Anti-ME anti-UEFI anti-backdoor CPU

I am having pre-PSP and pre-UEFI AMD but thinking of downgrading.
I am scared of backdoors, the older hardware the better. And AM2/AM3 CPU's are overpowered, they are too fast for most tasks. Is socket939 safer? or should go even older?

How about we create some guidelines/FAQ that will say how each CPU family (intel amd and other architectures) are unsafe and backdoored? And also let's point out what is the performance and capabilities (SSE2, 64bits, etc) of each processor family. I am afraid SSE2 capable CPU is a must to run most software

Also, what do you think of splitting online and offline activity with two separate machines? But then, won't that be uncomfortable to use? It will be a pain to move data between both machines. For example you read something on webpage (using online machine) and then want to copy some text from webpage into document (that you have on offline machine). Maybe something using Virtual Machines would be better solution?

Other urls found in this thread:

golem.de/news/security-hackern-gelingt-vollzugriff-auf-intel-me-per-usb-1711-131065.html
twitter.com/h0t_max/status/928269320064450560
libreboot.org/docs/hardware/#desktops-amd-intel-x86
libreboot.org/docs/hardware/#serversworkstations-amd-x86
libreboot.org/docs/hardware/#laptops-intel-x86
puri.sm/learn/freedom-roadmap/
coreboot.org/Chromebooks
en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver#ARM
github.com/altreact/archbk/issues/3
raptorcs.com/TALOSII/
powerpc-notebook.org/faq/
lemote.com/html/product/
sifive.com/products/freedom/
lowrisc.org/
en.wikipedia.org/wiki/System_Management_Mode
twitter.com/SFWRedditImages

Or maybe should nuke x86 and move to something else?
But how to run existing software and everything? In emulator? That's going to be slow

just network them and firewall it on both ends. make sure the offline computer has no direct internet access or it's only available through a proxy that isn't on a default port.

There are some ARM boards that can run without blobs, so long as you don't need the GPU. Someone listed them in a recent thread (sorry I don't have url). They should run most software for *nix. For Windows stuff like games or whatnot, you'll probably need a separate machine that's without network (disconnect wifi radio/antenna if you can't remove the card). To transfer data, optical disk works and also gives you a backup. USB flash/disk is more risky.
It's not ideal, but it's better than having a full botnet Intel/Windows machine connected to Internet. I'll be unfomfortable if you're constantly moving data back-and-forth though.
Another option to transfer data is to use an intermediary tightly-controlled system from old hardware, connected via serial ports only. This acts as a file store or BBS you can send/receive stuff over zmodem or similar protocol, and doesn't allow anything else (and especially doesn't route TCP/IP). But it will be slow if you want to send big files, even at 115200 baud rate.

AMD FX-83xx FX-63xx
Last decent CPUs without hardware backdoors.

Shit thread. Stop LARPing about being a leet NSA avoider. If you had any fucking clue what to do about anything, you'd be doing it.

How do you know they don't have backdoors?
They don't have PSP/ME or UEFI (mobos), but they could contain other backdoors. Also they have huge TDP/heat/power. And they are too fast anyway. Who would need so fast CPU?


Fuck you FBI nigger. We're moving from PSP/ME and UEFI and you will be able to do shit to us.

nigger I have 3 libreboot machines; an intel atom board, the D945GCLF; an X200, for a laptop; and a KGPE-D16 server

You are retarded.

There is only one way to avoid the NSA. Get rid of your computer. There is no other way. Libreboot will not help you.

so if your so skilled why you sage and negate the thread instead of giving advice?

If there is no way then why do they invented ME and UEFI backdoors? Why they needed them if you claim that they already had everything?

Why did Truecrypt work and they were unable to decrypt people's drives?

Hackers manage full access to Intel ME via USB
golem.de/news/security-hackern-gelingt-vollzugriff-auf-intel-me-per-usb-1711-131065.html
> ME may jeopardize safety

Oops - Forgot the twitter link
twitter.com/h0t_max/status/928269320064450560

Here's a list I've been making with the help of halfchan.

Findings so far
x86:
For desktops, there's lots of C2Ds and atoms listed, but also some very nice opterons and apparently an iMac
libreboot.org/docs/hardware/#desktops-amd-intel-x86
libreboot.org/docs/hardware/#serversworkstations-amd-x86
For Laptops, you have the CD and C2D memepads
libreboot.org/docs/hardware/#laptops-intel-x86
Purism doesn't do libreboot, but their roadmap includes this as a future goal.
puri.sm/learn/freedom-roadmap/

ARM:
Obviously there's a shit ton of SBCs (Pi, Olimex, etc).
For a laptop option with an open firmware, try ARM Chromebooks.
I'm dead serious. Open it up, unscrew the write protection screw, reflash coreboot, install loonix of choice.
coreboot.org/Chromebooks
In general, your biggest concern with ARM is the GPU drivers.
Mali is fucked. Don't use it. PowerVR too. Vivante GC, Qualcomm Ardreno, and Broadcom VideoCore are fine.
en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver#ARM
Some anons have reported that lighter environments like XFCE are usable on stuff like Mali without the driver, but it's not ideal.
One user said he couldn't remove the ChromeOS on his libreboot C201. This github issue talks about a solution.
github.com/altreact/archbk/issues/3

OpenPOWER:
Raptor Engineering sells POWER9 workstations, that may soon be getting RYF certification.
They're expensive as fuck, but probably the most powerful non-botnet computers that exist.
raptorcs.com/TALOSII/

