This is not a good article. At a technical level it's confused about a whole bunch of things:
* SMM has been part of x86 for decades. The Secured Core requirements around SMM actually reduce its power.
* The claimed requirement to remove the third party UEFI CA certificate from 2022 Secured Core PCs is entirely unrelated to Pluton (it's required regardless of whether Pluton is enabled or not, and even whether the CPU has Pluton or not)
* Most of the description of Pluton is actually a description of a TPM. You don't need DICE for remote attestation. TPMs are already a hardware keystore.
* System firmware is already being updated via Windows Update. The discussion about Pluton and Windows Update is around Pluton getting firmware updates that way (the existing story around firmware updates for TPMs is largely not good)
* Existing TPM-based remote attestation already includes the secure boot state
The short version: everything that the article is worried about being enabled by Pluton is already possible, and has been for years.
But there's a meaningful point here. Remote attestation can certainly be used to restrict access to resources in ways that are incompatible with general purpose computing, or which reduce user choice. Remote attestation can also be used to give end users confidence that their machine is in a good state without constraining what they do with it. As a technology, remote attestation can be used in both good and bad ways. We do need to keep track of whether anyone is threatening to use it in bad ways and react appropriately.
(But tbh remote attestation as an attack on general purpose computing isn't the really scary thing about widespread remote attestation. Remote attestation ties back to the TPM's endorsement key, an immutable cryptographic key certified by the TPM vendor at manufacturing time. The straightforward implementation of allowing arbitrary remote sites to trigger remote attestation would tie all of these accesses back to a single piece of hardware, and would be a privacy nightmare.)
Arguing about the technicalities DOES NOT MATTER one bit about what the final outcome will be, and in fact appears to be a carefully calculated means of distraction.
everything that the article is worried about being enabled by Pluton is already possible, and has been for years.
This is partly true but its not quite. Think a little long-term here. Windows 10 ends support in just three years, in 2025. Windows 11 requires TPM 2.0, which was a big headache when Windows 11 was announced.
That means in three years, every supported PC will have TPM 2.0. Within ~1 year, assuming that Intel and AMD fulfill what they've implied in the launch announcement, every new PC will also come with Pluton.
That's a lot easier to deploy to compared to having some PCs with TPM, others without, some out-of-date on TPM 1.1, some with unpatched firmware (like the 2017 Infineon bug), so forth.
Now... some say, what about non-Windows systems, like macOS and Chrome? Think bigger for a second - Cisco (as an example) is in the Trusted Computing Group that designed a lot of this stuff, and Cisco Meraki is deployed in so many businesses for Wi-Fi security its incredible. All Cisco Meraki has to do (for example, maybe its not Cisco) is make a connection app that uses Pluton/TPM on Windows, Secure Enclave/T2 on macOS/iOS with Apple DeviceCheck, and SafetyNet on ChromeOS/Android. And you are all done - you've successfully made sure every new system is almost certainly untampered with. You've locked the door. For any system that can't be verified, no problems sending them to the IT Help Desk to be manually registered with a private key and sign a disclaimer.
It wasn't possible before, but five years from now, it will be much easier. Every Windows PC will be on the same page, and all major systems will have consistent assertion frameworks. Now, is Pluton wholly responsible? No. Windows 11 plays a role. Pluton just makes it broader and stronger, and Pluton also provides a long-term strengthening as eventually the TPM 2.0-only level will be able to be cut off for just Pluton.
If your argument is "It's bad that all Windows systems will be guaranteed to have TPMs", then that's a reasonable argument to have! Everything that you're scared of here is 100% possible using TPMs (I have deployed hardware backed 802.1x certificates! I have made it impossible to get onto networks unless you have a TPM!), and Pluton doesn't change that. Making this about Pluton rather than about TPMs in general just means that people will believe they're somehow safe from the worst case outcome because they bought a CPU that doesn't have Pluton, when in reality if Microsoft decides to suddenly be extremely evil here they're going to be screwed over just as badly.
Making this about Pluton rather than about TPMs in general just means that people will believe they're somehow safe from the worst case outcome because they bought a CPU that doesn't have Pluton
They certainly will be, if most people don't have Pluton. If only a minority have it, they wouldn't be able to even come close to requiring it.
Windows has had TPM 2.0 since 2016, and remote attestation can be accomplished with the TPM only without Pluton being necessary. However, Pluton has its own issues and appears to make implementing attestations easier, by supporting different attestation protocols - and by potentially receiving new updates for that functionality later on. Pluton is also significantly stronger against attacks which have occurred on TPMs previously.
Windows 11 requires hardware that enables this capability. Any Windows certified client systems have required this since 2014. Pluton provides no attestation capabilities that are not present in TPMs.
At this point, even if a TPM can recreate much of Pluton's functionality, I still believe some fear regarding Pluton is still necessary and healthy, although I do not dispute that for some uses it may be useful - after all, why was my fear mongering section explicitly labeled "Fearmongering and Doomsday speculations"? Microsoft can still screw people over, but Pluton is different from a TPM and should still be (generally) regarded with caution where possible, and more caution than a standard TPM.
This is mainly because, at this point,
A. A TPM's level of access and capabilities to a system is well-known at this point. Pluton, we do not know with certainty what all of its capabilities are.
B. Microsoft has explicitly stated Pluton will have functionality added to it in the future though software updates, most likely that cannot be downgraded, that are not present yet. It's not that Pluton might have stuff added later - Microsoft has said stuff will be added later. What these upgrades entail or are capable of is also unknown.
C. Because of the above, Pluton requires a previously-unknown level of trust for Microsoft, because Pluton almost certainly has anti-downgrade procedures. Microsoft could, potentially, send out an update just blocking Linux and if Pluton received the update, it would be irreversible. Maybe this isn't within Pluton's abilities, but we just don't know. Just that Microsoft (or a hacker of Microsoft - I'm more concerned about a rogue employee than Microsoft at the moment) could have permanent effects on the security of a system is worth paying attention over.
D. Because of the reasons above, Pluton should be regarded with extra skepticism as it is a magical black box, with unknown capabilities, that it is not clear whether it can actually be disabled. (Already on my blog, there's a user talking about how Pluton briefly boots and then disables itself if the UEFI says that it should be disabled, not that it never starts, so theoretically a Pluton update could ignore its own disable switch.) I don't have verification of that, but until we know more... TPM is known, TPM can screw people, Pluton has the potential to extremely screw people over, and while many of my doomsday speculations can actually be recreated with just a TPM if TPMs are widely adopted, perhaps it could be enhanced with more Pluton-specific ones. Perhaps my doomsday predictions actually weren't far enough.
Thus, your point that Pluton doesn't add too much might be completely valid right now. That doesn't mean Pluton isn't also a potential Trojan horse that Microsoft updates as they please with new things that we didn't expect or ask for with no ability to undo them.
Edit: Removed a previous edit, and adding that, to complement the above notes, it does not help instill confidence that Microsoft isn't telling what Pluton can and cannot do at a hardware level. They've said a few things it can do right now, and just said more stuff will be coming in the future, but they won't talk about where its limits are. So... trust the black box without questions please. To be fair, this isn't the first time (Intel ME, AMD PSP?), but it is unsettling to have another one.
> The claimed requirement to remove the third party UEFI CA certificate from 2022 Secured Core PCs is entirely unrelated to Pluton (it's required regardless of whether Pluton is enabled or not, and even whether the CPU has Pluton or not)
Pluton is de-facto a Secured Core PC implementation, and Secure Core PCs are also making this change. Thus it effects both Pluton and Secured Core, but the new requirement does not effect non-Pluton and non-Secure-Core systems. Because Secured-Core PCs are currently niche and will no longer exist once Pluton is broadly adopted, Pluton will be the first appearance of this change for the vast majority of users.
If I'm selling a 12th Gen Intel system right now, I can keep the 3rd-party UEFI certificate enabled. If I am selling a 12th Gen Secure Core PC, then this year I must disable that certificate, but my non-Secured-Core PCs can again keep it open. When Pluton arrives, that door must be shut.
You can verify this with Microsoft's Secured Core PC documentation:
> Most of the description of Pluton is actually a description of a TPM. You don't need DICE for remote attestation. TPMs are already a hardware keystore.
To an extent. The original TPM is very finicky as documented by the comments on this post and elsewhere - even changing a RAM stick could invalidate the TPM's assertion. For this reason, the TPM was very unideal for DRM due to it's all-or-nothing approach, which Microsoft Pluton does not make the mistake of repeating, allowing for much more granular security that makes it much more easily applied. The second reason why Pluton is much more dangerous is that the TPM could be easily virtualized or hacked over the bus rendering DRM use-cases quite broken, whereas Pluton supports neither weakness, making its DRM potential (again) much more potent. Finally, using DICE, unlike a TPM, the Pluton is explicitly designed to give a computer a permanent identity that can never be erased, which (again) TPM does not guarantee.
That's actually the big reason why the Remote Assertion is an important point here. The TPM version of it was almost unusable outside of very niche business applications and BitLocker, while with DICE, the Pluton is far more potent. (After all, if TPM worked fine on it's own, why does DICE even exist?)
I think the last point to further back this view I will also add is these comments from a Microsoft employee on the subject.
> System firmware is already being updated via Windows Update. The discussion about Pluton and Windows Update is around Pluton getting firmware updates that way (the existing story around firmware updates for TPMs is largely not good)
Microsoft themselves states in Pluton's announcement that Pluton will hardware-integrate with Windows Update for various system firmware, through their "chip-to-cloud" security initiative. To quote them:
"One of the other major security problems solved by Pluton is keeping the system firmware up to date across the entire PC ecosystem. Today customers receive updates to their security firmware from a variety of different sources than can be difficult to manage, resulting in widespread patching issues. Pluton provides a flexible, updateable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft. Pluton for Windows computers will be integrated with the Windows Update process in the same way that the Azure Sphere Security Service connects to IoT devices."
This is a little frustratingly vague and thus part of the reason why Pluton requires some speculation. Judging by the reference to "different sources that are difficult to manage", it appears you don't update Pluton, Pluton updates you. Pluton has an active role in your system's security, whereas TPM was only passive.
> Pluton is de-facto a Secured Core PC implementation
No, it's not. You can deploy Pluton without having to implement the Secured Core PC spec.
> Microsoft Pluton does not make the mistake of repeating,
No, seriously, the only remote attestation supported by Pluton on x86 at present is literally this TPM-based remote attestation. There's no meaningful fragility here - remote attestation means you can look at the individual log events rather than just looking at the composite PCR values, and that lets you ignore the noise created by things like hardware configuration changes. I have helped build and deploy infrastructure that makes use of remote attestation to validate secure boot state.
> the TPM could be easily virtualized
No, because the EK certificate won't chain back to a trusted CA>
> hacked over the bus
True in some cases, but already mitigated on all systems that are using fTPMs (ie, most Windows 11 systems).
> the Pluton is explicitly designed to give a computer a permanent identity that can never be erased, which (again) TPM does not guarantee.
TPM does, in fact, guarantee that. The endorsement key is static over the lifetime of the TPM.
> why does DICE even exist
DICE provides a set of features that don't require the functionality of a full TPM. This allows you to implement things like device identity attestation in a standardised way that works for both hardware with a full TPM and also IoT devices where a TPM would be too expensive.
> Today customers receive updates to their security firmware from a variety of different sources
Look at the diagram immediately above that quote. They're talking about the firmware that runs on Pluton, not the firmware executed by the main CPU.
Again, you're raising a legitimate issue (remote attestation can be used for bad things), but you're burying it under a bunch of misconceptions and just flat out inaccuracies. I agree that we should be worried about widespread use of remote attestation, both from a "War on general purpose computing" perspective and a privacy perspective. But literally everything you're legitimately worried about happening could happen right now. Framing this as something that's tied to Pluton risks giving people the impression that they can avoid it by just not buying anything with Pluton, and that's simply untrue.
> No, it's not. You can deploy Pluton without having to implement the Secured Core PC spec.
I may update the article to reflect this, I will look into that further. So far the few Pluton systems available all seem to also implement Secured Core, however, as more systems become available perhaps that will change...? I am OK with being wrong here and openly admit that there may be inaccuracies and speculation due to the limited public information and limited number of systems and configurations with Pluton so far.
I'm not quite at the point of agreement yet, mainly because your argument leaves Pluton's addition and functionality almost redundant and inexplicable. From your perspective, almost everything the Pluton is capable of is also possible with a TPM. However, this does not make sense to me, as why implement the Pluton if an fTPM is fully capable of everything the Pluton can do? Why can't an fTPM just be updated with CPU microcode which Windows Update already can handle? What is the point of SHACK then if TPM is fully capable of handling keys already? Why would Microsoft make a grand announcement about how this allows for "chip-to-cloud" security with Project Cerberus and all that, if nothing actually changes almost at all?
Also, can you explain how this checks out with Microsoft RIoT?
Given the apparent requirements around the Third Party UEFI CA, it's impossible for any device with a plug-in GPU to meet the Secured Core PC requirements. Unless Pluton is never going to be present in workstations, Pluton does not imply Secured Core.
PSP and ME firmware isn't part of the CPU microcode. There's no fundamental reason why the updates couldn't be provided via Windows Update, but that would require Intel and AMD to choose to do so. There's frequently fairly tight binding between ME/PSP firmware and the system firmware, so it may well be the case that the vendors simply don't feel comfortable providing updates without board vendors having validated that first. The ME and PSP also offer significantly larger attack surfaces than Pluton does, so there are legitimate concerns over whether they can offer the same level of security assertion.
TPMs normally sequester keys to themselves, but the spec doesn't say anything about how that's handled - the keys could be in a separate hardware block that's isolated from the rest of the TPM, or they could be just living in RAM on the TPM. In the latter case, any vulnerability in the TPM firmware would potentially allow the keys to be exfiltrated. SHACK is intended to provide a higher degree of isolation, such that even if the Pluton firmware is compromised the keys will still be inaccessible to an attacker.
I'm not quite sure what you mean with respect to RIoT. Devices that make use of RIoT aren't intended to be general purpose computing devices.
1. This would require that Intel and AMD find it less intrusive to build an entire additional SoC into their processors, on whatever node necessary, than to package their software for Windows Update. Also, it leaves out the question, why couldn't Microsoft have required that AMD and Intel just implement a TPM outside of the PSP/ME with similar hardware protections? Intel would have vastly preferred that, as then they could have just marketed it as part of their vPro solution.
2. For RIoT, it was reported by IEEE in their report that the Pluton does implement RIoT, and this report was endorsed by the Vice President of OS Security at Microsoft as the best write-up so far just yesterday (see https://twitter.com/dwizzzleMSFT/status/1551594590087438336). So there is more to the story than you believe on this subject. Unless the Vice President of OS Security at Microsoft who actually worked on Pluton is incorrect, Pluton does have RIoT.
I will dare quote a fair-use bit of the paywalled report:
"Pluton also implements the device identifier composition engine (DICE) specification, as defined by the TCG, along with the Robust Internet of Things (RIoT) specification, as defined by Microsoft, to achieve DICE+RIoT. Using this technology, a device cannot masquerade its boot path; more simply, it provides a strong method for attesting to a device’s current state and status (e.g., patch version, firmware version, etc.). It is important that this is implemented in hardware, rather than firmware, because the hardware which performs the initial measurements and checks on power-on cannot be modified by an attacker. Relying on device attestation rooted in firmware or software is dangerous because if the initial stages of the boot process are compromised then the entire boot process can be falsified and a bogus attestation can be produced.
While Microsoft intends for this technology to be compatible with their Azure Attestation service, since it is built using open standards it can be leveraged by any attestation service, which supports DICE+RIoT."
Edit: On that note, I have added an update to the blog post noting this conversation and that while I am not fully convinced of your points, it is also worth reading.
