[marcosdumay]

> Use an external firewall and have a whitelist-only policy

How much do you trust that firewall?

> ...it was acceptable practice (and recommended by ISP's) to simply plug your non-firewall'ed DSL modem ethernet directly into your computer

You have to plug that modem into some non-firewalled computer. Honestly I trust a well kept PC much more than a firewall appliance.

[gtcode]

Your reasoning has merit, of course. And, that's a sad commentary on the current state of affairs, in which one cannot trust a firewall appliance to do its job.

Perhaps the movement for open source hardware should focus on minimal security appliances.

[1001101]

> How much do you trust that firewall?

Not very much after seeing some of the Shadow Brokers revelations.

[guelo]

The only firewall I trust is a hardened openbsd running pf.

[squarefoot]

Hopefully on a non ME plagued platform.

[mulmen]

You can just disable ME in the BIOS to mitigate this right?

[Fnoord]

PC Engines APU [1] and APU2 [2] come with Coreboot as firmware. As do various competitors [3]

[1] http://www.pcengines.ch/apu.htm

[2] http://www.pcengines.ch/apu2.htm

[3] https://store.netgate.com/ADI/RCC-VE-2440.aspx

[Houshalter]

How?

[mulmen]

Hmm, looks like I conflated the AMT and ME. This does make it significantly worse.