Talos™ II drives the state of the art of secure computing forward. Talos™ II gives you — and only you — full control of your machine's security. Rest assured knowing that only your authorized software and firmware are running via POWER9's secure boot features. Don't trust us? Look at the secure boot sources yourself — and modify them as you wish. That's the power of Talos™ II.
That is fkin nice to be honest. There is so few which do this. totally already worth the price. (open source bios/boot procedures etc.). It's a total mess trying to get such a setup on a x86 server machine. i think there is a grand total of 1 server board which support coreboot (?)
The main criticism against Purism laptops is that they still contain proprietary blobs (from Intel) in the coreboot payload. We have no way of knowing what's in those blobs.
Purism tries to be free, and is a step up from other vendors, but doesn't go far enough for some people.
They are a lot better since investing in the me_cleaner project. Not all of the management engine can be removed, but it can be neutered (most of the binary deleted, including the network stack).
I used to think Purism was a sham, but now that the ME can be neutered I find it an acceptable compromise.
The very best option right now (and dirty cheap, ~$200 new) is to get an Asus C201P / Flip Chromebook. It uses a Rockchip ARM CPU, and if you disable 3D acceleration (which is slow anyway) and use an external wireless antenna, you don't have any closed firmware in your computer. Not even CPU microcode firmware.
This is unique. Of course, it's a machine targeted by Libreboot:
I guess that if you install GuixSD, given all binary packages can be verified against the source, and there are some decent sandboxing facilities you can get pretty great security.
At the moment GuixSD doesn't yet work on ARM. Not much is missing and you can use Guix as a package manager on top of some other variant of the GNU system, but GuixSD on ARM is not quite ready yet. Give it a couple more weeks.
Don't take my comment to mean that Purism is evil, just that you aren't getting some ironclad security guarantee. This explains the "controversy" better than I can (http://www.pcworld.com/article/2960524/laptop-computers/why-...). Purism is certainly a step up from Lenovo that was shipping computers with rootkits installed.
If you wear a tinfoil hat then you're going to be better off with a libreboot laptop, but you have to accept that you will never use a computer made after 2008.
I think that the niche that a Purism laptop fills isn't worth the price premium. A laptop from a main vendor plus a security conscious OS install (full disk encryption, two factor authentication) is fine for me.
So just to be 100% clear, and for the edification of everyone (myself included);
It is literally safe to assume that every single device is 100% compromised and the 5eyes, can if they wish, monitor every single thing you do, based on these issues, correct?
But then, you also have to think that every service that you use, outside of your own 100% controlled purview (I.e. Literally any cloud service) is also summarily compromised to the point that you cannot say that one is completely secure...
That's a rather strong way of putting it, but yes, you should assume that every device you use can be penetrated by a sufficiently advanced and motivated actor. You should also be comfortable with the fact that state level actors have been recording information so that they can reach into your past should you ever become a problem with them. In that mindset, you have to create a security environment such that the truly advanced actors aren't motivated enough to bother with you. At the same time, don't leave your front door wide open so that any teenager can walk in and steal your TV.
I'm personally not worried about the 5eyes (but anti-gov activists should be). I'm worried about the smart kid who can use metasploit to take the banking info off my laptop in the middle of the night without me knowing it. A Purism laptop doesn't protect me from the smart teenager any more than an HP does. Full disk encryption and a Yubikey probably does, along with a decent firewall. Using cloud services where I encrypt my data before uploading is better than one where I transmit unencrypted (or where the cloud service controls the key).
A company willing to drop several thousand dollars on a Talos II might be worried about corporate espionage, so they might be willing to pay for a verifiable bios.
The NSA has to worry about thousands of hackers from dozens of countries around the world, so they are willing to pay for custom silicon.
Of course, you also need to consider physical security, which is like this: https://xkcd.com/538/
The lazy part of me thinks that using a POWER based system as my desktop for internet related activities provides one of the best protections from shitty, buggy software. No one's exploit is going to include POWER based shellcode to go along with their vulnerability. My browser might crash, but that x86 shell code isn't going do to shit.
You can buy somewhat older hardware with Libreboot from various outlets including Minifree.org, tehnoetic.com, Zerocat.de, and Vikings.net. They all offer x86 hardware that works without blobs and without ME.
(Of course they don't solve the problem of firmware on disk controllers or network chips, but there is no such project yet.)
Yes, they are without blobs. They come with Libreboot, a coreboot distribution without blobs, not vanilla coreboot.
Similar notebooks with Libreboot are offered by vikings.net, tehnoetic.com, and zerocat.de; minifree.org is the business of Libreboot's main developer and former lead, so buying from them directly supports development of Libreboot.
I applaud them for pricing the board at around $2000 (though with the CPUs it's obviously more expensive). This sits squarely within my budget for a high-performance and trustworthy workstation like this (even accounting for taxes). However I would also have payed for faster CPUs (up to ~$1000 each for an 8- or 12-core processor).
Does anyone know if all POWER9 processors fit into that socket, and if yes, if there is anyone selling POWER9 in retail quantities (preferably in Europe).
Another question that isn't answered on their page is the payment options. Like many fellow Europeans I don't have a credit card, so if that is the only way to pay, I'd have to jump through a lot of hoops to buy this.
I wonder how much power this system will consume on idle? I read IBM significantly improved the power management with POWER9, so here's hoping 8 cores of this won't take significantly more than the 110W idle of my 8-core Piledriver system.
Power 9? Last I looked no one was even selling power 8 on the retail scale. Tyan had some finished? Systems kind of sort of available? And that was it. I thought IBM had stated they wanted to challenge and take Intel on in the data center and cloud space. But they sure are not doing a very good job. Sham because the hardware is a breath of fresh air.
I think this is a common misunderstanding. The US seems to use "credit card" to refer to all payment cards, but is rarely limit to just _credit_ cards.
I think the distinction between credit and debit cards is more commonly made in Europe.
I mostly mean that I don't have a card that can be used for payment over the usual networks like MasterCard (unless those “Maestro”-cards do work, which I doubt), Visa or AmEx …
Depending on the merchant and the bank, debit cards might not work. For example, the debit card from my bank will not work if used to pay at Amazon (allegedly the bank is too strict about payment details and Amazon doesn't provide something). I had to get a credit card specifically because of this (the debit card works everywhere else I tried it).
My debit card from Wells Fargo is referred to as an ATM card on the card itself. Using my PIN was required and even then some merchants would error. Since the switch to chips in America I haven't had an issue with the card being declined except when a merchant requires me to fall back to reading the magnetic strip.
I'm stateside, but I've had lots of success paying for things online and at places in person that want a credit card by just giving my debit card (and not saying anything, ofc).
For contrast, I'm Swiss, and all of my debit cards have either been Maestro or PostFinance (in Switzerland, the Postal Service runs a bank which maintains its own debit card scheme).
Maestro is technically a MasterCard debit card, but I'm not aware of a possibility to use it for online payments. VPay (i.e. "proper" VISA debit) is starting to make inroads.
I have been keeping an eye on Raptor and Talos for a while now, and it's super exciting to see another cpu-platform with security and openess in mind. As a GNU+Linux guy, has anyone had any experience with GNU+Linux on the Power platform? What kind of differences could I expect. I've been itching to build a new AMD Naples 64 core (2x cpu) server, but I have to admit I'm tempted to just do AMD Ryzen for my upcoming desktop build and do a Talos II for the server.
I was curious as well and it seems the latest Ubuntu LTS has POWER8+ as a supported architecture[1]. Debian should also run just fine I imagine. Hopefully someone else has actual experience on how it runs.
No idea recently, but even back in the apple PPC days pretty much everything worked.
