Timothy Pearson from Raptor here...so if storage becomes a main concern it definitely becomes less expensive to lease a dedicated box vs. a VPS from Integricloud, and that's by design to some extent. The Integricloud architecture is centered more on making sure that your data stays private than competing directly with Amazon etc. that simply don't have the ability to make any assurances beyond general platitudes in that area (for starters, they don't control the firmware on their own machines), and the design (and pricing) reflect this different approach to cloud services.
The dedicated boxes are also unlimited data transfer, and you can put in some fairly large storage arrays inexpensively. We have a bunch of projects that are using dedicated boxes for development work, for example we sponsor Adelie Linux with one, and so far they've been very happy with the service.
Nothing formal, but if the service itself does go down (i.e. your VPS drops and can't be restarted due to a service problem, or connectivity fails, etc.) refunds / service credits would be issued. We really haven't encountered this enough to have a formal policy as of yet -- the redundancies we use are quite good.
Anyone wanting control of a powerful modern computer is part of the target market. We just haven't been able to drive the price down further at this time -- doing hardware design around fully open source firmware is hard and a lot of the typical shortcuts to lower costs (including the always-concerning "post-sale monetization" concepts) simply aren't something we find acceptable on any level.
Basically, it doesn't do anyone any good for us to lower cost by giving up the full owner control experience that is centric to our product lines. :)
You might be ascribing quite a bit more leverage to System76 than they actually have here. No one is going to get Intel or AMD to allow open PSP/ME firmware -- AIUI even Google, with the truckloads of chips they buy, isn't able to influence that decision at either x86 vendor. Plus, System76 isn't the ODM -- that's Clevo from what I understand, so their influence on the two x86 CPU vendor(s) will be so far removed as to be quite insignificant IME.
Now, offering something else (ARM, RISC-V, POWER, anything but x86) as a truly open source alternative, then seeing if there was any reaction, might start to apply some small degree of leverage. Definitely there would be more potential opportunities to meaningfully discuss design goals with silicon vendors other than Intel and AMD. Who knows, maybe this could still happen...it'd be pretty easy / cheap to get some POWER desktop offerings lined up based on existing mainboards, and Clevo might be persuaded to do an ARM laptop design based on one of the Chromebook SoCs... ;)
With our baseline blob-free systems, we picked parts that were firmware-free, had open firmware, or could have open firmware written in the future. This is why we don't have onboard 100Gbe, Thunderbolt, or other interfaces that would require relinquishing control of the system to an external vendor. However, the resulting products are quite functional as both PCs and servers, with no real complaints or concerns over the I/O given the multiple PCIe Gen 4 slots available. My understanding is that very few ODMs do this, as they don't want to make that tradeoff, but this is how you apply leverage to silicon vendors long term. And you know what? It's working (outside the GPU sphere at least) -- Raptor isn't the only one pushing hard on these topics from the OpenPOWER side, and so far we've been able to get the silicon we need for our current product lines.
> You might be ascribing quite a bit more leverage to System76...
This may be true, but I think that selling corebooted computers is literally just a marketing gimmick. If a computer ('s motherboard) is corebootable, I can coreboot it myself, or lacking the technical skills, ebay have it done for ~$50 (maybe with video proof that the flashed rom is what is expected by showing hashes)
I don't expect ANYONE to be able to make intel or amd do anything about this situation, which is why I acknowledge your point:
> Now, offering something else (ARM, RISC-V, POWER, anything but x86) as a truly open source alternative...
I would love to see a POWER laptop, but I don't have the technical knowledge or money to help make this happen.
What I think is holding this back the most is that there are very few people with an ecosystem where they can compile all their own programs, meaning that 99% of computer users won't be able to make use of the general purpose computer underneath, because the software they NEED for their work absolutely will not run on it.
As a user however I think freedom is paramount, I'm about to finish up my CS undergrad, and about 3 years ago I became aware of the issues surrounding freedom in computing (literally never brought up in any of my classes), and I bought all the components needed and librebooted myself a thinkpad x200, which I've been faithfully using with parabola/debian ever since. Thankfully this as a platform was within my financial reach.
> With our baseline blob-free systems...
I laud the efforts of raptorpcs, but these systems are completely out of my reach. My previous sentence should show that I'm willing to compromise a lot to have freedom (no usb 3.0, I stopped playing games that have proprietary code, rebuilt my ecosystem so as to never have to move away from totally libre software etc)
I recognize how the fact that these machines exist means that a motivated company can choose to have a free system and that's great!
What I'm looking for as a normal user though is a LAPTOP that has these features, and that's why I get hype when someone claims to have one, but it's always a dissapointment, eg. purism.
I feel like I'm ranting, but it's honestly a little unclear what I'm responding to.
Which, it should be noted, is impossible due to Intel's hardware-enforced signature checks.
Even if a key were to be stolen from Intel it would then be illegal to use in all Western nations. The ME is off limits to everyone other than Intel and its partners, enforced by both the hardware signatures and some of the most heavily enforced (in terms of consequences) legislation on the face of the planet.
Of course that won't stop malware authors, who couldn't care less about replacing the ME firmware to make it secure, but do care very much about the fact that they can hack into the stock, signed Intel ME firmware, then install their malware in a nearly impossible to detect position.
That depends heavily on where you're transmitting (i.e what frequency and bandwidth you use) along with the power you're transmitting at.
First, as a ham radio operator, no, you can't just go and start blasting away from an SDR even in the ham bands. You have to follow strict rules, including a non-commercial content rule and you must not use encryption. The ham bands are for people to experiment with new radio technologies and more importantly communicate with one another using those technologies on a hobbyist level -- encryption and commercial use does not help those goals.
That being said, there are chunks of radio spectrum that are effectively "public domain" where you can transmit within certain ERP (effective radiated power) limits without the ham band restrictions on content, protocol, etc. Traditional WiFi lives in one -- the block set aside for microwave cooking devices, and therefore with a near-unusable noise floor for anything but short range communication like household WiFi.
OK, that makes sense. And yes, it causes problems for coreboot -- AIUI there are no modern AMD systems supported, because AMD has not allowed use of the AGESA blob in that way.
Honest question: why do you consider System76 to be building new roads by using locked hardware and offering partial open source firmware for it? Wouldn't the new roads kudos be more appropriately given to all of the folks that made real open hardware happen (RISC-V, OpenPOWER, etc.) years before this partly-open-source system announcement went out?
In my mind the RISC-V folks especially were real trailblazers in this space -- they took massive risks when no one, and I mean no one, was doing open source CPUs beyond soft cores. IBM focused more on open firmware, then eventually opened their ISA, but x86 vendors have had no such forward vision in their history -- the x86 vendors have followed in this space, not led, for well over a decade, and indeed both sides of the x86 duopoly (Intel and AMD) are both separately on record as having stated their goal is to take control away from the machine owner in whatever manner they need to in order to fulfill their DRM contracts.
Even with this laptop announcement, if I'm honest, more following is being demonstrated -- the coreboot user community had open source firmware ARM laptops (Chromebooks) available quite a long time ago, why weren't those hailed as building new roads when they appeared? Does anyone really think we would have reached a point where an x86 vendor would be trying to advertise even partly open source firmware without the pioneering efforts of the competing, truly open architectures?
To the downvoters: I'm guessing you wanted to run Windows 10 "safely" somehow, or sandbox your games. There's almost no other reason to be this stuck on x86; at the end of the day it's just a consumer architecture that some well known privacy disrespecting software requires to run. It's not even that great of an architecture from a technical perspective, it just happens to have the financial weight of the prosumer market behind it right now.
Here's reality:
This laptop won't stop Windows exfiltrating your data. These x86 systems are leaky, they require sizeable amounts of low level binary firmware to even boot, and proper isolation is near impossible. Try sticking a PCIe diagnostic system on an open PCIe slot and sending commands to the WiFi or Ethernet card -- most likely it'll respond [1]. Then consider the firmware in the various controllers attached to the PCIe bus, including your GPU.
It's probably a violation of your game's anticheat system to try to sandbox it. It's definitely a violation of the NVIDIA driver EULA to run it in a virtual machine, unless you pay the enterprise driver license fees and use a server grade adapter. The kind of adapter you won't usually find in a laptop, by the way.
This is a topic that I find very frustrating. We all know you want to do the above. It can't be done without license violations all over the place, or head-in-sand make-believe "security", on modern x86 hardware. No wishing, hoping, etc. will make this change.
[1] Yes, this is known to happen on specific x86 systems that I have personally tried (in that case, it was a malfunctioning GPU writing to the disk controller!). Invalid cross-device access was also tried on a POWER box, where the invalid accesses were blocked and logged as intended.
I gave that comment a downvote because I thought it was disrespectful.
System76 have been providing practical solutions for running free software on available hardware for years now. That does indeed deserve kudos, even from you.
Keeping a kilowatt of computing power running at all times at home and connecting to it with a dumb ChromeOS terminal as you're suggesting is quite honestly not a viable solution for many people. And excluding practicalities (which a real person, of course, cannot) it might even be worse for security depending on your threat model.
