Q4 Laptops...
Drew White
Just curious if anyone knows a good laptop that can run Q4 that uses a BIOS? (No UEFI, or separate UEFI chip)
Laptop needs to be able to handle a lot of RAM (64Gb+ MAX), as well as have a pretty good CPU, 4+ threads, up to 12 at least (for upgrade).
Needs to have Nipple Mouse, not a trackpad. No Numeric Pad, so that the seating position is not off center to the screen. 15"+ screen.
Anyone have any suggestions?
They need to have good warranty on them, and QUALITY. Not cheap shitty things like the commercial end user HPs.
Just wondering what you here will suggest in the way of a Laptop. If I get a good suggestion within the next month, I'll buy it. :)
(Librem Laptops are not yet good enough, but are brilliant for security and customisability for that security.)
I'm looking for a long term evolution.
EVGA Laptops are only using UEFI now, so unless I can overwrite the BIOS in them, I won't want them. If you know that I can overwrite the BIOS in a Laptop that uses UEFI, please say so when suggesting a Laptop that is UEFI.
Sincerely,
Drew.
Tai...@gmx.com
laptop with 64GB RAM and 12 threads let alone one that is old enough to
not have UEFI.
The best you will get is a W520 or W530 where you can install coreboot
(open hw init + nerfed ME) and have 32GB RAM.
Purism is not libre - their "open source firmware" has hardware
initiation done entirely via binary blobs and their ME is certainly not
disabled as the kernel still runs along with any hypothetical backdoor.
Their marketing is incredibly dishonest and I simply don't understand
why they get so much air time.
Drew White
> What you ask for is impossible, it simply isn't made - no one has a
> laptop with 64GB RAM and 12 threads let alone one that is old enough to
> not have UEFI.
I know that they exist, and I would have one if I had enough money. But they do exist. As for UEFI (Microsofts shit invention) if I can disable it or else just replace it with an actual REAL BIOS, then I will.
> The best you will get is a W520 or W530 where you can install coreboot
> (open hw init + nerfed ME) and have 32GB RAM.
Can the CPU be upgraded in those though?
> Purism is not libre - their "open source firmware" has hardware
> initiation done entirely via binary blobs and their ME is certainly not
> disabled as the kernel still runs along with any hypothetical backdoor.
> Their marketing is incredibly dishonest and I simply don't understand
> why they get so much air time.
lol, then the only way I can get around it is to disable it myself by editing the CPU firmware? Or is there something else that controls that? (I'll have to look into it.)
If their information is wrong, then I'll report them for false advertising. Thanks for letting me know.
Drew White
> (open hw init + nerfed ME) and have 32GB RAM.
FYI, I'm happy to see you went with Lenovo.
Best End User devices in general. (Or used to be)
Tai...@gmx.com
> On Wednesday, 11 April 2018 16:55:48 UTC+10, Tai...@gmx.com wrote:
>> What you ask for is impossible, it simply isn't made - no one has a
>> laptop with 64GB RAM and 12 threads let alone one that is old enough to
>> not have UEFI.
> I know that they exist, and I would have one if I had enough money. But they do exist. As for UEFI (Microsofts shit invention) if I can disable it or else just replace it with an actual REAL BIOS, then I will.
stuff doesn't.
>> (open hw init + nerfed ME) and have 32GB RAM.
> Can the CPU be upgraded in those though?
I suggest buying a W520 and installing the best ivybridge CPU you can,
then you get the better non-chiclet keyboard and it is also better
supported in coreboot the port for the W530 was never upstreamed.
>> initiation done entirely via binary blobs and their ME is certainly not
>> disabled as the kernel still runs along with any hypothetical backdoor.
>> Their marketing is incredibly dishonest and I simply don't understand
>> why they get so much air time.
> lol, then the only way I can get around it is to disable it myself by editing the CPU firmware? Or is there something else that controls that? (I'll have to look into it.)
intervention from intel/amd.
The puridiots claim they will eventually be able to convince intel to do
it because some sales guy at a convention said so (they will say
whatever to get you to buy stuff) - however google tried a few years
back and even them as a billion dollar company wasn't able to convince
intel to do it.
ME cleaner nerfs it even with the hap bit it isn't disabled because the
kernel still runs it simply shuts off after the kernel runs but that is
more than enough time to set up any potential backdoor and perform a
variety of dirty tricks.
NSA/MSS/FSB says: "oh no they removed the networking module what will we
do now D: D: D:"
that very much their marketing is very sleazy and dishonest.