Edit 2: On a third note, I doubt that Microsoft intends "Secured Core" to be a thing that just sticks around forever. Even though this is just speculation, I find it hard to believe Microsoft would not one day make Secured Core or parts thereof (say, everything except the Thunderbolt protection) mandatory. That is yet another possibility, that "Secured Core" become more and more similar to mainline Windows over time. They may have already to OEMs, but I will admit there is no way to prove one way or the other.
Like I said, firmware updates for the ME and PSP are generally tied to system firmware updates, so it's not just a matter of Intel and AMD packaging stuff - they'd need to change a lot of development methodology to ensure that these updates could be decoupled from the board vendor. And as far as Microsoft requiring that they implement a TPM - that's basically what they did? Microsoft just provided an implementation for them to use as well.
Pluton can be used in different contexts, and it can certainly be used in more IoT focused scenarios. UEFI doesn't really integrate with the DICE case terribly well (I'm dealing with DICE at the moment professionally, because I've made some poor choices in life), so I don't imagine it'll be relevant in the general purpose computing segment.
Ah... Yes. The vaunted, "we want a UUID for everything to eventually use to identify any system to create a namespace of for no reason at all, why are you acting so funny? There's no abuse potential at all."
Truly, there are days I feel like Oedipus had a good idea. Tired of reading the rampant industry gaslighting around what our current crop of engineering talent is whipping up for the up-and-comings to be subjected to.
I'm completely missing how his example of a Word document that can only be opened by approved users on approved hardware within the corporation is supposed to be a bad thing.
Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.
Can someone please explain to me how the author might see this level of security as a bad thing?
The capacity for abuse is huge, way beyong the potential benefits.
From the USA, we get news of banned book in some states. When I read that, my head goes back to my european history, and I reach the Godwin point very quickly.
Those kind of people will abuse such system to prevent things to be shared.
It will be used for putting DRM on everything and create a more and more closed web.
It will be used by corporations and govs to prevent wisthleblowers and journalists to do their job. Or to prevent employees to get evidences of mistreatments in case they need to sue.
Because if you look at it, it's basically just a system for information control. And bad actors love that.
And of course it will be "for security reasons".
Trusting people with a terrible track record to not abuse a massive power in the future, espacially one that can be scaled up with the push of a button once the infrastructure is in place, is not a good bet.
> From the USA, we get news of banned book in some states. When I read that, my head goes back to my european history, and I reach the Godwin point very quickly.
Books are not banned, just not used in the classroom anymore. While the reasons for it may be wrong, it's something that happens constantly all over the world. No one prevents children or adults to read those books at home. Banning books could mean that owning them is illegal and that just hasn't happened.
Banning their use in classrooms is lesser but still a step on that path, and the same Republicans trying to do that are not going to stop at schools after they win but will rather see that as an invigorating first step in a long campaign. For example, book sellers in Virginia are currently fighting a lawsuit against an attempt which would ban private sales:
As a bit of an Anarcho-Libertarian who is often in the middle of these conversations from either side, I would imagine part of the problem is your framing of this issue as if it is only coming from one direction, when there is plenty of evidence that both sides are into things like banning books[0] it's just a question of which books they want banned.
The both sides framing is a common tactic used to make this seem even but there’s a pretty notable difference if you look at the details. For example, Newsweek’s right-wing owners love this framing but the left example is a single school district removing a book from the curriculum whereas the right wing examples are far more widespread and include books being removed from libraries. The motives are also different: banning books which depict racism positively (highly debatable in this example) is different from banning them because they reflect existence of gay people in a positive manner.
According to the article that I linked, California has banned "To Kill a Mockingbird" in schools due to racism and you seem to be implying that is because the book "depict[s] racism positively"; however, I read it back in school and I remember discussing extensively how the book showed racism in a most negative light.
It doesn't seem to me like you are willing to believe that both sides could be over stepping here, but I personally am sure of it.
I remember the discourse around changing Jim's name in Huck Finn and banning To Kill a Mockingbird. Those changes and bans were wrong. But still the scope and intensity with which the extreme right are gunning for books is alarming. They're doing it more, it's more widespread, and they're using state power.
When "the left" has opposed books they try to use social pressure to get book settlers to voluntarily not stock those books. The right is currently using state power to prevent the teaching of certain books, their presence in public libraries, and are even suing to make private sales of certain books a crime in Virginia.
> Apparently no one told him that the stack of books in the photo included one banned in the state he leads, To Kill a Mockingbird, which was banned from California schools on the grounds that it contained racism.
Clear cut, right? Nope, here’s what their own linked article says:
> Schools in Burbank will no longer be able to teach a handful of classic novels, including Harper Lee's To Kill a Mockingbird, following concerns raised by parents over racism.
> Until further notice, teachers in the area will not be able to include on their curriculum Harper Lee's To Kill a Mockingbird, Mark Twain's The Adventures of Huckleberry Finn, John Steinbeck's Of Mice and Men, Theodore Taylor's The Cay and Mildred D. Taylor's Roll of Thunder, Hear My Cry.
This is how the false-equivalence machine works. A single school district is expanded to an entire state (15k students isn’t nothing but it doesn’t represent many of the ~6M students in the state) and is presented as the equivalent of multiple state-wide attempts to remove books from schools & libraries, and again ignoring the difference between removing something from the curriculum with the goal of exclusion versus inclusion.
The urge to censor isn’t unique to right-wing politics but since they’re the ones pushing the most aggressively and successfully, I attributed more of it to the people causing the lion’s share of the harm.
OK then you agree that Amazon taking down Irreversible Damage was wrong, and that it should also be in every school library, or it's obviously a sign that the Left is going to ban books everywhere?
Removing something from a curriculum is not the same as banning it. There are many more books that are not in school libraries than there are books that are in them.
If you want to use the OS to ban a book or program or whatever, you don't need fancy hardware features, just a database of hashes pushed down via a software update. Apple wanted to do a version of this for CSAM images, it only didn't happen because they chose to tell users about it and got massive backlash. The implication that governments need more powerful DRM features to do something similar just obscures the fact that they could do it tomorrow if the US government gave up their free speech stances.
Chip manufacturers could even decide that nothing good happens on open source operating systems, so you're now only allowed to run Mac or Windows operating systems.
The point is really that they're taking full ownership of the chips from you.
They could, but not with the new Pluton stuff. That would be enforced with secure boot, which has been around for a while already. Again, the capabilities already exist. The barrier for a would-be censor is political not technological.
The EU just mandated chats to be scanned for content. Of course just for CSAM just as the meta data collection is only used for terrorism. Problem is that the latter is also used for parking tickets. They really try to hit the definition of a totalitarian state by the letter.
I doubt backlash will do anything. Regardless, the EU also mass collected personal data and made this behavior legal retroactively for authorities like Europol. The course for ever increasing surveillance has long been chosen. Government often disavows such decisions but that is exactly their strategy to implement such laws while evading criticism themselves.
Wider E2EE adoption was the only hope for clawing back some privacy for users who do everything on cloud services. If the EU bans E2EE and starts mandating all kinds of scanning of data stored on third party servers, it would be a massive loss.
I think it may have also been problematic legally for Apple. The US laws for CSAM are very strict and Apple wanted to do some sort of confirmation that the images are indeed CSAM which would have meant moving the images from the device to Apple servers.
If you're worried about book bannings in states like Florida, DeSantis is up for reelection in just over 3 months. Go volunteer or donate money to his opponent (probably Charlie Crist).
Did they actually ban the books, or did they merely ban their usage in K-12 instruction with the news outlet rounding that up to a book ban for dramaturgical reasons? Not that a ban in school instruction is necessarily good (though, I would guess, not nearly as rare), but the actual full-fledged ban that DRM could aid in enforcing, which would prevent you as an individual from reading a book you want to read in _any_ plausible context, is on a different level.
All Florida did was add a criteria to their selection process to disallow books that include Critical Theory/Critical Race Theory or their praxis in the teaching of math, etc. Every state selects which text books can be used by their schools so if Florida "burns books" then by definition every single other state does too.
Where are the text books in California that teach math using Biblical stories and imagery? Obviously California burned all those books if we accept the argument being put forth with Florida.
Of course, bible stories would be inappropriate because superstition and religion have no place in schools. We're supposed to educate students about reality.
But there's nothing wrong with teaching students how they can use math to understand social problems and complex real-world issues. Math is a great tool for thinking about things like income inequality, climate change and economics.
Well since you opened that can of worms, CT/CRT is just another religion, and not a nice one.
Ibram X. Kendi, in his book “How to Be an Antiracist” states, “The only remedy to racist discrimination is antiracist discrimination. The only remedy to past
discrimination is present discrimination. The only remedy to present discrimination is future discrimination.”
The whole movement is predicated, explicitly, on instilling hatred and animosity on some out-group, it's a viscous ideology masquerading as compassion.
> All Florida did was add a criteria to their selection process to disallow books that include Critical Theory/Critical Race Theory or their praxis in the teaching of math, etc.
Yep, one state decided to do something about this divisive indoctrination of kids and the peddlers of that stuff obviously don't like it, hence the "banning (math) books" stories. If you actually read into this you quicky realize that someone is clearly lying and (this time) it's not the Republicans.
What, are about to tell me that well akshually crt is only taught at the uni level? Give me a break. This is the most basic of defenses you can use and it has been done countless times before. Obviously CRT (or CT in general) itself is not being taught to little kids, but the C(R)T praxis is. I.e. C(R)T "applied" to concepts kids can understand. I've seen the books/questionnaires that are being used for this purpose, do I have to list some them?
I mean, this isn't even about Republicans, Trumpians or whatever, any self-respecting liberal can't possibly subscribe to c(r)t and still call himself/herself a "liberal".
Deciding which textbooks that are going to be used in public schools isn't banning books. If you don't want the government to decide which books are used to teach your children then homeschooling or private schooling are what you should be focused on.
Technologists often have such tunnel vision that limits their concerns to tyranny driven by technology when there's plenty of low tech attacks on open society all the time.
It reminds me of the good old "my password takes 2 billion years to crack, but my kneecaps only take a few seconds" metaphor about people in tech forgetting that physical coercion is, in fact, a possible attack vector for your IT security.
The low tech attacks often have low tech workarounds. DeSantis may "ban" a math book but there's nothing stopping a Florida resident from buying it and giving it to a child. There's plenty of other marketplaces and similar publishers I can pull from.
When computing is controlled at a hardware level, you have far fewer competitors and market places. Working around things can be significantly more difficult and you may be stuck with scrapping up old less capable tech trying to do something you should have better options for. This is the reason technologists fear technology control, not so much because of tunnel vision but because the general population can't work around it, even experts may not be able to work around such protections. Low tech always has easy work arounds--the option exists even if you may fear the consequences.
Any such bans will always take the path of least resistance to cover the largest possible population with the easiest means. Pareto Style. And I care much more about those 80% of people having access over maintaining my own. Because ultimately, those people will set cultural standards of the future, not some technologist with their fully libre laptop.
And those attacks are, as of now, not that sophisticated or blatantly censoring. An overwhelming majority already do their computing on locked down devices (running iOS, Android and ChromeOS) and the big censorship wave hasn't hit them. Every half decade or so Amazon removes a book from Kindle as a side effect of capitalism and copyright and there's a huge HN thread mistaking it for deliberate censorship, but overall it really doesn't matter.
Also, let's be completely clear that DeSantis didn't ban math books. This was an attack on ideologically inconvenient books, mostly queer literature. It's part of the push to label us as "groomers" for merely existing around underage people that has caused a spike in violence and mistrust directed towards trans people. Once our rights are sufficiently eroded, they'll go after the gays again, and after that, maybe, we'll have progressed on the fascist cataclysmic us versus them rhetoric to revive blatant antisemitism. Or racism. Who knows. But safeguarding the high end bit of tech that is not even mainstream anymore wouldn't help society out of this and being concerned for it is a very individualistic choice.
While this is true for a few people, applying coercion on a mass scale using the kind of tech described in the article makes it much more convenient... so IMO the argument still holds
But I never said it's not a problem. I said the priorities are wrong.
Establishing technical means to do something (limiting access to files via DRM) is not as urgent as actually doing it (Florida carting books out of school libraries). And technology is not a monolith. Pluton specifically is far from being a universal requirement on Windows, and the entire PC platform is open enough to support alternatives for a very long time. It's possibly worrying (though it looks like Microsoft's intention is confidentiality management in enterprises for now), but far from "turnkey tyranny".
And we don't need guns to do a genocide. We managed to kill a good chunk of the american natives with mostly blades.
Yet, you probably don't want to give willingly a nuke to a dictator.
In the same way, giving this kind of power to people that have shown in the past to abuse information control is like banking on the wolf to behave in the hen this time.
> Go volunteer or donate money to his opponent (probably Charlie Crist).
I'm not in the US. I just read those crazy news, compare it to my grandfather stories, and worry.
banking on the wolf to behave in the hen [house] this time
Fair point, but the United States is rapidly moving towards authoritarian governance right now. There are steps that every U.S. citizen who reads my comment can take to help stop this decline immediately. I don't like the idea of this sort of TPM 3.0 module in my computer's hardware, but it's a 'day after tomorrow' problem for me, not a 'right now' problem.
A good illustration of how devastating epidemics in North America among the natives were is that when the first European explorers reached the coast on the west side of what is now the United States they found that part of the continent to be highly populated.
That was in the early 1500s. It was another couple hundred years before Europeans started colonizing and conquering those areas. By the time that started those populations were already reduced by around 90% from diseases that has spread across the continent from the Europeans on the east side.
Before those diseases wiped out so many natives no European colonists were able to survive in what is now the US and Canada without the approval and help of the natives. If the local natives didn't want a colony there, they removed it.
Yes, the colonists had guns and the natives then did not but the guns in those times weren't actually superior to bows and arrows. The guns might have better range, but their accuracy was much worse and they took longer to reload.
Before diseases that the colonists (unintentionally) brought greatly weakened the native tribes pretty much the only colonists that did OK were those that allied with a native tribe.
There were a bazillion tribes, and there was a lot of conflict between them including warfare. Some smaller tribes that were losing their wars with bigger tribes allied with some of the colonies to try to get help against the bigger tribes. Those were the colonies that were allowed the stay and thrive.
For a great look at what life was like in the New World before Europe became widely aware of it, and what happened afterwards the book "1491: New Revelations of the Americas Before Columbus" by Charles C Mann is quite good.
>I can't fathom a math textbook with pornographic examples. Is this a thing in the US?
I've been out of school for quite a while, but AFAIK while there is plenty of porn out there, it's not in our math books.
No, it's just Florida politicos pandering to their base[0].
I'm guessing that what GP is going on about (please do correct me if I'm wrong) is probably some word problems that include references to non-heterosexual/non-binary folks, which seems to trigger the intolerant among us.
Which is a result of decades of attempts to put christian dogma and ideology back into US public schools, and failing that, destroy the public school system.
according to an article linked elsewhere (https://www.baynews9.com/fl/tampa/news/2022/05/06/florida-ba...) it was because they had too many black people depicted as athletes and they had word problems that treated scientific facts as if they were scientific facts.
The one example that I thought might have been somewhat improper was "Multiple exercises related to a debate between Al Gore and Rush Limbaugh, where the publisher was in favor of Al Gore's arguments based on the questions in the exercises."
If the debate in question was fictional, I'd be tempted to agree it would have been better to avoid using the names of real people although I'd disagree that is enough to ban the use of the textbooks. If the debate was actual and the textbook pointed out very real flaws with Rush Limbaugh's logic (especially if they were a real world example of bad math) I'd say that it makes perfect sense to include it in a math text book.
It depends on who is defining what is pornographic. To some of the swivel-eyed loons deep in the religious right, who are very vocal in these matters, all material depicting non-heterosexual people doing anything other than being deeply unhappy or being subject to a stoning, is pornographic. This means examples in textbooks that attempt to be inclusive can fall foul of their ire.
