It’s not really yours

Regarding my recent bout of paranoia regarding Intel kill switch in the CPU, which can basically allow America to brick your Intel-running computer if you are placed on some “black list”, because you’re “politically incorrect”, “enemy of America” or whatever bullshit they are throwing at Julian Assange. Essentially, any American-made CPU, chipset, BIOS etc. is not yours. You’re just allowed to use it while you comply with the guidelines imposed by America, which say that you must at all times be an obedient slave. If not, “American technology” will be taken away from you.

Let me quote some things from Wikipedia:

The Intel Management Engine (ME), also known as the Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel’s processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards. It is a part of Intel Active Management Technology, which allows system administrators to perform tasks on the machine remotely. System administrators can use it to turn the computer on and off, and they can login remotely into the computer regardless of whether or not an operating system is installed.
The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off.
The IME is an attractive target for hackers, since it has top level access to all devices and completely bypasses the operating system. Intel has not released much information on the Intel Management Engine, prompting speculation that it may include a backdoor. The Electronic Frontier Foundation has voiced concern about IME.
AMD processors have a similar feature, called AMD Secure Technology.
The subsystem primarily consists of proprietary firmware running on a separate microprocessor that performs tasks during boot-up, while the computer is running, and while it is asleep. As long as the chipset or SoC is connected to current (via battery or power supply), it continues to run even when the system is turned off. Intel claims the ME is required to provide full performance. Its exact workings are largely undocumented and its code is obfuscated using confidential huffman tables stored directly in hardware, so the firmware does not contain the information necessary to decode its contents. Intel’s main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs.
Several weaknesses have been found in the ME. On May 1, 2017, Intel confirmed a Remote Elevation of Privilege bug (SA-00075) in its Management Technology. Every Intel platform with provisioned Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME. Several ways to disable the ME without authorization that could allow ME’s functions to be sabotaged have been found. Additional major security flaws in the ME affecting a very large number of computers incorporating ME, Trusted Execution Engine (TXE), and Server Platform Services (SPS) firmware, from Skylake in 2015 to Coffee Lake in 2017, were confirmed by Intel on 20 November 2017 (SA-00086). Unlike SA-00075, this bug is even present if AMT is absent, not provisioned or if the ME was “disabled” by any of the known unofficial methods. In July 2018 another set of vulnerabilitites were disclosed (SA-00112). In September 2018, yet another vulnerability was published (SA-00125).
Critics like the Electronic Frontier Foundation (EFF) and security expert Damien Zammit accused the ME of being a backdoor and a privacy concern. Zammit stresses that the ME has full access to memory (without the parent CPU having any knowledge); has full access to the TCP/IP stack and can send and receive network packets independently of the operating system, thus bypassing its firewall.
Intel responded by saying that “Intel does not put back doors in its products nor do our products give Intel control or access to computing systems without the explicit permission of the end user.” and “Intel does not and will not design backdoors for access into its products. Recent reports claiming otherwise are misinformed and blatantly false. Intel does not participate in any efforts to decrease security of its technology.”
In the context of criticism of the Intel ME and AMD Secure Technology it has been pointed out that the NSA budget request for 2013 contained a Sigint Enabling Project with the goal to “Insert vulnerabilities into commercial encryption systems, IT systems, …” and it has been conjectured that Intel ME and AMD Secure Technology might be part of that programme.
As of 2017, Google was attempting to eliminate proprietary firmware from its servers and found that the ME was a hurdle to that.

The AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, is a trusted execution environment subsystem incorporated since about 2013 into AMD microprocessors. According to an AMD developer’s guide, the subsystem is “responsible for creating, monitoring and maintaining the security environment” and “its functions include managing the boot process, initializing various security related mechanisms, and monitoring the system for any suspicious activity or events and implementing an appropriate response.” Critics worry it can be used as a backdoor and is a security concern. AMD has denied requests to open source the code that runs on the PSP.
The PSP is similar to the Intel Management Engine for Intel processors.
The PSP itself is an ARM core inserted on the main CPU.
In September 2017, Google security researcher Cfir Cohen reported a vulnerability to AMD of a PSP subsystem that could allow an attacker access to passwords, certificates, and other sensitive information; a patch was rumored to become available to vendors in December 2017.
In March 2018, a handful of alleged serious flaws were announced in AMD’s Zen architecture CPUs (EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile) by an Israeli IT security company related to the PSP that could allow malware to run and gain access to sensitive information. AMD has announced firmware updates to handle these flaws. While there were claims that the flaws were published for the purpose of stock manipulation, their validity from a technical standpoint was upheld by independent security experts who reviewed the disclosures, although the high risks claimed by CTS Labs where often dismissed by said independent experts.

