Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I seriously doubt either Intel or AMD ship different silicon to the NSA or whoever else. At least from what I've read, the only difference (at least on Intel) is the "NSA bit", that can actually be turned on on any chip these days. System76 actually ships machines with it enabled by default.


The NSA bit? Do you mean this setting to toggle Intel ME?

https://www.csoonline.com/article/3220476/researchers-say-no...


Yep, that's the one. I've heard people referring to it as "the NSA bit" because it was supposedly implemented at the request/demand of the NSA.


If true, the irony of the NSA asking not for their hardware to (possibly) spy on them is rich.


What is ironic about it? All spy agencies, everywhere on the planet, do two things:

* spy on others

* try not to get spied on


The Intel Core 2 Duo/Quad was the last CPU where the "Management Engine" could be completely wiped and disabled.

This is my experience in removing the ARC firmware code from two different HP desktops (I attached both BIOS images):

https://github.com/corna/me_cleaner/issues/233

These PCs are quite inexpensive. I run OpenBSD with hardened Chrome on one of them, for all of my finances.


If you're going through all that effort, then why bothering with hardening Chrome? Why wouldn't you start with Firefox, which doesn't require unGoogling to be considered secure?


OpenBSD's Chrome had pledge() first, but you're right, I should consider Firefox.

However, there was a recent Firefox bug in OpenBSD, and the patches weren't applied uniformly. It does seem that Chrome is more consistent, and gets more attention.

https://undeadly.org/cgi?action=article;sid=20200109141600




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: