Talos Secure Workstation Is Free-Software Centric — and $3100 [Updated] 117
jones_supa writes: These days, the motivation to use open source software for many people is to avoid backdoors placed by intelligence organizations and to avoid software that has hidden privacy-intruding characteristics. For the operating system and userspace software, open choices are already available. The last remaining island has been the firmware included in various ROM chips in a computer. Libreboot has introduced an open BIOS, but it is not available for newer systems featuring the Intel ME or AMD PSP management features. Talos' Secure Workstation fills this need, providing a modern system with 8-core POWER8 CPU, 132 GB RAM, and open firmware. The product is currently in a pre-release phase where Raptor Engineering is trying to understand if it's possible to do a production run of the machine. If you are interested, it's worth visiting the official website. Adds an anonymous reader about the new system, which rings in at a steep $3100: "While the engineers found solace in the POWER8 architecture with being more open than AMD/Intel CPUs, they still are searching for a graphics card that is open enough to receive the FSF Respect Your Freedom certification." Update: 02/08 18:44 GMT by T : See also Linux hacker and IBM employee Stewart Smith's talk from the just-completed linux.conf.au on, in which he walks through "all of the firmware components and what they do, including the boot sequence from power being applied up to booting an operating system."
Update: 02/08 23:30 GMT by T :FSF Licensing & Compliance Manager Joshua Gay wrote to correct the headline originally appeared with this story, which said that the Talos workstation described was "FSF Certified"; that claim was an error I introduced. "The FSF has not certified this hardware," says Gay, "nor is it currently reviewing the hardware for FSF certification." Sorry for the confusion.
Re:Duh (Score:5, Insightful)
Open == Auditable
With closed hardware you don't have the ability to verify that it's secure and trustworthy. With open hardware you would.
Re: (Score:2)
How are you going to verify the silicon? Does the NIC send a few random packets to an ip address? You'd never know without auditing every packet sent.
Re: (Score:1)
The thing you can audit is the firmware. At least in theory.
Re: (Score:2)
How do you verify that every bit of your food isn't poisoned/contaminated/adulterated in some way?
Of course, if you gave up eating altogether, that uncertainty would go away.
Re: (Score:3)
Well, if you audit your food you will be disgusted...
http://www.fda.gov/food/guidanceregulation/guidancedocumentsregulatoryinformation/sanitationtransportation/ucm056174.htm [fda.gov]
If that's too long, CBS made a little photo tour
http://www.cbsnews.com/pictures/11-revolting-things-government-lets-in-your-food/ [cbsnews.com]
and then there is water, no simple chart from the EPA on that...
http://www.epa.gov/dwreginfo/drinking-water-rule-quick-reference-guides [epa.gov].
We got to the point that you have to roll your own BIOS. So we have a
Re: (Score:2)
I didn't read this as saying "open == secure"; rather I read it as "secure -> open", which is a very different thing.
Re: (Score:2)
Agreed, but at least you can be sure that there is no built-in spyware.
Well, no, you can't, unless you build and burn the firmware yourself. Binary code being different from the alleged source code has happened before.
Re: Duh (Score:1)
The only plus side is the generous RAM. I think there is plenty of room in the x86-64 space for that amount of RAM at that price point.
If one is so paranoid as to need some special rig certified like this, one should a) not be using co
Re: (Score:2)
The only plus side is the generous RAM. I think there is plenty of room in the x86-64 space for that amount of RAM at that price point.
That price does not include the RAM...or GPU or SSD/HDD or case.
For around $3,100 USD, security-minded individuals and corporations can own a Talos Secure Workstation mainboard with an entry-level 8-core 130W POWER8 CPU, heatsink / fan assembly, and ATX I/O shield.
https://raptorengineeringinc.com/TALOS/prerelease.php [raptorengineeringinc.com]
Re: (Score:1)
I dunno about all the rest but I just recently had a new laptop built and shipped to me. Well, it's not a laptop per se - it's a mobile workstation. At any rate, I've yet to figure out what to do with more than 16 GB of RAM. I don't notice much of a speed increase when I go from there to 32 GB of RAM. My laptop has 64 GB of RAM and, try as I might, I've not yet found one useful way to use that RAM and I've not noted one bit of speed increase from 32 GB - at all.