The things that didn't were typically lesser used desktoppy things or more community written software that didn't take endianness into consideration. If you're not afraid to dig into sources alot of things only took adding an endianness hack / byteswap to certain lines to make things work properly.
Also to check into are some languages/compilers/interpreters simply might not have a backend for your CPU. If you use any of these critically you might double check; common things like perl/python/java/ruby should be fine.
I'd expect most server-side / computation oriented things should be fine- desktop, etc, not so sure especially since noone is making any power based workstations these days, though remote GUI mgmt is still useful in some annoying cases
Overall stability, barring per-platform issues should be fine as well.
basically, if you don't mind getting your hands a bit dirty from time to time, it should be okay; not sure of support for this particular board / firmware/ etc though..
hopefully someone with recent experience can confirm
Most Linux work for modern POWER seems to be for the ppc64le target, which runs the CPU in little endian mode.
That being said, there's probably a lot of libraries with x86-64 ASM kernels in them which will run slower if they have to use the generic C/whatever version on power.
In terms of network effects of ISA-specific optimizations, it's problematic that not only is the workstation so expensive but POWER8/9 cloud availability seems to be only for orgs that buy a lot of compute time.
If you are a dev who isn't being paid by e.g. IBM or Red Hat to work on ppc64le stuff, it seems hard to get access to running your code on real hardware and running on qemu doesn't really make sense for optimizations.
It seems to me that the ISA could benefit from scaling down so that more developers had access.
They're already scaling down … in the POWER8 Talos campaign, the cheapest CPU option was something like $1300, the CPU they're offering here is only $300. And the board, because you don't need expensive memory buffer chips anymore, is almost half the price as then.
Most things should be similar. Proprietary drivers (like for graphics cards) obviously won't work (though the firmware should, I reckon, since that's independent of the host CPU). Proprietary software in general probably won't work unless you can convince the vendor to ship a POWER build. Even some FOSS might not work fully (or even at all) if it relies too much on specific architectures (in particular, I know V8 - and therefore both Chromium and Node.js - only very recently got POWER ports).
I personally run OpenBSD on all my (Apple) PowerPC hardware; it seems to work a lot more reliably than the Linux distros I've tried (in particular, I remember the install process for Debian being rather painful on PowerPC due to OpenFirmware, while OpenBSD is just as easy as it is on x86: mash the Enter key until you have a working system; at most, I sometimes need to tweak some boot settings at the OF prompt, namely if it was previously running OS X).
I have a PowerBook G4 that was at one point a daily driver, plus an eMac that was running at one point but needs a new hard drive; those were/are both in desktop roles. I also have a Power Mac G5 and an XServe G5 in server roles. All of them have OpenBSD 5.9 installed (except the eMac, which had OpenBSD 6.0 installed before the hard drive failed).
The XServe and Power Mac are in storage right now, but I'd like to get the Powerbook upgraded to 6.1 eventually (I want to stick full-disk encryption on it, too, so I'll probably just blow away the existing install and start from scratch).
6.1 for macppc doesn't ship with any web browsers except for text-based and Netsurf sadly. It struggled on my 1Ghz iBook speed wise too. I am going to give it a fresh look on a DP 1Ghz Quicksilver too.
It seems they're not all that interested in marketing to end users, despite the talos ii "bare-bones" kit available for pre-order on the site - I couldn't find any reviews of the previous talos I/power8 system online - i would assume they'd at the very least get someone like anadtech, ars or one of the many Linux journals to do some hands-on testing / free marketing?
I mean, if I had too much cash, I'd be tempted to get one, but I'd probably be even.more likely if I could see some blender rendering benchmarks and Linux kernel compile timings etc...
I don't think Talos I was ever released. They created a backlash last time by hyping an unavailable and unaffordable product so maybe the low-key approach is better.
There was a crowdfunding campaign, but it failed.