PowerPC:
Here is a project for a Libre PowerPC laptop, shooting for RYF certification.
powerpc-notebook.org/faq/

MIPS:
The /csg/ of desktops. Lemote is a chink company that sells libre MIPS boards, using PMON firmware.
lemote.com/html/product/

RISC-V:
Only SBCs here. SiFive has some.
sifive.com/products/freedom/
There's also LowRISC
lowrisc.org/

...

new CPUs aren't even getting faster, they just get more features, instruction set extensions, maybe some bigger caches, etc. you need the latest CPU to run goy apps because they're bloated pieces of shit that have been QA'd/debugged into existence using only the latest most popular hardware. i have several 10 year old machines and they are still in the multi GHz range and can run extremely intensive applications, yet cannot run something like agar.io, hipchat, discord, skype, etc without a terrible user experience

10 year cpu can easily do video encoding, 3D modeling, graphics/video editing, using old optimized software. but somehow it's not possible to smoothly run (((modern))) web browsers on same cpu

javascript and vp8 is the only difference between modern processors and athlon/pentiums of old in terms of general performance
we still can't multithread everything

You don't have to multithread everything. Stop trying to cram everything into web browser and just use the native hardware and OS. Then, your stuff runs plenty fast, even on a decade old machine. And it it's still slow, you can get rid of stupid desktop environment bloat and just use a plain old window manager. Even an old i386 Pentium 4 should be fast enough today for most tasks (maybe not video editing, but not everyone needs that).

how long does it take to compile gentoo on an old i386 pentium 4?

About 2 weeks. Those things only have like 16mb RAM.

I doubt the kernel will take much longer than a couple of hours. It's all the other software you compile (like web browsers) might take days.

Dunno, but I used to build OpenBSD kernel & userland overnight on weaker hardware (Pentium II). It didn't take all night either, just several hours.


My 33 MHz 486 maxed out at 16 megs. My last i386 was a P4 with 512 megs, and that mobo could take 1 gig (and it wasn't anything fancy at all).


This. Most Unix software is pretty lean, and I built all kinds of stuff on my 486 (which I only had 8 megs on). But when they started doing all this bloated desktop and browser shit, even powerful machines take a while. If anything this makes lean software much more desirable, since you can comfortably build it yourself on old non-botnet hardware. That's in addition to it being easier to audit, etc.

...

it's "computer," retard

Pqoeojfxownsuhxueldocuhrkixwpwkfic

The only one you can get like that is the one your make yourself
/thread

I don't even have enough computer to do that.

If you're comfortable with your Commodore 64, that's fine. But don't let feelz>reelz, grandpa.

Why do you want to run existing software in a different CPU? Why not fork your software and port it to the different CPU?

older processors have vulns because they just didn't have sophisticated security.

Those graphs clearly show that IPC is no longer improving in a significant way. A 0.4% improvement is not worth upgrading for.

system management mode is the backdoor
side channels and debug ports
debug ports and system management mode like functions
Debug ports
If you want to avoid hardware backdoors then avoid x86 and ARM based proccessors of any age. If you want to avoid software based backdoors you best use anything pre core2 duo x86 and anything pre ARMv7 for ARM. If you want secure hardware, it doesn't exist.

Those improvements add up, as you'll notice the first graph shows a 20% cumulative improvement from the ancient Core 2 chips you're talking about to modern ones, and the second graph shows the improvements can be several times greater yet for some applications. That's all without counting other improvements included in newer CPUs, like much more aggressive clocking thanks to process shrinks and better dynamic clocking, bigger caches, and faster system buses (particularly for RAM).

Such old x86 chips are so slow, you'd get better performance emulating it on a modern tablet SoC.

If you are going to upgrade to anything botnetted go to the intel haswell generation. As it is the last proccessor before the un-removeable version of ME and graphics blobs for intel gpu's. Haswell added more execution units to the proccessor for more throroughput.

Oh gosh, people can do nasty things when they have physical access to the machine!

Broadwell is fine too, (((Librem))) laptops are based on Broadwell chips that run free graphic drivers.

No need to get that old.

You can get a AM3+ FX-8370e, these are the 90w under volted processors, specially binned for it. They are the best of the process and will overclock to about 4.4/4.6 Ghz on air and will reach 5GHz on water. Much better than the FX-9590 which is shit because it will not go 5GHz on all four cores because of its settings, the 8370e will. This will make run like the faster I5 from April this year, so still pretty good.

You can get the last fastest BIOS motherboard the GA-990FXA-UD3/UD5/UD7 with the lower revisions 1.0/1.1/1.2. They basically have all of the modern connectors present except for for M.2 support. But add about 4 Samsung 850 Pro's/Evo's in raid 0 and you will have M.2 speed with 2 GB/s read and write. hould not be to expensive now.

Then get 1866 DDR3 with the lowest CAS of 8 or 9. These have the best true latency and perform better than 2400 DDR with higher CAS that have shittier latency as well. The FX processors work better with 1866.

You can add any modern latest video card in SLI etc.

This will be a very fast system that can still play all modern games at good settings.

Get GA-990FXA, they still have BIOS, FX-83** do not have PSP

And 640k should be enough for everyone.

How is debug port a backdoor? That's like saying IMSAI and Altair are backdoored because you can view/toggle cpu registers at the front panel. It's only a backdoor if this capability is available to the entire world over the network, such as in the case of Intel ME.

If you want to avoid SMM in x86, you have to go back to 80386 chips (and avoid the SL variant).
en.wikipedia.org/wiki/System_Management_Mode