Intel NUC - free software friendly?

25 replies [Last post]
lydell

I am a member!

Offline
Joined: 04/20/2014

I'm considering getting a new computer.

The Penguin Pocket Wee from Think Penguin (http://libre.thinkpenguin.com/) is very tempting, as well as the Intel NUCs -- specifically this one: http://www.intel.com/content/www/us/en/nuc/nuc-kit-nuc5i5ryh.html.

A little comparison:

- Intel is cheaper (at least where I consider buying it). Winner: Intel.
- Intel has seemingly better hardware. Winner: Intel.
- Intel is available in my country (though I'm aware that Think Penguin shipt internationally). Winner: Intel.
- Penguin supports Trisquel 7 for sure. Winner: Penguin. This is where I'd like some help! See below.
- Penguin has a cool logo on the top :). Winner: ... I could just put a nice Trisquel logo on the Intel :)
- Penguin donates 25% to Trisquel. Winner: ... Considering that the Intel is cheaper, I could just donate some myself. Besides, I'm already a member.

So it looks like I'm going for the Intel. But before buying it, I'd be most grateful for any advice on whether it is a good choice for free software or not. As far as I can tell it is, but I'm a bit unsure. Thanks in advance!

lydell

I am a member!

Offline
Joined: 04/20/2014

A note about price: The Intel NUC includes neither RAM nor HDD/SSD. However, even after having bought those the Intel choice is cheaper.

I also just found http://trisquel.info/en/forum/i-am-looking-build-my-first-computer#comment-64532 which recommends Intel processors without "Intel® vPro Technology" and "Trusted Execution Technology". None of those are present in the processr of the Intel NUC I'm considering: http://ark.intel.com/products/84984/Intel-Core-i5-5250U-Processor-3M-Cache-up-to-2_70-GHz.

One thing I haven't looked up yet is the wifi support.

lydell

I am a member!

Offline
Joined: 04/20/2014

I just looked through all the wifi cards listed on https://h-node.org/wifi/catalogue/en with the vendors "Intel" or "Intel Corporation". None of those were marked as working with free software. Although I couldn't find the exact hardware used in the NUC it does not sound promising.

lydell

I am a member!

Offline
Joined: 04/20/2014

Following links from the NUC page I linked to, I found this page, explaining that Intel WiFi products require proprietary firmware in the kernel: http://www.intel.com/support/wireless/wlan/sb/CS-034398.htm

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

You can get the Intel NUC (the CPU has no vPro or TXT) and a Wifi adapter at ThinkPenguin or at Tehnoetic:

tdlnx

I am a member!

Offline
Joined: 04/09/2014

Where are you seeing a price for the Intel machine (I might be blind)? I've also really been considering the ThinkPenguin pocket desktops but am always open to a cheaper alternative.

lydell

I am a member!

Offline
Joined: 04/20/2014

There's no price on the page I linked to. You'll have to search for a suitable reseller.

davidnotcoulthard (not verified)
davidnotcoulthard

TP donates 25% of the profits to Trisquel.

lydell

I am a member!

Offline
Joined: 04/20/2014

Thanks for clarifying.

lydell

I am a member!

Offline
Joined: 04/20/2014

Seems like Intel HD6000 graphics are a bit problematic: https://communities.intel.com/thread/61131?start=0&tstart=0

I will look for an Intel NUC with HD5000 graphics, as in the Pocket Wee.

Ishamael
Offline
Joined: 08/29/2014

Is there an AMD option? If intel is releasing Chips-Motherboards without vpro-txt, are there any safe ones from AMD? You're really saying the Snares comes without any botnet/backdoor technology (that you know of)? AMT for example. What about any of these (minus those mentioned)?

[VPro TPM TXT VT AMD-V Flicker TEM TZones on-board ARM processor AMD SVM TEE AMT IDE-R Execute Disable Bit PTT Intel Secure key]

I try to research this, but my search results return next to nothing, and what is returned seems intentionally confusing.
Which of these are dangerous, and which not?

Does anyone know of a list of motherboards without this stuf?

onpon4
Offline
Joined: 05/30/2012

AMD is not really any better than Intel in that department, and it's worse in the sense that their integrated GPUs don't work properly with Linux-libre (they require proprietary firmware blobs to function fully).

David_Hedlund
Offline
Joined: 03/30/2013

On 2015-03-18 06:07, name at domain wrote:
> Is there an AMD option? If intel is releasing Chips-Motherboards
> without vpro-txt, are there any safe ones from AMD? You're really
> saying the Snares comes without any botnet/backdoor technology (that
> you know of)? AMT for example. What about any of these (minus those
> mentioned)?
>
> [VPro TPM TXT VT AMD-V Flicker TEM TZones on-board ARM processor AMD
> SVM TEE AMT IDE-R Execute Disable Bit PTT Intel Secure key]
>
> I try to research this, but my search results return next to nothing,
> and what is returned seems intentionally confusing.
> Which of these are dangerous, and which not?
>
> Does anyone know of a list of motherboards without this stuf?

