Libreshop x200 sale
Hello world
How are you? I wanted to make an announcement.
I have liberated some x200 machines from proprietary firmware and upgraded them to the highest specs possible(except wifi and bluetooth, I need to make some time to experiment with them), so here are the specs:
- x200 librebooted
- with/without os (Trisquel/Parabola) (not encrypted)
- 8GB ram
- 256GB ssd drive
- atheros wifi (which connects to 2Ghz)
- original 6/9cell battery(first orders will get the batteries with the highest capacity, broken batteries are already gone, so last orders will not get an original battery)
- new 9cell battery
- charger
- charger cable(enough eu/6 uk)
The price is 450€(everything is included in the price, except toll, which won’t be a problem inside the EU). The packages will be send from Belgium.
I also have 3 x200’s with 4GB ram, if you are interested in buying them, you will get 50€ discount.
The laptops aren’t RYF certified. YET :)
I send a mail to FSF twice and also send a mail to RMS, he also pointed me to the licensing department of FSF. If I have some more time, I will recontact them about it.
If anyone is interested in buying one, you can send me a mail at order at libreshop.eu
I’m doing this on my spare time, so the website is not yet ready, but don’t worry, I’m building one :)
If you have any suggestions, ideas, complaints, send a mail to info at libreshop.eu.
Yeah, I know, both e-mails are forwarding to my main e-mail, but I have a filter based on e-mail addresses, which I use to separate libreshop orders and info from my other businesses.
Greetings
Libreshop
----> My X200
X200 bought in like new condition (3GB ram)- GBP £72
WiFi card - £3.50
SOIC connector - £9.25
brand new battery - £14.99
(already had) a raspberry pi - £34
(already had) a 250GB SSD - £30
Total = £163.74 (191.16€)
Without the cost of the raspberry pi + SSD (the cost to me...) = £99.74 (116.44€)
Cheaper X200 + 128GB SSD + use an older battery... and I could probably get one working for £75
-----> My Gigabyte desktop
GA-G41M-ES2L (with processor and 2GB ram) - £25
4GB ram as an upgrade - £10
Total - £35
To be put into as cheap or expensive a PC build as desired. I already had a PC build so straight swap old board out, new in. Zero cost to libreboot (done internally).
----> (no longer own) Samsung Galaxy S3 with Replicant OS
Bought in good condition - £35
I mention all this because I have become angry at seeing all this greed and profiteering. I do not aim this at just you - there are many. The phone which I bought for £35 (40€) and Freed for £0 is being sold by tecoethical for 448€ !!!
There is nothing wrong with selling a service - some people don't have the technical competence to libreboot hardware or build a workstation. However, it is unethical to take advantage of lack of technical ability for financial reward.
This is stealing from the community. It is taking the hard work of people who gave us Freedom and using it to take advantage of others.
At least Leah Rowe and minifree can argue that the cost to buy from them pays for all the hours and money put into making libreboot. What investment have all these other shops made into the Free Software Community? All I see is take take take. This is not being a good neighbour. This is not being a good hacker.
- If people can afford it, they should buy from / donate to a project.
- If they are capable, they should learn to do it themselves so as to teach to others
- Hackers should offer their services to those lacking in technical ability for free or a reasonable hourly labour rate
External BIOS flashing is not something the average user is comfortable with, so I understand asking the user to pay for the convenience of not having to do it themselves. (450€ is a little steep though. I bought my librebooted X200 for $290/250€). The Replicant phones though I really don't understand. Installing Replicant is something a beginner can handle, so charging 448€ for a 40€ phone does seem pretty nuts.
I absolutely agree. Most people wouldn't know how to start (or feel comfortable trying). There is nothing wrong with people expecting to be remunerated for their time. However, all of us in the community have a duty to keep that cost as low and reasonable as we can.
If possible, we can do it for free. For example, University students can start a Free Software student society at their university and help their fellow students. Give back to the community!
Yes, the replicant phone prices make me very angry.
I understand what you are talking about, I truly do.
I will explain why 450€ and what I will do with it:
- librebooting device and upgrade to highest specs(and install os if asked).
- I want to spend more time for this project.
- - eg. buy and test other wifi chipsets to serve 5Ghz or Bluetooth 4, built-in instead of external dongle
- - take a day off from my main job, to do more for this project
- pay website(mostly for hiring people).
- build a “how-to” part in the website.
- - how to libreboot
- - how to install encrypted os
- - how to change grub(background, settings, ...)
- traditional costs are included: you don’t pay extra for vat, shipping, support.
Of course, there is profit involved, I won’t lie about it, but that’s not all.
I understand your point of view, and I respect that. I also wanted to buy at first, but because of the prices I decided to do it myself.