The fact that both American x86 CPU manufacturers have the same type of a low-level back door makes it highly likely that someone from NSA visited them and politely asked to put it inside and give them unlimited access, or else. Based on what is known, I would hypothesize on what is possible and likely, and state that it is likely that everything except Elbrus CPU produced in Russia, and ARM CPU produced in China from peer-reviewed schematics, is an instrument of American control, which will go dark if America orders it to. This includes Internet/mobile routers and other infrastructure. Notice how I implicitly count everything produced in Europe as essentially American-controlled.

My recommendations? There aren’t really any. If America does indeed utilize this, it will either be against select persons who occupy top positions on their shit lists, like Snowden and Assange, against foreign governments on their shit list, such as Iran, DPRK, Cuba, Venezuela, Russia and China, and they will pretend they hacked their computers using a virus or a Trojan. If they use it against you, it means you’re already fucked in so many ways and on so many layers before that point, that computer vulnerability will be the least of your concerns. But be aware of it and know that buying American means voluntary submission to their control.

Would Russia or China be any better if they happened to be in that kind of a position of power? Of course not.

 

Current state of Linux

Considering the current state of affairs where America started using their technology, including Windows and Android, as weapons of economic warfare (read: sanctions), I’ve been looking into Linux again and let me share my findings. The current state of Linux is this:

void fork(void v) {
    return fork(v);
}

Essentially, Ubuntu forks Debian, everybody else forks Ubuntu by adding their skin and a few configurations, and they are all pretending there’s variety and choice, and if you’re trying to get anything to boot on an old Macbook with Nvidia graphics, the same thing breaks almost everywhere in the same way, and when it doesn’t break immediately, you don’t know why, you only know it breaks on suspend and not on startx. Sure, I’ll give it the benefit of a doubt and assume it works better on modern hardware (they all actually work on my 15″ Macbook Pro with Intel graphics), but one of the often recommended usage cases for Linux is installing it on old hardware, thus giving it new utility. There’s even a website recommending what distros to install on an old Intel Mac, and they are obviously pulling it out of their collective butts because I tried top two of the distros on their list and none of them managed to boot into GUI. The important thing is that they are all so incredibly certain that Linux is better than Windows and Mac. Also, there’s so much variety, almost as much as in today’s politics. Tons of political parties and they all amount to shit.

 

Americans and nukes

I was recently asked (in person) why I think the Americans are considering starting a nuclear war if nuclear weapons are obviously world ending. I answered that the Americans don’t see it that way, and this article shows I was right:

“Using nuclear weapons could create conditions for decisive results and the restoration of strategic stability” said new DoD doctrine before it was taken offline (Steven Aftergood)

What was the reasoning behind my argument? I said that the danger posed by the nuclear weapons was incredibly overstated by the anti-war activists during the 1980s, for instance the entire “nuclear winter” argument is incredibly overstated and there is no reason whatsoever to assume a full nuclear exchange between three superpowers would produce global cooling effects that would be worse than the Mt. Pinatubo eruption, and mankind has seen much worse, for instance “the year without a summer” caused by Mt. Tambora eruption. The people who actually do the thinking for Pentagon have much better information than normal people do, and even better than I do, and I consider myself quite well informed in that regard.

The Pentagon analysts know the data obtained by long-term studies of the participants of Operation Crossroads:

The increase in all-cause mortality was 4.6 percent (relative risk [RR] = 1.046, 95% confidence interval, 1.020–1.074) and was statistically significant (p < 0.001). For malignancies, the elevation of mortality was lower—RR = 1.014 (0.96–1.068)—and was not statistically significant (p = 0.26). Similarly, leukemia mortality RR was elevated to 1.020 (0.75–1.39), but not significantly (p = 0.90) and by less than all-cause mortality. The increase in all-cause mortality did not appear to concentrate in any of the disease groups we considered.