Mein Kampf is a banned book which I don't think many would disagree with. There are many other such books filled with propaganda that are rightly banned. I don't see why other propaganda-filled books that are being pushed on unsuspecting children shouldn't be banned too, unless the only reason is that you dislike the direction of the propaganda.
Mein Kampf is not banned in my country, I can buy it, and I think everybody should be able to read it.
You cannot defend against something you don't understand.
Reading it (or the little red book), you will notice there is nothing incredible about it.
It's a good way to understand the banality of evil.
It's a good way to see what currently in our society echoes it: we are not freed from evil, it can come back any time.
And the "push on unsuspecting children" narrative is worn out. Nobody push such dangerous book on children unless already twisted. Nobody ever told me "read it, it's good for you". Everybody always said: "dangerous book, read it with history in mind", if they ever talked about it.
I don't even think it's banned in Germany anymore. If I remember correctly it was banned for a while, but the ban was lifted and people bought it up like crazy. Not because they were Secret Nazis all along, but because people really hate being told they aren't allowed to access certain ideas. It's human nature to want to know the things you're forbidden from learning about.
If today it's "obvious" what's bad; When this generation dies off, who is appointed master of the universe and decides what's bad? It won't be you. It'll be the guys with the money; See Pluton. They're already paving the way for just that (at least in tech and what your wallet must must must spend). But, I digress.
You shouldn't ban books. You should teach morals.
My friend, Swim, who is a Jew living in Israel doesn't support banning Mein Kampf. So much so that when Swim's friend ordered it from Amazon, neither opposed it. Curriculum teaches about Hitler's rise to power and the abuse of his people to do so. That's more than enough to understand not to follow in his footstep. Swim's friend was interested in Hitler's political prowess.
I'm not interested in Mein Kampf. But, if someone is, he most surely has the right to read it. Kill the way some fanatics did because of it? No, that's immoral.
Who decides morality? That's complex, I think. But, I also think it is an innate intuition that lives in all of us.
I think many would disagree with the banning of it, not based on its contents but based on the principle of not banning books in general and not banning speech that’s unpopular.
Unpopular speech needs more protection than popular speech, not less.
If you're in the US there are not really any truly banned books. There are books that are banned from certain libraries (mostly school libraries).
But, imagine that a school adopts the DRM processes described in the article and requires this study level of control even on personal devices that are used for school. Suddenly those book bans can be enforced digitally by the school and will totally cut off access to certain books that the school chooses.
You might say that it's within the school's rights to do this for a device that is used for school and if you don't like it then use a different device. Now that's a system where there is a class-divide on the information that one is physically able to consume on their devices.
You might think Mein Kampf is ban-worthy, but the whole point is actually that you should not ban any book at all, because once you start banning books it becomes far too easy for more books to be banned. All it will take is one regime change in a school district's PTA for new books, that you maybe think should not be banned, to be added to the list.
It's worth considering the most banned books in America. His Dark Materials. A fantastic young adult fantasy novel that pokes harder at religion than some Christians can bear.
> But, imagine that a school adopts the DRM processes described in the article and requires this study level of control even on personal devices that are used for school.
The prerequisite for this to happen is that the school removes all physical editions of the books and has digital editions for all content, and a lending program for the books that is sufficient to satisfy publishers... and all students have digital book readers able to access the school library.
I don't see this happening in the near (or even within the decade) future. There is far too much content that is physical only, publishers haven't embraced digital editions for libraries, school libraries don't have the technical resources (physical or in many cases human) to convert their collections to digital.
The hypothetical school book ban for digital editions is needlessly alarmist.
When those resources are available to schools, then yes - lets talk about it... though the school banning books will continue to mean "that resource isn't in our collection" and a student can go to another library (or in many cases book store) and get a copy of that book for themselves. This is no different than today.
It's not banned here in the US[0][1][2]. Nor should it be IMHO.
I say that as a person of Eastern European/Jewish extraction.
Do I like fascists/fascism? No. Do I like Nazis? No.
But I do like freedom of expression. And if the price of that freedom is that hateful scumbags get to speak their piece, that's okay with me. But I'll have something to say about it too. As it should be.
Mein Kampf was not banned in Germany either. It is just that after Hitler's death, having no heirs, the state of Bavaria got the printing rights and decided not to allow printing of them (there was a heavily commented version made for academics like a study bible). Meaning all prints violated copyright until the book enters public domain.
District councils (so the second 'lowest' of the possible tiers) but yes. In practice, they've all deferred to the judgement of the British Board of Film Classification (née ...Film Censorship) for nearly every film since it was set up.
The same things that make it good in a corporate environment can make it abusive in a personal machine.
By forcing the kernel to be untamperable, Microsoft can arbitrarily enforce ANY policy they choose on your PC. They could spy on every single piece of network communication. They could ban any given software from being able to run on Windows - maybe Chrome, maybe Steam, any competitor at all. They actually could easily enforce laws on banned content too - any given website, book, audio or video could be impossible to consume, and an attempt to try could be reported to Microsoft. They could stream the contents of your display and mic and camera at any time to anyone they choose. There is literally nothing they cannot do with complete control over the kernel. And since the kernel and Windows itself is closed source, there are ways to hide all of it so you would never even know.
Security is great but it also goes hand-in-hand with control and surveillance. Every capability to increase security also increases the amount of control those providing the security have.
> They actually could easily enforce laws on banned content too
Exactly this. As soon as governments (or lobbyists) discover that this level of control is available to them, they will introduce whatever remaining laws they need, banning E2E encrypted chat apps, or Tor, or bittorrent clients.
I suspect that, like civil asset forfeiture, or running commands on botnet-infected devices[0], these actions will have only the thinnest veneer of "due process" applied to them. After all, if your computer is running "illegal" software, why should the government wait for your permission before deleting that software, or even tell you that it had done it after the fact?
Microsoft doesn't need an "untamperable" kernel to force spying on users. Windows 10/11 has horrible invasive telemetry that can't be disabled, but no one has figured out how to modify the OS and strip it out, all the "solutions" involve temporarily disabling services or blocking network traffic. Is there actually some new capability here that points to future surveillance and censorship, or are you just fitting everything Microsoft does into a narrative where these things are just around the corner and waiting for the right technology? In my opinion the technology has been there for many years, it's just waiting for the US to go insane enough to implement massive censorship.
But you can install your own OS. You can't disable this tool via another OS.
Particularly now that heterogeneous computing is making it big, video decoding can easily just be made not to work unless this tech stack okays it--regardless of the OS.
This chip could all out disable other operating systems if they don't provide the spyware telemetry that Microsoft requires.
By "this tool" do you just mean the Pluton system in general or some specific thing? The attestation stuff is a software feature that would be disabled by booting another OS that doesn't support it. It needs the Pluton hardware to be possible, but the software side is in the OS not hardcoded on the chip.
Disabling other operating systems would be done by the BIOS if manufacturers locked down the configuration of existing secure boot functionality, doesn't need any new features.
If I'm not mistaken, "no one has figured out" is factually incorrect. https://ameliorated.info/ blocks nearly all OS network requests (and hopefully all OS telemetry) by physically removing the relevant files from the system (though this breaks UWP apps, .appx, and such), and disables Windows Update to prevent telemetry components from being reinstalled. I use it on a near-daily basis, and it works quite well in most cases, although having a separate admin account by default, not being able to create new accounts (they show black screens), and missing features (Action Center and notifications) do sting, and I'm worried about the lack of security updates. If you do choose to use it, https://git.ameliorated.info/Joe/amecs is important for configuring the system.
> They could ban any given software from being able to run on Windows - maybe Chrome, maybe Steam, any competitor at all.
IIRC, this was the reason Valve created SteamOS: they feared Microsoft would use their control over Windows so that the only viable software store on PCs would be Microsoft's own store.
What you can install on YOUR pc will be at the sole mercy of microsoft/or maybe someone else.... That's the cusp of it. Not that it can be used for good, but that it sets the way for heavy misuse by large corporations.
Wait a few years. Smaller companies won't even be allowed to order high end cpu's. You'll be at 100% mercy of these corporations.
If after 2 years they decide to brick your pc, they'll just do it. You think government will help you out here? Lol...
Secure chips like this are already in all devices but PCs. And in none of these areas has any of that happened. Quite the opposite, Apple got a fine when they slowed down older devices to save battery (at least what they said).
So the government will clearly help out here. And none of these companies has an incentives to stop sales to smaller companies, they make a lot of money with those.
> Secure chips like this are already in all devices but PCs. And in none of these areas has any of that happened.
Ah, that must be why we all have root access and can freely modify or install anything we want on every device we own! Oh, wait, we don't have those things and our non-PC systems are increasingly locked down and routinely do things against the wishes of the people who own them.
I'm sure there will be developer options for this too. After all, Microsoft is not going to make all the software themselves.
But they could restrict this too. For a lot of platforms you now have to sign up for a developer account and license agreement. Like on iOS, Oculus Quest..
>As of January 2021 deleting SecureBoot keys and installing your own keys (for example by using KeyTool) will brick the device. This is a problem that is similar to one which has been reported on some other Lenovo laptops [0] and is likely due to a faulty firmware. If the device is stuck in a boot loop after replacing the SecureBoot keys, the only way to repair it is by replacing the mainboard of the device.
The goal is not to prevent you from running Linux, is to make it so that Linux cannot access the content you are interested in.
Remote Attestation establishes a root of trust that can be used to verify that all of the software down the line is "approved":
- You won't be able to browse sites or use apps with ads unless you run a 'trusted' device, OS and browser that does not block ads.
- You won't be able to browse sites with captchas unless you run a 'trusted' device, OS and browser that does not allow bots to interact with the browser.
- You won't be able to run Netflix unless you run a 'trusted' device, OS and browser so that you can't record the content.
- You won't be able to play online games unless, again, you run a 'trusted' device and OS so that you cannot cheat, or more importantly modify it in any way (why would you purchase skins if you can mod them in?).
- You won't be able to use online banking unless you use a trusted OS because banks.
Remote Attestation is pretty terrifying and it will be here soon unless it is regulated out of existence, which is unlikely.
As someone who enjoys hacking, looking at that list sounds terrible.
As a regular user, most of that list doesn't sound too bad. Their future devices will automatically have these features enabled, they're not likely to change those settings to "break" their device (from the perspective of Trusted Computing) so they'll have a smooth experience getting into it.
- Can't block ads? A lot of average users already don't/don't know how, but this one would probably would affect a lot of people. Probably a bad thing no matter how you slice it.
- They'll have a better experience online as they won't be interrupted with captchas. Wouldn't you prefer if you never experienced captchas and logins were smoother and easier? So a wash to a positive for an average user.
- This makes it an easier deal for streaming services to let you cache their DRM'd content offline and makes the deals they have to cut with media companies potentially cheaper. Once again they're probably buying off the shelf computing devices which will probably work seamlessly with these restrictions, so they either won't notice anything or potentially get more features than they have now with those services they're already using. I'm not necessarily a fan of DRM but the market has largely spoken, people prefer streaming rather than actually owning the media.
- Fewer cheaters in online games sure sounds like a positive to me.
- My bank account online is more secure? This is a bad thing?
This is all just giving away control to corporations. Freedom is about having the option, not using it. Even if most "regular users" never use it, if they ever change their mind they'll surely appreciate having it. It also affects the ability to develop new hardware, and being locked to hardware/software approved by the remote side (e.g. Facebook or whichever app/site you're using) is a pretty Dystopian reality.
> My bank account online is more secure?
Sincerely, why? Because I can't customize my own software anymore? Fortunately banks around here don't require SafetyNet, some of them do require a mobile device though.
If all clients interfacing with the bank's API are required to prove they're locked down devices running proven official clients it reduces the potential attack surface. Lowering the attack surface increases the security.
If the market really cared about being able to run whatever software you wanted, nobody would be buying iPhones. Fire TV sticks and Rokus wouldn't move any products. Playstations, Xboxes, and Nintendo Switches would be crushed under the massive marketshare of Mister devices and Steam PCs. One quick look at reality shows this isn't the case.
I think you're massively overestimating the market size of people who actually care.
Note that I'm not making any moral argument here, I'm not saying whether these things are good or bad. Personally as someone who likes to tinker and has been bitten several times by DRM and the likes, I'm not too much of a fan. As someone who has to try and ensure compliance on devices, its a godsend. But at the same time I know lots of people who buy Xboxes and Playstations because there's less cheating that happen on that platform. I know lots of people who buy iPhones and iPads because they know the odds of accidentally getting malware on it is very low compared to alternatives. To them, locked down hardware is a selling point.
I don't like having to lock my bike, its a huge pain. But at the same time there's tons of people here arguing locks shouldn't exist. Trusted computing, in the right context, is a good thing. Being able to lock your door is good! Being able to assure your device is what you say it is is good! I definitely agree there are potential dystopian futures with this technology, but that's true of any truly revolutionary technology. Wheels move carts of grain and help tanks roll. Being able to break dinitrogen into more usable sources gives us cheap fertilizer and explosives.
> I think you're massively overestimating the market size of people who actually care. Note that I'm not making any moral argument here, I'm not saying whether these things are good or bad.
I think we're just discussing different things here then. I'm specifically talking about whether this is good or bad for the future of society. Most people buy whatever is most convenient at the time, which is fair and everyone has done this at some point, but it may or may not the best for society.
> I know lots of people who buy iPhones and iPads because they know the odds of accidentally getting malware on it is very low compared to alternatives. To them, locked down hardware is a selling point.
It may be a bubble, but of all the iPhone users I know, I don't think any of them has bought it for that reason. Most here buy them for either being simpler to use, lasting longer, or status. Of all the Android users I know, I don't know any that has knowingly got any kind of malware, and that includes people with very old phones.
This smacks of fear mongering. The scenario you've outlined is just absurd. Many manufactures have pledged to turn this off by default and be an opt-in model. I'm not disagreeing that laptops given out by corporations for to you to use for work won't be heavily locked down and could be bricked remotely. But most laptops today already come this way from IT.
So if I'm understanding this correctly, you'd prefer to live in the world where the Collateral Murder Wikileaks video of journalists being murdered in cold blood was never released because it was hardware locked to the original military system it was found on? Or maybe some large viral video which triggers a social uprising simply won't play.
You are seriously so focused on pointless corporate secrets that you would actually consider giving the people in charge of the control over your information stream the ability to decide that something just shouldn't be shown? Because what? It might make discovery for a lawsuit more difficult? It'll make it easier to hide malfeasance?
This seems particularly useful if you are trying to pretend that May 35th never happened, for instance. Terrifying, and rather icky.
The way I see it: Whatever happens, the system will get abused, and so, I weigh the potential abuses along with the potential benefits. With remote attestation, you put a lot of control in the hands whoever controls the "remote", making the situation very asymmetrical, and so, ripe for centralized abuse. For example, with centralized trust systems, a leak of the signing keys are devastating for the system. For an example, see the DVD key leak:
Because that doesn't work. 2h before someone complains to IT that he cannot write/read/delete said Word document. Then management says X indeed needs access. Now you have created a maintenance nightmare sourced in rather weird security requirements.
Could as well gouge out the eyes of everyone not having a read permission on said document. There are 1001 solution to solve such problems. And as a gigantic bonus it doesn't have to be bound to hardware! User permission management is much easier.
It's like your company giving you serious protecting gear to wear while doing your work on a nuclear reactor is a good thing. But having to wear such gear at home is not a popular choice, and should not be required.
I imagine if the proponents of these systems had their way, they'd add remote attestation to websites too. Imagine your bank's website only loading on a "secure" windows environment, non-rooted android phone or an iphone.
Once these chips are in everyone's devices, it would be quite easy to add this stuff technically. And in doing so, break the web on non-approved hardware or software (like linux).