The difference was, that I found my x200 (with all the upgraded parts) for around 300€(+-100€ more than what you have payed), without the SOIC(I payed 20€ for this) and raspberry pi(I already had a pi).
So you are correct and not correct, in my point of view.
Correct, there are many(including me), doing it for profit.
Not correct, I’m not stealing from the community, I try to contribute my way(and I’m open for discussions, suggestions, ideas)
Btw, thanks for your comment, it showed me what I wasn’t expecting as a first reaction, and what I’m dealing with, by doing this project. :)
Kind regards
What I dislike in these types of threads are all the comments saying "I got a libreboot compatible laptop off ebay for 50 dollars". While you might be able to get such a computer for 50 dollars, if you run a shop you will need a constant supply of computers of high quality and available in a timely manner (since most of the models are 10+ years old you will need to find a reputable supplier and of course you cannot afford to wait a month for the laptop to arrive) - you can purchase the computers for 50 dollars each but then you will have to deal with hundreds of sellers who sell you at most a handful of computers each, each of which might take a month or longer to arrive. If the added value in the freer product can be easily achieved via software only and the hardware is relatively new and can be easily bought online (e.g. replicant, librecmc or rockbox devices) then there really is no justification for exorbitant prices.
The issues of running a shop are a moot point when we are talking about end users.
- The end user needs *a* laptop which respects their freedom. The don't need a bulk supply of ex enterprise laptops.
- No one is waiting months for a laptop they bought used from eBay.
- People say 'i got a libreboot-able laptop off eBay for $50', because you can quite literally buy a perfectly fine libreboot-able laptop off eBay for $50. You can even send it to someone on eBay who will libreboot it for you at low cost.
Thank you for the comments.
I will reduce the price from 450€ to 410€(50€ discount for 4GB still exists).
But I don’t agree with the fact that Free(dom) software or Free(dom) hardware should be free(gratis).
Selling those laptops is contributing to the community.
I want to start a business(so profit is always involved).
My job is to offer a product(in this case librebooted-upgraded 10+ year old laptops for the price I mentioned).
It’s the customers job to do the research(ask forums, read customer reviews about shops, ...) to find it cheaper elsewhere or do it self.
It’s the communities job to inform the buyer about the other possibilities or to give comment about a shop(like you did about Minifree, btw, I bought other stuff from Minifree, very friendly :) ).
You librebooted it yourself, I librebooted it myself, some other people here also librebooted their devices themselves. It is possible to do it, but not everybody is doing it or can do it, and not everybody can wait for all the parts to arrive or have the ability to find the cheapest parts as you have mentioned.
Comments like “it’s not worth, I did it myself for very cheap”, doesn’t help the community too. You didn’t mentioned how you did find the parts so cheap, how you flashed your laptop. You mentioned your frustrations about unreasonable prices, and by putting sellers(shops) like evil profit minded people :p.
I started with 450€, most people here find it too much and frustrated, I slept one day and put myself in your place, so I reduce it to 410€, but I also keep in mind that I need to run a business, so I need to think about my companies profit. Ask everyone(even minifree), they are also making profit.
> But I don’t agree with the fact that Free(dom) software or Free(dom) hardware should be free(gratis).
Nobody has said that. I quite clearly said that; a) being remunerated for work is OK, b) taking advantage of people unable to Free themselves is not.
> Selling those laptops is contributing to the community.
No it isn't. It is analogous to ticket scalping. You have spotted a supply-demand chain and realised you can insert yourself into it and skim some profit off it.
> It’s the customers job to do the research / It’s the communities job to inform the buyer about the other possibilities or to give comment about a shop
That is my purpose here.
> not everybody is doing it or can do it, and not everybody can wait for all the parts to arrive or have the ability to find the cheapest parts as you have mentioned.
They can send a laptop to someone for £40. Or get assistance here. Or meet someone in real life who will show them. Also, let's be real - your extra parts are an SSD and some RAM. I don't support Amazon, but we live in a world where people can have an SSD delivered to the door in 1 hour!
> Comments like “it’s not worth, I did it myself for very cheap”, doesn’t help the community too.
Nonsense. It's one of the most helpful statements to make - that Freedom is not too far away. The person it doesn't help is you! You need people to be ignorant and not helped or they wont pay 400€ + for a 10yo laptop.
> You didn’t mentioned how you did find the parts so cheap
Yes, I did. eBay mainly. New items like SSD and battery can be bought from lots of online retailers
> how you flashed your laptop.
By making use of kind and generous members of the Free Software community. They wrote detailed guidance (libreboot, here on Trisquel.info, other forums) or they wrote blogs / made videos. They shared their knowledge so that I could have Freedom.
I will pay that forward by helping others. I will not take that new knowledge and use it to rip off others. I aim to contribute in my own way to the movement. I think the technical documentation / guidance could be better so I am writing some new guidance.