TL;DR version for people with American-levels of attention span is that the Americans did a series of nuclear weapon tests in Bikini 1946, to see how nukes would influence surface ships. Everybody was exposed to radiation and all kinds of fallout including un-fissioned Plutonium, and when you read articles about it you expect everybody to have died from cancer within five years from the experiment. However, it turns out that, to quote Wikipedia, “one study showed that the life expectancy of participants was reduced by an average of three months”. In the time-span of half a century.

The data from other nuclear mishaps including Chernobyl shows similar, quite surprising outcomes. Stress from relocation is the main cause of death. People who didn’t evacuate from the exclusion zone had better health outcomes than those who were evacuated. The data from the Soviet K-19 submarine, nicknamed “Hiroshima”, where the officers decided to re-route radioactive coolant of the reactor through an external pump, spraying everybody on the ship with super-radioactive coolant, stuff got into the ventilation system and everybody was exposed to high levels of radiation. Of the crew of 125, “twenty-two crew members died during the following two years” (Wikipedia). Having in mind that they were sprayed with and/or inhaled radioactive substance while sealed in a metal container, one would expect everybody to have died of cancer; however, I’ve seen survivors living to very old age.

Essentially, you can even survive the levels of radiation exposure causing acute radiation sickness and live to die of old age in your 80s. Radiation is quite deadly in extreme doses, but those extreme doses are actually extreme, the kind Pripyat firemen received during their unfortunate attempt of putting down a reactor fire in Chernobyl. However, there are strong indications that both wildlife and humans can be exposed to quite high levels of radiation in the Chernobyl exclusion zone and live quite normally.

Also, the amount of radioactive fallout released during the Castle Bravo fuckup was so large, it’s what one would expect from a limited nuclear war with dozens of atmospheric MIRV warhead explosions, and guess what, we’re still here. So, having in mind what I know, there are very good reasons to believe that the Pentagon people know more. Knowing more, they fear nuclear war less. However, the potential for miscalculations is great. They may plan for a limited nuclear exchange within a tolerable range of outcomes, and things may escalate wildly and end up as something altogether different.

 

YouTube is fucking everybody

Apparently, I’m not the only one noticing that YouTube is putting all but the extreme leftists content creators on a roller-coaster ending in a place where nobody wants to be, because waters of the Shit Creek are a treacherous expanse.

Let me put this in very clear terms. The reason behind this is not and can not possibly be commercial. Why? Because YouTube (read: Google) is promoting content everybody went to YouTube to avoid. They are promoting the “main stream” media which is deceptive, worthless, uninteresting, stereotypical and boring, and nobody wants to watch it. On the other hand, they are burying the super-popular channels that make them a shitload of money in ads. People call what they are doing “disneyfication”, but I don’t see it this way. You can’t make money by promoting things everybody hates and suppressing things everybody went to you to watch. It’s how you commit financial suicide. The motive, therefore, must be political.

The way I see it, people in power (basically, people nobody voted for but also people who pick whom you are allowed to vote for, and people who tell the elected people what to do, or else) were scared shitless when Trump won the election due to a huge support from Infowars and independent popular YouTube channels, who broke CIA’s information blockade that is present in the “main stream” media. Now, in order to stop the “problem” of actual democracy repeating itself, they are asserting their influence over YouTube and other forms of social media, and that’s very easy to do, because if you’re CIA, and you want to do something, it’s much easier to pressure one or few individuals on top of a huge corporation, than it is to pressure thousands of individual creators/reporters. Basically, you either threaten them or bribe them, or both. If they don’t obey, you make an example out of them, like Assange.

We are heading to a very, very dark place, where “dark web” might be the only place that’s safe for expressing thoughts and opinions, because everything exposed to the light of day might also be exposed to outright persecution. And when I say “might”, I mean it might actually become obvious to the ordinary people soon. I understood where this was going at the point when I saw Facebook’s user interface, which is designed to make humans interface in computationally friendly ways. Also, I know what all the cameras watching the streets are for, and what the financial KYC enforcements and “prevention of money laundering and financing of terrorism” are for. We were very carefully and meticulously trapped in a surveillance state, where we will be bred for taxation like cattle, and every possible way of engineering a successful revolution is being cut off in advance. However, it’s not like that hadn’t been tried before. Every totalitarian state tried intimidating the populace against a revolution by letting them know what odds they are facing, and how many of them are still around to brag about their effectiveness and their power? People invented democracy as a trick exactly because this kind of shit doesn’t work. The only way you keep people from staging a rebellion is by convincing them that they are already in power. You can’t do it by making the price of rebelling too great. That’s the first thing that’s been tried by every single dictatorship in the past, and none of those are still around. When people feel they have been tricked and someone is controlling them, it traditionally never took very long for them to just kill everybody in power, regardless of the fact that people in power always had the military on their side, or so they thought.

