Yeah, I know, and even with critical firmware issues (like USB controller bug that corrupt data written to flash drive) it's same story. You still could try to report it to [email protected] or to Justin from Linux section of Dell forums.

RussianNeuroMancer talking about Dell — a company I'm working in bought a number of DELL 5767 with preinstalled Ubuntu. We found a problem, which likely persists on most DELL models: upon upgrading Ubuntu 16.04 → 18.04 graphics driver crashes after trying to log in. The reason is that they installed AMDGPU-pro, which stops building after system upgrade.

It's obviously a DELL problem, so today I tried to report, so they at least could do something with currently produced models, because a usual user wouldn't be able to figure it out. So I tried to contact them — and guess what? It's impossible! The only way to contact them is some chat, and they can only help in fixing something. They can't report anything higher their stack, and they unable to get any information about how to do it.

So, DELL got a major problem, and there's no way to even report it to them. That really sucks.

BTW. Rossmann has been my personal friend for many years and I think his gripe is more with the “lifestyle” or the Apple culture than the products. He is kinda dishonest about them “screwing over their customers”. Lenovo is the same way. There is no perpetual warranty because your computer costed $2000. Of course, the cheaper the product, the cheaper is to fix it. Try getting an X1 Carbon or a Samsung Galaxy repaired and see how much they quote you.
After all, if TCO was all that mattered, everyone would buy a Toyota Camry. The same way if someone drives a red mustang, he is perceived as vain and douchy. It’s not that Mustangs are bad cars.
i think this what drives most of Apple hate. The naivette that people are idiots and don’t know what TCO is and then they get stuck with expensive repairs. Apple has been making laptops for decades. I think the “sheeple” have gotten the memo that the repairs are cheaper on a PC from bestbuy.

Never claimed that the same functionality couldn't be achieved with other methods, just that this is done in a way that makes the whole thing quite a bit harder to crack.

Messing with the controller doesn't really do much here when it's not the controller that has the encryption key or does the actual decryption, that's done by the secure enclave inside the T2 chip. The controller really just retrieves encrypted data for the security chip that decrypts it and passes it on as cleartext to the CPU.

I'm serious here, you can mess with the SSD controller all you want, but you're not getting any cleartext out or encryption keys out of it as it couldn't provide you with those even if you wanted it to. The encryption key never leaves the enclave inside the security chip.
I've never seen anything like this implemented in one single solution so you're going to have to bring up some examples. I've seen hardware-encrypted drives and UEFI with bootloader signing, but never something that does both of these done outside of Apple devices.

The FBI tried to be covert about it, but the company who did that attack for them did end up letting it slip that it really was them who cracked the iPhone in question. It's not really a practical hack in any sense of the word so it's not really of much concern unless you're someone a government actor really wants to catch.

It seems like you don't know what a brute force attack is because "the fappening" used a relatively short list of common passwords and after that Apple improved things so that their protections are downright draconian. We really are talking about user-caused security vulnerabilities with weak passwords that Apple fixed pretty quickly. These days your passwords need to be pretty long and complex (you have to have upper and lower case letters, numbers and special characters) and two factor authentification is literally mandatory.

If Apple is anything to go by their security is among

The point, which you still don't seem to understand, is that they're expensive enough for most people to discount on that basis alone.

Right... I'm saying that they're stupidly expensive and I'm still somehow a fanboy. Been watching a few too many louis rossman videos have we?

The white papers have been out there for years, giving third parties ample opportunities to discount them but we've yet to see much in terms of serious vulnerabilities that don't exploit quickly fixed bugs in the OS.

Says someone who called Apple a cult...

If recent history is anything to go by Apple is probably one of the most trustworthy parties here...

Cool, thanks. I hope XCode is free? I went to site to see if I can download it, and it asks me for an Apple id. I don't have one, but my gf probably does. Will see this evening if we can do anything about it.

UPD: nvm, I didn't see the "free" was part of your sentence

Yes really, as UEFI + TPM + a self-encrypting drive (or a software-based disk encryption) can do the same, the only difference is that in Apple hardware they don't allow custom signing keys to be added.

Yeah right, you fanboys don't know shit. Onboard SSD isn't different from separate SSD, it's using the same hardware and same electrical interfaces, and all controllers in the universe have a "reset" pin.

I've seen repair videos of Apple boards, their SMC (system management controller) does have the ability to pull all other separate controller reset pins (wifi, SSD, thunderbolt) even in devices where the SSD is soldered on, as it has to do so on system reset or other occasions.

As I said, this is Secure Boot + TPM + secure self-encrypting drive baked on the same board, normal businness-grade hardware is like that since at least 5 years. I still fail to see how this is more "involved and refined".

This is your own dream, the way they used to hack into the phone was not disclosed, and will not be for a while.
But the fact that someone already knew how to hack it called them does not give me a lot of confidence.
Nor shit like the iCloud passwords bruteforced ("The Fappening") because the auth mechanism was completely retarded and could be tricked with fabricated tokens.

