Most powerful computer that is guaranteed to work with qubes?

I wish it was a threat model… We’re talking actual threats here. Don’t get me wrong bro I wasn’t trynna enforce anything on u, I just don’t understand the practicality of putting an OS built for privacy and security on hardware that’s built to offer zero of those two things… it’s about as bad an idea as sticking it inside virtualbox for windows. Unless you just wanted the eye candy in which case nevermind :rofl: Qubes do be looking gorgeous with the color window borders n whatnot

For several billion PC users out there, do we have a single confirmed case of iME-based attack? I think the “tinfoil hat community” mindset harms Qubes in just every aspect – usability, actual security and adoption. If we had got our focus more realistic, we would be out to the moon already.

please continue in the existing more relevant thread:

5 Likes

It’s a government mandated exploit… and the government in question has basically already won global geopolitics. What does a “confirmed case” look like in your mind? How do you even begin to prove to the world that IME/PSP were used nefariously against you when you’re sitting in a dark CIA basement in Cuba waiting for your next round of tortures?

I much prefer to call a spade a spade while I still have a voice. But hey, if you didn’t see the problem when you didn’t find the “turn off scary spy feature” button in your BIOS, then idk what else to say to u lol

Show me ANY direct evidence of a case where iME could be a vector. Just ONE. I do not buy the bullshit that it is so smart and so deniable there couldn’t be any. If it is THAT stealth then no one would risk it against such a low importance target like you or me and get it exposed on a random packet capture from our IDS, so it is irrelevant again. Ah, the uberhackers from NSA hack that IDS too to eliminate evidence… man you should seek professional help.

Also, apparently you have zero idea about principles “tailored access operations” are based on and how decisions are made.

Meanwhile, meditate on this picture daily: xkcd: Security

1 Like

Why isn’t the fact that it even exists evidence enough for you…? Why do you need me to show you the bad when there is already a distinct lack of good?

Here let’s take a step back and make sure we’re even talking about the same thing. As far as I’m aware, IME…

…is a little system-on-a-chip type situation that lives entirely inside your CPU, that
…knows everything you type, everything you see, everything you hear, everything you say
…can directly tap into your RAM, your VRAM, your network traffic
…even has functionality to extract encryption keys from stuff you are actively de/encrypting,
…and then send it all back to whoever remotely activated the system, and to put a cherry on top
…it is able to do all of this when your computer is turned off.

It probably took them millions of dollars to develop this mf… and then they want to tell us it’s all for the sake of tech support and easing remote system administration or some crap like that? Bro TEAMSPEAK LOL. How can you defend this? How can you see this as anything but a state-level troll and a vile attempt to usurp freedom and privacy away from the people of the internet?

And no I didn’t know about TAO till I bravesearch’d it just now… alright so do YOU know how their principles and decisions are made? So you work for them or something? Do you glow in the dark by chance? :eyes: Must be nice if so.

I’ve seen that comic before LOL, let’s talk about digital vs. physical security. The man’s data in the comic had medium digital security but poor physical security. What if you have high digital AND physical security measures in place, except that your system has IME/PSP? Everything else you did goes out the window, just because you wanted a higher FPS in roblox or whenever eBay finally runs out of pre-IME legacy parts. Why do you want to put up with that giant achilles heel on hardware that YOU paid for…?

1 Like

It is not about “physical” security. It is about adequate threat models. You better focus on OPSEC and… do you live in vacuum? Do you communicate within a closed community of think-alike individuals who follow the same rules? Did you personally screen every person there? Most likely it does not require to risk burning a billion-dollar-iME-backdoor to screw you… if anyone is that interested. Which I doubt. So get some peace of mind, relax and let other people buy a more powerful computer if they want to. Why don’t you buy a cluster of physically separated rPi’s then? It would be more secure than Qubes, if you think the security is above all and usability does not matter.

Also you need to take time to understand how things work (both how iME works and how your adversary operates) before jumping into amateurish (emotional, unbalanced, costly and ineffective) conclusions about what is best to protect yourself. Way before you start to dictate them to others as a universal truth.

Most likely it does not require to risk burning a billion-dollar-iME-backdoor to screw you… if anyone is that interested. Which I doubt.
Bro idk if you was trynna be funny with that one but :joy: :ok_hand: :rofl: :rofl: :rofl: I’m dead LOL

Why are we talking about me so much anyway? It’s YOUR pc, it’s YOUR data they’re gonna be looking at, potentially against your will, and it’s YOUR freedom that will be infringed. I don’t wanna tell you what to do… at this point I’m only still here because you seem to underestimate the technology and I wanna at least make sure you’re not deluding yourself on purpose… in which case I would have to insist some more that you snap out of it.