 

How frog gets cooked in the cloud

How much computer power do we actually need for normal tasks? Does the difference in computational power influence the end-result? Can you tell a difference between an article written on a desktop or a laptop? The last question sounds incredibly silly, I know, and yet when I watch the tech YouTube videos there’s an impression that if you’re a “real pro” or a “power user”, you’ll need “MO PAWAH”. The poor-people tech made for the plebs just won’t cut it, you’ll need the shiny new thingy to keep up with the times. Only the 7nm node size will cut it.

Several things happened recently. First, a new Intel bug was discovered, possibly rendering modern Intel CPU machines vulnerable to attack unless you cripple the CPU by disabling almost everything on it. Second, America embargoed China by limiting access to all kinds of software and hardware technologies, from Android and Windows to x86 and ARM. If we add that to things that are already known, such as the Intel kill switch, and all kinds of technologies that make it theoretically possible for the manufacturer to brick the motherboard of your device remotely, on a low-level of access through the onboard networking hardware, BIOS and the chipset, because America put you on a list of “sanctioned” individuals, for whatever reason.

Microsoft is introducing a “politically correct” spelling-checker into Word. Online censorship is rampant. Witch hunts are out of control. I can easily imagine some AI identifying “politically incorrect” people online, through their cloud service logins, and I can easily imagine hardware and software manufacturers full of “social justice warriors” performing acts of “social activism”, for instance triggering a “stolen device kill switch” on your motherboard remotely if you write too much “right wing” or “racist” content online. If you think this is paranoid, imagine being Snowden or Assange, and imagine what can be done to their computers if they are identified remotely, and if it’s done by someone really powerful, like NSA, or Google, or Microsoft. Now imagine this being automated, delegated to an AI system that will check your login against a list, and then simply “deplatform” you by bricking your PC, because after all, Nazis can’t be allowed to speak.

All of this made me think: what would I do if I was targeted by something like that? Using a web browser made by a huge corporation is a vulnerability. Using cloud services is a vulnerability. Using an operating system made by a company that’s BFF with NSA is a vulnerability. Using Intel, and possibly even AMD CPU is a vulnerability. Using a motherboard with a chipset and a BIOS that isn’t made transparently is a vulnerability. So, if someone decided to brick my computers that run Windows and Mac OS on Intel, and my iPhone and iPad stop working, or at least stop connecting to the Internet and accepting my login into Apple services, what would I use to get online?

It turned out that I have one machine that is most likely to remain working: a Raspberry Pi 3B+ that I have under my desk running Linux, a machine I manually hardened and which runs 24/7 hosting mysql, ssh and apache. However, that’s not all. It also runs a LXDE GUI, with a complement of Office tools. But this is an extremely weak machine. Its CPU is a rounding error between two geekbench measurements of my main desktop PC, and I’m not even exaggerating much. Its “disk drive” is a micro SD card, and the entire computer can fit on my palm. However, there’s a catch. It is basically Android smartphone hardware converted to serve a different purpose and run a different OS. People use Android smartphones to do things online every day and don’t give it a second thought. But can you plug a smartphone board into a monitor, keyboard and mouse, run Linux and do normal tasks, like researching things online, taking screenshots, writing and article in OpenOffice, logging into a CMS and posting the article on your blog? Yes, you can.

