From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-181589-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 058561396DD
	for <garchives@archives.gentoo.org>; Sun, 24 Dec 2017 19:44:52 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 7A469E0FD5;
	Sun, 24 Dec 2017 19:44:42 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id CE0B1E0DE9
	for <gentoo-user@lists.gentoo.org>; Sun, 24 Dec 2017 19:44:41 +0000 (UTC)
Received: from localhost ([173.239.212.34]) by mail.gmx.com (mrgmx103
 [212.227.17.174]) with ESMTPSA (Nemesis) id 0MEo4s-1ejCdD0XmM-00FxQJ; Sun, 24
 Dec 2017 20:44:29 +0100
Subject: Re: [gentoo-user] How to harden a system
To: gentoo-user@lists.gentoo.org, Peter Humphrey <peter@prh.myzen.co.uk>
References: <2022504.K2LgkkC3Iq@peak>
From: "Taiidan@gmx.com" <Taiidan@gmx.com>
Message-ID: <4dc22bb0-06d0-418e-debd-becfd79e5ed9@gmx.com>
Date: Sun, 24 Dec 2017 14:44:25 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
In-Reply-To: <2022504.K2LgkkC3Iq@peak>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Provags-ID: V03:K0:xr9hIyQ87yuuN1cQirgDLmwg2Iy2lcYj2B69GbjEvbnQXKndDxp
 y3XM9ymtuaj+uVulV5ORIlTQ1v5vavodNRzqsHln5zL75/z6wQmqK0Y9REk1p53uzvwAIw1
 RjqNslJQyIB27c0b+gjCTOys4n0O774OEWMaayCw0TwHzwY36lW/Jf1GAjsZnRdGEGwpNkU
 2tuJFifigewZqUa3bsv1A==
X-UI-Out-Filterresults: notjunk:1;V01:K0:q20f5c5APqs=:9XpQ2ysA11liEKuz/J+Ryp
 8iQO7SCSbJh3qd+NDjwb3xNAKVfabYI8HwpjRf9XsJJL+2/6bzAsRGEDoIkC3XstxtIdPF0P3
 9N8uXrOGLQVlWkjvJeYCunIoiVo6PZxR+AehTYgfd3+RWTXbu0A1HMwHEMN68OjNzqXfEgM/n
 yteK5EaojRI7Y1XfhFfUVLbLv2JxTngy7mWGE+9dY+H0pkKKxmF59i4YkCUd6rWmgajMrNbA4
 trtvKKbx3JsZGGcu4cpj5llJBBFXAoBAWbmigvMm3pobRsSsyUIylXm+CnjYK+FsrC19pt00g
 k5p3WkbZIgbn2EL2pLgH2DnOGmUeWr+KZjCaIWnzonABBmkQbdPnoPHApqaRKttb7eED1KF/D
 m9kolGZ3NIlcUX7fRdf8OBC2VJ7nNMvo3x8+oJfhobo3ZzlNzDGxFGCwcNK0TKQG6h6j5ro9M
 acbG0nUDtxkTa2WSixXN8EQRxUJTYMrTRchPArrd0Wogm2kzOyQKQGCP7gyT9vIPxpOWaQSXF
 x8Kp7dLugdQubavhPoXkI+wslSS4ewzcbNUry5xGFvkuOquiaZ97q68z3vtoy0tT/5XT3KixS
 ZxzWVKSORF7GdhQ/m8QnCzCJPtnlM/ezs8awK+xscM+Pym3lSb7AnZ8KYoPgARQK6vRji9QSi
 4RGlqBwgxUdtI6EVPVyy07H/BO+WZsLLRDUwLm2N0ACGJllE5rMr9tSkhtOtTMa9uHfGbQZ2x
 +GnnpWUn9ESIrKDwb143I04BXtcFeUhGwjAB9sjXLFoxIXmsAckQUCVW4Iky16edKhPnogWxA
 Z4zQdja8sZ6erzfIjgpeAm19QZbQ101X7xfV/RvLQzJDu5ZUAI=
X-Archives-Salt: 11419158-5331-4ba0-9e97-1a5996e2943c
X-Archives-Hash: 40583950f14667f699fea9bb786ce4c6

I would also consider purchasing a system with libre firmware and 
without ME/PSP such as:

POWER 9:
TALOS 2 (server/workstation, brand new and very high performance - the 
only brand new hardware that is legitimately libre)

x86-64:
(older, pre-PSP AMD - the best CPU's for C32/G34 are equivilant to one 
FX-8310 for the 8 core or almost two FX-8310 for the 16 core)
KGPE-D16 (server)
KCMA-D8 (workstation)
Lenovo G505S (laptop)

It is truly disturbing to think that someone with an ME exploit could 
hack 80% of the computers on the planet.