Edit: Actually on the subject of worst case scenarios: If the trusted computing attestation process was extended through the web browser, it would be possible to build a website which is impossible to scrape or interact with in any unapproved way, from any unapproved device. Eat your heart out Aaron Schwartz.
> imagine if the proponents of these systems had their way, they'd add remote attestation to websites too. Imagine your bank's website only loading on a "secure" windows environment, non-rooted android phone or an iphone.
Actually, IIUC this is already the case on Android[0].
Some (many? most?) banks/banking apps are rejecting (and/or complaining about) access from rooted phones right now.
I can't confirm this personally, as I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.
Perhaps someone who uses banking apps on their surveillance device could chime in on that?
> I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.
Well, it gets even better, even for folks with principles like you have.
If you want to use general computer, you need to log in. For logging in, you need second factor. That second factor is going to be in 99,99% cases exactly the app in the smartphone, that refuses to run on rooted devices.
So no avoidance, if you want access to your account.
>If you want to use general computer, you need to log in. For logging in, you need second factor.
The administrator of my network does not require multi-factor authentication for my logins.
That's probably because I am said administrator.
As for professional settings, if my employer wants me to use a surveillance device and/or an app on said device, they can provide that device to me.
As an alternative, I suppose I could use whatever subsidy is provided by my employer to purchase/use a separate device for such things.
If they choose not to do one of those thing, I guess I won't be logging in and will soon be working elsewhere.
Requiring me to use my personal equipment for work purposes is inappropriate IMHO, and I've yet to hear an argument (other than folks not wanting to carry multiple devices, which is a personal choice) that changes my mind about that.
I'd welcome anyone to make such an argument, mostly to discuss why it's inappropriate, but I'd certainly keep an open mind about it -- perhaps there's an angle(s) I haven't considered.
I meant access to your bank account -- in the context of the thread above --, not to computer account on your private or corporate computer.
At least in Europe, it is not even bank's initiative, it is from above them. They've got PSD2 directive to implement. And when they all have to implement it, is kind of difficult to vote with your wallet.
Yes, this is already the case on Android.
Two years ago I canceled smart-id contract (https://www.smart-id.com/) and stopped using any "smart" devices. Because one day the smart-id app ceased to work on my rooted smartphone.
Soon my old 3G dumbphone will be useless as the mobile operator ends the service. People are pushed to newer phones^W surveillance devices and I have to hunt for real 2G phone soon.
Your 3G dumbphone is not as dumb as you think. Considering the threat models from that era, it's most likely more manageable remotely and less compartmentalised.
Btw, you could acquire a Mobile-ID SIM that will work on a rooted phone (but also with feature phones, if you wish).
I can see a situation where "the authorities" decide that, say, the list of people who flew on Epstein's "Lolita express" is "evidence in a pending trial" or "confidential" in the name of "national security," and simply flip a switch to prevent our computers from being able to access any file with particular hashes that they've identified as containing the information.
Likewise. I see only potential for enormous hassle reduction if my employer (a bank, currently) can treat its entire compute infrastructure as a honking big cryptographically assured parallel universe.
It doesn't protect from malicious document leakage: you can still take screenshots or photographs or use a plain txt file. For unintentional leakage, MSIP already does what you are saying this just bakes into hardware where patching/fixes are harder than the cloud
Remember when Snowden and Manning leaked huge troves of secret information about the crimes of the State? Remember when a bunch of journos got their hands on the so-called "Panama papers"?
Basically, this will make transparency even harder than it already is. That's a terrible danger for democracy at large. Stalin's wet dream.
It's a big value add for you, as a corporate IT deployer.
Outside of corporate IT, what if Microsoft uses this remote attestation to enforce binding non-corporate PCs to a Microsoft account. Some don't have a problem exposing everything to Microsoft's cloud, but Pluto sounds like it could be used to enforce this on a hardware level.
If computing devices without bondage to a cloud service are impossible, Windows has no more value proposition for me for personal computing. I'm going to stick with Apple, because at least Apple allows me to turn it all off, off seems to mean off on at least Apple iPhones/iPads (I don't have to check hundreds of weirdly named services, policy settings, scheduled tasks that are all on for some reason), and settings don't seem to randomly sneak on between updates.
Author has a bias against Microsoft. So do hacker news readers.
News of Pluton and its security goals have been readily available since 2020 from reputable hardware sites like Anandtech, or directly from Microsoft themselves. There's nothing new or hidden or surprising about it unless you live to dream up Microsoft conspiracy theories.
Many other hardware manufacturers have similar security offerings including Intel and Apple. Microsoft is arguably late to the game here, given their only recent interest in PC hardware. OS integration isn't even new. Macs have been shipping with T1 and T2 chips for over five years. Has the sky fallen on that ecosystem?
And that's why Microsoft needs to include such a chip. If we move to a world where security is enforced more and more by hardware, you'll need a device that can participate.
A lot of this rant reminds me of the justification for crypto. The techno-anarchists are terrified of authority they can’t hack around. The fact that some governments abuse their power implies no authority should ever have any power. If we can’t break the rules then the world will end. It’s a slippery slope from content providers getting paid to complete big brother 1984.
The plugin my current employer uses is so well integrated that I don't even know its name. (I suspect it may be developed internally)
At a past job, we used Entrust [0] and I'm aware of Virtru [1] as well.
Edit: I forgot about Sharepoint, which also sort-of fills the ACL document-sharing niche. (though I'm less certain about whether it uses encryption to enforce its access policies)
I can discretely copy GBs of email messages and word docs in a reasonable amount of time, but I couldn't discretely take cell phone pictures of every page of every one of those messages and documents if I had years to do it. You don't always have to prevent something 100% of the time in every possible situation to have a devastating effect on people who want to do that thing.
I've just provided the easiest example of bypassing any boomer security nonmeasures.
give a dedicated and competent attacker 15 minutes alone with your highly secure machine and highly sensitive documents, and if your entire security model depends on DRM rather than actually effective methods, they will figure out how to exfiltrate it all.
In corporate and government environments, I imagine that they'll ban employees / civil servants from bringing camera(phone)s to work, and necessarily forbid them working from home.
The only question is whether they will trust metal detectors to prevent whistleblowers from bringing in these devices, or if they will rely on strip searches and CCTV.
if you mean there are scanners that prevent you from scanning of a banknote, that's another great example of wasting time, money and resources to accomplish nothing
The thing I fear the most with this is "proof that secure boot has never been disabled". This is just a way to brick your device from accessing services.
What if you government's tax service requires such proof? Or bank? I cannot count how many machines I booted on Linux to rescue a hard drive, or image it, or wipe it, or just to install linux on them. All those devices, boom, paperweight for regular personal use.
I hate it so much that Microsoft is alone in this. It's not because it's M$, it's because they're alone on it.
This is already a problem with SafetyNet hardware attestation on Android. Because it's so easy to implement on the app side, everything from banking apps to games is verifying the device is running a blessed system image with a locked bootloader and no root access (read: no access to general-purpose computing).
As a developer of a banking app, I do my best to avoid implementing this user-hostile crap, but not all developers are empowered to say "no" to this requirement and not all care. There is zero benefit to the user to block them from using your services, and I would argue the net benefit is negative to the service. Users aren't hacked via privilege escalation exploits, they are hacked by phishing, and they can be phished on a SafetyNet-compliant device just fine.
I never knew SafetyNet was a thing, and wow, what a bullcrap thing for the basic consumer.
Thank you for being a smart banking app developer. There is so much bullshit in most of those apps that I consider them as "worst apps on my phone", but due to management incompetence rather than developer incompetence.
I really appreciate knowing some devs are out there defending us from the banking app madness. I'd encourage you, given your position, to write a blog post about why device ownership is important and your experiences on how others should consider operating.
I remember when Microsoft introduced driver signing, i remember articles in Slashdot and TheRegister going wild about how Microsoft was about block side-loading third party software, and only allow software which they specifically authorized to run on Windows or that they would charge large % fees to allow 3rd party software to be installed.
When those these restrictive practices were introduced with iOS and to a much lesser extent various Android distributions (not just phone, but other types of appliances), i was genuinely surprised about how quiet the same type of people are, who I thought protested out of principal.
Its the same pattern, like poltics, where people are just basically trying to sell or advocate for you to buy into or sell another product.
Ew. Why are all the chip manufacturers going along with this stupid plan? I want to buy a processor and then own it and have it work in my best interests, not consume electricity and generatie heat enforcing draconian 3rd party DRM policies.
And that's why the road to a better software ecosystem is not some hackers smart trick to defeat the system for the moment but very clear rules of what is allowed to be done in the name of security and what isn't
A legislative piece of paper (or many pieces of paper) have the power to reign in corporations far far beyond any technical solution or workaround.
And yes, that requires limiting (intellectual) property rights and regulating what certain contracts can enforce. Sometimes it's needed if you ask me
In my experience this sentiment is rejected primarily by many technical people because it feels like adding the human factor to a pristine world of logic. In reality it's humans all the way down and there is no reason to believe that Microsoft/Apple is a better steward than an elected body of representatives acting according to the rule of law
The conspiratorial answers here are emotionally satisfying, but ultimately wrong. The reason chip makers and OS vendors are adding this is customer demand, by which I mean enterprises. Companies want remote attestation and guaranteed-immutable OS images on their networks, and I honestly can't say I blame them. In a perfect world they could have it and we could somehow firewall it away from the consumer space entirely, but that's not going to happen.
Yes, they are possible... And they are implemented using all the evil things like Secure Boot, TPM, and Pluton.
MS remote attestation doesn't require remote cloud or anything like that, I recall it supporting air-gapped environment from the start (guess why, the top-price enterprise clients want that, including resigning windows with their own secure boot keys).
Disclaimer: for various reasons open source remote attestation in corporate is currently on my roadmap at work
You either don't remember or wasn't there when TPMs were first talked about, in either case I envy you then.
And yes, there's nothing evil involved if they are owner controlled, something that honestly was heavily Microsoft pushed because they do have clients that insist on them - the DRM functionality in intel ME has keys controlled by broadcasting associations instead (this is why you can't stream HQ on Linux from official sources), same with part of why AMD PSP got some uncontrolled bits (the blackmail goes that if you don't do that, customers will quickly find they can't stream netflix/whatever in high quality on your hw and will stop buying it).
Personally I believe that owner-control of hw should be enshrined in law, just like right to repair and modify, along with laws against deceptive "looks and quacks like a sale, is actually a lease" practices
Have you seen OCP's Caliptra RoT, which requires OSS firmware, enforced by dual-signing of firmware by both OEM and owner? Currently for hyper-scalers, but this approach can be adopted by other enterprise customers, https://www.youtube.com/watch?v=p9PlCm4tLb8. Attestation will be done to Caliptra, which can then release SoC boot ROM from reset.
The same enterprises asking for this stuff are also asking for it to be taken out of their hands because they don't trust themselves to operate it securely or reliably.
I'm frankly already appalled by how much data (proprietary data, customer data, employee data, etc) companies are fine leaking to 3rd parties, MS especially. Even if you assume that Microsoft could never ever possibly be hacked, or would never favor one of your competitors enough to hand them your data, Microsoft's MO has often been basically stealing other people's work/ideas and stomping out or absorbing the people they took it from. The data they get from outlook alone must be worth a fortune, but with everything the OS collects these days it's insane how little anyone cares.
When it comes to security someone must always sleep with one eye open - co-owning this responsibility is totally reasonable. Microsoft takes security seriously and is investing heavily in it; if they are already in your orgs trust boundaries I see no reason why they wouldn't be considered good stewards for this as well.
Besides, at enterprise scale, how do you trust internal teams? It could all be security theater and they aren't delivering on their promises as well.
> Microsoft takes security seriously and is investing heavily in it
Some parts of it maybe do. Some others, like multiple different Azure teams, don't even think about anything resembling security, or there wouldn't have been multiple critical and trivially exploitable security vulnerabilities on Azure in the last year only. (If you don't know them, please read up on them. Security is hard, but in those cases nobody even pretended to try!)
You're thinking about companies as monoliths. They are groups of people.
The managers who want remote attestation aren't the people implementing it. They either pay someone else to do it, or they pay someone else to do it. The difference between paying a third-party company and an employee is that employees are more expensive, because the costs aren't amortized over other customers who want the same stuff. Why would they be more trustworthy? Why would they be better at it? Why would it be any less likely to be hacked if you did it at your company than if you outsourced it?
I don't really care for the reason, why can't we as consumers opt out if it's consumer oriented then? For me it's not even about the egregious security and privacy implications -- I just simply want the (illusion of) choice w/r/t silicon rootkit 'features' that I'll never use.
You can, it even says in the article that Lenovo and Dell are shipping with the Pluton chips disabled by default. If they can do it, a user can disable it to (for now at least).
Good, if companies want those features, then they can be the ones to pay the price in privacy. Otherwise, let me set an OTP bit to disable all Management Engine kinds of functionality on the CPU permanently.
Haven’t looked at the Intel space, but doesn’t AMD have an “PRO” tier available for OEM only? Ryzen Pro, Threadripper Pro… Or Nvidia and their segmented RTX/GTX vs Quadro. These hardware companies love segmentation, let them have it, do that for PRO enterprise only, leave my personal use, no remote attestation, immutable OS needed PC alone.
It's tragic (especially if you care about general-purpose computing and the future of open platforms), and a sign that Microsoft's Palladium project was never really canceled. Boil the frog...
Of course, Microsoft would say it's not about DRM (at least right now), it's for "security." Which... its secure as Microsoft's servers are, to be sure.
Because China and Russia might be hacking your hardware.
Don't people listen when a guy like Pompeo speaks he has pretty much outlined the plan with his Clean Network Initiative, I wouldn't be surprised that within a decade CloudFlare and other US cloud services will be used as the great firewall of the western sphere.
It's not mutually excusive. I think risks from hostile powers need to be called out, and I think we also need to be calling out this bad behavior on our side too.
> People should generally be most afraid of their own government - it's the one that is allowed to use violence where they live.
Be careful to not forget the distinction between "being allowed to" and "being able to". There are documented cases of countries (including the USA) using violence against people even when they aren't the government where these people live.
> Ew. Why are all the chip manufacturers going along with this stupid plan?
Because if they don't add whatever garbage Microsoft orders them to include in their chips then Microsoft can simply require that shit for the next version of their OS to boot. They could even force an update on existing PCs to check for it. Nobody is going to buy a chip if having it means they can't run the OS that 99% of computers on the plant are using. If Intel dared to say no, MS could pretty much run them out of business.
This works both ways however. No one is going to buy the OS that can't even run on their latest chip. Microsoft can make all the demands they want, but the chip manufacturers still have the power to refuse to implement it; if Microsoft wants to brick their own OS, that's not their problem.
> No one is going to buy the OS that can't even run on their latest chip.
Unless that latest chip is vastly superior to what we have today, almost nobody is going to care. Most people couldn't tell you which chip is in their computer right now. They don't even care what a processor is. They just want to be able to click on the little picture that makes facebook happen and they don't want to have to learn anything new to make that happen.
If every chip manufacturer refused, you're right that we'd be pretty safe, but the moment they can get just one chip manufacturer on board every OEM will buy those chips or go out of business. Intel was "evil inside" decades ago for a reason, so we knew how this was going to play out.
It sounds like you can still do that. Other people will get to decide if you can use their services with your device, but (unlike an iPhone, for example) it's still your device to do as you please with.
Simple solution: don't care about up or down -votes. Believe me, Internet points are a sham and waste of time. Focus on interesting conversations and connections instead.
However, interesting conversations are missed because of noise (e.g. down-votes) - I'm less likely to interact with a down-voted post, they usually are not as informative or interesting.
Proposed solution - abolish negative points entirely, points should be per-thread, not per user. If a user is causing frequent problems (frequently downvoted), per admin review then issue ban/rate limits, etc.
