Who we trust | Building a computer

I thought I was being smart.  By not buying through AVADirect I wasn’t going to be using an insecure site to purchase my new computer.

For the curious I ended purchasing through eBay (A rating) and Newegg (A rating) a new Ryzen (very nice chip!) based machine that I assembled myself.   Computer is working mostly ok, but has some stability issues.   A Bios update comes out on the MSI website promising some stability fixes so I decide to apply it.

The page that links to the download is HTTPS, but the actual download itself is not.
I flash the BIOS and now appear to have a brick.

As part of troubleshooting I find that the MSI website has bad HTTPS security, the worst page being:

Given the poor security and now wanting a motherboard with a more reliable BIOS  (currently I need to send the board back at my expense for an RMA) I looked at other Micro ATX motherboards starting with a Gigabyte which has even less pages using any HTTPS and the ones that do are even worse:

Unfortunately a survey of motherboard vendors indicates MSI failing with Fs might put them in second place.   Most just have everything in the clear, including passwords.   ASUS clearly leads the pack, but no one protects the actual firmware/drivers you download from them.

Main Website Support Site RMA Process Forum Download Site Actual Download
MSI F F F F F Plain Text
AsRock Plain text Email Email Plain text Plain Text Plain Text
Gigabyte (login site is F) Plain text Plain Text Plain Text Plain text Plain Text Plain Text
EVGA Plain text default/A- Plain text Plain text A Plain Text Plain Text
ASUS A- A- B Plain text default/A A- Plain Text
BIOSTAR Plain text Plain text Plain text n/a? Plain Text Plain Text

A quick glance indicates that vendors that make full systems use more security (ASUS and MSI being examples of system builders).

We rely on the security of these vendors for most self-built PCs.  We should demand HTTPS by default across the board.   It’s 2017 and a BIOS file is 8MB, cost hasn’t been a factor for years.

Would you crowdfund a $500 Ubuntu “open to the core” laptop?

UPDATE 2 (11/28) – We’re 77% of the way to 1000.  I guesstimate we would have raised at least $300,000 if this we’re a live campaign.

UPDATE – I’ve removed the silly US restriction.  I know there are more options in Europe, China, India, etc, but why shouldn’t you get access to the “open to the core” laptop!
This would definitely come with at least 3 USB ports (and at least one USB 3.0 port).

Since Jolla had success with crowdfunding a tablet, it’s a good time to see if we can get some mid-range Ubuntu laptops for sale to consumers in as many places as possible.  I’d like to get some ideas about whether there is enough demand for a very open $500 Ubuntu laptop.

Would you crowdfund this? (Core Goals)

  • 15″ 1080p Matte Screen
  • 720p Webcam with microphone
  • Spill-resistant and nice to type on keyboard
  • Intel i3+ or AMD A6+
  • Built-in Intel or AMD graphics with no proprietary firmware
  • 4 GB Ram
  • 128 GB SSD (this would be the one component that might have to be proprietary as I’m not aware of another option)
  • Ethernet 10/100/1000
  • Wireless up to N
  • HDMI
  • SD card reader
  • CoreBoot (No proprietary BIOS)
  • Ubuntu 14.04 preloaded of course
  • Agreement with manufacturer to continue selling this laptop (or similar one) with Ubuntu preloaded to consumers for at least 3 years.

Stretch Goals? Or should they be core goals?

Will only be added if they don’t push the cost up significantly (or if everyone really wants them) and can be done with 100% open source software/firmware.

  • Touchscreen
  • Convertible to Tablet
  • GPS
  • FM Tuner (and built-in antenna)
  • Digital TV Tuner (and built-in antenna)
  • Ruggedized
  • Direct sunlight readable screen
  • “Frontlight” tech.  (think Amazon PaperWhite)
  • Bluetooth
  • Backlit keyboard
  • USB Power Adapter

Take my quick survey if you want to see this happen.  If at least 1000 people say “Yes,” I’ll approach manufacturers.   The first version might just end up being a Chromebook modified with better specs, but I think that would be fine.

Link to survey – http://goo.gl/forms/bwmBf92O1d

32 bit usage – survey results

Running 32 bit Ubuntu when the hardware technically can do 64 bit
32 bit running on 64 bit capable hardware

  • hardware issues varied from EUFI 32 bit only, to printer and driver issues
  • application included wine (try building wine on 64 bit…)  and virtualization
    • some 64 bit users use 32 bit images for virtualization to use less RAM
    • Not in survey but I know of others who use 32 bit specifically to work with Android.

Arch vs Desktop Environment vs Release

Desktop environments vs arch vs release

Please do not use this to really compare desktop environments!  If multiple answers I took the least resource intensive one! (Next time I do this.. I should just require users to pick a primary one)

 Impacts over Releases

Impact

  • Switch from Ubuntu – also includes plans to stay on old unsupported version until hardware dies
  • Moderate is somewhat a catch all
  • If I do this again, I should just have a 1-5 sliding scale, in addition to a text field.
  • Users are concerned about having to throw out old machines, not having an upgrade path to go from 32-> 64 bits, and the cost to upgrade.
  • Select Comments (many more in the raw data of course!)
    • As an aspiring software developer, phasing out 32 bit support would be great for me as it means one less build to maintain.
    • I plan on reinstalling Ubuntu on this laptop as a 64bit install at some point anyway.
    • Unless the schedule changes, no impact. We’re planning to do the switch late 2015 / early 2016.
    • I will have to stay on 16.04 forever on that machine. The needed drivers are not going to be available in an open-source form.
    • My parents + my children have no PC
    • we have old PC’s in the hospital and i don’t think this hardware would be upgraded.
    • If the majority of freely given computers we receive are still 32-bit by then, we’d have to respin another distro. But, like PowerPC; all good things must come to an end.
    • Just need to figure out how to make the switch. If it means re-installing, bah.
    • It is terrible, because my eeePC only has 1GB in it.
    • One more reason to decommission the hardware.

I think the original plan can still work, but like any good survey we know have more questions to ask!

  • Lubuntu/Xubuntu support for 14.04 LTS is 3 years not 5.   It’s going to be a LOT higher impact if they don’t have support in 2019/2020 (which would be the case if 16.04 is 3 years too).   This could obviously be mitigated by moving 32 bit to ports and having it be opt in.  Lubuntu/Xubuntu 18.04 with 3 years would get us to 2021.
  • What can we do to make virt use less RAM?  (Lots of Virtualbox)
  • What can we do to make bare metal use less RAM?
  • Building Wine on 64 bit? (The two easiest methods are defunct if we remove 32 bit images I think… http://wiki.winehq.org/WineOn64bit)
  • Can we do an actual upgrade path?  Or at least start officially testing 32->64 “upgrade” re-installs?

Just to complete the application compatibility story (not from survey), Games are starting to be 64-bit only:

Raw Data can be found here: https://docs.google.com/spreadsheets/d/1iA062pCR1ayAMEKveUToEhq–9awyDXTEaL4fhsj8TU/edit?pli=1#gid=0