Like I said I simply don't understand why I am the only critical voice,
the tech media frequently publishes glorified press releases for them
with absolutely no criticism or real facts about how their computers are
not and can't ever have free firmware or free hardware...
https://goblinrefuge.com/mediagoblin/u/onpon4/m/what-purism-s-road-to-fsf-ryf-endorsement-chart-should-look-like/
https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/
https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/
https://web.archive.org/web/20161010100959/https://blogs.coreboot.org/blog/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/
(Gotta love their insulting of their honest competitors and donating to
their own crowdfunding campaign)
Tai...@gmx.com
firmware.
They simply ride the coat-tails of IBM which is why so many still use
their stuff.
The W520, G505S (no PSP/ME!) etc were from before they got really shitty.
It is a damn shame, they continually remove the thinkpad features that
people like in the new stuff just chasing apple removing all the useful
ports, thinklight, mouse nub, non-chiclet keyboard, trackpad buttons etc
cooloutac
Booting in uefi mode I dont' have those problems. I think eventually we will have no choice but to use uefi cause all hardware will be designed for it.
Unfortunately using uefi mode does not give any security benefits since Qubes doesn't support secure boot or secure flash.
Tai...@gmx.com
> In my case I found uefi mode works better for Qubes. For example using legacy bios mode i have many wake from sleep problems, such as usb mouse in sys-usb not working after sleep. system becoming unresponsive.
>
> Booting in uefi mode I dont' have those problems. I think eventually we will have no choice but to use uefi cause all hardware will be designed for it.
>
your own distro, or even your own programs unless you pay for a
"developer" computer. This is the goal of microsoft.
The future for owner controlled high performance devices is POWER, the
TALOS 2 is now in full production and the benchmarks indicate that it
costs thousands less than an intel/amd system with equivilant performance.
For once we have a unicorn - a libre firmware system that is actually
fast and brand new.
>
linux-distro-sucks-unless-it-supports-microsoft-technology
https://www.phoronix.com/scan.php?page=news_item&px=UEFI-Kernel-Lockdown-Concerns
Linus describes Secure Boot as being "pushed in your face by people with
an agenda."
Even linus agrees with me that these things aren't happening in a vacuum.
Remember guys if something is truly good it doesn't need to be forced on
you "for your own good"
> or secure flash.
>
Operating systems should not be modifying EEPROM settings - you are free
to use flashrom to do that yourself if you so desire.
I grow increasingly tired of your uninformed comments.
cooloutac
So you're a free software guy quoting crazy linus torvalds who is anything but for free software and who could care less about security... You do know him and his whole family use windows at home right? He doesn't even use linux himself. He makes kernels in virtualbox on windows 10 and for the all the suckers... At least you use an fsf kernel, too bad no more grsec to use with it, since spender is another mental patient. lmao...
What about when I quote Richard Stallman who says its ok to use secure boot for security because its "failed its intended purpose"... Why do you not address my statement on this? I find that suspicious.
The same "purpose" you still claim MS wants to happen in the future turned out to be Fear mongering politics by crazy fsf nutjobs. So you seem to ignore the whole fact secure boot is a security benefit that is beneficial to all operating systems. Stop telling me about whats going to happen in the future like you are Nostradamus, makes you seem fake since this prediction was already previously made and was wrong.
Like I said free software movement will never become popoular, if its own advocates are not even honest with themselves and seem distant from reality. You are like a car salesman to me. At least Richard Stallman half admitted he was wrong.
So I guess you don't use a gui desktop since that was made popular by evil apple and ms, and since it would be so much better for security right?? Text based machines only bud?
Thierry Laurion
To Taiidan and all others complaining about Purism lies and consumer being misled.I keep reading stuff about purism lying about deactivating/disabling ME being impossible, lying about the future of Intel removing ME, etc. I think THIS is misleading.First, its me_cleaner job to do the cleaning.The ME hack itself won't remove ME, but can remove modules by stripping them. There is a big semantic difference between the words removing, disabling and deactivating, I agree. Me_cleaner won't remove ME, that is true. But all this ranting is not factual.See here:From"For pre-Skylake firmware (ME version < 11) this tool removes almost everything, leaving only the two fundamental modules needed for the correct boot, ROMP and BUP. The code size is reduced from 1.5 MB (non-AMT firmware) or 5 MB (AMT firmware) to ~90 kB of compressed code.
