the base model is 1600 usd? for an i5?
It looks pretty neat but i feel like it's over priced right?
replies(3):
Until they can get get an oss version of all the firmware it's just as secure as any off the shelf laptop with a clean install of the OS of your choosing.
If you want more security get an old Lenovo/IBM think pad mod the bios chip and get libreboot.
The cpu, graphics card, hdd, Ethernet and more have more lines of code in them than your OS kernel most likely and that code rarely gets audited even internally.
It's a tradeoff, it depends on what you're protecting against. AFAIK none of the libreboot-supported boards have VT-d, so you lose a lot of qubes's isolation features.
It'll be a great day when we can have a fully free machine (firmware-wise) with IOMMU and some auditable form of DRTM. But we're a long way from that still.
EDIT: I also doubt the markup is steep. Software people always underestimate the cost of making hardware in small quantities. These guys don't have economy of scale on their side. You could say it's expensive compared to the competition, and you'd be right, but it's not because of greedy businessmen at purism.
I think you are confusing the topic here. No one denying (ate least as far as I can tell) the isolation mechanism is good, and beyond any other approach we have seen already.
But the main problem is there . They just switched the topic for people who consider their privacy.
For example if you use windows let say it is filled with zero-day backdoors which can be useful for invading your privacy .
But when you use this laptop , yes if even your application has backdoor maybe they cannot go beyond the application layer. But for highly technical people this is non-sense (not visualization , no it is good idea, the idea of running whole system on closed source blobs) . Why ? because they have access to your data via low level backdoors.Maybe they have another level to circumvent (XEN), but it is there and adversary is in your laptop already.Effectively it is there.(It sounds for me like extremely secure environment on closed source blob, which ruins whole design)
But when we are talking about FSF approved laptop (the ones which run whole system on fsf approved software) there is no backdoor. Yes, maybe it is simpler to hack such device , but it is technical problem which should we work on, not a decision problem.
(Personally I think running secure microkernel on fsf approved laptop would be much better, but it is my opinion and since I don't have fact I am saying it in parenthesis)
So practically talking you are not improving privacy . You are improving security.
I hope I was clear enough , though I don't think so.
cmiiw