> You mentioned your frustrations about unreasonable prices, and by putting sellers(shops) like evil profit minded people :p.
Yes, it is evil minded. It is no different to the evil business practices of Microsoft et al.
> I started with 450€, most people here find it too much and frustrated, I slept one day and put myself in your place, so I reduce it to 410€, but I also keep in mind that I need to run a business, so I need to think about my companies profit. Ask everyone(even minifree), they are also making profit.
You have no *need* to run a business. There is no *need* for the Free Software community to keep you in cash anymore than some band has a duty of care to a ticket scalper.
> Ask everyone(even minifree), they are also making profit.
Minifree sell an X200, 8GB, 480SSD, for 378€.
They also offer an X200, 4GB, 160HDD for 198€ (lots of people have a spare SSD already).
So even expensive MiniFree stuff is cheaper than what you want to charge (even after your 'generous' discount!).
Also, let's not forget that MiniFree is run by Leah Rowe. I'm sure that, in total, she has spent more time and money on Libreboot and Free Software than she has made in profit!
Buying a laptop from MiniFree should be seen almost like a donation to the project. It's like buying expensive GNU, FSF, Trisquel merchandise knowing that you are paying way over the cost of a mug (it's more like a £20 donation gets a free mug).
Not to mention how helpful Leah is for people needing assistance.
By your logic every computer repair shop (and other professions such as handymen who charge exorbitant fees just to visit and in fact nearly every shop that doesn't produce the items it sells and sells items for huge markup prices) is simply a scalper selling products it purchased for a much cheaper price. Any libreboot shop performs basic hardware operations such as replacing wireless cards and upgrading RAM in addition to installing libreboot so in that regard it isn't much different to a regular computer shop some of which charge very expensive prices to perform such tasks.
That analysis is faulty.
To reiterate (again);
1) There is nothing wrong with getting paid to provide a service or sell a product
2) It is, however, unethical to use a discrepancy in the system to leverage unwarranted profit.
This is why we have trading standards. There's nothing wrong with a car mechanic being paid to fix a car. People need cars, and many can't afford the bills, but the mechanic is right to say they want to be paid. However, if that mechanic takes advantage of the customer - say, by taking advantage of the fact they don't know much about engines - then we as a society step in to stop it. As a society we don't just say 'caveat emptor', we agree that there is an overriding need for ethical practice.
Where is the discrepancy? If you want you can install libreboot yourself (you can find online guides) and buy the laptop used for 50 dollars. If you prefer someone to prepare a complete custom libreboot computer for you you can do that as well by picking the computer and specs you want from libreboot shops. If you think the libreboot shops don't contribute enough to the libreboot project you can suggest that they donate libreboot a certain amount per sale (say 10 dollars).
> If you prefer someone to prepare a...
It's not a *preference* - it's a *need*. These shops aren't targeted toward people who can libreboot but just can't be bothered. It's taking advantage of the fact that people want Freedom, but currently there is a technical barrier to entry.
I think my discussion here is done. Clearly we fundamentally disagree on what is ethical. Selling an old X200 (regardless of how you try to justify it) for > 400€ is completely unethical in my mind. It runs contrary to so much of what the Free Software community stands for. Thank God I'm not alone - otherwise we'd have no GNU, Debian, Libreboot... Just more predatory Microsoft attitude. Looking to make money rather than help your neighbour. That's not being a good hacker.
To practice a business, there needs to be a supply-demand chain, and people who realize that aren’t always evil. Making profit out of it is also not evil. Of course, I understand the worry about unethical practices, and I agree that the community need to act against it.
I already explained my business:
1. I buy the parts (which costs me around 250€-300€, depends on the currency and the time),
2. I upgrade it to ssd, higher ram, new battery and replace wifi chipset
3. I libreboot it
4. Test the device(and install os if wanted)
5. I ship it to the address you provide
And I do it for 410€
Ram costs me around 50€, so that’s why I gave 50€ discount, because it isn’t upgraded, so you don’t pay that part(if you want to know the ethical reason behind this “generous” discount for 4GB version).
I’m not trying to scam people, by selling 10+ year old laptops, then disappear.
I posted it here, so most people interested in buying one, already checked the forum, so they know that they can do it for much less, but if they want one stop to buy the product, without doing the librebooting and buying parts themselves, they can buy it also from me or another shop who is active here. They know what they are buying. And for what they are paying for.
If you already have the laptop or the parts, you are free to lookup people to libreboot your device(but don’t forget, you need to pay the shipping twice 1) sending for flashing, 2) sending after flashing). And you don’t find in every country a person on eBay who wants to flash an x200. Or be really lucky that your neighbor is a hacker who can libreboot it for you.