Oh, it's fast. It's blazingly fast. It has a c
Re: (Score:2)
java -Xmx132000m ....
Re: (Score:1)
I do program a little bit but I am not a programmer - even though I have done a lot of programming in the past. While I was programming I was not really a very good programmer. Oh, it worked. Eventually. It even did much of what I wanted, in some fashion. I had someone with me at the start, he was a CS grad who did more "ops" than "dev." I just kind of asked him if he wanted to help so he doesn't really count for this metric. The first person I hired, after the business was running, was a programmer.
I progr
Re: (Score:2)
it was a joke. java (jvm) will eventually fill all available memory if you allow it to (with that -Xmx switch). if you just want to see your ram filled up, simply use java software like cassandra, elasticsearch or hello_world and wave your memory bye bye.
i also have 64 gigs of ram and it often isn't enough when i play with virtual machines.
Re: (Score:1)
I have 20 tabs open in Opera, that's based on Chromium. Currently, it indicates that I'm running 6.7 GB. I think I've seen it peak at around 14 GB as I recall - with normal usage. It can eat a bit more when compiling or something similar but that doesn't even really eat a whole lot. Then again, I really don't do as much with a computer as I used to. So much of my time is just as a passive consumer. I'm working to change that - thus the excuse to buy this laptop. It's pretty damned sexy.
Go stupid with the co
FPGA GPU is About it ... (Score:2)
if you want an open enough GPU card. It won't have much for GPU performance but it could be all open. Oh and don't forget to only use the fully open FPGA tools or kittens may die.
POWER8? (Score:2)
Does it run Microsoft Windows?
Re: (Score:2)
Re: (Score:2)
Woosh!
Re: (Score:2)
Re: (Score:2)
We had someone earlier who asked what a DLL was [slashdot.org] just a bit earlier today.
Even more incredibly, he got modded +5, Informative.
O tempores, O mores... *weeps*
Re: (Score:2)
I've no idea, but I was rattled enough by the notion that I used "earlier" twice in the same sentence.
Re: (Score:2)
I've no idea, but I was rattled enough by the notion that I earlier used "earlier" twice in the same sentence earlier.
TFTFM.
Re: (Score:2)
Okay. I guess the community's dumbed down enough that asking whether an open hardware system (running on a POWER chip could run the security nightmare which is Microsoft Windows 10) could run MS Windows could conceivably be a valid question.
My, how this community has slid. :-(
I'm just going to go back into lurking mode and tend to my lawn, I guess.
Re: (Score:1)
Don't let it get you down. It seems to be improving enough that I actually remarked on it in my journal earlier. I've noticed a bunch of familiar faces coming back and posting again (though some of them seem a bit sheepish at first). I've noticed a LOT more lower ID numbers in the threads. The quality of conversation and comments has gone up, quite a bit actually, in just the past week and a half. I'm not sure what that says about the person asking about a DLL but it does mean that there *might* be good thi
Re: (Score:2)
The signal-to-noise ratio has definitely improved; spamming and clickbait seem to be down quite a lot. Article selection has got heaps better IMNSHO.
Re: (Score:2)
It wouldn't be secure any more if it did...
OH MAN BURN!!!
Re: (Score:1)
No, and this is a strong selling point, given how much Windows 10 spies on its users, even when you ask it not to report to Redmond.
Maybe you can emulate it, with suitable filtering on the network packets.
Re: (Score:3)
What about.
Mac os X?
Amiga os 4.X?
Re: (Score:2)
OS/2?
Marketing vs real world application (Score:1)
Re: (Score:2)
Of course, part of the skill of advertising is to say one thing which readers will interpret to mean something else. But that is the fault of advert readers hearing what they want to hear for whatever reason.
I don't have to write advertising. But I do have t
How did they get 132GB RAM? (Score:2)
I've clicked through the links and I can't find anything that actually says how much RAM you get on this system.
Re: (Score:1)
According to the prerelease specs [raptorengineeringinc.com] page, it's actually 256GB.