In fact, it turns out that this small tiny computer is more powerful than the machines I used to write most of my books on. And I edited them in OpenOffice, printed them as PDF, and then used Linux command line tools to split the PDF into PNG images of individual pages, and then publish those on my website in the online reader form. I did all that on an IBM T43 laptop, which was less powerful than this Raspberry Pi thingy. Of course you can do it, and in fact that’s how I wrote this article; I connected the Raspberry Pi instead of my desktop computer, and used it to drive my usual peripherals. It doesn’t feel slower when you write the document; you can do most things just fine. I used computers with less power and memory for most of my career, because that’s what we had then. It’s actually quite smooth; I installed Gimp from the terminal while writing this article and not even a hiccough. Then I used Gimp to crop a screenshot and save it. It did it just fine. I just got used to computers that do the same things faster, that’s all. Using this thing didn’t degrade me into stone age. I could even plug my external HDD into it and process raw photos from my camera if I had to. I would use dcraw, rawtherapee and gimp instead of lightroom, the way I did for years, and guess what, you wouldn’t be able to tell the difference, because I did it exactly that way for five years and nobody could tell the difference between that and lightroom anyway. I just got suckered into using tools for lazy people, tools that make it very easy, but that don’t actually do anything I couldn’t do manually with some more effort. I could also do just fine without the online cloud services, and guess how I know? Because I was here before they were. I was on the Internet and finding my way around quite well before Google was a twinkle in its authors’ eyes. Some of those tools made things easier, but the price might be too great. Ease and comfort, apparently, can be weaponized as a vector of attack. You make it easy for people to access the same file from several devices and they don’t stop to think that their files are stored on someone else’s computer in unencrypted form. You make it easy for people to connect to other people online and they don’t stop to think and realize that their entire social life is now owned by a company whose primary motive is to sell you to the advertisers, and to control the entire experience as to be more presentable to the advertisers. Also, that they hire fuckwits who studied feminism and social justice and who want to change the world to be more like an American college: meaning, that it requires less thinking, more feeling good about yourself, and excluding everything that gets in the way of feeling good and not having to do any thinking.

However, someone bricking your PC might actually be a lesser concern. A greater concern might be someone blocking your Visa card because you’re on some political list. Also, the banks might not allow you to open an account. You might not be able to get a loan for a house or a car despite your stellar credit rating. Police might track your whereabouts using your phone, because you’re on a list of “extremists”. You might be stopped from boarding a plane. You might be taken off a plane in an islamic country that has you on some shitlist, because you criticised Islam online. Those threats are actually more real, and I’m actually not making those up; that shit actually happens now, as we speak. It’s just far less common than it could be, once the technology proliferates. So, sure, I used a PC made from a phone chip to write an article on the Web, big deal. I can maintain the same kind of online presence with rudimentary technology, and nobody would notice the difference. However, that proves one interesting point: that the advancement of technology in the last two decades was actually much less drammatic than one would think. We just got used to the fat and expensive tools that do basically the same job as the old lightweight free ones. Also, it means that America can cut the rest of the world from their technology, and the rest of the world could do just fine with Raspberry Pi boards made in China for $1, and they would actually be forced to get more creative with resources and possibly find better ways of doing things. Being reduced to simpler computers wouldn’t actually degrade life much, because faster and better computers didn’t upgrade it much. They just made it easier for stupid and incompetent people to think they are advanced, smart, trendy and techy, while in reality they are just stupid consumers.

So, what am I going to do now; continue using Raspberry Pi as my main PC? Hell no. It can only display a 1080p image on my 4K monitor, which makes everything blurry. Also, I have to pay attention to memory use because it only has one gig of ram, and so on. But I know one thing. If America does cut me off from American technology, I will find whatever piece of junk that runs Linux and connect to Russian-Chinese Internet, and I will do just fine. I used to write code on a potato when Web was an experiment on Tim Berners-Lee’s Next cube, I wrote books on computers that couldn’t walk and fart at the same time, and I can do it again if necessary. The only thing that’s actually scary for me is thinking how easy it was for me to get used to the idea of giving up privacy and security just to make things a tiny bit easier and more comfortable. Because of this, I might actually start intentionally giving up various online service that make things unnecessarily easy, but at a hidden cost. I will also give Linux a second chance.

However, if that is scary to me, there’s another thing that should be scary to the Americans, and that’s the idea of a smart person that’s comfortable using Linux tools on a Raspberry Pi instead of a Macbook. Because that person might understand that he can do just fine without all sorts of things that make him a slave. For instance, he might understand that the AGC computer that got people to the Moon was computationally much weaker than the toy I’m writing this article on, and that St. Augustine and Isaac Newton used ink and parchment.