If you are courageous enough, you can buy the SOIC and beaglebone or raspberry pi and flash it yourself, so you don’t pay the flashing itself.
The individual guy who will only libreboot your device is also doing it for earn something(=profit), and you don’t ask him if he’s supporting the community in any way. Is that individual guy also evil?
Not every company who is making profit is evil or like the big five(Google, Amazon, Apple, Microsoft, Facebook).
I don’t force anyone to buy from me, they are free to buy from anyone.
I don't intend to comment anymore except to add this for future people reading this;
If you want Libreboot:
1) If you are reasonably competent it is easier than you think. I am no expert but I have learned how to Libreboot the X200, T60, and Gigabyte motherboard. Replicant OS on a phone is very easy.
2) If you are stuck, ask here. People are very helpful. I have found that most people are passionate about sharing information.
3) If you do not feel confident doing Libreboot yourself. You can pay someone to do it for you! It'll cost you about £30 or 40. That's pretty fair, particularly for laptops which require some disassembly. You can also ask around to see if someone in your local area can do it for you. Check to see if you have a libreplanet community in your neighbourhood. Most people are happy to do it for you for the love of hacking and helping spread the Free Software message. Buy them some beer/doughnuts/pizza as payment!
4) If you can't manage any of the above... Look out for people selling an already Libreboot'd laptop. They come up for sale sometimes.
5) Finally, you can buy from an online store. I recommend you buy via MiniFree. This shop is run by Leah Rowe, the founder/lead for the actual Libreboot project. Your money will go straight to the project, and you obviously will be supported by an expert! [I am in no way associated with MiniFree or Leah Rowe].
Above all else - be a good hacker and a good neighbour.
Thank you for your comments, and pointing me as being evil as Microsoft and referring another shop (like a Mac fanboy referring to I-things over Microsoft). :P :thumpsup:
Srry for the bad joke. Didn't intended to offend you ;)
Still thank you for your comments and sharing your thoughts about it(even if it's the opposite of mine)
Librebooting T60 is easy (can be done via software) as long as you have the right graphics and right panel (only SXGA+ and higher resolution panels are supported, QXGA works but grub does not appear on the screen so you cannot easily switch between kernels). Since the panels are hard to source I'd recommend buying it from a shop.
This "price gouging" argument is untrue. If I go to the Minifree website, the price right now for an x200 with 8GB ram and a 480GB SSD is €378.00. If I include shipping to me, it's €423.00. Libreshop is offering an 8GB with a smaller SSD (256GB) for €410.00, which includes shipping.
If I bargain shop online for SSD's, the price difference between a 256GB and a 480GB is going to be about €10.00-€15.00. Seems like the price is correctly adjusted for the market.
Seems more like there's some hostility toward anyone encroaching on Minifree's territory with a similarly priced product. Which, if that's the case, fine - state your case about why Minifree is better. But don't say that Minifree is selling for far less when that is simply not true.
If you read through you'll see I think MiniFree is overpriced too.
My point about favouring MiniFree - if someone is going to pay over the odds - is that it can be seen as a direct donation to Libreboot. That is a potential reason to justify the price.
EXAMPLE
It's the same as the Trisquel mug here. That mug is listed at £21.15. That's a very expensive mug! BUT... I'd argue that if profit goes to Trisquel, it is better viewed as a £21.15 donation to Trisquel with a free mug. That's how I view MiniFree.
I've also stated very clearly I have no link to MiniFree or Leah Rowe. I don't know her, never bought anything from MiniFree, nothing.
Anyway, there little point in debate. People have their opinions on either side and that wont change. My aim was to put down in writing a different opinion for the benefit of future readers. Hopefully to also promote altruistic behaviour within the community.
I've not bought one from any company. But the price seems fair to me and is fair according to the market, and clearly if you want a cheaper one Minifree will sell the 4GB model with HDD for a lot less. But complaining about price seems unwarranted. Both Libreshop and Minifree are saying, "if you want this product, you'll need to pay me this price - otherwise you can try to do it yourself". Which is not exploitation, or even capitalism - it's simply the way exchange and trade have occurred between humans since the dawn of time.
Exploitation would be setting a price ceiling, and forcing Libreshop or Minifree to produce and ship the laptop for less than they are willing. In that case, their labor would be exploited.
Personally, I think the smart buyer would order the lowest priced 4GB one, and then add the memory and SDD themselves. Let the experts pick a laptop in reasonably good condition and do the Libreboot work, and let me do the simple tasks like adding the components. As we all know from experience, buying off random strangers on ebay has inherent risks of receiving low quality goods.
Also - there's a difference between buying a coffee mug and a computer. If I buy a $21 coffee mug, then clearly I'm buying it for some added value - like a donation as you say, or because it has a cute picture of a penguin on the side, something like that.