Please subscribe to the h-node mailing list, we need more people.

marioxcc
Offline
Joined: 08/13/2014

>What about any of these (minus those mentioned)?

>Does anyone know of a list of motherboards without this stuf?

Why are you interested in avoiding all of the items in list between “[” and “]”?. Several of those things are unrelated to computer user rights or their presence doesn't imply that the CPU won't respect them.

“Execute Disable Bit” is about memory management. When activated for a memory page, it prevents the CPU from executing code in that page. It's a security feature. It makes stack overflow bugs harder to exploit to achieve arbitrary code execution. “AMD-V” is an instruction set that gives hardware support for virtualization. ARM doesn't makes any CPU as far as I know, but instead it licenses the CPU designs to other companies, which in turn make the CPUs. Not all of those CPUs implement treacherous computing.

Your message may mislead some users into thinking that all of those technologies are incompatible with the user rights, which is not the case.

Chris

I am a member!

Offline
Joined: 04/23/2011

Our (ThinkPenguin) systems are without vPro and without "Trusted Execution Technology" (TXT). This is far from perfect though and there are more issues to avoid now than ever. In fact you can't avoid all the issues with a modern X86 system.

There are a lot of different problems with different components and its often not obvious to even those of us who do this for a living. I can't even begin to get into the details of it. However the jist of it is short of extensive testing and other steps there is a high chance you'll run into a problem somewhere. Even when I say XYZ works. Go buy that. It may not.

Sometimes a chip inside has changed to one that isn't supported, sometimes it has the right chip, but the device ID hasn't been added to the driver so the device doesn't initialize, sometimes a device has the right chip, but the device differs from some original reference design, and thus will never be supported, sometimes the device has some NAND on it with proprietary software, but other devices with the chip don't have this, and as such should be avoided, sometimes its not actually free software friendly, despite multiple people purporting it to work due to peoples misunderstanding of how things work (ie they run Ubuntu, then test with Trisquel, proprietary firmware was loaded by one OS, and temporarily works in the other), sometimes only half the product works (two chips one device), etc. Sometimes things are left out, are soldered down, or digital restrictions have been added since the original reports of X working.

Now as far as Intel NUC systems specifically are concerned they are not all alike. One of the current big issues we're seeing is Intel's begun (among many others) soldering down or otherwise integrating wifi chips dependent on proprietary software on the NUCs. Despite some initial pictures to the contrary on newer models the actual systems which are shipping are dependent on soldered down Intel wifi chips which can't be replaced. There may be other issues I'm not aware of as well depending on the specific Intel NUC system.

I also want to point out that you can build a system for less if your willing to compromise the quality of the components going into it. The problem for most people is it's really easy to pick up flaky components for a fraction of the price. For instance: the failure rate on many SSDs including the best SSD is undesirably high. If you want something remotely reliable you need to select the right higher end components. There are some other things you may need to do as well. Such as updating the BIOS for instance. I don't know about all Intel NUCs, but I can say some are really well supported. Others not so much.

Ishamael
Offline
Joined: 08/29/2014

That's why I asked which ones were dangerous, search results don't bring back much in terms of results for user violating technology, and backdoors.

I would still like information about AMD devices that come without these "features". Regardless of radeon GPUs.

Chris

I am a member!

Offline
Joined: 04/23/2011

Intel's got good easy-to-read documentation. I've not seen equivalent documentation on AMD chips. I'm not so sure it matters though. If your going to consider AMD I'd probably look elsewhere. AMD's graphics are dependent on non-free software which means your stuck on a 2D-only driver. You might be able to do NVIDIA, but with a LibreBoot BIOS it might not work, from what I've heard, at least one some boards, due to the lack of support for the (?) PCIE slot (?).

If your going to be stuck on a 2D driver I'd probably investigate ARM. Though that said it's not a great option just yet either. You'll still be stuck on 2D, but at least there are a few boards which are not dependent on a proprietary bootloader. The tricky part is the OS. You can run LibreCMC, but don't expect to be able to do much, yet. It's targeted at embedded devices (like routers) and still needs a lot of work for any desktop usage. Honestly I really think we need a build of Trisquel for ARM first. You could run a distribution without non-free software, but its not going to be an FSF endorsed distribution as such distributions are violating at least some of the high standards set out by FSF's distribution guidelines.

