWSS Member

    @Ole_Juul said:

    WSS said: Pretty sure that the Core2Duo was the last-of-breed that didn't have a way to fuck with the underlying system transparently to the OS.

    I'm curious if you have any more details like that, or a link. I just put together a new Tor box and deliberately used an Intel Pentium 4 511 on a 915GEV mother board. That's probably safe and it certainly is plenty powerful for secure communication and basic browsing.

    Sure.

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

  • If only we could use routers with MIPS, as desktops and servers.

  • rm_rm_ Member

    default said: MIPS, as desktops

    MIPS is not in the best state right now, but still there is some MIPS hardware powerful enough to be used as a light desktop.

  • WSSWSS Member

    @rm_ said: MIPS is not in the best state right now, but still there is some MIPS hardware powerful enough to be used as a light desktop.

    2018 will be known as the year of OpenWRT on the desktop.

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

    Thanked by 2netomx vimalware
  • rm_rm_ Member

    WSS said: 2018 will be known as the year of OpenWRT on the desktop.

    It supports Debian, thanks.

    Thanked by 1netomx
  • WSSWSS Member

    @rm_ said:

    WSS said: 2018 will be known as the year of OpenWRT on the desktop.

    It supports Debian, thanks.

    apt-get install luci-ssl

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

    Thanked by 1netomx
  • scaveneyscaveney Member, Provider

    fwiw they only started using MINIX recently. It was ThreadX RTOS for years until they changed to MINIX. Much smaller attack surface.

    Premium SSD KVM at https://anynode.net/ ~ starting at $12.50/yr for 256MB ~ three locations available

    Thanked by 1vimalware
  • WSSWSS Member

    I can't wait for iTron to make a comeback.

    "I won't purchase a VPS at any CC location, because of their shitty business and the fact they STILL DON'T HAVE IPv6!!" - nunim, Sept 10, 2013

Sign In or Register to comment.