That may be. However, I was using Linux on bog-standard computers before System76 was even founded -- preinstalling Linux on a computer isn't exactly revolutionary, and it's in a completely different league from the work that has been required to bring up entire new CPUs (!) to compete with the increasingly locked x86 systems.
No idea where you're getting a kilowatt from. My desktop uses maybe 120W or so, with a lot of that going to the AMD GPU.
If we're going to trade barbs over ecological damage, what happens to all those Intel and AMD systems that would have been useable if they had just had updates to the locked/signed firmware, but are instead floating around in landfills because the vendor decided they wanted to enforce their control and not issue security updates?
> That may be. However, I was using Linux on bog-standard computers before System76 was even founded -- preinstalling Linux on a computer isn't exactly revolutionary
System76 is making free software computing more attractive and available. You might think of what they do as easier than what you do, and you might disagree with the way they prioritize security over other factors in their products, but I still think it's pretty bad of you to imply that what they're doing is not valuable to this community.
What they are doing in that space is valuable. However, with just a bit more tweaking, they could offer something a whole lot more valuable in parallel, and leave this whole semi-open x86 issue behind. If they were to offer even a couple of actually open source firmware systems, and indicate somewhere in the marketing that the x86 boxes are only partly open source, that would not only eliminate the entire controversy here but also allow them to take the next logical step in open software. If their core mission has basically been to make open source easy to consume, that's a worthy goal; why not go a bit further and make open source on open hardware with fully open firmware just as easy to consume?
Clearly there's demand, from the comments in this thread alone!
I'm a fan of what Raptor is trying to achieve but you perhaps need to go easy on the company Kool Aid. Hijacking another manufacturer's comment thread to push your own agenda is one thing, ranting and being disrespectful is quite another.
Let me take this opportunity to ask you a question here after you making clear the problems you see.
Hardware becomes more complex and can include internal software that from a user perspective is just part of the hardware. But in fact, it is software running doing complex things outside of the oversight and control of the user.
Do you have plans to not just have open software but also open hardware? Do you hope to offer a device in the future with not just free software, but with the source files of the integrating hardware like the motherboard as well as of the chips like CPU and auxiliary ICs? Do you see a possibility to start with an open RSIC-V CPU?
Actually, yes! We're closely monitoring the development progress of the open toolchains for various FPGAs; with POWER ISA now being open for implementation by anyone anywhere, I could easily see a future where extremely sensitive work is seamlessly moved from a large closed ASIC like the current IBM POWER chips to a completely software compatible, but significantly slower, soft SoC running in an FPGA. Or even an ASIC, if methods are eventually developed to verify the ASICs match the input design files at scale (i.e. non-destructive testing).
This seamless transition is one of the key benefits of an open ISA in my mind; development and testing of algorithms can be handled on the closed but top of the line (i.e. extremely powerful) ASIC, then when sensitive data is being handled that same binary can literally be run without changes on the soft core or other slower, but open, system. You could even compile on the slower ultra-trusted system, and test the binary on the larger ASIC -- lots of interesting possibilities here!
That is exciting! Open and well-documented FPGAs are definitely useful and very interesting to have in a device. Have you looked into OpenPiton [0], PULP [1], BOOM [2], or lowRISC [3]? While I'm hopeful that you find these projects personally interesting, I'm also looking forward to eventually see them in devices. Sorry for not listing any open POWER CPU/SoC projects as I'm not aware of any. Please share if you know any.
It's also structured very well, quite clean for learning purposes etc. The current goal so far as I know is to perfect this core, and fork for a more complex / powerful variant. Maybe by the time that's done, the open FPGA tooling will have caught up enough to be able to run a usefully fast (~200MHz) POWER soft core, all in FPGA logic...
I'd strongly prefer a ppc64 core over a RISC-V core for one simple reason: we have a wide deployed base of very powerful ppc64 machines, and not having to keep cross compilers and related environments around is a massive streamlining step that we don't even know the full effects of yet (it hasn't been legal until now to have the SoC under development running the same architecture as the high end workstations and servers used to develop [for] it). The demo of using mainline GCC on a POWER box to build a binary for the Microwatt (that would also run on the host with KVM, if desired, for fast trace and debug) was most impressive.
I wouldn't be surprised -- it's a gaping hole for anticheat software if not addressed. In fact, long term the anticheat is going to have to require a completely locked-down (console-like) experience from boot firmware (ME/PSP attested) through OS and userspace, or it will not be effective.
Which is one reason why I don't rent games on Steam, and why I bought a PS4 instead. If I'm going to have to game on a completely locked down system, I vastly prefer to do it on a system that doesn't touch any of my personal data and for which I can still buy permanent, resalable (and yes, even lendable) games on physical media.