But if I'm buying a computer, I'm not buying it for sentimental reasons or to shove money in anyone's pockets - I need a working computer at a reasonable price. I think Minifree is selling them at the going market rate, as is Libreshop if he can ship an 8GB model with SSD for €410.
I understand your points and you put forth a solid counter argument. It's clearly an case of different ethical viewpoints. We all take a different stance on these things.
I point to consider - a libreboot'd laptop is bought for reasons other than just being a working laptop. You are buying and supporting Freedom. There *is* an element of sentimentality to it - one thing we all are is passionate about software freedom!
I have to say I don't really understand why people are complaining about the price. A new T60 in 2006 was a very expensive computer (the launch price was 2749 dollars, see link below), so roughly 400 dollars for an old Thinkpad (computers which are very easy to service and are built like tanks) with upgraded hardware (a new SSD or more RAM) seems pretty cheap to me. The fact that you can get it even cheaper from eBay is just an added bonus.
forum.thinkpads.com/viewtopic.php?t=125036
Libreshop, why don't you offer other FSF certified OSes such as Hyperbola?
Hello aloniv
Thank you for your comment.
Currently, I have experience in librebooting x200 laptops, so I start it with selling only those, once I have more time, I want to add extra hardware as well.
Same for the Operating systems, I have more experience in installing Trisquel and Parabola, I didn't used other FSF certified OSes, but it wouldn't be so hard to learn them, as I already know Parabola, installing Hyperbola would be easy, I guess.
If there are enough people who wants to buy with another OS(that I provide), I'll give it a try.
I used Ubuntu a lot in the past, before discovering the Freedom oriented OSes, so the easiest one for making the switch at that time was Trisquel for me, then I discovered Parabola, and the rolling updates was a great option for me(of course, my browser and other software has already crashed because of the updates couple of times, which is a disadvantage of rolling updates)
Installing Hyperbola is similar to Parabola since both are arch based. There is also a migration guide from Parabola to Hyperbola.
@richardEU
Thanks a lot for taking the time and the effort explaining your point of view.
I do agree with you wholeheartedly, especially what you are saying in response to "I need to run a business".
There are lots of "businesses" up on platforms like amazon or ebay selling stuff that can be bought for a few cents for a few dollars. It seems like easy money that can be earned through buying stuff online and selling it again. Maybe some can earn a living but most are just putting a strain on the already mistreated environment.
Back to Libreboot:
The more important thing people don’t seem to mind:
As far as I know these old CoreDuo2 processors by Intel are neither safe agains Spectre nor Meltdown. I don’t think there are any patches available and I don't think there will be any updates in the future. At least that's what I read about. You would need microcode updates.
https://www.extremetech.com/computing/266884-intel-wont-patch-older-cpus-to-resolve-spectre-flaws
Libreboot hasn't had an update for ages.
I don't know if Coreboot does offer a solution for these old processors because I don't have a T400 or even an older laptop anymore.
> As far as I know these old CoreDuo2 processors by Intel are neither safe agains Spectre nor Meltdown. I don’t think there are any patches available and I don't think there will be any updates in the future.
https://www.linux.com/news/meltdown-and-spectre-linux-kernel-status-0
Do you want to say anything, just say it.
Instead you link to a text that is even older than the one I linked to and that has absolutely nothing to say.
There may be parts fixable through kernel settings/updates but the whole Spectre & Meltdown mess is like the Intel ME, it is a hardware problem that needs help from intel in the form of CPU microcodes.
There have been discussions elsewhere:
https://www.reddit.com/r/coreboot/comments/94jq93/is_corebooted_hardware_immune_to_attacks_like/
For example, there have been many BIOS updates for Thinkpads but not the older ones.
I don't go into detail because this problem is way to complicated to put it into one sentence.
I am just saying, most of the real old CPUs are having a problem!
> want to say anything
I did not write anything because the link I stated is self-explanatory. You
can patch through the linux kernel. And that is what linux did.
I don’t like communicating through just links. I already guessed what you were trying to convey with this link being that everything will be a-okay if you just keep updating your kernel. OMG!
"You can patch through the linux kernel. And that is what linux did."
Your "comment" reminded me of people online that aren’t open minded anymore but searching for something on the internet that supports their point of view or something they want to believe is true.
Please, do a little research before posting stuff like this.
You do need microcode updates!
Why do you close your eyes to the reality? This false sense of freedom and security is not helping anyone.
Did you run the programmes checking the vulnerabilities? I guess not.
Have fun in your bubble!
> You do need microcode updates!
Assuming they provide improvement - yes. But you have no way to know all they do because it is closed software.
> This false sense of freedom and security is not helping anyone.
