[DNG] / on lvm2 volume (was Re: WARNING: lvm2 > 2.02.173-1 breaks some systems and make them unbootable)
Hi, John Hughes writes: > On 07/11/17 17:13, Klaus Ethgen wrote: >> [ separate / and /usr ] is the best way to keep your /usr flexible to >> further lvm grows for example. > > Personally I have a / on a lvm2 volume. Works OK for me, I see no loss > in flexibility. I recently did a fresh Devuan _Jessie_ install and mistakenly used guided partitioning on lvm2 putting everything in a single partition spanning the whole disk. Shrinking / is, eh, well, a bit of a pain in the behind ;-) > Like I say, SVR4.2 deprecated separate /usr in the 1990's. I haven't > used a machine without the root filesystem being on a LVM type system > (VXVM in fact) since around 1998. I used to mount /usr read-only on my server machines but that quickly becomes a bore when you need to install security upgrades every so often. Hope this helps, -- Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Softwarehttps://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] WARNING: lvm2 > 2.02.173-1 breaks some systems and make them unbootable
On Tue, 7 Nov 2017 at 17:50:27 +0100 John Hughes wrote: > On 07/11/17 17:41, dev wrote: >> >> On 11/07/2017 10:29 AM, John Hughes wrote: >>> On 07/11/17 17:13, Klaus Ethgen wrote: [ separate / and /usr ] is the best way to keep your /usr flexible to further lvm grows for example. >>> Personally I have a / on a lvm2 volume. Works OK for me, I see no loss >>> in flexibility. >> Until a user fills up their home directory with kitten gifs and you can >> no longer login because syslog has no space to write to /var. > > Neither /home not /var are on /, for obvious reasons. / is for > mostly-static things that are owned by the OS or the admin. > > The separation of / and /usr is a relic of really, really tiny disk sizes. This is just a poor excuse, as there are other good reasons to have /usr on a separate partition. Reasons to have /usr on it's own partition include having: 1) a different filesystems between / and /usr 2) different mount options (like ro) 3) / local and /usr on a shared NFS mount 4) sharing /usr between several installs of the same OS (e.g. to allow to boot out of a USB stick/disk but having the internal /usr available) 5) / static, /usr on LVM or RAID The "my own PC has been like this so many years" reasoning is a very poor justification for a design decision that impacts users that run their systems in the most diverse scenarios and environments, just like the "this (bad) decision was made many years ago" one. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] [ANNOUNCE] Devuan Docker Base Images available
Dear all, I have made mention of my Devuan Docker base images on the DNG list in the past[1,2,3]. At that time, there was only a single base image for jessie. Now, there are also images for ascii and ceres as well as a "devuan/slim" variant and "devuan/builder" and "devuan/helper" images that derive from "devuan/slim". [1]: https://lists.dyne.org/lurker/message/20170907.122245.a0ae75aa.en.html [2]: https://lists.dyne.org/lurker/message/20170909.041936.c0135033.en.html [3]: https://lists.dyne.org/lurker/message/20170926.115934.d1b6f1ba.en.html All versions of all images are on a monthly build schedule, so will be updated periodically. Especially for ceres that may be something you care about. Versions based on Beowulf will be made available sometime after it can be debootstrap'd. For details, please refer the the project's README[4]. Should you run into problems, have neat ideas for improvements and/or questions, please submit those as an issue[5]. If you like the images, you can say so by starring[6] the project. [4]: https://gitlab.com/paddy-hack/devuan/blob/master/README.md [5]: https://gitlab.com/paddy-hack/devuan/issues [6]: https://gitlab.com/paddy-hack/devuan/toggle_star Hope this helps, -- Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Softwarehttps://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] WARNING: lvm2 > 2.02.173-1 breaks some systems and make them unbootable
On Tue, 7 Nov 2017 at 22:04:05 -0800 Rick Moen wrote: >> I don't get why you'd want to keep moving things around on the real >> system if you can isolate it into initrd. > > OK, I believe you, Adam. You don't. This is a brush on poetry! :-) Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] WARNING: lvm2 > 2.02.173-1 breaks some systems and make them unbootable