PC gaming hasn't interested me since Steam on Windows with mandatory anticheat became the primary way to play games.
Because not everything is about FSF-purity standards. Running a profitable company while providing as many open packages as possible is commendable. Pushing to open more is. But jeez, would it hurt to show some love to people who genuinely do care at least a bit about open firmware?
And yes, a lot of us do love OSS but also have clients who require windows compatibility. Some of us do deep learning and need good GPU/Cuda support. We all do compromises with OSS ideals, and it is GREAT to have people like System76 fill in that niche.
Otherwise the choice would be only between pure-FSF machine that run only some specific distribs of linux (I do own a novena, you know) or totally proprietary system that come only with windows and 50 GB of crapware. Without Systm 76, I would just be buying another DELL so thanks and kudos to them.
Thanks and kudos to the people who also uncompromisingly prepare an open and resilient ecosystem of open chips, open GPUs, open firmware.
But please do show some love to each other and dont get stuck in an absolutist position where you can't see the difference between people trying to find a market to OSS pieces and promoters of walled gardens.
I still don't understand why you would even care about the firmware if you're running Windows. To me, that would be like building a fortified, ultra-secure rear doorway into a run down barn with a gaping hole where the front doors used to be.
If these efforts were even potentially likely to result in open x86 systems someday, I wouldn't be as opposed to them as I am now. But when you have both x86 silicon vendors on record as being contractually and legally unable, let alone unwilling, to allow owner control, all I see is a massive waste of effort with a known incomplete (i.e. partly closed) endgame. Worse, that effort is detracting from other efforts that are providing fully open computing right now, today.
My recommendation has always been to use the commodity x86 world's greatest advantage if you have to use Windows: cost. Get the absolute cheapest possible Windows system you can find that still has enough power to support your clients, plan on replacing it every so often as Windows churns along, and actually invest in a secure, open computer for everything else.
x86 is a closed ISA with closed, locked, signed firmware. All appearances are that it will stay that way permanently, with just enough late-stage open firmware allowed to create sufficient marketing confusion in less technical circles. Why not select and embrace one of the open ISAs for non-Windows computing? Who knows, you might be helping make secure / non-hostile computing happen on a large scale just a little bit faster! :)
For the same reason I cared to run linux even before we had open BIOS. Would you have been shouting at young Torvalds that he was wasting his time trying to write a free OS in a world of proprietary hardware?
We won't get to a fully open ecosystem in a day. It wont be a single project, and the more experimental parts you add to the platform, the higher the cost you pay in instability, complexity of maintenance, and performances.
I am not always running windows. But I have it installed for when I have to test aginst it.
I am not a dissident, a journalist or a spy, so my threat model is not the NSA or PCC prying on my contact list.
My threat model is the scenario "Microsoft and a random hardware vendor team up to make sure <Technology X> can never work on linux" which history has shown to be a credible one.
Actors like System 76 fight against it and I am grateful.
Getting CPUs, motherboards, GPU and drive drivers provably clean and incapable of spying is a magnitude harder, starts being feasible, but so far I am not in a category where I absolutely need that. I am pretty happy that some people start offering that too but it helps no one to pretend that people working on these parallel lines are somehow opposed. That's a self-defeating attitude!
pgeorgi has a valid point in that if you go for the cheapest off the shelf building block type DDR4 solution for your silicon design (won't name names here, but it's a widely known vendor in the silicon block space), those controllers come with mandated binary-only firmware. IBM (and apparently Marvell?) both didn't use that cheap off the shelf solution and also decided to release their training code. Kudos to both companies for bucking the trend here!
That cheapest COTS block also has the advantage of being battle tested by the big customer base.
Since you presumably have pretty good contacts into IBM: ever asked if they'd consider pooling resources with other vendors around their interconnects in an open forum?
Not sure if DDR4 (or USB, or even PCIe 4.0) silicon is a huge differentiator for them, and those protocols all thrive on interoperability: no need for IBM (or Marvell, for example) to figure out all the issues with real world peripherals on their own.
The general answer is yes and yes. That's why OMI / OpenCAPI are being released as standards, with RTL / HDL. I think at this point there would be more appetite for a next gen interface like DDR5 vs. DDR4 to be released, but I'm just speaking personally from general knowledge here.
The dedicated boxes are also unlimited data transfer, and you can put in some fairly large storage arrays inexpensively. We have a bunch of projects that are using dedicated boxes for development work, for example we sponsor Adelie Linux with one, and so far they've been very happy with the service.