Re: (Score:1)
According to the prerelease specs [raptorengineeringinc.com] page, it's actually 256GB.
With ECC! Which makes it look not cheap, but decent. Intel charge an arm (not an ARM) and a leg for ECC capable processors.
Re: How did they get 132GB RAM? (Score:1)
No they don't. i3 and most Pentiums support ECC.
Re: (Score:2)
Enable ECC fix logging in bios.
Not running you application. But I once paid the extra for ECC. After a year of more or less full time operation, I had one ECC fix. Granting I had a buttload less memory than today.
Re: (Score:2)
Ignoramus. It's the e3 and e5 server/workstation chips that support ECC, not the i3. That said, there are some e3's that are pretty good buys and work in the same socket 1150 and 1151 motherboards as the i3/i5/i7, but it's pretty hard to find MOTHERBOARDS that support ECC RAM for anything less than a king's ransom. Hard but not impossible. There are a couple of excellent Asrock "workstation" socket 1150 ATX motherboards at well under $200, and with excellent s
Re: (Score:2)
Pentium, 2015 model, with ECC.
http://ark.intel.com/products/... [intel.com]
Re: (Score:2)
Go to page 2 of the phoronix.com link ... 131073MB of RAM (1024x128) ... which, as you point out, is probably 128GB in terms of being 1024x1024x128.
It is listed, but the interpretation of how much that actually is might be sketchy.
Re: (Score:2)
You didn't drill down deep enough. They're not specifying an amount of RAM (it hasn't been released yet; when released they'll probably sell varying configurations), but the specs say "8 DDR3 RDIMM slots w/ ECC support (2 memory controllers, 256GB maximum)".
Re: (Score:2)
8-core POWER8 CPU, 132 GB RAM, and open firmware.
Your interpretation of the website matches my own and for essentially the same reasons.
Re: (Score:2)
With four 33GB.
They where originally 32GB, but the manufacturer was having a sale and was giving an extra GB free !
(orsomethinglikethat)
LOL ... outlawed? (Score:2)
But ... but ... didn't the Empire outlaw Talos worship [wikia.com]?
Re: (Score:2)
No, but Mr Spock got court-martialled for taking the Enterprise back to Talos [wikipedia.org].
Thats all well and good but... (Score:2)
Some security observations (Score:5, Interesting)
Making some observations from recent events, I've noticed:
1) You can order a computer, and the delivery can be intercepted [thewire.com] so that spyware can be installed. Especially laptops, which are difficult for the end user to peek inside.
2) The Intel management engine is essentially an attached microprocessor with complete and total remote control [hackaday.com] of your system, including access to all peripherals, the network, the disk data, and the ability to wake up and run while the main computer is off.
3) The Intel built-in programmable number generator was built in a way to be unverifiable [arstechnica.com]. Essentially, the system reads physically generated random data and puts it through a hashing algorithm before giving it to the user. If the random number generator section is damaged (say, if someone modified the chip mask films before fab), you will get much less than the advertized 256-bits of entropy, but because the data is hashed there is no way to tell.
Buy American!
Re: (Score:2)
Re: (Score:2)
The thing I find most funny about this is that most people pay extra for a motherboard with these features.
Re: (Score:2)
Buy American!
Given the myriad (and I'm not using that term in jest here) of ways that a computer could be compromised, I am not the least bit worried about 1 and 3. Number 2 is a bit more interesting but so far it's nothing that can't be blocked at a firewall and as always restricting physical access should be a priority.
Not clear if this is really totally open source - (Score:2)
Probably not.
There is firmware in the BMC - the hard drives, several other places - are they making the claim that ALL of these have open source code? Open microcode?
I didn't see any mention of Linux Bios.. hate getting information via videos.. You really don't need a separate processor to start up the main one - and it provides huge security holes when you do.
I've wondered what systems the spooks use for their security - there are hints about power 8 - not sure.
Re: (Score:2)
(Disclosure: IBMer working in Power Systems, opinions my own)
For the BMC, it appears that they're looking to use OpenBMC [github.com], a project started by Facebook and now being continued by IBM.