Starting from Skylake (ME version >= 11) the ME subsystem and the firmware structure have changed, requiring substantial changes in me_cleaner. The fundamental modules required for the correct boot are now four (rbe, kernel, syslib and bup) and the minimum code size is ~300 kB of compressed code (from the 2 MB of the non-AMT firmware and the 7 MB of the AMT one)."To have Intel without ME ( but also without vt-d2, meaning no IOMMU) one will need to choose old hardware, like the x200, which will not have more then 8gb ram and won't support hardware isolation, so no real advantage of using Qubes.x230 and x220 and others will boot with deactivated ME, booting with ROMP and BUP present, true, but without kernel and no other modules.The rest of what you say, I agree. But oversimplifying things doesn't fulfill the goal of making people aware of what is needed now and in the future. Maybe Intel will change their way of fusing keys into the CPU when they realise a lot of money is going out of their pocket to privacy defending manufacturers. Maybe not. Time only will let us know. Their objective is good. They might now success against Goliath, but really trying their best for actual possibilities. ( IOMMU, minimal ME footprint, disabling ME the same way it is done for three letters agencies laptops).Until brand new laptops can fulfill IOMMU needs for certain threat models, there is few alternatives now.Tl;dr:Used laptops:Having IOMMU without ME/PSP (Qubes): Lenovo g505s.Removed ME, without IOMMU: x200.Disabled ME with IOMMU (Qubes): x230/x220.New laptops:Deactivated ME, with IOMMU (Qubes): Purism Librems.Desktop/Servers:Used:With IOMMU (Qubes), no ME/PSP: kgpe-d16, kcma-d8New:With IOMMU (no Qubes): Talos II.Let's start a real debate aimed at improving stuff and building proper arguments.Pressure against manufacturers will build with market laws, and energy should be put where things can evolve in the meantime.For my part, I wouldn't recommend using a x200 other then for amnesic laptops.G505s are not powerful and tough enough to run Qubes as a daily driver.ME is a really nasty piece of shit to deal with, agreed. But things needs to move forward. Hiding in a cave waiting for things to magically happen is not enough.Thierry
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9231e87b-887a-b226-68bd-ac1c3573559b%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
Thierry Laurion
awokd
> Let's start a real debate aimed at improving stuff and building proper
> arguments. Pressure against manufacturers will build with market laws, and
> energy should be put where things can evolve in the meantime.
> G505s are not powerful and tough enough to run Qubes as a daily
> driver.
full Stretch linux-image build in 2.5 hours on one, but that's the
heaviest work I put it through. With 16GB RAM and a good SSD, they're fast
enough for what I need.
> ME is a really nasty piece of shit to deal with, agreed. But things needs
> to move forward. Hiding in a cave waiting for things to magically happen
> is not enough.
forward over on qubes-devel a little while ago
https://www.mail-archive.com/qubes...@googlegroups.com/msg03097.html
and there were a couple related threads around the same time. Neither
Intel or AMD seem concerned about actual security, only locking down the
platform by handing over control of it to manufacturers instead of end
users.
Thierry Laurion
On Sun, April 15, 2018 12:52 pm, Thierry Laurion wrote:
> Let's start a real debate aimed at improving stuff and building proper
> arguments. Pressure against manufacturers will build with market laws, and
> energy should be put where things can evolve in the meantime.
I think everyone can agree to this!
> G505s are not powerful and tough enough to run Qubes as a daily
> driver.
They don't have a titanium frame, but what laptops do these days? I did a
full Stretch linux-image build in 2.5 hours on one, but that's the
heaviest work I put it through. With 16GB RAM and a good SSD, they're fast
enough for what I need.
awokd
> Le lun. 16 avr. 2018 05:47, awokd <aw...@danwin1210.me> a écrit :
>> They don't have a titanium frame, but what laptops do these days? I did
>> a full Stretch linux-image build in 2.5 hours on one, but that's the
>> heaviest work I put it through. With 16GB RAM and a good SSD, they're
>> fast enough for what I need.
>>
> What is your CPU speed? How much lasts the battery? How is the screen?
> Does
> it feel bulky in a backpack?
the whole time inside the HVM, so I think it's a good measure. In Hz, it's
2.5GHz x 4 core.
Battery life is short, maybe a couple hours under heavy Qubes use but I
just have the stock 4 cell in there. Usually leave it plugged in.
Screen is an ugly 1366x768 glossy. Don't like the chiclet keyboard either.
Never tried it in a backpack (see usually plugged in), but it's wider than
I like.
But all of those are secondary considerations for me. Primary was
something owner controlled (which as far as I'm concerned, is a
requirement for security). That's not true for everyone, and others have
different priorities. The "right" solution for someone is somewhere on a
multi-dimensional sliding scale.