Ishamael
Offline
Joined: 08/29/2014

Can anyone at least tell me if Snares comes with AMT, from what I understand that's the worst offender, next to vpro-txt. AMT allows 3rd parties to access your computer at any time for "maintenance".

"Intel AMT is a set of remote management and security hardware features that let a sys-admin with AMT security privileges access system information and perform specific remote operations on the PC.[6] These operations include remote power up/down (via wake on LAN), remote / redirected boot (via integrated device electronics redirect, or IDE-R), console redirection (via serial over LAN), and other remote management and security features."

Chris

I am a member!

Offline
Joined: 04/23/2011

It's actually more scary than this. We don't know what any modern x86 computer is doing behind the scenes. All modern X86 systems are dependent on a proprietary BIOS-or proprietary bits. These bits are licensed from one of only a handful of companies who are contractually prevented from releasing the info needed for a free software friendly BIOS to be produced. While some use coreboot its not free software. There just using it as a payload for proprietary bits. And LibreBoot is only going to work on select older hardware from several generations back. There is no getting around this on X86.

Hopefully some of the work we're doing will help solve some of these issues. However it's going to take a combination of things to produce a seriously usable modern system. Right now there is not enough money flowing to those working on these issues. If we get past stage-1 (ie a plan) there is a huge stage-2 issue. Designing and manufacturing anything is expensive. It's going to take a massive fund-raiser to pull off a truly modern system. It's going to have to be a fund raiser like nothing we've ever seen within the free software community.

lydell

I am a member!

Offline
Joined: 04/20/2014

I have bought an Intel NUC now, so I can now answer my question. Is the Intel NUC free software friendly?

The answer is: Both yes and no. I will compare the i5 models specifically.

The latest models, with 5th generation Intel Core i5 (Broadwell) processors (NUC5i5RYH and NUC5i5RYK), might look tempting because the latest is always the greatest, right? Well, they have two downsides:

- They use Intel HD 6000 graphics. Not even the latest stable Ubuntu 14.x supports it (but Ubuntu 15 does). You need the latest Linux kernel (3.19 I think). This means that you cannot just install Triquel 7 out of the box and be done with it. I didn't feel like messing with upgrading the kernel.
- They have a built-in wireless card from Intel, which requires proprietary firmware in the kernel. There is no mini-PCIe slot to insert another wireless card. You *could* use a USB adapter, but then you loose one of the four USB slots, of course. You could also use an ethernet cable, but I actually want wireless support sometimes.

The next-to-latest models, with 4th generation Intel Core i5 (Haswell) processors (D54250WYKH and D54250WYK), do not have those downsides:

- They use Intel HD 5000 graphics, which works out of the box in Trisquel 7.
- They do not have a built-in wireless card. Instead they have a mini-PCIe slot, allowing you to insert any wireless card of choice.

In the end, I concluded that the (theoretical) extra performance from the newer processors won't make a difference to me, since I don't do *that* performance intensive things, so the older models are actually a better choice. They're also cheaper. The store I bought it from also had a temporary discount on those models, which made the choice even simpler.

This is what I recommend:

- If you're looking for a really small computer,
- that is pretty quiet,
- can play 1080p video,
- can run Trisquel 7 out of the box,
- and has wireless network support ...

... then buy either The Penguin Pocket Wee or an Intel NUC D54250WYK(H). They're basically the same. How do you choose between them?

- You need to find appropriate m-SATA SSD, 1.35V 1600MHz/1333MHz SO-DIMM DDR3L RAM memory chips and a half-height mini-PCIe free software-friendly wireless card for the NUC yourself, while for the Pocket Wee that is taken care of for you. I enjoyed learning a bit about it and searching for parts myself.
- The Pocket Wee comes assembled and with your OS of choice pre-installed. You might appreciate it and be ready to pay for the extra work. I enjoyed the assembly process, though. It was the perfect balance between building your own computer from scratch and getting a pre-built one.
- The Pocket Wee is overall a bit more expensive. On the other hand, you also pay them for making choices, assembly and installation for you. You also support a "one-of-kind" company and indirectly donate a bit to Trisquel 7. However, shipping to my country included a rather expensive shipping cost and large VAT additions, making it a bit more than *twice* as expensive.

In case anyone wonders what wireless card I bought its an Atheros AR9280 from http://minipci.biz/. It works great!