They're also going to use the OpenPOWER firmware stack - Hostboot [github.com] for system initialisation, Skiboot [github.com] for runtime firmware/BIOS and the OCC [github.com] firmware for on-chip thermal and power management. All of this is Apache-licensed.
POWER8 processors do require an external CPU to boot them - either an IBM Flexible Service Processor or a th
I'd consider this (Score:2)
I still have Mac Mini (Freescale PowerPC G4) which I used for Debian development for half a decade, and which is now idle with a FreeBSD 10.2 install at present, and while I went to Intel and AMD for my last two systems, I'd certainly welcome a return to an affordable POWER system. I've been pretty disappointed in the state of open hardware for a good while.
I was looking at the offer for an OpenPOWER system from Tyan (http://www.tyan.com/campaign/openpower/) but I'd prefer a workstation rather than a rackm
I'll Wait For v4 (Score:2)
There IS an open source GPU (Score:2)
http://hardware.slashdot.org/story/16/01/20/171226/open-source-gpu-used-for-research
Re:Mostly for criminals (Score:4, Insightful)
I have plenty of things to hide and I have broken no laws. I have a right to be secure in my papers. I have the right to hide communications I have made with my associates, especially when it comes to political communications.
You can take your fascist "IF YOU HAVE NOTHING TO HIDE" bullshit and shove it straight up your ass.
Re: (Score:2, Insightful)
and I have broken no laws
Oh, but you have.
I promise you that you have.
Everyone has.
Re:Mostly for criminals (Score:5, Insightful)
Nobody ever said that Free Software = Cheap. "Free as in speech, not as in beer" is often heard. This is Free Software 101 stuff.
As for not imagining anyone spending that kind of money on a workstation, compared to what it'll get you in the Apple Store, some would call it a bargain. Note that it's being called a "workstation" and not a "desktop". For some people, there is a real difference.
Re: (Score:2)
Re: (Score:2)
For 3100 we could get a quad core Mac Pro with dual graphics cards. This Talos thing is just a bunch of RAM. Does it even come with flash storage?
I suspect the comparison to a Mac Pro is not really the point, but no it doesn't come with flash storage. In fact that RAM figure is just the amount that is supported, it doesn't actually come with any.
Re: (Score:2)
I've been wanting to buy a reasonably powerful and reasonably priced open machine for a while. You used to be able to get MIPS machines running Loongson CPUs, but they don't seem to be available any more.
Anyone know of anything suitable?
Re:Mostly for criminals (Score:4, Informative)
I was originally modding, but I feel compelled to point out that the RAM does not appear to be included in that $3100 [raptorengineeringinc.com] - just slots. It's just a motherboard, power supply, and the CPU for $3100.
So what you stated doesn't appear to be accurate in the least.
Additionally, a previous Phoronix article stated they only got remote access for testing this thing - so at present this is basically the equivalent of a Kickstarter promise.
It's an interesting idea if you have enough cash, though.
Re: (Score:2)
That would be this [phoronix.com] article?
How do you make the equation "only getting remote access" EQUALS "the equivalent of a Kickstarter promise."?
The company are reasonably well-known (I looked at them several years ago when I was considering replacing my day-to-day laptop with one whose video chip hadn't just got static-fried), and they're very
Re: (Score:2)
The same hardware running closed source software is likely to cost even more...
Software can easily be free of cost, but that's much harder to do with hardware because there is a cost associated with each and every unit produced.
Re: (Score:1)
Oh look, another shitstain of a person who probably whines up a shitstorm whenever some company loses his medical record to hackers or the like, but God forbid anyone try to secure their shit against five-eyed freaks or squinty-eyed chinks, because only terrorists and pedos want to protect their shit from being hacked.
Re: (Score:2)
It's about 1½ times what I paid a couple of years ago to have someone build me an x86_64-based workstation with 8x2 cores (Haswell IIRC), 16GB RAM, a heap-big SSD, and a few other choice goodies.
So... What kind of porn did you say do you like to watch? And what's it worth to you not to have the answer revealed, whether or not you feel like responding to the question?
Re: (Score:2)
Okay, seems the $3100 is just for the mainboard + CPU. SO maybe not quite as good a deal as I originally thought.
Re: (Score:2)