Am 08/11/2017 um 12:18 schrieb Alessandro Selli: > The "my own PC has been like this so many years" reasoning is a very poor > justification for a design decision that impacts users that run their > systems in the most diverse scenarios and environments, just like the "this > (bad) decision was made many years ago" one. 3 words: Universal Operating System -- Evilham ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] WARNING: lvm2 > 2.02.173-1 breaks some systems and make them unbootable
> John Hughes' sole function on DNG is to say, in many different ways, > "systemd isn't so bad." Given that systemd being bad is the > foundational belief that created the Devuan project thus the DNG list, > he knows he's just making trouble. He's a troll. Don't feed the troll. > > I /dev/nulled Hughes years ago, yet still see his words of wisdom. (Note > to Rick: Your method gets more appealing by the day, but still has > downsides.) > > Let me ask you a couple questions: > > 1) If a tree falls in the woods but there's nobody to hear it, did it > make a sound? > > 2) If a troll trolls but everybody's /dev/nulled him, is there really a > troll? > > There have forever been "systemd's not so bad" trolls on DNG, and my > recommendation remains the same: When you encounter one, killile and > move on. > > SteveT That sounds hard to do... (not feeding trolls) given that some people find certain types of trolls amusing. That being said, systemd is absolutely awful. The worst example is in arch based distros where things already break easily... > > Steve Litt > October 2017 featured book: Rapid Learning for the 21st Century > http://www.troubleshooters.com/rl21 > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] / on lvm2 volume (was Re: WARNING: lvm2 > 2.02.173-1 breaks some systems and make them unbootable)
Quoting Olaf Meeuwissen (paddy-h...@member.fsf.org):
> I used to mount /usr read-only on my server machines but that quickly
> becomes a bore when you need to install security upgrades every so
> often.
Suggestion: Make remounting an automatic part of package operations.
/etc/apt/apt.conf:
DPkg {
// Auto re-mounting of a read-only /usr
Pre-Invoke { "mount -o remount,rw /usr"; };
Post-Invoke { "test ${NO_APT_REMOUNT:-no} = yes || mount -o remount,ro /usr
|| true"; };
};
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] OT: MX-Linux 17 Beta1
On 11/07/2017 03:29 PM, Ismael L. Donis Garcia wrote: > Has anyone in the community attempted to update an MX-Linux 17 beta1 image > from the devuan ascii repositories? > > I want to download an image, but first I wanted to know if someone has > already done this test, since I have very small bandwidth, and has had no > problems when updating the system with ascii packages. > I did a debian stretch to devuan ascii upgrade, and it was the quickest and easiest of the upgrades to ascii that I've done. It only downloaded a few packages. If mx17 has any newer packages than stretch, you might run into some trouble, or you might not notice that they didn't get replaced. What I did was: change sources, update, install devuan-keyring, update, dist-upgrade, reboot and remove systemd. fsmithred ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] / on lvm2 volume (was Re: WARNING: lvm2 > 2.02.173-1 breaks some systems and make them unbootable)
On Wed, 8 Nov 2017 09:04:57 -0800, Rick wrote in message
<20171108170457.gk1...@linuxmafia.com>:
> Quoting Olaf Meeuwissen (paddy-h...@member.fsf.org):
>
> > I used to mount /usr read-only on my server machines but that
> > quickly becomes a bore when you need to install security upgrades
> > every so often.
>
> Suggestion: Make remounting an automatic part of package operations.
>
> /etc/apt/apt.conf:
>
> DPkg {
> // Auto re-mounting of a read-only /usr
> Pre-Invoke { "mount -o remount,rw /usr"; };
> Post-Invoke { "test ${NO_APT_REMOUNT:-no} = yes || mount -o
> remount,ro /usr || true"; }; };
..me, I would prefer "mount -vo remount,ro /usr", it's an useful
wee bit more verbose, and new people coming over from e.g. Debian,
may not neccessarily like "our new sneaky surprise breaking their
system" systemd workarounds etc.
..let's have them complain about our verbosity when they get
fed up with it. ;o)
--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] / on lvm2 volume (was Re: WARNING: lvm2 > 2.02.173-1 breaks some systems and make them unbootable)
On Wed, Nov 08, 2017 at 07:22:51PM +0100, Arnt Karlsen wrote:
> On Wed, 8 Nov 2017 09:04:57 -0800, Rick wrote in message
> <20171108170457.gk1...@linuxmafia.com>:
>
> > Quoting Olaf Meeuwissen (paddy-h...@member.fsf.org):
> >
> > > I used to mount /usr read-only on my server machines but that
> > > quickly becomes a bore when you need to install security upgrades
> > > every so often.
