Oh wow, that looks like a really nice little PC with lots of configuration options to tailor it to a bunch of different needs. I like that the vendor says it's got Linux support. It's good to know that going into a purchase rather than having to cross your fingers and hope for the best.
Hi Compulab! Thanks for peeking into the comments box and fielding questions! It's nice to see vendors out there talking with us. Not many companies do that.
Oh, liked the MintBox Mini! Those are really cute, but I don't think they sell that version anymore. The currently available ones are more conventional black metal. Still okay, but not quite the same.
mini serial connector is common to all Compulab products (fit-PC / IPC / fitlet / Airtop). Compulab supplies an adapter cable from mini-serial to DB-9 male.
Is the 15y availability guarantee backed by an Intel promise to keep the CPUs available for the next 15; or are they just assuming that they'll be able to make port equivalent replacements using whatever Intel and AMD do launch over the next decade and a half?
Backed by Intel. In IoT it is often not possible to hop to a new architecture due to SW compatibility, product re-certification overhead and segmentation of install-base. Future products will have their own independent longevity plan.
HDMI 2.0 might need like a bridge chip to work with Apollo Lake. That's a really tiny motherboard so maybe there's just not any space left for another IC, traces, and whatever else. I'm clueless though -- what's HDMI 2.0 bring to the table that's critical for media work that 1.4 can't handle?
4k @ 60fps. Any modern day MediaPC needs to support that. Even if you're not watching 4k content at 60fps, there's no doubt you'll be watching lower resolution stuff at 60fps which still needs to be output at 4k from PC to TV.
These always have too few USB ports. Now we have small USB-C ports and they still dont use them to be able to put more of them into devices. Also, why dont we have a small version of RJ45 yet?
If you need a ton of ports connected you can use a hub. These sort of devices are intended for embedded use where they're running one or a very small number of things at a time; a few ports is all they need. If for some reason you needed more direct ports presumably you could commission an expansion board that replaced 1 or both of the RJ45 ports with USB instead (assuming it isn't already present).
As for there not being a mini RJ-45; because port size reduction is driven by mobile customers and wifi has a port size of 0.
Yeah, too bad USB hubs always make lots of problems, especially with standby. Remember the vast amount of hubs that actually have a feedback loop and destroy your mainboards USB ports over time? Do you even know what USB-C is? Do you even know that there are still laptops out there (and that some manufacturers actually tried to make the RJ-45 smaller)? I also wonder why we still have cable networks, if WiFi is so great... Yeah, next time just think before you post....
Transitional security vulnerabilities are almost inevitable for one who is in the market long enough like Compulab. "Intentional" is nonesense. Read the CVEs and you will see these past vulnerabilities make poor intentional ones.
Both vulnerabilities do not apply to fitlet2. -8083 was from the need to allow changing FACE Modules in the field for Intense PC series which in turn requires firmware descriptors change. -9457 is an implementation problem in Phoenix BIOS. It's more of a bricking risk than security vulnerability. That's one of the reasons all Compulab products since 2015 use AMI.
fitlet2 could have vulnerabilities and I would be surprised if none is discovered during its life cycle. We will do our best to address them.
Hi, I'm the author of those CVEs! It's my opinion that these vulnerabilities are not intentional. I have no relation to CompuLab other than being an occasional pain in their ass when I dig into their products. I'm pretty sure they hate me by now ;-)
The FDT issue (CVE-2017-8083) was at the time of discovery, seeming like CompuLab just forgot to run CloseMnf before shipping. From their description below, it was a design choice to support FACE module swapping (though I don't entirely understand the logic there).
The signature issue (CVE-2017-9457) was clarified to me in email by CompuLab. Phoenix shipped their EDK2 source code with signature checking disabled. I'm sure if CompuLab had the time/money/motivation they could have enable signature checking, but having been involved in product development, I can't fault them for their choice. Since they're a rather small vendor and I'm sure BIOS development is a complicated and expensive process meanwhile the product manager is screaming at you to ship it, I understand their reasons for excluding signed updates.
So, in the end I feel this is a case of Hanlon's razor.
Shameless self plug: if you want a libre firmware for the Intense PC, I have ported coreboot to the Intense PC
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
Facebook
Twitter
RSS
28 Comments
Back to Article
PeachNCream - Thursday, November 9, 2017 - link
Oh wow, that looks like a really nice little PC with lots of configuration options to tailor it to a bunch of different needs. I like that the vendor says it's got Linux support. It's good to know that going into a purchase rather than having to cross your fingers and hope for the best.Qwertilot - Thursday, November 9, 2017 - link
They've even done some quite cute looking mint themed ones in green & white :)Compulab - Thursday, November 9, 2017 - link
Actually the design it is based on a real Compulab product.See http://www.fit-pc.com/web/products/mintbox/
PeachNCream - Thursday, November 9, 2017 - link
Hi Compulab! Thanks for peeking into the comments box and fielding questions! It's nice to see vendors out there talking with us. Not many companies do that.PeachNCream - Thursday, November 9, 2017 - link
Oh, liked the MintBox Mini! Those are really cute, but I don't think they sell that version anymore. The currently available ones are more conventional black metal. Still okay, but not quite the same.iranterres - Thursday, November 9, 2017 - link
Price?benzosaurus - Thursday, November 9, 2017 - link
Like most industrial things, it's not well defined.Samus - Thursday, November 9, 2017 - link
Probably comparable to the Mintbox's, ie, $300-$600.Compulab - Thursday, November 9, 2017 - link
Barebone between $150 and $200 depending on CPU.JoeyJoJo123 - Thursday, November 9, 2017 - link
Very sweet product.DanNeely - Thursday, November 9, 2017 - link
What's the micro RS-232 port? Is it a proprietary dongle mount, or is that a reduced size standard I've just never seen before?Compulab - Thursday, November 9, 2017 - link
mini serial connector is common to all Compulab products (fit-PC / IPC / fitlet / Airtop).Compulab supplies an adapter cable from mini-serial to DB-9 male.
