Apologies, I didn't clarify this earlier. I'm basing my impressions on open firmware machines -- e.g. some of the Chromebooks (a C201 and one of the recent Samsung models), and some experience with LSI devices. In general I don't spend personal money on closed systems unless it's on a toy (e.g. the Playstation I alluded to earlier), and Raptor itself heavily frowns on any corporate expenditures for closed computing systems of any type (typically, cost of developing an in-house solution has to be very high compared to the off the shelf solution plus the constant costs of isolating it if network attached for the purchase/lease to be approved).

Does that help at all?

Thanks.

Uh, so you're a Raptor employee? If so, that would be a reasonable thing to disclose.

Sorry, I thought that was fairly common knowledge on these boards. Not sure how to make it clearer within the confines of vBulletin.

That being said, my experience posted earlier is as a personal user of the aforementioned machines, trying to be as objective as possible.

So, bridgman has a title of "AMD Linux" that displays under his name. I've seen other users with custom titles, like "X.org Developer" or something like that. You could ask Michael if he could set you a custom title.

Or, in posts like that, you could just mention it.

I feel like I've seen signatures at the bottom of some users' posts, but I don't see a way to set that.

Yeah, I don't see signature options either. phoronix I'd be fine with a custom title, to avoid confusion.

In this case though I didn't feel it was that important either way -- if I wasn't with Raptor I'd still be using these machines and would have still said the same things about them.

This is the same old ME flaw that was found in 2017, and has since been patched. Are you running old unpatched hardware or firmware? And the flaw was exploitable on TCP port 16992, a port that literally nobody is exposing outside of their security perimeter. Are you allowing 16992 through your firewall?

Additionally, there are 3rd party "cleaner" tools that wipe the relevant parts of ME from the firmware, rendering it dead.

Got anything else?

The existing examples were to show that flaws have existed and been detected before, not to drop a zero-day for the ME on a public forum...(not saying that I have one, but that does seem to be the only proof you will accept here).

From your statements, I take it you've personally audited the ME firmware source code and compiled binaries to verify that it is completely 100% secure? No remote access, no hidden undesired functionality, nothing that would in any way require any sort of future update, patch, or otherwise allow an attacker (even one with Intel's private signing keys) into the system?

Bold claim if so. I'd want proof, since all I'd have is your word for it. Oh, and I'm certain Intel would be delighted to know they can burn this masterpiece into permanent non-updateable ROM on their CPUs, since there's nothing that could possibly require changing.

This old farce again? Show me a modern Intel system with an actually wiped ME and I'll show you a system that is a power-sucking doorstop. If the ME is still running in any way, it's still an attack surface, despite what you want to claim with "cleaners".

The fact that the US government itself won't trust this thing (HAP requirement)? And they might very well have been less than happy to have third parties figure out it's not exactly disabled in the end?

At the end of the day it's your call. If you can live with potentially compromised computing to save a bit of money / effort now, it's your choice and no one else's. The consequences, if anything bad happens, are also entirely your responsibility.

Yeah, that point also took me aback. However, I do believe that some users simply can't afford to have a black box ME in their system.

As an ordinary user, to the extent that I worry about ME exploits, I do not think anyone would do it just to spy on my computer usage - that's done easily enough by my ISP and all the various adware that infects most of the web.

Frame challenge: isn't this a restating of the classic "I'm nobody, I'm not interesting enough for anyone to target me for legal action / crime / etc." trope? The reason i ask is that the past decade has shown that as computing power increases, it's been used to shine lights in places and on people that have previously relied on those current technical limits as protection -- and then without that protection, "interesting" things can start to happen to them (see China etc.).

Even without that, fundamentally, what determines if your machine is worth a targeted attack? Many people are finding out that getting at cryptocurrency wallets is motivation enough for attack; there have been several interesting targeted attacks on specific known (large) cryptocurrency wallet holders over the past couple years -- these even made the news. Could it reach a point where the ME/PSP does become the weakest link, as mainline OS security continues to improve and harden?

Protecting your Fortnite account is not the goal of PSP/ME free machines. Protecting high value research, sensitive PII, financial data (whether traditional banking or cryptocurrency), helping to ensure critical ML systems actually produce untampered results -- that's where the PSP/ME does start to show up, correctly, on the security radar IMO.

That statement reeks of ignorance. For one, the argument was only to show that Intel ME is not immune to vulnerabilities.
Then, blocking this port in your firewall will stop drive-by attacks, but not a determined attacker. They will just bounce off the web browsers, micro-targeting you with malicious ads and using one of the numerous holes in popular browsers' same-origin policy that pop up every year.

Not even Intel with their HAP was safe from vulnerabilities.
https://twitter.com/rootkovska/statu...64351008395264
And now the me_cleaner with no introspection into what is going on after using it should be more trustable?