> >
> > Suggestion: Make remounting an automatic part of package operations.
> >
> > /etc/apt/apt.conf:
> >
> > DPkg {
> > // Auto re-mounting of a read-only /usr
> > Pre-Invoke { "mount -o remount,rw /usr"; };
> > Post-Invoke { "test ${NO_APT_REMOUNT:-no} = yes || mount -o
> > remount,ro /usr || true"; }; };
>
>
> ..me, I would prefer "mount -vo remount,ro /usr", it's an useful
> wee bit more verbose, and new people coming over from e.g. Debian,
> may not neccessarily like "our new sneaky surprise breaking their
> system" systemd workarounds etc.
>
>
> ..let's have them complain about our verbosity when they get
> fed up with it. ;o)
>
Why should we make (unreasonable) assumptions about the specific
configuration of a system, e.g. in terms of how are the different
filesystems mounted?
You know, "universal" means that basically everybody can use it for
whatever their own purposes are, with a generous level of
customisation allowed. We can't cater for all the possible
combinations of /, /usr, /var, and so on, And BTW, why should we care
at all? These are details related to *policy*, and *policy* should be
decided (to the largest possible extent) by the user of a
distribution.
If having a separate /usr is a problem for Debian, we will try to find
a way to get around that, and allow the users who want to have a
separate /usr to continue to do so. The fact that almost nobody uses
ext2 filesystems nowadays does not mean that we must strip the ext2
support from "mount", just to make another (unrelated) example.
On this side of the GNU/Linux world, universal still means universal.
HND
KatolaZ
--
[ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ]
[ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ]
[ @) http://kalos.mine.nu --- Devuan GNU + Linux User ]
[ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ]
[ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] OT: MX-Linux 17 Beta1
MX Linux is a desktop distribution based on Debian's Stable branch. The distribution ships with the Xfce desktop environment and swaps out the systemd init software provided by Debian for the SysV init implementation. My operating system is not Debian, it's Devuan jessie. But I wanted to test an ascii image, since I do not exist I'm thinking about downloading and installing MX-Linux 17 Beta1. And then synchronize it with the devuan ascii repository. The question was whether someone had done this before. Best Regards -- Ismael Devuan User : http://distrowatch.com/table.php?distribution=devuan Web Site : http://sisconge.byethost15.com/ - Original Message - From: "fsmithred" To: Sent: Wednesday, November 08, 2017 12:26 PM Subject: Re: [DNG] OT: MX-Linux 17 Beta1 On 11/07/2017 03:29 PM, Ismael L. Donis Garcia wrote: Has anyone in the community attempted to update an MX-Linux 17 beta1 image from the devuan ascii repositories? I want to download an image, but first I wanted to know if someone has already done this test, since I have very small bandwidth, and has had no problems when updating the system with ascii packages. I did a debian stretch to devuan ascii upgrade, and it was the quickest and easiest of the upgrades to ascii that I've done. It only downloaded a few packages. If mx17 has any newer packages than stretch, you might run into some trouble, or you might not notice that they didn't get replaced. What I did was: change sources, update, install devuan-keyring, update, dist-upgrade, reboot and remove systemd. fsmithred ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] OT: MX-Linux 17 Beta1
On Wed, Nov 08, 2017 at 02:01:13PM -0500, Ismael L. Donis Garcia wrote: > MX Linux is a desktop distribution based on Debian's Stable branch. The > distribution ships with the Xfce desktop environment and swaps out the > systemd init software provided by Debian for the SysV init implementation. > > My operating system is not Debian, it's Devuan jessie. But I wanted to test > an ascii image, since I do not exist I'm thinking about downloading and > installing MX-Linux 17 Beta1. And then synchronize it with the devuan ascii > repository. > > The question was whether someone had done this before. > > Best Regards If you are on Devuan Jessie you can just simply *upgrade* to Devuan Ascii. There is no need to start from another distribution. Just replace "jessie" with "ascii" in your sources.list, and then apt-get update && apt-get dist-upgrade My2cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Planned manintainance on dev1galaxy.org -- Thu. 9th Nov. 2017 -- 21:00 (UTC) - 23:00 (UTC)
Dear Dev1rs,
this email is to announce that the Devuan web forum on dev1galaxy.org
will be unreachable due to planned manintainance in the following time
slot:
Thu. 9th Nov. 2017 -- 21:00 (UTC) - 23:00 (UTC)
The downtime is part of the undergoing consolidation plan of the
Devuan infrastructure. We will do everything possible to reduce the
disruption to a minimum, and will promptly post here updates on the
ongoing operations.