Correct. Closing eyes for facts in order to attempt to conform perfectly to an ideal (a non-fact) does not make one free from the chains but is additionally limiting. The microcode is there, inside the CPU, and can't be removed by installing super-libre-idealistic-free-rms-endorsed-whatever. The microcode updates are stored in a separate memory. Avoiding the later does not remove the former.
> There may be parts fixable through kernel settings/updates but the whole Spectre & Meltdown mess is like the Intel ME, it is a hardware problem that needs help from intel in the form of CPU microcodes.
There are no "fixes" for Spectre/Meltdown. There are only mitigations.
Intel ME is not a hardware problem. (hardware in the sense: something hard/fixed that cannot change) I don't think it has anything to do with microcode either. It is just closed and signed firmware which makes it impossible to remove completely. If it is removed completely your computer will still be fully functional but will shut down in 30 minutes. The only way to avoid this is to keep some parts of Intel ME functional.
Yes, you are right, there are no "fixes". Also, there have been new variants of Spectre and other vulnerabilities that are in need of mitigations. Linus Torvalds called these mitigations bullshit but didn’t say that there weren’t any necessary.
Regarding the ME I do know what it is about but I am sorry I just cannot repeat all the details right off the bat.
What I meant, casting aside the terminology of hard- or software problem, is that you have to take apart your laptop or computer and flash a chip. I did that with the T400 when I flashed libreboot on it and I did that with coreboot. I also know about the steps that probably disables the ME but one cannot be sure. This stop-thing (don't know what it was called)
Sorry for my wording, it was impromptu to make a point.
Do you acknowledge linux has made a patch?
If yes, then you claim the linux patch is not as efficient
as a patch provided by intel?
In result those cpus, like the libreboot computers, which have not
gotten an intel patch are not as secure? Do you have researchers
backing up such a claim? Can you provide any documentation about
your claim?
Run and see for yourself:
find /sys/devices/system/cpu/vulnerabilities/* -print -exec cat {} \;
Paste your results, then I will show you the results from a machine with microcode patches.
For completeness share also the output of:
cat /proc/cpuinfo
Additionally you can test with https://github.com/speed47/spectre-meltdown-checker
Here's the result for an unpatched Lenovo W510 running the latest, updated Debian:
$ find /sys/devices/system/cpu/vulnerabilities/* -print -exec cat {} \;
/sys/devices/system/cpu/vulnerabilities/l1tf
Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1
Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full generic retpoline
And the CPU
$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 30
model name : Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz
stepping : 5
microcode : 0x5
cpu MHz : 1199.000
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 0
cpu cores : 4
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm kaiser tpr_shadow vnmi flexpriority ept vpid dtherm ida
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
bogomips : 3457.93
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
Here is how it looks on an openSUSE Leap system:
[~]: find /sys/devices/system/cpu/vulnerabilities/* -print -exec cat {} \;
/sys/devices/system/cpu/vulnerabilities/l1tf
Mitigation: PTE Inversion; VMX: EPT disabled
/sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/spectre_v1
Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling
The system also has hyper-threading deliberately disabled in BIOS.
And the CPU (pasting just core 0, the others are the same):
[~]: cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 58
model name : Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
stepping : 9
microcode : 0x20
cpu MHz : 3392.442
cache size : 8192 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 4
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm cpuid_fault epb pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts flush_l1d
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
bogomips : 6784.88
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
If returning message says mitigation then a patch is installed? If returning
message says vulnerable then no patch has been installed?
There was a vulnerable message about
spec_store_bypass about a thinkpad t400.
You say some computers are patched that they have
no vulnerable returning messages?
Then he is right if intel have not provided patches for all
computers and intel could have provided them if
they had wanted to.
That is not acceptable if intel could have provided patches
but decided not to provide them.
You also have "SMT vulnerable" about L1TF. Note also the number of different mitigations available on the "non-libre" system for the various vulnerabilities.
> You say some computers are patched that they have no vulnerable returning messages?
Obviously. This comes through the microcode updates which is obviously not possible on a "libre" system which denies anything proprietary. So you choose between actually improved security and "libre".
> Then he is right if intel have not provided patches for all computers and intel could have provided them if they had wanted to.
Intel explained (I don't have a link, so search) that for some of the older CPUs they won't be making microcode patches because the CPUs themselves don't support such kind of mititagion. So yes - a lot of CPUs will remain vulnerable forever.
Of course I acknowlegde patches, this is far from being news.
There have been numerous patches since Spectre, Meltdown and other variants have been discovered.
I am far from being an expert on all these vulnerabilities, like most people, I guess.
There are more than enough articles and papers by security experts explaining all these things. Understanding is the hard part. I do not but I can draw conclusions and I have to trust someone who does understand what is at stake.