This new product however can be directly preordered (and for much lower price: the board costs little more than half of what Talos 1 would have and the CPUs they are offering right now cost about a quarter of the cheapest option back then)
I don't know, if they don't have any units the can give out to do tests on at this point, what are the odds that the whole thing isn't another round of vapourware? I hope I'm wrong.
[ed: That is to say, if they couldn't get the one tested because it didn't exist, they should be twice as hard at work getting the mk II tested - and I can't see any evidence of that either.]
The price of the mainboard is almost divided by 2 compared to Talos 1, but the workstation bundles are as expensive or even more.
I bet it will fail as Talos 1 did, for the same reason: way too expensive for what it is, for the concerned/hobbyist audience, leaving it for a tiny part of the professional audience... which is not ready either to put their trust in an unreliable project and prefers safe bets.
That's par for the course for a workstation. Actually on the affordable end, which is surprising given that it's using POWER9 which I figured would be expensive (by virtue of not being x86).
Compared to the RISC based propietary Unix workstations of 20 years ago, the price is really good.
At work, our CAD people have machines that are in the € 1,000 - € 1,500 price range. Those machines are fairly big and powerful, at least compared to our regular desktop PCs.
It is possible to spend more money on a workstation, if one wants or needs to, and get a more powerful machine. Far more.
Depending on your use case, our CAD machines might be lightweights. But the amount of computing power you can get for € 1,000-1,500 these days is insane compared to the landscape 20 or even 10 years ago.
I am certain the Talos II offers good performance for its price. My point was that I would like to have a machine that comes without any opaque blobs or "management engine", but I am not going to spend that much money on it. I'd be happy go get such a machine in the € 500-1,000 price range at correspondingly lower performance.
This is excellent, glad to see these guys trying again. They attempted a crowdfund of this project a year or two ago and didn't raise enough, which was a huge disappointment. Hope the second try is the charm.
Despite the high cost (when compared to 'comparable' x86_64 hardware) I am very excited by this.
However I'm concerned by desktop Linux support and graphics driver support. It would be really miserable to get this kind of machine and then have a lacklustre desktop experience (though I'd be using it as a high-horsepower workstation, it would need to be able to dump computations onto the GPU and use ordinary free productivity software on the side).
POWER was historically the architecture for "I don't care about efficiency, I just want a fast machine!". This hasn't really changed. For some applications they are still substantially faster than any x86 system, but they're almost always far less power efficient. That's why they're not widely adopted in data centres.
> That's why they're not widely adopted in data centres.
I don't think that's the entire picture..
If you're running systems at full capacity, throughput vs power consumption becomes a relevant equation - e.g. if the chip runs code 2x faster but is 1.5x less power efficient, I'm still saving .5 of power to get the same data processed.. Not sure of power consumption specifics for POWER, but they've been about to 4x faster than PC for some workloads.. E.g. 4GHz CPU + giant cache and 4x the registers will tear through matrices like a hot knife in butter... Also, there's the question of density vs performance - e.g. I only need X sq units of datacenter to process this dataset within the timewindow..
Also, historically the only people 'needing' power and willing to pay for it were companies with deeper pockets who wouldn't mind shelling out for AIX and the rest of the IBM stuff that goes along; linux is to some extent an 'afterthought'/'second tier' OS for this market though that has been changing in last few years. People using IBM or AIX have typically tended towards being risk averse and have been on POWER for ages; for everyone else, people haven't wanted to spend the money to migrate to a platform controlled by one company, etc.
They are selling Scale-Out processors here, which IIRC “only” have 4-way SMT (which will, given IBM's track record, still actually give a ~2.5x improvement over no SMT, unlike <1.5x for SMT2 in Intel/AMD)
POWER CPU cores typically have N-way hardware threads, like 8 or so usually. So you're probably looking at something closer to 32 hardware threads per socket. The original Talos offered 12 core variants (96 per socket!) but had no dual socket config. Also, the memory bandwidth and cache on these things is insane even compared to top of the line, absolute highest-end Xeons, so there are many factors besides raw CPU count.