Thanks in advance for your patience, and sorry again for any
inconveniece caused.
The Dev1Devs
--
[ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ]
[ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ]
[ @) http://kalos.mine.nu --- Devuan GNU + Linux User ]
[ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ]
[ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Planned manintainance on git.devuan.org -- Fri. 10th Nov. 2017 -- 18:00 (UTC) - 24:00 (UTC)
Dear Dev1rs,
this email is to announce that the Devuan gitlab server at
git.devuan.org will be unreachable due to planned manintainance in the
following time slot:
Fri. 10th Nov. 2017 -- 18:00 (UTC) - 24:00 (UTC)
The downtime is part of the undergoing consolidation plan of the
Devuan infrastructure. We will do everything possible to reduce the
disruption to a minimum, and will promptly post here updates on the
ongoing operations.
Thanks in advance for your patience, and sorry again for any
inconveniece caused.
The Dev1Devs
--
[ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ]
[ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ]
[ @) http://kalos.mine.nu --- Devuan GNU + Linux User ]
[ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ]
[ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] / on lvm2 volume (was Re: WARNING: lvm2 > 2.02.173-1 breaks some systems and make them unbootable)
On Wed, 8 Nov 2017 18:39:22 +, KatolaZ wrote in message
<20171108183922.gu4...@katolaz.homeunix.net>:
> On Wed, Nov 08, 2017 at 07:22:51PM +0100, Arnt Karlsen wrote:
> > On Wed, 8 Nov 2017 09:04:57 -0800, Rick wrote in message
> > <20171108170457.gk1...@linuxmafia.com>:
> >
> > > Quoting Olaf Meeuwissen (paddy-h...@member.fsf.org):
> > >
> > > > I used to mount /usr read-only on my server machines but that
> > > > quickly becomes a bore when you need to install security
> > > > upgrades every so often.
> > >
> > > Suggestion: Make remounting an automatic part of package
> > > operations.
> > >
> > > /etc/apt/apt.conf:
> > >
> > > DPkg {
> > > // Auto re-mounting of a read-only /usr
> > > Pre-Invoke { "mount -o remount,rw /usr"; };
> > > Post-Invoke { "test ${NO_APT_REMOUNT:-no} = yes || mount -o
> > > remount,ro /usr || true"; }; };
> >
> >
> > ..me, I would prefer "mount -vo remount,ro /usr", it's an useful
> > wee bit more verbose, and new people coming over from e.g. Debian,
> > may not neccessarily like "our new sneaky surprise breaking their
> > system" systemd workarounds etc.
> >
> >
> > ..let's have them complain about our verbosity when they get
> > fed up with it. ;o)
> >
>
> Why should we make (unreasonable) assumptions about the specific
> configuration of a system, e.g. in terms of how are the different
> filesystems mounted?
..I lost you right there, my suggestion is _only_ to be more verbose.
> You know, "universal" means that basically everybody can use it for
> whatever their own purposes are, with a generous level of
> customisation allowed. We can't cater for all the possible
> combinations of /, /usr, /var, and so on, And BTW, why should we care
> at all? These are details related to *policy*, and *policy* should be
> decided (to the largest possible extent) by the user of a
> distribution.
>
> If having a separate /usr is a problem for Debian, we will try to find
> a way to get around that, and allow the users who want to have a
> separate /usr to continue to do so. The fact that almost nobody uses
> ext2 filesystems nowadays does not mean that we must strip the ext2
> support from "mount", just to make another (unrelated) example.
>
> On this side of the GNU/Linux world, universal still means universal.
