- where can I set machine-owner-key for rEFInd to do secure boot with Linux?
- where can I set the *real* machine-owner-key to load only a copy of board firmware compiled from not-license-encumbered source code on a machine I control?
- can I remove the wireless network interface so that I have a wireless network interface that does not run binary blobs?
- is there a clean interface to remove the Intel Management Engine binary blob and replace it with something that I can see the code so don't need to worry about something opaque and untrusted having "ring -3" access to my system?
I feel like I already know the answers to these questions. But these are questions anyone who has one of these machines should be asking themselves.
Unsure why you'd be a condescending person about this. Why not?
MacBooks made great Linux machines for many years before the bad times started. And hopefully will again some day!
Microsoft for years tried to act like a good guy with Secure Boot standards that promised systems would remain general purpose computers. If Microsoft obeys it's own standards, that should be the case here too! If not, how can we expect other vendors to provide the general purpose computing systems Microsoft has promised to keep available, as they locked down the boot chain?
Some DevOps guys I know are running on Macbook M2 a Gentoo musl+llvm+openrc userland on a Linux that has Asahi patches and https://grsecurity.net patches.
The only "downside" is no Windows VMs, but they don't seem to care about that.
I want a Surface Pro, that exact hardware as perceived on the outside as a user, sans the ""accidental"" backdoors. I have partial responsibility running a business that administrates high value deployments and many of our internal users doing "general office stuff" want exactly this kind of hardware.
And I want one or two for myself too, sans the backdoors...
Are there any modern Intel systems that can boot without blobs like the FSP? Even system76 hasn't been able to manage that, only disable the ME after boot.
I suspect you're greatly misunderstanding your clients' needs, because what you're saying is not an officially supported option that exists for anyone outside government agencies.
We have been running RaptorCS servers for years, are evaluating RISC-V based options in a lab, and we are looking at Oxide.
.
What Purism offers with its Pureboot and hardware security chip that enforces deemed-tolerable ME payload is sufficient enough for our ask.
.
> Are there any modern Intel systems that can
The lack of availability of a product does not change the desire for the product to exist. RISC-V is already successfully playing in a market space with products that satisfy my asks above, maybe Intel can catch up some day.
.
> clients' needs,
Our clients came to us and were clear about what their ask was. I'm kind of chuckling right now, because one of clients in particular, if he saw your post would shoot back with "it's not called the Bill of Needs".
Some of the other ones are government. But I appreciate you trying to be helpful.
In my experience, to archive effectively you need a physical datacenter footprint, or to rent capacity of someone who does. Over a longer timespan (even just 6 months), having your own footprint is a lower total cost of ownership, provided you have the skills or access to someone with the skills to run Kubernetes + Ceph (or something similar).
.
> Is this a use case for Torrents?
Yes, provided you have a good way to dynamically append a distributed index of torrents and users willing to run that software in addition to the torrent software. Should be easy enough to define in container-compose.
The pedestrian "right", which I encounter on a day-to-day basis the months I visit client sites a couple hundred miles inland of the Gulf of America, will look at climatelinks.org and say something like: "all I see are foreign countries, why are we spending money on this instead of citizens of the United States?".
IMHO, we should do it because the person who pays tends to have more power over what happens. Just like how in high school the kid who drives everyone tends to have a higher than normal say in what the friend group does.
> Why should US fund WHO ~5-6 times more than China [0] (and more than EU)
The base contributions are a function of GDP. The extra contributions are voluntary, and the US did it because it was in the US’ interests. It’s a founding error in the US foreign policy budget and was a good investment in terms of goodwill and data for American health research institutions.
WHO must focus where it is needed most. Public health is much better in the EU (and even in Europe, accounting for places like Belarus and Ukraine) than in China, and there are much fewer epidemics that emerge in Europe in general.
The whole idea is that if we limit the emergence of epidemics where they are likely to happen, we end up with fewer pandemics after these epidemics spread worldwide (which includes Europe and North America). The whole world is better without another COVID, Ebola, or Polio.
> only to have the WHO be controlled by China
This is bullshit. The WHO is not controlled by China any more than other UN institutions. What is certain, though, is that the US won’t have any say whatsoever once they are out.
“The whole idea is that if we limit the emergence of epidemics where they are likely to happen, we end up with fewer pandemics after these epidemics spread worldwide”
I realize I’m arguing against a negative but has that actually been accomplished? I don’t argue that they (I assume) probably help with things like Ebola outbreaks but that’s almost certainly never going to become a pandemic.
If fascism means secure borders, an end to the kinetic conflict in Ukraine, an end to social media censorship, and a booming economy, more than half the country will vote for fascism. Promises fulfilled or not aside.
The article we're discussing talks about removal of publicly accessible data. Huge amounts of it. How is that better than "social media censorship"?
At some point you're going to have to stop spouting the bullshit talking points and accept that this administration are actively worse on most metrics that they campaigned on improving.
"The government of Columbia has agreed to all of President Trump's terms, including the unrestricted acceptance of all illegal aliens from Colombia returned from the United States, including on U.S. military aircraft, without limitation or delay. Based on this agreement, the fully drafted IEEPA tariffs and sanctions will be held in reserve, and not signed, unless Colombia fails to honor this agreement. The visa sanctions issued by the State Department, and enhanced inspections from Customs and Border Protection, will remain in effect until the first planeload of Colombian deportees is successfully returned. Today's events make clear to the world that America is respected again. President Trump will continue to fiercely protect our nation's sovereignty, and he expects all other nations of the world to fully cooperate in accepting the deportation of their citizens illegally present in the United States."
"For the record, virtually every source that covered the Unite the Right debacle concluded that it was conceived of, led by [sic] and attended by white supremacists, and that therefore Trump's characterization was wrong."
> as the Trump administration works to scrap anything that has to do with climate change, racial equity, or gender identity.
The college educated person -- but not the university educated STEM degree holder -- takes these three things to mean what they are labeled as at face value.
I could be wrong here, I'm not an expert with databases, but I believe -- this is a belief, please help me disconfirm it if you think it is wrong -- that CitusDB's approach that shards Postgres across redundant mirrors, should successfully scale horizontally for OLTP without sacrificing consistency.
Citus still has a centralized coordinator that all requests go through to be routed to their shard, or at least it did several years ago when I last ran it in production. It definitely scales further than single instances, but it's not a magic bullet.
Others can do it too: Spanner, FoundationDB. SI just has generally better performance because there is less to check, and you can always opt-in to row locking if you need (because of write-write conflicts)
Put an OpenBSD machine to act as a router/firewall between supplied devices and your own network to keep things clean.