I view the positive/negative points mostly as a sentiment rating - if I receive downvotes I can tell my point is unpopular/uncontroversial, if not I know someone found it interesting. That does affect how I post in two ways:
I make more effort to expose common context for posts which are down-voted, people who are lazy and don't care won't read the expanded post, people who are more open-minded (the ones I want to attract and start conversations with) are more likely to come around to my viewpoint, or at least offer more interesting conversation (disagreement is necessary to have a discussion).
So I find both positive and negative votes to be useful, even on my own posts. Even the manner in which I've been down-voted recently tells me something, and it tells me valuable data about who has which opinions.
It is much worse than he thinks. If I was to write out the worse case scenario the MS employee would have no choice but to consider it.
Therefore win 13 will be a theme for ubuntu packaged with a FOSS version of office. MS will award large weekly prizes for the most useful FOSS app extending the eco system. It will be sold on multi TB external drives that work like live USB only daisy chained. Weekly new releases cramped with so much free stuff every neck beard around the world must own all of them. A few movies, some music, a game or 2. Each comes with a poster, a t shirt and a book. Prices go up and down using RNG making some releases rare and hard to get.
Reminds me of computer magazines bundled first with cassettes, then floppy disks then CDROMS, 80s to 90s. Occasionally some other gadgets too. Everybody like us was buying them.
Quite scary isn’t it? What a time to be alive. I’d never have believed that I am seriously questioning whether a conversation on the internet is real. Even after all the gpt3 quiz sites, like the one where you have to guess if the code is generated or real.
Indeed - I'm pretty sure a small cabal of people with low self-esteem is responsible.
Speculation, Zuckerberg, Musk read new-sites like this, can't bear their egos to be deflated. I don't think that's necessarily realistic, but I would suspect someone like that, personally.
HVCI is truly revolutionary, you can no longer just dump lsass and get credentials if it is enabled among other use cases.
But to me, this all looks like MS building a house of cards again. If I am writing a rootkit or other malware why can I not use this to make sure only the compromised devices secure processor can read the contents of memory or does defender get a pass?! A defender/analyst won't also be able to dump ram with volatility or a custom driver to analyze the malware/implant? No microsoft solution would prevent a user from downloading and running an executable entirely so malicious code would run, but can it now hide from security solutions? What part of HVCI am I missing?
As far as the rest of it, it will break legitimate use cases for users so I don't expect it to be a default anytime soon. I hate the remote attestation stuff but my hope is it will either fizzle out or regulations will be put in place for enabling user control of the secure computing private key for personally owned devices because code you can't introspect or keys you can't manage should not exist on a device you own (not license).
For now (and I haven't seen an annoucement of a coming change about it), only trustlets signed by Microsoft can be executed in the VSM (Virtual Secure Mode), so you won't be able to write a malware or a rootkit that leverages it to hide the execution flow.
Thanks for clarifying. With drivers they get around that by using vulnerable drivers, but this isn't regular kernel mode code execution, and MS will probably revoke certs for future vulnerable trustlets? (Or not, since that can cause outages). Sounds like a whole new area of research.
I'm not hyped about most of the DRM stuff (and yeah, frog boiling is definitely a worry, though I don't know how we could ever end up with devices that can't boot alternative OSes just cuz of how servers are set up).
But I am personally glad to see hardware-level key stores show up on all CPUs. Maybe this is already a thing and I'm being duped by Apple for thinking it's good, but it feels good to me.
I'm not really worried myself that alternative Operating Systems will be locked out. However, I am concerned that the functionality of alternative Operating Systems will be locked out. If you see the (speculative but grounded) area near the end of the article - imagine if assertion becomes popular for things such as games or digital movies or the school WiFi. Your Linux PC will never be able to do that, and WINE (probably) won't be able to help. Won't stop you from hosting a server, but it will make it much harder to enjoy a Linux desktop. That's an issue.
4K Ultra HD on a computer
Netflix is available in Ultra HD on Windows and Mac computers with:
Microsoft Edge for Windows
Windows app for Windows 10 and Windows 11
Safari for MacOS 11.0 or later
Until access to the internet or methods of circumventing DRM are crippled without submitting to these technologies. That's the road we're heading down. Can't hack the current-gen Xbox, apparently. I'm wondering if someone will take that as a "challenge accepted".
Well, the Xbox One wasn't hacked either. That was released in 2013. If it was going to be hacked, it likely would have already happened given that its most popular moment has come and gone.
nowadays 98% of things implying "security" are actually unwanted products, protections for "the other side" or trivial distortions of reality where, conveyed by "security" itself, the user himself becomes the product
- no, I don't need protections for the side channel, I never asked for them
- no, I don't need a unique identifier, who is the demented person who asked you for it
- no, I am not going to glitch the power supply, and even if I did it means I am interested in doing it and wish it worked instead I was prevented from doing it
- no, I don't care at all about having a hw store for certificates, which are ephemeral and dropped from above anyway so what am I supposed to trust?
- and so on
"not secure by design" nowadays comes close to being a coveted feature
Security has degraded to snake oil on a lot of topics. Boot infection are really rare and the whole TPM module isn't really needed in my opinion and I don't want it either for my systems. There are edge cases and sensible applications, but I don't want to see it as standard.
The concern with boot infections aren't for standard every-day malware, which is perfectly happy to just mine crypto on your machine in a sandbox[0] or read out your browser cookiejar for login tokens at normal user privilege. The kinds of people dealing in boot infections these days are three-letter agencies looking to make very difficult-to-detect malware that they can attack other countries' infrastructure with. Likewise the companies that run said infrastructure would rather buy servers and client machines that will defend against such attacks.
Before you say, "well, they're the government, why don't they just compromise the secure boot CA"; the problem is that cryptographic signatures create evidence. If someone finds your boot sector malware you don't want it to be attributable - but signatures from an already-trusted entity create exactly the kind of paper trail you'd rather avoid. If Microsoft signs a boot sector virus, then it's obviously a US government cyberweapon, and any companies that find it in their systems will start suing. In this particular context, secure boot is a policy of "no execution without attribution".
[0] Which nowadays can even be done in a browser. Modern browsers actually have to have throttling and CPU usage limits because of this.
Gee I wonder why. /s Such statements are tedious to say the least, preventions have been implemented, obviously it curtails such abuse, obviously that reduces frequency.
> the whole TPM module isn't really needed in my opinion
It's nice that you have no key material that would need to be kept strictly on the device, but a lot of users actually do. We don't want people's Webauthn tokens carried away, we don't want Bitlocker keys stolen, most certainly we do not want biometric authentication data stolen. Maybe you have reduced that risk to near zero, but that's not the case for the vast majority of users.
The frequency dropped even before TPM was deployed on most machines and I guess most systems still haven't it enabled today. Reason for that is that there are simply more direct and profitable ways to get system access, see most applications of ransomware for example.
> It's nice that you have no key material
You can use many different types of authenticators. If you use Windows Hello you need TPM and they try to hinder you adding alternative means without TPM being activated. But that is a different story and solely on Microsoft. No need to falsely or passive aggressively suggest that a system would be insecure without these specific means.
> The frequency dropped even before TPM was deployed on most machines
I interpreted your sentence as two disjoint statements and thought you find UEFI/SB and TPMs all useless. But yes, it indeed started dropping before. TPMs don't deal with that topic unless we're speaking of Trusted Boot, which is a whole separate concept.
> [...] hinder you adding alternative means without TPM being activated. But that is a different story and solely on Microsoft.
No it's not solely on Microsoft. If there isn't a safe place to store keys, it makes sense to dissuade storing them. Fairly obvious, isn't it?
> You can use many different types of authenticators.
It's not a very realistic suggestion for most users and use-cases. Having a built-in module that does the job has a lot of upsides.
> No need to falsely or passive aggressively suggest that a system would be insecure without these specific means.
I didn't say such a system would be insecure, however it can't safely store key material, it would be less secure in a bunch of contexts.
> Having a built-in module that does the job has a lot of upsides.
And downsides, especially for corporate usage you don't want your data protected by device keys if they aren't set by yourself or replicated elsewhere. But it is a security risk to deploy such keys on local machines in the first place in many circumstances.
> If there isn't a safe place to store keys, it makes sense to dissuade storing them. Fairly obvious, isn't it?
The behavior is that you can only add keys if you already activated TPM. This is an implementation detail of Windows Hello. Perhaps they changed it but I can think of some reasons why they forgot to add the option.
> it would be less secure in a bunch of contexts
No, I disagree. Severely less secure depends on the security model. Applications cannot usually randomly access any memory, but yes, the system would need to ensure that and there can be attacks. If you assume your system is compromised on that level your device encryption will be bypassed via the same channel. TPM comes with its own suite of security flaws in regards of device identification (bug or feature?). That is a relevant threat model compared to many memory attacks regardless of the countless other fingerprinting problems we currently are subjected to. Plus the DRM issues around remote attestation and sealed storage.
> And downsides, especially for corporate usage you don't want your data protected by device keys if they aren't set by yourself or replicated elsewhere.
It's a solved problem in corporate environments.
> But it is a security risk to deploy such keys on local machines in the first place in many circumstances.
That's a massive stretch and no normal corporation agrees with that statement.
> No, I disagree.
Other people's threat models are not something you can disagree with.
> If you assume your system is compromised on that level your device encryption will be bypassed via the same channel.
Well not really, it's not a bypass. Continuous abuse of a compromised machine is significantly noisier than exfiltrating the keys needed and then abusing those. Plus you can't touch anything that would change TPM measurements, or you'll lock yourself out. It's much more cumbersome.
At that same time, Microsoft started using your HDD serial as an identifier. Nowadays there are unique identifiers in most of your hardware, including the north bridge of your motherboard and the TPM that windows now requires.
Also, mobile devices got all kinds of unique identifiers from day 0.
Yes ... I certainly look for chips WITHOUT certain "security features" when I'm building a system - makes it more difficult for the "bad guys" (really, just the greedy guys) to force me to do things the way they want.
What chips are left? When they've got Intel and AMD that's the vast majority right there. We really need some kind of open and transparent chip manufacturer who is unwilling to infest their product with user hostile code at Microsoft's demand.
Hmmm, yes. The Core-X seem helpfully lacking in undesirable features, but the standard range is certainly heavily encumbered. If I can get a half descent RISC-V chip and motherboard, that might be the go...
> no, I am not going to glitch the power supply, and even if I did it means I am interested in doing it and wish it worked instead I was prevented from doing it
Are you talking about brown-out detection circuits, or is there something else?
The first xbox was hacked using an attack via the power supply I believe. It caused some instructions in the boot sequence to be skipped i think. It’s a really cool story, wish i had a link.
It’s worth distinguishing between security against software attacks and security against physical “attacks”.
I absolutely don’t want my internet connected pet cam to be accessed remotely (outside the set of companies i’ve decided to trust, namely the manufacturer.)
Protection against hardware tempering is less good and probably mostly anti-consumer. The most legitimate cases I’ve heard:
- Protection from (some) supply chain attacks
- Leasing models. Where you acquire the item for less than it’s hardware cost and pay over time.
But honestly I’m not convinced of either.
Disclosure: I worked on Azure Sphere, the first place Pluton was developed outside Xbox.
Edit: I’ve read the whole article now. These scenarios are really bad and really realistic. Pluton is bad.
Could not agree more. Security only means control. I don't want security. I don't even want safety. I have never cared about either, and I'm now too old to die young, so I'm not afraid.
> "not secure by design" nowadays comes close to being a coveted feature
That's a huge market opportunity. I would buy "insecure" products over secure ones every time.
> - no, I am not going to glitch the power supply, and even if I did it means I am interested in doing it and wish it worked instead I was prevented from doing it
This one makes no sense. Wouldn't 99.9% of power supply glitches be some sort of accident, and something that the end user probably doesn't want?
Security can be used to create both a safe, and a jail. Remember that.
---
I think Microsoft feels threatened at this point about Linux becoming more popular on PCs; what with hardware like the Steam Deck. Can't have Linux dominate the PC platform if you forcefully bind all hardware to the Windows ecosystem. Imagine if back in the day Microsoft used their dominance to block out all competing software on PCs but their own.
---
I can see a dystopian future where Government can enforce code/file signing with technologies like this (DRM), so that you can never again have an open computing platform; you could only ever use code or view files approved by the State, and if you try to write code or create content, it won't work period unless it is first approved by the State. (such as with an AI scanning tool to detect and block "wrong-think" or "dangerous functionality" (i.e. dissent or otherwise that threatens the powers that be))
I think the fear mongering is spot-on and there's no way back. The only positive way forward would be a non-profit org taking over the role of key manager. No for-profit org and no government should be in the position to control computing. So instead of blocking the technology that inevitably will come (or is already there), let's focus on legislation that prevents corporate entities from controlling computation.
Privacy and user empowerment stopped around 2007 and most technological advances suit the capital and political classes for their benefit, hegemony and ability to control us. It’s time to stop buying new hardware and to be content using older hardware to halt the erosion of our privacy and maintain what little independence we have.
Pluto (Greek: Πλούτων Plouton, "giver of wealth", Pluton in French and German) the most common name for the classical ruler of the underworld. Plouton was one of several euphemistic names for Hades, described in the Iliad as the god most hateful to mortals. https://en.wikipedia.org/wiki/Pluto_(mythology)
This is exactly what big corporations ask for. In the pharmaceutical industry stakes are very high and directed attacks are common. It is just the next step securing your IT.
However, for private users these are dark capabilities.
I've always thought that at some point the only "stomachable" version of windows is going to be some hacked offering, by god-knows-who or from where, but it'll still end up being preferable to what MS is requiring.
As far as I know there are no scripts that are capable of disabling all of the telemetry and nothing that can't be undone the instant the computer has an internet connection and connects to windows update.
MSFT doc on what all telemetry is gathered, and what is considered "required" telemetry (although they give you enough info to block it at the router):
Very impressive analysis and understandable breakdown. And the author is only 20. Or maybe that’s a normal age for this kind of work and I’m just getting old.
When I clicked the link, I expected to see media security DRM functionality or something along those lines. However, from what I can tell, this is all critical security stuff; the security community has been begging for features like these for ages.
Kind of feels like Microsoft can’t win here. Everything is free and unprotected and their OS is a security joke, or they harden and get accused of DRM and monopolizing.
The libre computing movement got lazy. We got used to care about free software and just accept free-riding on non-free hardware because "hardware too hard" and frankly we got it easy with x86 CPU and PC manufacturers being generally friendly, actively or passively, to free software and actually benefiting from industry concentration. The less attractive proprietary CPUs and other chips get, the greater chance a small but lively open ecosystem develops?
In theory, yes. In practice it is not realistic to implement a plausible-deniable hardware backdoor targeting all CPUs being manufactured while keeping the schematics and tapeout open.
While the same CPUs are even fabbed in different locations around the world.
While also going undetected for years and while none of the engineers involved blows the whistle.
In short no, you can get away with a targeted attack but nothing so massive.
i think this is simply Microsoft noticing Nike's embrace of Taking a Stance for the Bottom Line.
microsoft is smart enough to realize that NSA tinfoil types already do not trust them, and likely will never trust them (which, if you are that worried about security, why are you on windows anyway? NSAKEY?)
the predominant share of windows machines are sold to businesses and enterprises who DO want to lock down at a hardware level.
it's way too easy to steal a windows machine and wipe it clean. you can't do that with DEP-enrolled macs because of the TPM they already have, which is a strange misalignment when Windows' core market (enterprise) really cares about this kind of security.
apple has every reason to care about DRM more than microsoft, but the TPM advent on mac was mostly a welcomed one as I recall. perhaps that is because apple has taken a strong and public stance towards user privacy. but they have to: it is consumers who are buying their devices, and consumers rightly want a device that works for them.
microsoft is not in that position, or at least, is not with windows, from an economic standpoint. similarly, they are mostly selling to enterprises and business and governments for this product line, and those customers rightly want a device that is verifiably secure.
if you're worried about security for your personal use, buy a mac, because they've made their bottom line and your privacy intertwined. or, buy a linux box and purity check it down to the circuits. you have already decided against convenience in your trade-off equation by your a priori decision to care about this in the first place.