>
> HND
>
> KatolaZ
>
--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] OT: MX-Linux 17 Beta1
On Wed, 8 Nov 2017 19:11:13 +, KatolaZ wrote in message <20171108191113.gv4...@katolaz.homeunix.net>: > On Wed, Nov 08, 2017 at 02:01:13PM -0500, Ismael L. Donis Garcia > wrote: > > MX Linux is a desktop distribution based on Debian's Stable branch. > > The distribution ships with the Xfce desktop environment and swaps > > out the systemd init software provided by Debian for the SysV init > > implementation. > > > > My operating system is not Debian, it's Devuan jessie. But I wanted > > to test an ascii image, since I do not exist I'm thinking about > > downloading and installing MX-Linux 17 Beta1. And then synchronize > > it with the devuan ascii repository. > > > > The question was whether someone had done this before. > > > > Best Regards > > > If you are on Devuan Jessie you can just simply *upgrade* to Devuan > Ascii. There is no need to start from another distribution. Just > replace "jessie" with "ascii" in your sources.list, and then > > apt-get update && apt-get dist-upgrade ..or my preference, fire up 'aptitude', hit 'u' and browse the "Ugradeable" and "New" stuff, and weed out what you don't want "right now" etc. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] (forw) Re: [skeptic] MINIX: ?Intel's hidden in-chip operating system
Vaughan-Nichols's article is at http://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/ - Forwarded message from Rick Moen - Date: Wed, 8 Nov 2017 17:19:35 -0800 From: Rick Moen To: skep...@linuxmafia.com Subject: Re: [skeptic] MINIX: ?Intel's hidden in-chip operating system Organization: If you lived here, you'd be $HOME already. Quoting Scott Peterson (scot...@mindspring.com), citing a mostly good Steven J. Vaughan-Nichols's ZDnet article: > Buried deep inside your computer's Intel chip is the MINIX operating > system and a software stack, which includes networking and a web > server. It's slow, hard to get at, and insecure as insecure can be. [...] The referenced Intel Management Engine (ME) firmware (if it is running AMT code - see below) is indeed a big problem. Recently, a firm called Positive Technologies stumbled upon (http://blog.ptsecurity.com/2017/08/disabling-intel-me.html) a way of disabling ME version 11 immediately after boot, by poking it and setting a bit that in the RAM copy of ME called reserve_hap, with the effect of making ME-mediated processes shut down. Intel have confirmed that this truly _does_ disable ME completely during subsequent runtime. Note that totally disabling ME so it never functions at all is not an option, because CPUs that include it rely on ME functionality to initialise power management, the CPU proper, and other hardware. Unlike some paranoics, I believe Intel when they say this (that the Positive Techologies hack fully disables ME firmware code, post-boot.) The story of why ME firmware is present in all new Intel x86_64 CPUs, as is the story of why parallel effort AMD Platform Security Processor (PSP) is present in all that company's new x86_64 CPUs, is credible. They're not out to 'get' anyone. It's a (regrettable) technology intended to facilitate OOB (out of band) system management by firms running large numbers of computers. The rationale makes perfect sense, even if the unintended side-effects are woeful. (Technically, the real issue is a software build called Active Management Technology = that runs atop the ME. Without AMT, the ME firmware code would be doing nothing.) The researchers speculate, by the way, that 'reserve_hap' is a hidden switch included at the behest of equipment manufacturers intending to sell equipment through the US government's NSA-administered High Assurance Platform program, so the manufacturers could answer any objection of 'What if the ME gets compromised or produces a side-channel data leak?' by saying 'Don't worry about that. The ME can be instructed to shut down immediately after boot.' > Why? Let's start with what. Matthew Garrett, the well-known Linux and security > developer who works for Google, explained recently that [...] Garrett's AMT FAQ makes good reading for people wanting to know more. https://mjg59.dreamwidth.org/48429.html?thread=1840429 This includes the fact that by _no_ means do all Intel chipsets possessing ME firmware also have AMT code that runs on it -- and how to query your machine to find out if it does. Most Intel systems don't have AMT. Most Intel systems with AMT don't have it turned on. It also includes the fact that the biggest concern is remote access to the AMT. If that isn't enabled, and there are various ways to ensure that it isn't, that concern (a remote backdoor) goes away. ___ skeptic mailing list skep...@linuxmafia.com http://linuxmafia.com/mailman/listinfo/skeptic To reach the listadmin, mail r...@linuxmafia.com - End forwarded message - ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