The BIOS of the Intel NUC (and the Pocket Wee) is proprietary, though. However, if you want a computer with free BIOS *now*, there aren't many options anyway, apart from a few Lenovo laptops with Libreboot support. Hopefully Libreboot will support the Intel NUC some time in the future! As a side note on the BIOS: In every computer I've ever used before this one, the BIOS has seemed like really simple software. Just a simple text based UI which can be accessed with the keyboard. On the Intel NUC the BIOS look like a modern desktop application, with graphics, mouse support and UI customizability. Giving more power to a proprietary program does not feel good.

sweeney
Offline
Joined: 08/03/2014

You already answered your question but that is exactly what I was going to chime in with. I've been running the Intel NUC D54250WYK(H) for several months now. It makes a nice little computer and runs Trisquel very well.

lydell

I am a member!

Offline
Joined: 04/20/2014

Thanks for letting me know! I'm glad that you're satisfied, too, and that it works well for you even after some time.

Chris

I am a member!

Offline
Joined: 04/23/2011

Most people won't see any difference in the price of our computers vs putting something together themselves if they're using high end components. The problem is perception and not being skilled at building computers. People tend to compare a low end configuration they can build themselves vs our high end configurations. High end components can cost significantly more and are really critical in many cases due to the high failure rates of low end SSD drives and ram.

If your getting to “double the price” scenarios you are usually misunderstanding how taxes work and are located outside the United States-or are in a country with some sort of trade barrier like Brazil. Our prices are definitely not that high. The computers are shown without tax so they are lower than that of an equivalent locally purchased computer in most cases. However on delivery the government will collect whatever the local tax is. Ultimately you'll pay about the same. In some cases it might cost a little more for shipping, but thats about all, and in my experience its well worth it. Faster shipping, reliable delivery, etc.

The Intel NUC will never have a free software BIOS. Intel's uncooperative on this front and its necessary for Intel to cooperate in order to get LibreBoot working on any of the Intel NUCs. Francis (LibreBoot's lead developer) has stated this much before- among others. Including the CoreBoot developers.

While I generally agree with the overall sentiment that Intel's the way to go your probably giving Intel too much credit on the NUCs. The NUCs have numerous problems which aren't immediately noticeable. Issues we never saw with prior Intel boards. While initial reviews are going to be good the long term issues include catastrophic failures and really annoying glitches. Check out the Intel support forums for details. You can solve some of these problems if you know what your doing and where to look. There are numerous updates although they appear not to work for everyone. I'm presuming thats because there are different revisions/models/etc.

lydell

I am a member!

Offline
Joined: 04/20/2014

I think I might have generalized too much on the pricing, so let's be specific to be fair.

I live in Sweden, and bought the parts from Sweden at https://www.dustinhome.se/. Let's compare the prices:

- Intel NUC D54250WYK: $368.55
- Samsung 850 EVO MZ-M5E250BW 250GB mSATA-600: $155.86
- Corsair Vengeance 8GB 1600MHz 1.35V 9CL SO-DIMM DDR3L RAM (2 units, 4GB each) (CMSX8GX3M2B1600C9): $95.32
- Shipping: Free. It took 2 days.
- Tax: Included.

I bought the wireless half-height mini-PCIe card from http://minipci.biz/.

- Atheros AR9280 dual-band 802.11a/b/g/n 300MiB/s: $20.55
- Shipping: $3.23. It took 4 days.

Total: $643.51

If I would have bought a very similar setup from Think Penguin:

- Penguin Pocket Wee: $499
- Intel Dual Core i5-4250U 1.3 Ghz (2.6 GHz turbo): $79
- 8GB DDR3 memory: $104
- 250GB mSATA SSD: $199
- Wireless N Dual-Band (TPE-NHMPCIED) (Atheros AR9382 802.11a/b/g/n): $59.00
- Limited time discount: -$50
- Shipping: $81.62. 5 days. (Estimate.)
- Tax: 25% = $222.5

Total: $1194.12

That's about 1.8-1.9 times more expensive.

I didn't mean to make sound like Think Penguin are bad and overly expensive. Now you know what at least I had to compare with.

---

As far as I know, all the components I chose are high end. I've read about them on the Internet and I have also asked a few friends who are really skilled computer hobbyist builders. But since Think Penguin does not write on the website what components they use I can't compare them. If they actually use really good high end parts I'd suggest "boasting" about it on the website. That might sell better.

---

It's a shame that Intel is so uncooperative on the BIOS/boot firmware front. Does the Penguin Wee has a better chance to get Libreboot support?

---

Could you share a link to one of those forum threads you mention where people have problems with the NUCs?

Chris

I am a member!

Offline
Joined: 04/23/2011

The wifi cards on the newer NUCs are not free software friendly and solder down. You can't simply buy a half height mini pcie card any more...

lydell

I am a member!

Offline
Joined: 04/20/2014

Yes, that's what I meant by "built-in". Thanks for clarifying.