Not mentioned in the article - but it begs the question, could this have something to do with Microsoft's insistence that everyone, even Pro users in the next update, use a Microsoft Account with Windows 11? If Pluton (or Pluton 2, someday) could be tied to a Microsoft Account, wouldn't that be something.
Imagine a future where everyone requires an online account to use a computer, where every computer can only run software approved by the few large corporations that issue those accounts, and where a government or governments have those corporations on speed dial, to periodically "suggest" to them which software and which users should be allowed to transact and communicate online.
If you can imagine that, then imagine that every human is given a number which is equivalent to (or even more significant than) their name, and that name/number appears in certificates which are signed by the name/number of a certificate authority's key. By accepting the signature, you have to accept an EULA that takes an hour to read, so no one does, and it changes every month anyway, with future changes automatically binding you.
Does that sound like a world where people are free?
It's I think a general desire for end to end traceability and therefore accountability, which both managers and developers tend to like, albeit for different reasons.
Is it okay to talk about language as a meta-topic? I try not to stray too far into that, since it’s usually boring for readers. But one thing I was surprised to learn is that “begs the question” is only correct when you’re describing a chain of circular logic. “Raises the question” is apparently the right term for the general case. I felt a little duped, since I’d been using “begs the question” for years without looking into its origins.
But of course, that begs the question of whether language is defined by how people use it. :)
I purposefully "misuse" the phrase "begging the question" to mean the same thing as the grandparent, because I want to do my part to change what this phrase means.
Using "begging the question" to mean something as obscure and unintuitive (as in, it's basically an idiom that must be explained first) as "your question originates from circular logic" is a waste of prime dictionary space.
This term should mean "there is a question that is so blindingly obvious regarding the situation at hand, that it simply begs to be asked" - so, more or less what everyone who didn't have the term explained to them, thinks it's supposed to mean.
What this needs is a (write only) way of physically updating the keys inside pluton. Doing that will practically do a factory reset of the entire device. Then we can have our cake and eat it too.
Just to be clear, is this a case where you can't dual boot windows and another OS, or you can't boot another OS at all (in either case, the other OS being non Microsoft authorised)? Or something else entirely? Would it be possible to disable this at all, even that means you can't boot Windows?
You cannot boot the other OS at all if secure boot is enabled and Microsoft drops support for the 3rd party UEFI CA list. The machine will refuse to boot any kernel that has not been signed by the CAs already included in the machine. This is typically only Microsoft and sometimes the OEM like Lenovo or Dell.
This matched my guess: it's about MS extracting a $x per machine tax on all non-MS OSs to stay on their certificate list. Same playbook they've used on Android.
Could this be disabled by the user? Presumably doing so would mean you cannot boot Windows, but if thats a trade off Microsoft is forcing me to make, I'll accept it.
If you can't, it goes without saying that that is unacceptable
You can disable it for now. But there is no guarantee that you will always be able to.
Personally I think its very likely MS will eventually push to strongarm OEMs into locking secure boot to be enabled. All it will take is another round of "security improvements" and the public eats it up. The market would then fragment into laptops that can only run Windows and maybe more expensive laptops that allow you to disable secure boot. If the number of people who actually care enough to vote with spending a few extra hundred $ remains as low as it always has, over a decade it will drive open laptops to become wildly overpriced and eventually cease to exist.
What this article warns as the Apocalypse some suits that make computer use decisions for large organizations will see as features they want implemented.
"For all the nations have drunk of the wine of the wrath of her fornication, the kings of the earth have committed fornication with her, and the merchants of the earth have become rich through the abundance of her luxury."
Every story about Microsoft--every time--ends with "...and then Microsoft fucked people over". After decades of watching the shitshow that is Microsoft, and the moral equivocating around defending them, I always return to this.
Authoritarian tech has two problems: the obvious one, and the fact that good hackers don’t want to work on such things, so it’s all built by consultants and stooges and is probably 10x clunkier than the clunkiest Bluetooth - X.25 gateway.
I'd say that stage has already come, there's huge amounts of people where their main or only computing device is a phone or tablet. I've dealt with recruitment in a non-technical field and their phone is the online nexus point for them for any emails, documents, or website interactions. Even for gaming I'd argue PC is going into enthusiast territory and the GPU pricing situation hasn't helped that, consoles and phone gaming is strong and streaming has developed a niche.
And now the gamers want mostly online competitive games and their makers want the strongest DRM and kernel-level inspection all in the name of anti-cheat. We shouldn't be surprised if online games are one of the first spaces to require Pluton-enabled systems or no boot game.
These paranoid delusions never get old. If Microsoft accidentally changes their license agreement to lorem ipsum, bloggers like this will surely be trying to decipher exactly how it steals their freedom. The fatal flaw in these posts is, as it always is, the blind assumption that Microsoft can just do whatever they want, unimpeded. If Microsoft declared, as an april 1st joke, that app PCs henceforth must be painted sky blue, these bloggers would take it seriously. They act as though Microsoft is the high priesthood of computers, and they can declare literally anything with the stroke of a pen. They act like Mac doesn't exist, cheap Linux computers don't exist, RISC-V (which doesn't even run Windows) doesn't exist. Non-Windows-compatible ARM devices don't exist. PC vendors are mindless drones that do whatever Microsoft tells them (even if it means losing billions of dollars to Apple) and they certainly aren't selling (Dell: https://news.ycombinator.com/item?id=4847720) linux (HP: https://news.ycombinator.com/item?id=31617198) laptops (Lenovo: https://news.ycombinator.com/item?id=28186204) right now (and don't even think about installing Linux on your Google Chromebook, it won't work! https://support.google.com/pixelbook/answer/9031351?hl=en ).
The usual rebuttal is "Well, yeah, things are fine NOW, but they're moving the chess pieces into place to do these things LATER". Yawn. I have heard this for 20+ years. See you in another 20...
Problem is that the consoles market is very lucrative for CPU vendors because it is a guaranteed turnover of specific models. Intel, AMD and Qualcomm will implement them. You can disable it though. It would suck if it were enable by default, at least lenovo said they will disable it at first.
Hardware-based attestation of the running software is an important security feature, especially in a world where data leaks and identity theft are rampant.
Let's say I'm a healthcare provider, and I'm about to send your medical data to a third party vendor. Wouldn't you prefer that your data only be able to be decrypted by a computer can prove to the world it booted a clean OS image with all the latest security patches installed?
If the vendor wants to install some self-built OS that they trust on their computer and not update it for 5 years, that's their business, but I may not want to trust their computer to have access to my data.
Remote attestation gives more control to the owners of data to dictate how that data is processed on third-party machines (or even their own machines that may have been compromised). This is useful for more than just DRM.
If there were only dystopic uses of this technology, its development wouldn't be able to go on internally. They are specifically taking this path so they always have plenty of good reasons to pursue their agenda.
I don't see how this Babel tower of acronyms will not fail in a spectacular fashion, such as producing malware which is run upon receipt, cannot be by any action removed from your PC and installs crypto miner and ransomware on it.
No. MSFT has bet the business on Cloud and while the virtualization stack they use is Hyper-V, they have a TON of products running Linux under the hood in the cloud.
A big chunk (I don't know the real number, but it's closer to 50% than 10%) of customer vm's on Azure are running Linux.
All this to say, MSFT is highly invested in the Linux ecosystem. They would be shooting themselves in the foot to try and kill it off at this point.
I don't think Microsoft feels threatened by desktop Linux. If it catches on, it will be because manufacturers start shipping it, not because it's easier to install.
Manufacturers sell Linux workstations designed for power users and developers. UEFI/TPM, and now Pluton won't be a stumbling block for that as it hasn't been so far.
Dell is the biggest seller of pre-installed Linux desktop machines, and they are all billed as Workstations for power users or developers. Their home machines only have as an option Windows or ChromeOS. (Count that as Linux if you like, but I wouldn't...)
Why? Being more price competitive by bundling a free or cheap OS is not worth it in scaling up their support for a new OS. That's your stumbling block to better Linux desktop adoption, in my opinion.
Causing issues with remote attestation are probably more a side effect of just not caring about other OS's, rather than some sinister plot to sink Linux on the desktop.
"Companies will be able to control their network" doesn't sound like a problem to me, more like a solution.
"DRM will be unusable outside Windows" is already the case.
"Documents can only be opened by authorised users" sounds like a dream come true.
"You can't boot Linux by default" is annoying, but hardly a deal breaker. Statistically, almost nobody runs Linux on their devices. Valve could make a change in the Linux landscape if they actually get SteamOS off the ground (third time's the charm, right?) but so far SteamOS 3 is only meant to be used by their own hardware.
It's been decades since I last heard about powerful Windows rootkits because you can't just swap out the bootloader anymore. You could try it and risk a non booting victim system, but you're not extracting data or injecting ads into the kernel that way. Malware hasn't gone away (partially because Microsoft doesn't want to break old, signed, vulnerable device drivers that are used to bypass signature requirements and gain kernel access) but it's harder to gain good persistence now.
I get it, I want to run Linux on these devices as well. All of this stuff should be easy enough to disable if you're the owner of the device. However, your freedom to use your device however you want doesn't imply that others have to put up with your choices. If I choose to only accept Microsoft Panopticon Validated Devices onto my network, that's my business, no matter how foolish it might be. Distributing my software as a .exe isn't some kind of violation of your constitutional right to run OpenBSD, it's a business choice.
Personally, I'd love to see a similar system provide a hardware root of trust for Linux as well. Qubes being able to verify every single step of the boot process and securely loading the system's (several) security keys would be a great security benefit. Hell, I'd even like to see the option to only run signed software on my machine to ensure the executables haven't been tampered with, either signed by the distro maintainers or by myself during the install process, but Linux doesn't have such features or configuration accessible.
As long as it's possible to disable this stuff or to configure it for your own, personal key set, I'm all for this stuff. I want the freedom to secure my (Linux or Windows) system in hardware, as long as you have the freedom to turn it all off if you disagree. I don't buy Microsoft hardware specifically because I can't disable or configure that crap, despite their excellent pen support and fancy designs, and I think others should do the same. That's my personal choice, though.
However, RISC-V is not x86. So, if you want to use the x86 instruction set, then will you need emulation? The modern x86 are too complicated anyways (in many ways; Pluton is just one of them but not only one, also the instructions is too complicated), but I think the old 8088 is reasonably not too complicated.
Pluton first debuted in the Xbox One. It's possibly the first home console that went it's entire lifespan without being hacked. That should tell you everything about the threat we are facing.
That may be true, though the problem with releasing such a high profile exploit is that it's patched quickly. So IMO anyone with access to hardware / talent required to crack the xbox is probably sitting on that knowledge and extracting as much value as possible from it, instead of taking it public.
What is to prevent school WiFi from one day requiring a Pluton assertion that your Windows PC hasn’t been tampered with before you can join the network?
Remote attestation is the true enemy of your freedom. The power of the authoritarian corporatocracy to force you to use only the (entire) systems they control. It's worth reading https://www.gnu.org/philosophy/right-to-read.en.html again just to see how prescient Stallman was.
It's so true, but I'm trying to imagine a normie's reaction to reading this, and all I'm coming up with is, "This guy is a paranoid schizo, back to TikTok for me...", and so unfortunately, I don't see us steering away from this fate anytime soon.
These people won't respect you until you start taking their money. Become one of their techno-corporate overloads. Demonstrate how you're controlling/profiting off them, why it's bad. Maybe then they'll start listening. Or not. At least you'll have made a nice profit.
You can take their money and still they won't care.
Think about how many devices in a typical users home are incompatible for business reasons - for example that Chromecast that refuses to play Amazon prime movies. Or the iPhone charger cable that won't fit into an android. Users just live with it.
"My weird laptop doesn't support the school WiFi" is the same.
We should thank widespread technical illiteracy for this: "Devices are from different vendors? Of course they can't share the same services or charger!" Marketers just love this, for enabling them to sell multiple times the same thing. What if basic technology familiarity (which has absolutely nothing to do with knowing how to use the latest gadget) and resistance to manipulative advertising was taught in school? That would be quite a change, but I guess it's going to remain a dream.
There is no objective proof that Charger A is better than B. Not typically. There are preferences, and those will lead way to eventually a market that picks a winner - maybe, typically, IDK, free market works when it's actually free. Which it isn't a lot times people rant about it.
The absolute worst thing we could do is go to Apple or anyone else and say "You need to use this x or y, because someone else does". That isn't going to breed innovation, ever.
Do I wish Apple used USB-C on phones? Definitely. Does it actually change anything for me day to day except I need a specfic cable if my phone runs dead? Not really because my chances aren't a ton better running into a USB-C on demand. I want Apple to. I would buy an Apple phone with it if given the option. I would never sign-on to force Apple to do it.
> There are preferences, and those will lead way to eventually a market that picks a winner - maybe, typically, IDK, free market works when it's actually free.
Exactly! We saw precisely this thing with cell phone chargers. Not enough people recognize this.
A healthy dose of market realism is in order - if the market doesn't deliver what people want, it's not the market, it's the people who are wrong.
An economic niche supports one or two overlords, not a bunch of them. You and I aren't overlords. We need a different strategy.
People have become aware and angry that tech monopolies are exploitative. The winning strategy will involve focusing this fuzzy, ambient anger at a concrete target.
Once Pluton outs itself as an exercise in naked monopolistic power covered by a fig leaf of security -- and it will, as all hustles must eventually involve monetization -- the bad optics will be our opportunity to act. Any strategy on our side that involves putting down TikTok is doomed to failure, but if we put the bad optics in front of people, make the connection, and get them to briefly agree "yeeah, f** the monopolies! F** Pluton!" then a political solution becomes possible. Not easy, but possible.
It's a pity that this dialog has to be so reactive and simplistic, but communication at scale cannot function any other way.
I don’t have a problem with central organization of effort; mathematician by education; there a real efficiencies in material
use and lack of redundancy.
The real problem is continued deference to old ownership memes; that a minority must be empowered due to past contract none of us were even alive to see signed. How do we know in real terms the truth given a past we can never experience?
Historical trends are one thing; that Bezos specifically is that special is another. This is the first period in history where the elders could hold power this long. It’s tacit ageism and everyone is too scared to say that to old people who would collapse in shock at the slightest whiff of real pushback, they’re so used to being coddled; they’re hardly a real threat.
Start telling your elders their past success does not give them ownership of the future.
I think it’s also worth asking why he didn’t have more impact despite pretty clearly seeing this problem. Part of the answer has to be resource disparities but I don’t think it’s just that - Linux didn’t really capitalize at all on Microsoft’s lost decade, and much of the innovation in security has happened on other platforms. I think there’s also some kind of blind spot in the open source community where a lot of people see this as something other people need, not them personally.
The reason the OSS community has had no impact is that it's never managed to produce software that regular non-tech-geeks want to use. The reason it's never managed to do that is lack of an economic model to finance the incredible amount of work required to make software usable by normal people.
I've been saying this ad nauseum forever and I'm not the only one.
A related problem is that the OSS world is mostly tech enthusiasts. It's like having car people design cars. They'd be full of special switches and options and stuff that car people want. Car people don't understand that most people hate cars. What they like is mobility. Same goes for computers. Most people hate computers. They just like what computers let them do: communication, making content, getting their work done, etc.