Here is only an example, explaining a lot. At the end there is some information on older cpu's:
https://www.techrepublic.com/article/spectre-and-meltdown-explained-a-comprehensive-guide-for-professionals/
tonlee san, Джордж san, zigote san, (I will omit honorific titles from now on, maybe)
May I ask you guys question?
Sorry for interruption, since just you guys are disccusing now so I ask, though.
After all, which do you think the most free PC is?
What about the most secure one and the most secure and free balanced one?
Thanks. Of course other users' detailed opinions are very welcome, too.
Edit: Which the PC do you think the most free?
Which do you think the most free PC?? something like that :p
How can you have any pudding! if you don't eat your meat!
@Masaru Suzuqi
It is a difficult question and I am neither an expert on free software/hardware nor on security. Keep that in mind, there are others e.g. programmers who really know what they are talking about.
Anyway, I do have an opinion that I will share with you. When it comes to free I still think that libreboot is an example of how it should be. However, as far as I know there hasn’t been much going on over the past 3 years whereas Coreboot (which libreboot is based on) is constantly being developed, bugs being eliminated and so on. I think some people are using an up-to-date Coreboot without proprietary blobs on librebootable boards. You’d have to consult the coreboot mailing lists or reddit to get more information.
I don’t know how big of a threat these Spectre and meltdown vulnerabilities are without all the patches available. The Debian Wiki writes regarding Spectre v.2:
“To address the issue in Debian, updates to the kernel, processor microcode, hypervisor, and various other userspace packages will be needed.”
(...)
“Spectre 2 might not be fixable without firmware updates, which must come from hardware vendors.”
Over the past year there have been a lot of discussions going on on the forums of several Linux distributions regarding lots of different CPUs ranging from now until more than 10 years back (with regard to Spectre, Meltdown etc).
Again, I don’t really know how big the immediate threat is but I do know that it is of great significance to businesses, industry and so on. The decrease in performance results in a significant increase in workload. Think about server farms having an increased power consumption and thus are more prone to failure, costs will be higher. Hackers will try to exploit the holes.
When there is talk about security, there is almost always the question of “What’s your threat model?”
A Chinese citizen who wants to talk freely on the internet has a completely different threat model than you in Japan.
Let’s say you are like most of us, someone who is interested in privacy, anonymity, freedoms and so on, because he cares about what happens to his data online and he cares about a future where not every footstep one takes will be monitored. The latter is almost a lost cause but one can try.
#########
There is a small group of people hacking a
Lenovo G505s with an AMD A10-5750M
running coreboot
http://dangerousprototypes.com/docs/Lenovo_G505S_hacking
"Lenovo G505S is the latest most powerful laptop from the Supported Motherboards list of coreboot open source BIOS ( FAQ about coreboot ) which does not contain the Intel ME / AMD PSP hardware backdoors inside its' CPU."
You can get a used one for around 100-150€.
#########
As an OS it runs Qubes 4.0 which runs several linux distributions like Debian or Fedora. It can even run Windows7, if you would need it for a few tasks.
https://www.qubes-os.org/
I wrote a little about Qubes more than 2 years ago.
https://trisquel.info/en/forum/qubes-os-thoughts#comment-109031
It is my main system for a few years now and I am very happy with it. It takes some time to get used to it but I guess that is true to every change.
In my mind these are two of the most interesting projects at the moment.
Using any Linux distribution and doing your homework (e.g. strong passwords) is more than most people do, so I guess you are doing more than the average Joe already.
The most secure personal computer is the one which gives the best protection of the data it processes.
As for "most free" - desktop: perhaps Talos II, portable: Necunos NC_1. Both are vulnerable to side channel issues though.
I have big hopes for RISC-V for the near future.
I almost forgot about Talos II and Power9. It's mostly for developers and businesses, I think.
I don't know much about RISC-V yet but maybe there's hope!
I was asking about a computer which like NSA uses... though :P
The nature of the internet is to open information. From the begginig, there is the nature. So to hide something is against the nature from the beggining, like nations' boarder lines. Encrypting aside.
Things should be opened should be opened.
Basically sellers had have exploiting people by takeing advantage of information asymmetry for a very long time. The money currents in certain places as well. It lacks transparency.
But they have serious difficulty to keep their old tricks now because of the being of the internet. They tend to dislike the internet. They finally say there are many liars in the internet. I want to say they would be very better liars than you.
Perhaps most people here were aware of that libreboot was getting meaningless. I am a begginer of GNU/Linux. But I think that libreboot is a thing should be constructed on the as secure as possible things. Spectre and meltdown would have seriously damaged the meanings of libreboot's existence. And maybe RISC-V, too. I don't know well, though.
I think that they should have given a notice of the serious disadvantages of their goods to their users when they noticed the disadvantages openly, sincerely, on the homepages of their websites. It would damage their business. But the worst thing is losting trust of customers, not just customers.