More dreaming.
I'm not saying businness-grade stuff is airtight, mind me, I'm just saying that they at least have a track record and some evolution.

And my point is that this is not news for any Apple product since like 1999 or something so I'm unsure of what the point was.

T2 isn't making them more expensive, people isn't buying them because they are more secure, they buy because Apple cult.

Yeah, it's amazing how good you are at fanboying.

I'm totally going to trust some random company's self-written PR material with my crucial stuff, and not buy actual certified hardware from vendors that made self-encrypting drives fir for businness and agency use for the last decades, nor use some decent opensource software disk encryption with a password I store in my brain.

Seriously, security needs to be proven and tested, PR statements don't count.

I'm just posting facts to keep dumb fanboy shit at bay.

We are talking of security here, people can get hurt if they trust the wrong party.

Not really when Apple's security chips are supposed to be part of a full all-in-one security system with tamper-proof boot and full disc encryption.

Considering how they haven't broken the iPhone's encryption scheme with a replay attack and this the same tech I doubt it'll work here. The only hack that I've seen working that didn't involve bugs in the OS involved de-soldering the NAND flash chips off the board, dumping their contents and setting up a pin brute force rig connected to those pads that rebooted the device with a restored copy of the chips' content every time it got to the limit for re-tries of the PIN code. I suspect this will probably work with the new Mac Mini too, but like with the iPhone, it'll be far from practical and probably also take longer as the unlock key is going to be a bit more complex than an array of 5 characters restricted to numbers.

There shouldn't be any pin pulling as the T2 doesn't work with a separate SSD. The whole thing, T2, NAND and all, is literally right on the motherboard. Unlike Apple's recent laptops the new Mac Mini does use standard SO-DIMM sticks for RAM, but like the recent laptops the SSD is right on the motherboard.

As I said, this is really just Apple implementing the same iPhone tech that has caused so many headaches to law enforcement trying to access devices. If that's anything to go by then this is a clear step up from what's been done before. You can go on about how this is nothing new, but as usual whenever Apple tries something that has already been done their solution is usually more involved and refined.

When the government sued Apple they refused to create the protection nullifying "cancer" update and the case was dropped primarily because the FBI was contacted by the developer of the really involved hardware attack. This attack worked, but it was both slow and expensive meaning that any future use of it will be pretty heavily restricted. On computer drives where the encryption key is much more complex this will probably technically work, but like brute forcing AES with 256+ bit keys not actually be practical.

With normal business grade hardware the attack would probably have to have been less involved than the one the FBI had to resort to in their effort to gain access to the San Bernadino terrorist's phone.

It seems like you completely misunderstood my sarcasm there... Because the point was that the Mac Mini is expensive to the point of simply not being worth it. Except maybe if you're a pedophile, drug dealer, terrorist, spy or some other kind of person the government would want to see what you've got on your HDD.

Well your "REEE!!!! STOP LIKING WHAT I DON'T LIKE!!!1"-nonsense isn't exactly making the Linux user community look any better...

Which is 100% irrelevant to the case here, as I said.

More like the encryption key itself is stored in hardware and operated by hardware so it is harder to steal (but not impossible, especially if you don't secure the T2-SSD communication against replay attacks)

I really hope they aren't doing completely retarded shit like having the T2 pull the SSD controller reset pin down instead of actually sending it a key, because that's pretty easy to hack (cut the reset pin trace). And I say this as in most reports the SSD "disappears" so it's not even detected by the system (which is what happens if the SSD controller is locked in "reset" state). Most businness-grade drives refuse to execute commands if you are not authenticated, but don't disappear from the system. I mean it's not like disappearing is better, the attacker knows the SSD is still there.

Or any other device with a working TPM and self-encrypting drive anyway. This technology isn't really new or revolutionary. The big question is if they made it actually safe or if it is there just to lock down stuff for purely commercial reasons, Apple-style.

What makes me wonder this is that FBI still managed to extract data from iPhones when they sued Apple, they just had to pay some security company for the service.

With normal businness-grade hardware it would not have happened.

At which point I claimed you had to do so?

I wanted to say that all this "doing us a favor" thing you said is kind of strange since T2 is used also in their laptops, and they are just as overpriced as the mac mini.

People won't stop buying Apple, it's a cult.

The T2 chip does implement, along with the boot image verification causing problems here, a type of disc encryption that can't be broken by pilfering the encryption key. This is the same tech that has been causing some major headaches for law enforcement trying to access data on iPhones.

Nah, it's just another case of Linux fanboys sperging out over Apple not catering to them.

At what point did I claim that Apple's laptops are competitively priced? Because neither did I claim that, the opposite was kind of implicit from how I talked about the new Mac Mini being overpriced.

There actually is a way to debug those kind of problems - a DTrace-based app called Instruments, you can get it for free with Xcode.