DanNeely - Thursday, November 9, 2017 - link
Is the 15y availability guarantee backed by an Intel promise to keep the CPUs available for the next 15; or are they just assuming that they'll be able to make port equivalent replacements using whatever Intel and AMD do launch over the next decade and a half?Compulab - Thursday, November 9, 2017 - link
Backed by Intel.In IoT it is often not possible to hop to a new architecture due to SW compatibility, product re-certification overhead and segmentation of install-base.
Future products will have their own independent longevity plan.
DanNeely - Thursday, November 9, 2017 - link
Does Intel list which parts they're guaranteeing long term availability for? It doesn't appear to be listed for these CPUs in Ark.Compulab - Thursday, November 9, 2017 - link
The E39xx have longevity. J/N do not.cerberusss - Thursday, November 9, 2017 - link
This would be a nice little media PC, but it lacks HDMI 2.0.PeachNCream - Thursday, November 9, 2017 - link
HDMI 2.0 might need like a bridge chip to work with Apollo Lake. That's a really tiny motherboard so maybe there's just not any space left for another IC, traces, and whatever else. I'm clueless though -- what's HDMI 2.0 bring to the table that's critical for media work that 1.4 can't handle?Wardrop - Thursday, November 9, 2017 - link
4k @ 60fps. Any modern day MediaPC needs to support that. Even if you're not watching 4k content at 60fps, there's no doubt you'll be watching lower resolution stuff at 60fps which still needs to be output at 4k from PC to TV.Compulab - Friday, November 10, 2017 - link
fitlet2 supports 4K@60Hz through mini-DP.Beaver M. - Thursday, November 9, 2017 - link
These always have too few USB ports.Now we have small USB-C ports and they still dont use them to be able to put more of them into devices.
Also, why dont we have a small version of RJ45 yet?
DanNeely - Thursday, November 9, 2017 - link
If you need a ton of ports connected you can use a hub. These sort of devices are intended for embedded use where they're running one or a very small number of things at a time; a few ports is all they need. If for some reason you needed more direct ports presumably you could commission an expansion board that replaced 1 or both of the RJ45 ports with USB instead (assuming it isn't already present).As for there not being a mini RJ-45; because port size reduction is driven by mobile customers and wifi has a port size of 0.
Compulab - Thursday, November 9, 2017 - link
There is a FACET card (fitlet2 extension) with extra 4 USB ports.Beaver M. - Thursday, November 16, 2017 - link
Yeah, too bad USB hubs always make lots of problems, especially with standby. Remember the vast amount of hubs that actually have a feedback loop and destroy your mainboards USB ports over time?Do you even know what USB-C is? Do you even know that there are still laptops out there (and that some manufacturers actually tried to make the RJ-45 smaller)?
I also wonder why we still have cable networks, if WiFi is so great...
Yeah, next time just think before you post....
Elstar - Thursday, November 9, 2017 - link
If I still had the time and patience to maintain a custom router, I'd so buy this.jomo32 - Thursday, November 9, 2017 - link
It seems Compulab PCs have intentional security flaws. Seehttps://nvd.nist.gov/vuln/detail/CVE-2017-9457
https://nvd.nist.gov/vuln/detail/CVE-2017-8083
Compulab - Friday, November 10, 2017 - link
Transitional security vulnerabilities are almost inevitable for one who is in the market long enough like Compulab."Intentional" is nonesense. Read the CVEs and you will see these past vulnerabilities make poor intentional ones.
Both vulnerabilities do not apply to fitlet2.
-8083 was from the need to allow changing FACE Modules in the field for Intense PC series which in turn requires firmware descriptors change.
-9457 is an implementation problem in Phoenix BIOS. It's more of a bricking risk than security vulnerability. That's one of the reasons all Compulab products since 2015 use AMI.
fitlet2 could have vulnerabilities and I would be surprised if none is discovered during its life cycle. We will do our best to address them.
hmartin - Tuesday, December 19, 2017 - link
Hi, I'm the author of those CVEs! It's my opinion that these vulnerabilities are not intentional. I have no relation to CompuLab other than being an occasional pain in their ass when I dig into their products. I'm pretty sure they hate me by now ;-)The FDT issue (CVE-2017-8083) was at the time of discovery, seeming like CompuLab just forgot to run CloseMnf before shipping. From their description below, it was a design choice to support FACE module swapping (though I don't entirely understand the logic there).
The signature issue (CVE-2017-9457) was clarified to me in email by CompuLab. Phoenix shipped their EDK2 source code with signature checking disabled. I'm sure if CompuLab had the time/money/motivation they could have enable signature checking, but having been involved in product development, I can't fault them for their choice. Since they're a rather small vendor and I'm sure BIOS development is a complicated and expensive process meanwhile the product manager is screaming at you to ship it, I understand their reasons for excluding signed updates.
So, in the end I feel this is a case of Hanlon's razor.
Shameless self plug: if you want a libre firmware for the Intense PC, I have ported coreboot to the Intense PC
https://watchmysys.com/blog/2017/12/coreboot-compu...