For me, my credit for my personality is one of the most important things. If I lose it, I will lose everything. So I am extremely careful to be sincere. I am a terrible liar, you know, but it has nothing to do with my sincerity. Because I am still keeping my friends's trust, maybe.
If I was one of the libreboot vendors, I reluctantly would put the note on my homepage with big red letters, and tell them what I am doing frequently. It makes trust. People buy or not my products aside.
Some Supermarkets started selling organic stuff. They have been selling probably terrible foods for a long time. There are a lot of fraudulent claiming of origin foods, too. (Especially people avoided made in Fukushima) Some unbeliebable laws, too.
Organic stuff costs. There are few sincere sellers. They don't use even compost of animals' crap. But they are quite expensive.
The supermarkets can sell the stuff quite cheaper (Certificated JAS but its standards are not too strict). I am poor. So I buy the stuff sometimes. But I am going not to buy the stuff from them completely in the future. That's credit. There must been many people who are dead or got diseases from the foods. The proof is difficult. Probably impossible. But we can avoid the supermarkests. It is inconvenient. Who wants to bother going to the vegitables shops far from her house with tired body by 10 hours work. Like the companies started buying out github or redhat, maybe arm too. They seem to be aware of tendency of custumers' needs. Probably they have accurate statistics. No way. I will inform people of the information with full effort. What they had been doing. But of course a person who can inform the people of the information well in this world is you. But if you have lose people's trust, your words have not conviction. People would think both are untrustworthy.
People is the strongest. Because they rule economy as the economy class. They still aren't enough aware of their power, basically.
They maybe have guilty conscience, despite they had have living with their good belief and devoting their efforts to the computer freedom. I think that it is not still late, if they can be open and sincere again. Let's quote Deleuze later. But I might be misunderstanding. If so, please confute me thoroughly.
I think that they might have lost their much love for computer. What a waste. mottainai.
Allow me to use this oppotunity to mention something. I never put the information into my laptop. Your work is waste of time. But you cannot change.
Because you are in a deep deep of the system. Spend your time until the time as you wish. Lower proletariat would easier get the freedom which you never be able to get, never, ever.
And the sense of reality, too. Classes are illusions. You are living in a deep of the illusion. A priori, you lose your sense of reality depends on the depth in the illusion. Remember the victims. We are really getting mad. The libreboot vendor apologized and gave back money to me with very small interest. It was very small but it is very important thing.
And why they did not send the laptop to me. Maybe it came from my demand, but it might have been their sincerity, the way aside. You cannot apologize to the victims, never, ever. Hence you cannot change.
How about you and me. We will see. Thanks for your attention. Long!
> I was asking about a computer which like NSA uses... though :P
Actually you asked about "most secure" and "most free" ;)
Perhaps. But actually it meant the most free and secure personal... compressor which NSA uses, perhaps.
Most secure, depends on how you use your laptop. What is your trust-level against the manufacturing to the shop who is selling your stuff, and the software hackers(OS, Firmware, …) releases as well.
NSA or other agencies, will cooperate (or force) the manufacturers to release a patch who will not be available to the public, so they can use that backdoor on targets, while theirs are fixed. I guess?
How can you prevent it:
- You can use firmware updates like libreboot to block certain kinds of things(like deleting intel ME).
- You can patch your kernel to the latests or build the latest yourself and use that one instead of lts versions.
- Use encrypted versions of the OSes.
- You can change your browsing habit.
- Use tor with highest security, so no js at all on websites.
- Or use lynx to only see text, instead of images or css or js.
- Or you can download a page using wget or curl.
- You can use encrypted chats/messages(pgp/gnupg, …).
- You can view pdf or other files only after disabling your internet connection or only with programs you trust.
- Setup a firewall and VPN to block access to certain ip ranges.
- …
Of course 100% secure doesn’t exists.
Most free, there are luckily manufacturers who are going that way. will it succeed or not, that’s another question, but currently those are expensive hardware for the moment. And there are also the free(dom) applications and OSes, most of them are also free(gratis).
Coreboot and Libreboot teams has delivered a great job by reverse engineering Firmwares of older machines, unfortunately new machines are harder to reverse-engineer.
If you can’t use one of them, download a free os, which is still safer and freeer(I don't know if this is an official word :D).
@zigote
> I have big hopes for RISC-V for the near future.
@Джордж
> I don't know much about RISC-V yet but maybe there's hope!
I studied a bit about RISC-V, but I don't understand well why many users seem to expect so good things. I understand that it is under BSD license, designed to be useful for a wide range of devices.
What do you expect beneficial effect of it? especially for average users? Of cource other users's detailed opinions are very appreciated. Thanks as always.
>How can you have any pudding! if you don't eat your meat!
Is this a reference to teh wallzy album? :P