> the OSS community [...] never managed to produce software that regular non-tech-geeks want to use
That's true, barely, only if you equate "software" with "things that draw stuff presented on a display to a user". Regular non-tech-geeks are using open source software (in the real sense, meaning instructions given to a computer to make it do something) pervasively, everywhere, every day, on all their devices (yes, even the Apple ones, but especially all the devices they use that aren't in their pockets).
Open source certainly isn't a failure, it literally won the war.
You are totally right that open source is powering countless things people use regularly but I expect most people don't even know what open source software is, much less care about it.
Then why is everything on the consumer side becoming more closed?
The reality is that proprietary just moved to the cloud in the form of SaaS-as-DRM and we-own-your-data. Open source runs everything, but few things are open. The availability of the source for components of the stuff they use is irrelevant to 99% of users.
You're correct, of course. I think the point that was being made was more about people actively choosing to use open source.
If you were to approach a non-tech person and ask them how many open source apps they use on a daily basis, they would probably say "none", even if it's not the case.
I'll point out that you're still doing the thing where you equate "software" with "apps".
But even so, that doesn't seem informative. Ask any user how many "Qualcomm apps" they use, or "Meta apps", or "Intel apps". No one knows where this stuff comes from. They buy a phone with a label on the box and then download stuff from an app store.
That's not a statement about how the software is produced, it's just how the market presents products to consumers. People don't know where the gas that goes into their cars comes from either, but that's not an argument that petroleum distillation technology is a failure.
You literally exercised huge amounts (seriously: millions of lines!) of open source code just now, in the process of posting that very comment and transmitting it to me to read.
yeah, over the last few years I've seen more and more companies launching open source software, and hosting it as a service. it seems to be working well. on the software side they don't sell a product, but a service.
Most "car people" would agree that changing the oil in your car is super easy. To me, it is not easy. It's not something I'm willing to do, even though I know the steps of how to do it. I just don't know what I don't know. When I have my oil changed, the mechanic tells me what I should be concerned about. He tells me what upcoming work I need to have done, how much it will cost, and what could happen if I don't do it. He has experience, expertise, and specialized tools. He had knowledge gathered over years to be highly proficient in his profession.
I could do those things. I could read, and listen, and learn. I could be under my car every day learning new things about how to install this, or replace that. But I don't really have the drive or inclination to do so. I'd rather leave it to the pro. I also have the added novice-worry of screwing something up, and hurting myself or others as a result. I don't want that kind of pressure. I don't want my car breaking down while doing some long journey - I just want it to run when I need it to run, without any scary warning lights coming up on my dashboard.
To bring the analogy back to computers, I still know people - people in their 20's or 30's - who do not know how to copy and paste with keyboard shortcuts. I will sit there and see them highlight, right-click, click copy, move their cursor, left-click, right-click, choose paste. I'll tell them how much time they could save if they "just did ..." and get a basic "Yeah...I just don't really care though, ya know? This works." The thing is, there is no investment on their part to want or need to do that more efficiently. They get by well enough with not bothering.
They could get super into computers, and learn something as "technical" as `git clone https: //github.com/some/repo` and follow the process to configure and run a script. They could learn to do those things. But they don't really have that time to invest in it, or don't have that passion for it, or have a professional investment in needing to do it.
They want it to work. They want to not get hacked. They want to not have to think about computers at all. Computers are the interface to do "the thing" more easily. And if the computer breaks? They want it fixed so it won't happen again. The computer "does the internet thing". And I can respect that because they focus their energy into knowledge into other topics that I don't have a clue about, the same way I don't have a clue about cars, even if I know oil changes are "easy".
> I still know people - people in their 20's or 30's - who do not know how to copy and paste with keyboard shortcuts
The great majority of people don't know or understand the difference between single click and double click. This baffled me the first time I found out. Age or education don't matter.
If you dig a little deeper you discover that most people think double-click is a kind of equivalent of "clicking louder". As if sometimes, for some reason, the computer becomes hard-of-hearing. It's both a little sad and quite funny.
This atrocious attitude is absolutely why software is such a hellscape of shitty UI and lack of features.
Normies should be eating our table scraps, not dictating how the software is written.
Normies learned how to drive a car. They can learn how to properly compute. And if they don't like the tech, they don't have to use the tech.
OSS is the last bastion of computing for people who know/like computing, because the armies of "designers" aren't selfless enough to donate their time like programmers are. And frankly it is better off that way, the prevailing trends in design seem to be all about limiting options.
Hard, powerful software over push-button appliances any day.
And, to use the car analogy, BMW gets away with this approach just fine.
"No one in this world, so far as I know ... has ever lost money by underestimating the intelligence of the great masses of the plain people." - H. L. Mencken
I know plenty of people, myself included, who lost money overestimating peoples intelligence.
All these folks trying to "pay their bills" have laid waste to a verdant field of possibility.
Everything nice that they offer eventually gets changed or taken away.
Yes, I'm bitter. We could have a much better world, one that actually empowers anyone willing to step up to the plate, but instead we grab all the low-hanging fruit so we can make them smile and step on workers' rights to deliver them burritos, instead.
If smart people were smarter they’d open their wallets and support the things they like. Instead the reaction is often, why would I pay so much for something that I could build myself.
So the real market is for the very smart people and that’s an even smaller minority.
I built super advanced tech but was intentionally screwed over by my large corporate customers, just because they could, so I quit the industry and that super advanced tech doesn’t exist anymore. Unfortunately a lot of really cool things will live and die with me. I’ve fought the good fight and failed.
We can lament that people are not smarter but there isn’t anything we can do about it.
I'm not convinced this is about smartness, so much as an ability and willingness for people to learn.
Learning is hard, it makes people uncomfortable, sadly. Which means that the easy road is to stoop to their level, which is what we're seeing.
It sucks that you got screwed by large corporations, and I don't know the story, but that sounds more like standard business fuckery than "software for smart people"?
I used to think exactly that. That those who were incapable of learning were simply just lazy. I eventually saw enough evidence to be convinced that raw intelligence is basically almost entirely genetic.
Certainly the businesses were not as smart as they thought they were, which is a common problem. But they indeed have very hard valuable problems and basically everyone involved was much smarter than the average person. Just not smart enough to know their own limitations and accept outside help.
Driving a car is far, far easier than administrating a Linux system (beyond a stock distro install that is working properly). The latter requires a ton of deep complex knowledge. It's more like rebuilding an engine than driving.
I'd argue that most FOSS devs just have amnesia about certain things, like dual-licensing that lets you sell licenses to companies but keep things open for humans. For example an Office competitor could sell licenses to companies in this way, but allow individuals to use the software on their personal machines.
Say you have a game, you can make the source available and still charge money for the game, and it doesn't get any easier to pirate than before. You even get tons of people modding your game and contributing to its appeal.
There are also techniques like 'selling support' for your software.
Consider that the one whose comment is currently at the top is pro-cancel-Stallman, and he also works on "free" software related to secure boot --- not as in breaking, but instead aiding its adoption.
The FSF was strongly against secure boot, then inexplicably started seeming to be in favour of it.
Why don’t you spell out the conspiracy theory directly? It’s not relevant to this thread even if true but leaving the details vague makes it seem like you don’t think it would stand up.
You only think it's a "conspiracy theory" because that's what they have told you to believe. The organisations of OSS have been infected with those whose ultimate goal is to EEE, and they will do it by whatever means they have available to them.
No, I think it’s a conspiracy theory because it’s poorly argued and full of insinuation, following the classic pattern of expecting the reader to fill in the gaps. This is how it magically becomes a negative when someone works to make free software compatible with modern hardware in a way most users want.
That's character assassination and it has nothing to do with Stallman's prescient warnings, which have proven more or less true. Also, Stallman != Linux.
Also also, his "rape" remarks have been mischaracterized but also came pretty late in the game, and had nothing to with with Linux's alleged lack of impact. Linux existed and was successfully deployed decades before any of these remarks.
I really expect better from comments on HN. This is tabloid level.
The statement was why Stallman specifically has not had much of an impact, not Linux writ large. and, you're right. The rape comments came late. But let me remind you that it's emblematic of a larger... issue with Stallman's ability to communicate effectively. If you don't think the way Stallman behaves is at least partly to blame for people's ability to take him seriously, I don't know what to tell you.
Not a fan at all of Gruber. But more importantly, Stallman's lack of hygiene is not terribly relevant to his points. We're not talking about being friends with Stallman, after all.
I also think when RMS made his more salient and prescient points, most people weren't familiar with him personally, just with his remarks. The world was less connected back then. So his personality flaws really didn't make a huge impact (nor should they have).
I think it's a pretty good explanation of why he didn't gain more traction than he had -- he's always been a zealot with a proclivity of misguided rants that he proclaims loud and far.
I don’t think it’s simple character assassination: the question isn’t just “did he have some good points?” but, critically, “why did those points not reach more people?” and that underscores the degree to which a leader for a movement needs social skills at least as much as technical. Having trouble connecting with people outside of a certain MIT CS bubble, making sexist jokes or - especially - being on the whisper list women use to protect themselves for 3+ decades, choosing not to participate online or in person in ways which are effective for getting favorable media coverage or direct reach, are (with the exception of the creeper allegations) personal choices anyone is free to make but not great for building a movement.
Even if all of the harassment claims are the social awkwardness his defenders claim, turning off that many people is a terrible way to build a movement. Maybe we say many open source developers are willing to overlook that, and there aren’t many developers deterred (citation needed, but let’s ignore that for now), but that’s still a problem if it means that reporters and people who are not developers say “this guy’s a weirdo” and that leads to skepticism or simply not investing energy promoting those ideas.
He is a character with certain arrogance and some of his jokes might not be too funny, but these are basically smears and his detractors don't seem convincing at all to be honest.
Windows security models and policies are the enemy, not remote attestation (RA).
RA is a technology that has its fair use, and can be desired for other systems, like in Linux. With a pure RA system your services can decide to trust or not those devices on your network that can be compromised, and report to other devices that there is something suspicious.
As anything, this can be used properly to increase the security of your edge architecture, or wrongly to limit the users actions.
Let me put another example. With RA I should be able to authorize validated systems in my R&D VPN. If you are using your own laptop with the company certificate, and the verifier tag the systems as "unknown" or "unhealthy", it will not allow the access to the internal network, but sure you can still use your laptop for anything else. This, IMHO, is a fair use of this technology.
Yes, lots of Linux devices apply it like that today: You can't use your banking app or consume DRM crippled media on your Android phone if you have root or run a open source Android distribution.
Yep! Basically, it's safer if you don't own your PC. Think about users with a million toolbars and Bonzi Buddy installed.
Of course, the system for it is rudimentary, and puts a disproportionate amount of control in the hands of providers. And that works very well for them too.
> Yep! Basically, it's safer if you don't own your PC. Think about users with a million toolbars and Bonzi Buddy installed.
And it is a pretty terrible solution to the problem.
- It is also keeping the good guys outside too: Anyone that want to analyse and understand the security of the system for good reasons cannot. Excepted if explicitly allowed by the corporation X and that is a terrible security property.
- No root access also means very little control or ability to scan the system itself if your are not the X corporation controlling it. That means no possibility to mandate reviewer corporation Y to check that corporation X is doing the right thing.
TPMs currently make that even worst by design, they are undocumented and complex, therefore rely on blind trust that company X do the rthe ight thing. And since the Intel management engine fiasco, we do know they are not doing the right thing.
- Bonzi Buddy and toolbar type of problem can be easily avoided by separating properly the normal user account from any admin account(the unix way). It should be painful to be admin but not impossible, just to make sure your grandma do not install a rootkit by mistake when she want her 20% coupon.
In summary: That is mainly bullshit from company X to keep full control on the entire user device, and not for their own good.
I agree. In a proposal like this, security is basically a byproduct, and sometimes not even that[0]. This is also a domain where the governmental and corporate powers have a similar goal, which is wresting away the control from the public / individual. They basically work in synergy, only to a point of course, but still.
Regarding Bonzi Buddy, I disagree. I think user data is as important, if not more important, than root access - which is why I'm dumbfounded when ancient server security features, like Linux's sudo system, are applied to the consumer device like a PC or a smartphone. These contexts are much better server by a sandboxing, permission-based whatever that seems to pick up steam, like the current permission systems on smartphones. Grandma's logins and bank data will be stolen from her own user account just the same as an admin account. Related XKCD[1]
> like the current permission systems on smartphones
Ugh, except that one goes overboard in the completely opposite direction, and often doesn't let me properly share data between apps even when I want to.
Think about users with a million toolbars and Bonzi Buddy installed.
I say let them be. As long as they also have the freedom to remove or not install such software, it's a good thing. Instead we have locked-down devices with the functional equivalent of such unwanted software, protected so that you cannot remove it without somehow getting root.
"Those who give up freedom for security deserve neither."
My parents grew up in a non English speaking developing country, and they cannot be reasonably expected to learn the nuances of malware laden links to figure out which English text link is good or bad.
Do they deserve to not be able to shop online without fear of having their payment information stolen? Or mistyping a URL in their non native language and ending up at a scam website that installs malware? Or simply having a device that comes to a crawl such that they cannot reliably video call their grandkids?
I can assure you that the upcoming generations aren't much better at any of this, on average.
And no, it's not smartphones' faults. Most people just don't "get" desktop OS paradigms, or how web pages work, or any of that, and they don't really care to.
In a sane society these features would allow secure voting.
In this one... that's not what they'll be used for.
This is the end game for the corporate internet. Not only can all your activity be logged, but if any of it is unwelcome - on any scale, from family to school to work to country to world - you can be locked out.
I feel like it's flawed. Voters and politicians abuse it left and right - pun intended. I don't think we ever came up with anything more humane though, and I don't wish to change it for anything other - to be honest, for the simple reason of not wanting the responsibility that goes along with it.
Choosing a party is not like choosing an OS for your PC, though. Choosing the OS would be like choosing the political system - and recognizing the incredible privilege I have by being born into a democracy, I very much wouldn't like other people to change it.
Going further into democracy, while you might put an X on a paper sometimes, still forbids a very high number of actions. I'd liken it to having the power of choosing between Apple's App Store and Google's Play Store for your phone. Which, getting back to the point, is safer for the users than installing any third party software. Like how in a well functioning democracy, I'm forbidden to do a great many things, but also I can feel safe in the thought that others have the same restrictions too.
So, putting it all together, someone should choose and restrict which OS can be installed on your PC, so that you can feel safe in the thought that everyone has the same restriction?
At least that's how I managed to understand your comment to the best of my abilities, so hopefully I'm missing something. Though if there is such a something, the point did not get across successfully.
I think if I pick two groups: all iPhone users, and all PC users, PC users en bloc are in greater general digital danger than iPhone users. By digital danger, I'm thinking of malware, ransomware, phishing and successful hacking. And I think this is because of how tightly Apple controls their devices. And so, I'd consider an iPhone a safe choice - for example a safe recommendation for someone who doesn't want to spend time managing their device.
This makes sense to entities providing a service, and also for many who doesn't mind not having control over their something, which is, I think, very similar to how we don't really have control over a great many of things. This is the point I wanted to get across to the original commenter, who protested "god forbid you have control of your own PC?".
> [...] which is, I think, very similar to how we don't really have control over a great many of things.
This is a very handwavey sentence and is doing far too much work in your reasoning. Yes, you don't have control "over a great many things", because the point is so vague so as to be meaningless. But it doesn't at all follow from that vague sentence that we should allow total corporate/government control over our personal digital devices.
In this case, the proposed cure is far worse than the disease.
I agree. It's basically appointing a dictator and hope that they'll stay benevolent.
With my reasoning I wanted to capture what people might think, while accepting something that they have no control of. I have a hard time with this, because I got a PC in my formative years and I loved to tinker with it, and hated, and still do, everything that stood in the way of that. But the general population doesn't share this experience. And if I look at my own life, I only have this experience with computers (and smartphones), all the other things are, even if not centrally managed, out of my control. At the first wrong noise I have to call an expert who hopefully fixes it and is hopefully benevolent to me, because I have no clue what happens to the device I own. Or even my own body, now that I think about it. And so, the PC and the phone is just in a long list of things that people depend on, but not control.
