From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8A610138334 for ; Tue, 11 Dec 2018 22:47:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4E9D7E0C79; Tue, 11 Dec 2018 22:46:58 +0000 (UTC) Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C844CE0B1C for ; Tue, 11 Dec 2018 22:46:57 +0000 (UTC) Received: by mail-oi1-x234.google.com with SMTP id x202so13420714oif.13 for ; Tue, 11 Dec 2018 14:46:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=vx/HSZPRj0QPr2uRmT3zcOyGC2eFzsHkJA0coOcNrtQ=; b=E1WMs+VLgZ3a2Zym/N8Fcy1dvfKcWMwQF8xdIFkRKIBEHJ6g9LBLwAhX44S/JvkfIF OIg/d7bBzANEbh+fnutOpY9+xT44fHadHe7Av/gy1oeqBUw9f6MsI+dE3SQr9r9q4AXI 3iBOsdTrXmDmEz/3RNPRx9PZ59wUKSfQcumKvdV4ozfy8Fz3S4xuSxdZX1m6rDW9igmH 0EGz/DRIaBEj2tn91uCBT5oXVcigcJf/5KK3hiBnlQE1vJA0UiyucLauO7D7vzrT0GB0 765JkmEhvDYEdgCH8zXVYnqKhGyXeO586NBLYacukOGD5afH95Hls5c0XhpibsbQCDUC VSRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=vx/HSZPRj0QPr2uRmT3zcOyGC2eFzsHkJA0coOcNrtQ=; b=ZuWIeYm893whxOVao+V0ijCaoTzPrEHHOvJ41dwhQGdjrJ1fnez1jXZbr86qXa2v3z brsSLhMlZofNvPOqQfMybQdvVn0PQSlT3ZbnDrEy1wYoUIn0W13T6bGasw6gVQsFKK6G me36yZMG/fqgVRn7MvvxtKzgJgd5yRPEqrSYsekI21A5elReU0sGRkA8FByVZqt5oCd6 yc9e8WuQK64O7p5v/xmtyWWX1sSXiAHxEL94R413y/n+KNcDWGwPUVIpXE28MLKFYT47 Jbv3sWa+XIqk0xZJfHGXjg0WYEpMNu85EHHxrHNRfehXCpKxcMi4t0FxenNN0veY0pX4 H7cg== X-Gm-Message-State: AA+aEWb/0DSbHE0uLIVN3YWSViAZJjrZKQwZT8YOepNMMMjd9UIRA5e2 IG8WrGlw0wG0oGEmkT2nfSN1nhC9toW1g24ItM4FqBPI X-Google-Smtp-Source: AFSGD/Vbe4krpLUR3YnVTNhssF0vS3ZwwY6+U+dyRrRVx90vs2isqsZxRVduyK8HZY/eQC46+MFbX4mfNk616hI5uGo= X-Received: by 2002:aca:acc3:: with SMTP id v186mr2239227oie.274.1544568416376; Tue, 11 Dec 2018 14:46:56 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <492d8bf4-4b8d-f7f6-05d8-2473b6825fab@gmail.com> <6651f356-8831-1d49-6d1e-adbe9d337b74@charter.net> <234e7289-0372-64de-5a94-d1aa82c7d40b@charter.net> <288c83f0-70a5-98ec-b082-d575239f0c03@gmail.com> <0456c03c-8a4b-17b9-b062-e42580ed531f@gmail.com> <20181210221412.2097b809@digimed.co.uk> <0fe209dd-649f-c1fc-8c84-4f84aad7ed15@gmx.com> <20181211084925.3aff5175@digimed.co.uk> In-Reply-To: <20181211084925.3aff5175@digimed.co.uk> From: Adam Carter Date: Wed, 12 Dec 2018 09:46:44 +1100 Message-ID: Subject: Re: [gentoo-user] Re: CPU upgrade and LVM questions. To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary="000000000000ca1e26057cc6db98" X-Archives-Salt: 79c946eb-7005-47ad-bcd9-7239642608d7 X-Archives-Hash: aa35ff4e85b326832d00a871b0ece59a --000000000000ca1e26057cc6db98 Content-Type: text/plain; charset="UTF-8" On Tue, Dec 11, 2018 at 7:49 PM Neil Bothwick wrote: > > So tell us what is your perfect country for hardware manufacturing? > > There isn't one as you can never be sure. You are presenting hope, and > maybe likelihood, as certainty when this does not exist. > Datapoint - looks like Bloomberg is starting to walk back its complete support of the original implant story. https://www.bloomberg.com/news/articles/2018-12-11/super-micro-says-third-party-test-found-no-malicious-hardware Also they have assigned another reporter that was not involved in the original story, to attempt to verify the claims of the original story... Others have made the point that the Amazon and Apple denials left them no wriggle room in the event that implants are found and shareholders launch a class action, and that this indicates a genuine belief that there are no backdoors. Considering risk; If you are of interest to a nation state, you're pretty much stuffed anyway, and I think this discussion has been around implants made via Chinese government action. The management processor issue is a real problem because they're not well understood, on by default, cant be (or cant easily) be disabled, and has to be software maintained. However, given all the other issues like the never ending stream of security issues in software, i'm not sure it changes the overall risk profile significantly. Only time will tell. Sorry for further polluting your thread Dale :) --000000000000ca1e26057cc6db98 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Tue, Dec 11, 2018 at 7:49 PM Neil Bothwick <neil@digimed.co.uk> wrote:
> So tell us what is your perfect country for hardware manufacturing?
There isn't one as you can never be sure. You are presenting hope, and<= br> maybe likelihood, as certainty when this does not exist.

Datapoint - looks like Bloomberg is starting to walk back= its complete support of the original implant story.
Also they have assigned another reporter that was = not involved in the original story, to attempt to verify the claims of the original story...
=
Others have made the point that the Amazon and Apple denials= left them no wriggle room in the event that implants are found and shareho= lders launch a class action, and that this indicates a genuine belief that = there are no backdoors.

Considering risk;
If you are of interest to a nation state, you're pretty much stu= ffed anyway, and I think this discussion has been around implants made via = Chinese government action.
The management p= rocessor issue is a real problem because they're not well understood, o= n by default, cant be (or cant easily) be disabled, and has to be software = maintained. However, given all the other issues like the never ending strea= m of security issues in software, i'm not sure it changes the overall r= isk profile significantly. Only time will tell.

Sorry for further polluting y= our thread Dale :)

--000000000000ca1e26057cc6db98--