I don't know if those numbers are upped with a POWER9 CPUs (I wasn't even sure if POWER9 was really shipping yet?)
It is; the question is, can you put the 24-core chips from IBM in the same socket? For that matter, what on earth is the socket name for POWER9 (or POWER8)?
After some more looking around, talking to someone on reddit.com/r/openpower, and looking at the new site information; the thought is that these are 50 mm × 50 mm Sforza sockets and the 4-core CPUs are 12-cores with 8 cores disabled.
IIRC they're a bit better than an Intel core on a single threaded load with some variance depending on the workload. But going from 1 to 2 threads per core increases the Power 9's throughput by 80% instead of the 20% you expect with an Intel core. And you can go up to 8 threads per core for something like 120% the total throughput of 1 thread. All those numbers for threads per core are also highly workload dependent. The more cache misses the more SMT helps.
>Like many fellow Europeans I don't have a credit card, so if that is the only way to pay, I'd have to jump through a lot of hoops to buy this.
I find this surprising. At least in Portugal it's now common to buy stuff online with a credit card, either with an actual card or with one of those simple services the bank provides where they generate a virtual card on demand for you to use for a single purchase.
This is quite surprising. I assume you mean it's offtopic for this particular discussion and not offtopic for HN in general right? Even so it seems strange to shut off a discussion like that just because it started from a tangent of a topic. What's the benefit?
Edit: there are also 2 other sibling comments that are about the same topic and left behind.
The discussion isn't shut off, it's just that users shouldn't have to scroll through a long digression about credit cards at the top of a thread about the Talos.
Anecdotal of course, but here in Austria I know a lot of people without credit cards (myself included). The people who own credit cards are mostly frequent travellers, since it's easier to buy plane tickets if you have one (I was lucky enough to always have had at least one person with a credit among my travel partners, so I could just pay them by bank transfer or in cash later). AFAIK no one in my close family circle has a credit card.
edit: According to the Austrian National Bank the number of issued credit cards in Austria was 2,85 mio. in 2012, compared to 8,5 mio. debit cards (population: 8.747 million (2016)), and the amount of credit cards was growing rapidly. Seems like there are more people with credit cards than I thought.
I also live in Austria. People look at me very weird when I try to pay with Visa/Mastercard credit cards at retail shops rather than using the worthless Maestro debit cards. I don't have any friends who have credit cards.
The real problem here has nothing to do with credit cards though, but with the unavailability of Visa/Mastercards debit cards in many European countries. For example, in my home country, Romania, very few people have credit cards, possibly even less than in Austria (edit: after your edit, definitely less), but everybody has a Visa/Mastecard debit card. No such thing in Austria. I heard that even in Germany it's hard to get a Visa/Mastercard debit card.
People don't want credit cards for various reasons, that's fine, although personally I don't agree with their reasoning, but Visa/Mastercard should still be available as a platform rather than being restricted to credit cards.
Interesting. I have to admit, I didn't even know there were MasterCard/Visa debit cards. If I may ask: Why do you think Maestro debit cards are "worthless"? Because they aren't part of the whole MasterCard/Visa ecosystem, or for other reasons?
A Visa debit card, at least the one I have, can "pretend" to be a credit card so you can enter it into a credit card payment form same as with an actual Visa credit card. It has worked for every online payment I tried so far. As far as I know, you can't do this with a Maestro card (at least not with mine).
The advantage of that over an actual credit card is security and cost control: I have a separate bank account only for my Visa debit card. This account has overdraft disabled and will bounce payments instead at no cost to me. I keep a balance close to zero on this account. When I want to pay something online, I quickly do a transfer in that amount from my main account to my "Visa account", then pay. This will immediately subtract funds from my account, or the payment will immediately fail if there isn't enough (but there will be as I just transferred it).