I love how you call my conclusions amateurish but you don’t seem to know much more than I do about the nitty gritty details of this thing, or am I wrong? At least I have conclusions. Perhaps it’s the wrong conclusion (and I hope to god it is), but it’s the only one I’ve been able to come up with. Your conclusion is just “idk and idc”, which would be completely understandable if it weren’t for the fact that you’re using Qubes. Qubes didn’t just run into you! You found Qubes because you were looking for something. That’s why I can’t accept that you just don’t care about your privacy.

I think the point you were trying to make about the vacuum and the community is that anyone around me can come get me at any time, is that correct? If so then yes, at least for now that’s all I have to worry about. Physical assailants and zero-day exploits. That’s how it has always been, those have always been the two things you can’t defend against. But now in the era of IME/PSP, the glowies can do with the click of a single button what may at one time have required a dedicated surveillance operation, and YOU are subsidizing that commodity for them and against you. NOW do you see the problem or do I gotta go buy more stims?

Nope, unlike you my “idc”'s are based on obvious quantitative estimations based on current data, and you are spreading unfounded FUD. If you think that if we assume iME backdoor to exist it is a matter of “single button” or could be done unnoticed on broad target sweep, it is you deluding yourself. Give a second thought. Do lower and upper bound estimations. Just stop panicking and start thinking. When you start evaluating the “adversary economics” in numbers instead of assuming that evil guys have unlimited capabilities you can see much more clearly. Yet it is completely offtopic here, let’s move to another thread.

Like this one:
https://forum.qubes-os.org/t/a-little-exercise-about-ime-for-fellow-tinfoil-hat-community-members/16337

You have plenty of cases to learn on: Snowden, Pegasus, 0day brokers, operation manuals for known government spyware – how different agencies and different countries handle it. Do your homework.

I didn’t read the entire thread after this, but I just want to point out that old hardware that no longer receives microcode updates will be exposed to known vulnerabilities like QSB-081. So, it’s not as though the trade-off is just between old hardware without ME and new hardware with better performance.

5 Likes

Hello, I have a very powerful desktop setup running Qubes Os (not the "most powerful "tough :crazy_face:)

  • CPU : I9-12900K = 16 cores/24 theards (I don’t use Intel HT Technology for security reasons so the 24 threads are not available on Qubes Os.

  • Motherboard = MSI PRO Z690-A DDR4

  • Main memory = Kingston FURY Beast 128GB (4x32GB)

  • SSD = WD_BLACK 4TB SN850X

  • Firmware = I use Dasaro open source firmware for my UEFI

Everything is working perfecty for me with this setup. :wave:

1 Like

Except when the breaker trips from the surge when you fire that beast up!

Do the neighbors complain about the lights dimming?

:smiley:

1 Like

Hahaaa! I didn’t know my PC had the power to dim the neighborhood lights. :face_with_peeking_eye:

Do the neighbors complain about the lights dimming?

If the neighbors complain, I’ll just invite them over for a front row seat to the show! :smirk:

Hopefully they’re understanding and won’t mind a temporary dip in lighting every now and then. :crazy_face:

1 Like

I ordered topton s600. Not exactly the most powerful thing, but something dangerously up to date :slight_smile: Will keep you guys informed.

I have exactly this setup all working perfectly well. The only difference is that my are Kingston FURY Renegade instead. I even managed to get the 4090 graphics card working with passthrough.

1 Like

Unfortunately, desktop CPUs have inferior builtin graphics.

Nice :smiley:

Are you using this setup as a server, since our motherboard (Z690-A)as many server capabilities? :thinking:

We also have several GPUs at work like the NVIDIA TITAN V, RX 7900 XTX, 4090 etc… But I never tried to run Qubes Os with those graphics card! From a personal perspective, I don’t have the need to put an external GPU on that setup.

The UHD 770 iGPU is plenty enough for me :ok_hand:

Not really. Right now it’s just for testing.

1 Like

Do you know about laptops? What is most powerful laptop that is guaranteed to work with qubes? With and without IME neutralized? Thank you!

gpu passtrough is working? what about performance?

The VM takes about 3 minutes to boot. But othen than that, it feels near native. I haven’t done much testing, though. Intensive graphics workloads seem to run fine as well.

2 Likes