This means my card is fraud-proof except in the unlikely case of someone managing to make a payment during the couple of seconds between me pressing transfer in my bank app and pressing pay wherever I'm paying. And even if they did that, they'd be limited to the amount of my intended purchase.
In general, almost useless for online transactions (the whole point of this sub-thread).
Apart from that very low worldwide acceptance, and even when it's accepted in theory, it rarely works in practice in countries not accustomed to them. For example when I go to the US I often see the Maestro logo on various retail shops or PoS machine, but I have never been able to successfully make a transaction, ever. In fact, even ATMs are sometimes hit and miss, though those usually work.
Oh yeah, and they are in general unusable with hotels and car rentals, even in Europe.
It's the same with Amex in Europe. Almost all big supermarkets (Spar, Merkur, etc) display Amex sign on their entrance, but I have never met an employee that knew what to do with Amex cards. At least Amex cards, unlike Maestro cards, have, or can have good benefits like airline miles and whatever. You get nothing with Maestro.
>Why do you find it surprising? They cost money and provide little benefit (for me).
Because credit cards provide a valuable service that other cards don't and I see everyone around me using them because of it, either directly or through a virtual credit card service. The biggest advantages are wide acceptance throughout the world and the ability to arbitrate disputes.
>Some vendors accept them but charge extra for it, which I consider fair.
This is usually against the merchant rules and I've never seen anyone do it.
Either the merchant agreements forbid charging credit card fees, or it's just a norm that our businesses have adopted (over here we strongly believe in the advertised price being the actual price - we don't have tax-added-on-afterwards or mail-in rebates like in the US), but either way you very rarely get charged a fee directly. Some places will have a minimum spend to pay by credit card, and low-end shops won't accept Amex because their fees are higher, but for most the card fees are built into the prices that you pay even if you're paying cash.
Remember cash isn't free either - armoured cars and the like cost money, I wouldn't be surprised if the overall work involved in handling cash ended up being more costly than card fees.
I guess I don't object in principle to a cash discount (a card fee would annoy me), but those tend to exist for the sake of tax evasion, which I won't support.
>I wouldn't be surprised if the overall work involved in handling cash ended up being more costly than card fees.
This is definitely the case for the underlying costs as you can imagine. Doing an online transaction is much cheaper these days than operating trucks, cash sorting, etc. It's however not always the case that banks will charge merchants less for cards than for cash handling unfortunately. This has maintained the weight of cash as a payment method past it's actual usefulness.
It's part of the merchant agreement not to charge a different price if using a CC (though it's common to offer a cash discount even if it does violate their agreement).
And you can use that to buy goods online? Direct debit is usually used for recurrent billing. In Portugal there's a way to use a similar system for online purchases by generating a code that you then have to use in an ATM or online banking. It makes for a pretty poor customer experience when purchasing and I doubt it's actually cheaper these days than debit/credit payment processing.
Amazon certainly accepts payments that way.
And many other online retailers offer GiroPay, which I think is a payment method based on SEPA Credit Transfer. I don't know about the cost structure of that one.
To set on PCI-E 4.0 is a mistake. PCI-E 5.0 is right around the corner. It might be backward compatible, but if you buy it for that it would be better to wait.
ETA for PCI-E 5.0 in consumer equipment is 2020 or 2021. That's actually fairly quick considering that PCIE 4.0 is just starting to trickle out, but I wouldn't call that "right around the corner". I do expect many providers to skip PCI-E 4.0. OTOH the delta from 4 to 5 is a lot smaller than the delta from 3 to 4, so running PCI-E 4 is also a good mechanism for getting a head start on 5.
That is fkin nice to be honest. There is so few which do this. totally already worth the price. (open source bios/boot procedures etc.). It's a total mess trying to get such a setup on a x86 server machine. i think there is a grand total of 1 server board which support coreboot (?)