The addendum being here, and what most people miss who feel the way I described above, is that our ever-connected devices make a "paper trail" unprecendented in history. And it can be centrally managed, activated, replayed, assembled, or even more tracking could be remotely controlled to an extent[0] - and to an even larger extent with a specialized application[1]. This is where the otherwise similar level of "not being controlled" can lead to a much worse situation than ever before. And I wish I could point this out empathetically to people without sounding like a lunatic.
Oh, modern democracies solved this nasty problem of voters possibly making the wrong choice by simply providing only the right choices to chose from: you get two slightly different brands of shit whose policies mostly coincide, enjoy your right to vote.
This is the root of the pro market / mainstream market split.
For the pro market people want control. Pros also generally know a bit more about how to use that control and tend to be less likely to end up getting pwned immediately.
For regular users people just want shit that works. Not having control is a feature, because if you have control then the malware you are tricked into installing from "ɡeτflrêfox.com" also has control.
You can see it in the Apple ecosystem with iOS vs. macOS. Macs and iPads are now almost the same hardware. (The M chips are just A chips on 'roids.) But Macs can run other OSes and you can "sudo root." That's because Macs are for pros.
For me that’s a problem for the average user? That’s everyone else’s problem that idiots don’t care to control their technology and need big tech to do so with an iron fist
Calling the problem is “idiots” is a cognitive trap which prevents you from meaningfully dealing with it. Everyone is at risk from zero-days, almost anyone can be phished (yes, this includes you), many people have no way or time to investigate whether some well-known vendor is misrepresenting their product, and even security experts have to trust other people on a daily basis because they don’t have time to reverse-engineer every software update. Most people who get snide about this are a single malicious package in their favorite programming language away from a big mess!
The best progress we’ve seen in decades came from most people using locked-down phone operating systems, followed by stricter desktop OSes. If you don’t like that trajectory, you should be focused on how to get the benefits with other trade offs. One of the first steps is respecting people enough to understand their needs rather than calling them idiots.
Well that's the problem.... the next step would be requiring users to use MS Edge, because a malicious version of firefox could capture/modify banking/transaction data. Want to pay bills? Give money to microsoft first.
Are you saying the bank doesn’t have the right to define what kinds of software are permitted to access its systems?
We’re not just talking about the freedom to run software on your own device here, we’re talking about interacting with outside systems. There is an important distinction in context.
If this was the reason they'd be blocking access from phones that are not up to date on security updates and are being actively exploited by malware to get root.
But it's the other way around, if you improve your old device by installing a up to date Android on your vendor-abandoned previously vulnerable device, you go from working banking to banned from banking.
Those are independent. Having root access does not mean that other parties do, but more importantly, NOT having root does not mean AT ALL that other parties don't.
Uhm, these things don't really take away your control, rather, they shift it from you to you.
The software you boot sets up some state and then toggles a bit, and after that something can't be changed. The state is secure against much modification after that time, but not before that time.
The "you" that boots the device are in control, and the "you" that uses the device after that have exactly what "you" set up at boot time, neither more nor less. If both "you" are the same person, then there's no loss of control.
But of course they're often not really the same person. If you want to boot a Microsoft-signed image, the party that boots is more or less Microsoft, not you personally. But in that case, you also want to use that Microsoft-signed OS, right? So the shift towards boot-time control is then a shift from mostly-Microsoft use-time control to mostly-Microsoft boot-time control. Mostly Microsoft here, mostly Microsoft there, even if the two mostlies aren't quite the same percentage it's difficult to regard this as a significant loss of control.
How so? Redefines from what to what? Please elaborate.
Perhaps you mean that if you, as owner and legitimate user of a device, are able to perform a particular change only during a brief window of time rather than at any time of your choosing, then that limits your control over the device? If so, then my answer is yes, certainly it does. But it also limits the access of anyone who impersonates you (such as the evil exploity javascript I make your browser execute).
You're wrong because the bootloader is more often locked than not, and there are various other nefarious controls in place that prevent you from doing it without voiding your warranty, such as one-time fuses.
In theory, yes, you could implement it like you said, but that's not what happens in practice nor the direction we've been tending towards in recent times.
> The "you" that boots the device are in control, and the "you" that uses the device after that have exactly what "you" set up at boot time, neither more nor less. If both "you" are the same person, then there's no loss of control.
How is it orthogonal? Okay, we're not strictly speaking of only bootloader locking, but of boot-time-control locking.
That CPU is set up by the kernel at boot time, given the code to run, then some hardware bits are toggled such that the main CPU can't write later, it can only access the separate CPU via a defined API.
The kernel could do the same with an in-kernel process. It wouldn't have quite the same depth of defense against userspace sandbox escapes, but could be done. That's roughly how /dev/random was implemented for many years.
Look at the APIs provided — it's nothing new. It's nothing OSes haven't provided before, it's just further removed from a Chrome/FF/Safari sandbox escape, because overcoming the write-once hardware toggles is harder than getting kernel read/write primitives for a sandbox privilege escalation.
Same with TPM and why it had so many critics. Some people still seem adamant to say that boot viruses are the greatest threat in the 21st century, but the economic interest are far more dangerous for general computing in my opinion. And it isn't even close.
Kernel rootkits are going to be redundant pretty soon.
There are cheats out there that use video captured by capture cards as input for an AI on a separate computer to actually play the game like a human would. Once that becomes widespread there is no way to stop it, save from banning capture cards entirely.
The remote proctoring stuff is downright dystopian. I bought an extra laptop to do tests; most people can’t do that and have to install this garbage on their daily driver.
It really doesn’t. I took an exam in a meeting room at work with huge TVs on the wall… they made me show them the TVs were “unplugged”, so I just unplugged some random thing from the wall and they were happy.
The TVs are hardwired, it’d be trivial to have an accomplice show answers or whatever on them.
I get the issue with Pluton but TPM is only a dedicated and certified secure key and random number generator that does a better job than CPUs doing it in software, and it's also a secure enclave for storing your encryption keys. Would you rather store the keys in memory where they can be easily grabbed by malicious apps like Mimikatz? Macs had the same feature for years in the T2 chip.
It's the exact system that enables wireless payment and other strong security features on your phone.
So having TPM on PCs and using it for its interested purpose is a boon for everyone's security so I don't see the issue, just FUD.
Among that, the TPM enables verification of a particular state of your system, i.e., a particular set of binaries and OS configuration.
Simplifying the description of the process a bit - at every bootup it checks the checksum of all programs loaded at every boot stage (UEFI, kernel, userspace) with respect to one that is known to be approved - process called "attestation".
So in worst case, if your attestation server is very strict, any new binary installed on your machine will prevent it from booting or satisfying the attestation.
This is the main concern that TPM enables.
> the TPM enables verification of a particular state of your system, i.e., a particular set of binaries and OS configuration
That is a bit misleading. The TPM is a passive device, it cannot verify any state. It is the OS who measure the system (in Linux via the IMA system). And is the Linux kernel the one that, if you have a TPM, can produce a process where a 3rd party can be sure that the measurements are "true" and "legit" (via PCR#10 extension).
As you state later, it is this 3rd party the one that assert (verify) if you are state considered OK or not.
Maybe I am too simplistic, but I do not see the evil in the TPM here, but only in the 3rd party policy.
TPM can be abused but, as a developer, I am happy that we can use the TPM for good and fair goals in open source projects.
It is the user who can decide to use the TPM or not, and should be noted that in the TCG specification it is stated that the TPM can be disabled and cleared by the user at any moment.
>
Maybe I am too simplistic, but I do not see the evil in the TPM here, but only in the 3rd party policy.
The evil is that the "Trusted" in "Trusted Computing" and "Trusted Platform Module (TPM)" means that one deeply distrusts the user (who might tamper with the system), but instead the trust lies in the computing (trusted computing) or TPM. In other words: Trusted Computing and TPM means a disempowerment of the user.
I'm not sure if I understand your argument. As long as you can put your own things on your TPM and use it for your own good it's not too bad right? And in corporate environments it's reasonable to not own your own device right?
Sure Infineon can probably get my data, but that's far beyond the scope of my threat model.
As long as the system is open to putting your own keys on there I'm fine with it.
> I'm not sure if I understand your argument. As long as you can put your own things on your TPM and use it for your own good it's not too bad right?
As long as software that uses the TPM cannot detect whether you tampered with the TPM or not, it is principally all right.
But as I wrote down: this is exactly the opposite of what trusted computing was invented for: make the machine trustable (for the companies that have control over the TPM/trusted computing), because the user is distrusted.
Indeed, so the user should not buy a computer where they're not in control of the TPM, if you can't disable it/add your own keys, then don't buy that computer
> That rapidly converges on "you can't buy a computer and use it", because economic interests favor trusted computing devices.
I would rather argue that it converges to "you become more and more morally obliged to learn about hacking (and perhaps become a less and less law-abiding citizen) if you buy a computer and use it".
TPM is part of the system that means I can't my phone for wireless payment or use all sorts of other apps if I also want to do something outlandish like record phone calls, change the theme or delete Facebook... and everything it achieves can be done by other means anyway, making the device's owner a 2nd class citizen is a lazy solution.
TPM has features like remote attestation and is in general a mechanism to bind data to hardware, which is interesting for DRM purposes.
Sure, there are theoretical attacks on memory, but they are far less relevant for security than the penalties I have to accept with TPM being widely established.
Not that there aren't different means, but TPM also creates unique hashes of your system which only reinforces the problems around fingerprinting.
> It's the exact system that enables wireless payment and other strong security features on your phone.
Phones suck as computing devices on every conceivable metric and are heavily locked down devices. And it is not true that you need a TPM chip to create secure transfers. I constantly do business transaction on my PC just fine.
It doesn't. Your system creates hashes and appends to lists signed by TPM. And the point of those hashes is to be not unique, but verifiability matching known values.
No, I meant TPM. Media could be bound to have the TPM report certain hashes of the configuration registers that are either already set or TPM sets on system boot. Same mechanism that allows you to only open a document on specific hardware basically or allows an application to check if the system was perhaps compromised.
I don't think it's going to be useful this way for DRM. TPM is useful for verifying your boot chain is secure and validating this to an external party. But locally you can lie to apps all you want. You can emulate the TPM device (https://qemu-project.gitlab.io/qemu/specs/tpm.html) - it can tell you whatever you want. Locally it's as useful as hiding the DRM in a driver. Rising the bar a bit, but you can still work around it.
As someone who was here from day two, this is not how old HN was. It was many things to many people, and it’s very difficult to break out of the illusion that rose-tintedness tends to give us. (Guilty of it myself.)
HN has been consistently contrarian. That’s about all that you can say without quickly becoming mistaken.
>HN has been consistently contrarian. That’s about all that you can say without quickly becoming mistaken.
until recently. Just like reddit, it has become less niche and more mainstream. For eg: HN majority opinion on covid's origin. It matched the official US govt lines as it switched back and forth between market and lab.
Presumably, HN will turn into reddit, but nobody will believe it's happening because people have been predicting it's turning into reddit for over a decade.
I've been around for a while too, and I've learned a lot from this forum. I can't tell if now I'm learning less here because I've leveled up or if there's just less tech talk.
As far as hn being contrarian, the only thing I see hn being consistently contrarian on is crypto. Any other examples?
What fascinates me is that for many here software and tech is their livelihood. You should be able to take care of access and ensure future generations still have the same opportunities.
Sure, you can sell yourself and make good money with software on some proprietary app store with proprietary tools. You are a freelance employee of the company providing that infrastructure at that point.
It is short-sighted, lazy and stupid in my opinion. There is merit for such security mechanism, especially for cloud applications, but it should be crystal clear that there are secondary motivations here. And that the security argument often falls short if you take a good look at current threats.
> Damn, now I'm nostalgic for the older days of hacker news where RMS was quoted every other post. The community is forgetting it's roots.
Keep in mind that now many of the people who post on HN earn a lot of money by working a company for which it is part of the business model to track users and collect data about them (officially for advertisement purposes).
Top-voted comments are linking directly to Right to Read and The Coming War on General-Purpose Computing, so I don't think the community has forgotten its roots.
You really wanna be scared? Go look at the multiple comments on the EU DMA announcement complaining that having a sideloading option is just a ploy for malware vendors to get into their iPhones. Or that someone else being able to sideload or jailbreak somehow hurts their security. These are coming from actual HN users!
Well, my comment that linked to RtR was highly voted... But now it's near the bottom and what's at the top is, for lack of better phrasing, a corporate mouthpiece.
Was it voted so high it triggered some bot detection? That would only explain the former, not the latter. Either way, there's something funny going on.
There was a time when someone ran a bot on /g/ where every post that mentioned just 'Linux' would get the full 'Excuse me...' copypasta interjected. Good times.
> Remote attestation is the true enemy of your freedom.
Technology is a tool. What is true however is that under the current way how the economy is structured remote attestation weakens freedoms of individuals mostly.
If Facebook was under remote attestation that private information was only used in limited and specific ways and even the NSA can not get to them without breaking the remote attestation, that would be a good thing. If firmware was under remote attestation we would have to worry a lot less about backdoors and the Diesel scandal would have never happened.
It is a tool, just like nuclear weapons are a weapon.
I'm definitely not on the "ban all crypto" side, but I see why the governments are in support of that, and for the longest time, strong crypto was (and still is?) classified as a munition; it's very powerful.
Well, I think governments are mostly concerned with people having secrets. Who would need secrets who isn't a terrorist? That it was classified as munition is probably more due to old war hawks and how they saw encryption employed.
This is almost the entire thesis of Zero Trust Networking principles. Somehow, the user AND the device need to attest to validity during the authorization process.
"Validity" for a device can mean many things (latest patches, is running anti-virus software, among other things).
A general user probably doesn't need to attest to these things. I would argue that anyone trying to access a corporate or some other organization's network SHOULD be required to attest to these things given the cyber threat landscape. The caveat: those same entities should provide or heavily subsidize the platforms they require (work computers). It's their IP at risk. I'm not so naive to think they would actually do this with BYOD initiatives, unfortunately.
For personal users on personal devices, I agree this might go too far (but some principles like MFA are best practices).
This was the case at my university. In order to use the dorm network, you had to download a software package that validated your setup. It would then add your computer (I assume MAC) to an allow-list.
In order to deal with it, I had to create a subnet with a router, use an old laptop to do the verification, and then the whole subnet was added to the allow-list.
...and before Stallman, Hayek. Hayek couldn't have seen the technological means, but he did see the "self-regulated monopolies" shaping up from anti-competition moves on the part of government (most of which are driven by lobbying).
Engineers could leverage their economic might via collective action; don’t open your wfh laptop today.
Updating the Upton Sinclair quote without the gender bias; it’s difficult getting a person to understand something when their investment portfolio valuation depends on them not understanding it.
Who are they if they’re not what they are now?
When you all stop posting on corporate forums and working their jobs, shopping their stores, I’ll take you all sincerely and seriously.
The NSA and other three-letter US agencies will be all inside this chip, or have side-channels to the firmware update mechanism, obviously.
A secure operating system means nothing if the hardware itself cannot be secured, and the case for a new, trusted, transparent manufacturer of Intel-compatible CPUs and hardware in general grows stronger.
Though I get the feeling we're missing the forest in the trees. Smartphones with proprietary basebands have been here for more than a decade or so. It's not only Intel-compatible we need, it would really take legislation to turn all these things more transparent or controllable.
Regardless, I think that the pc platform deserves a good anti cheat solution.
Separating the groups of those who have a good anti cheat system enabled (such as this) and those who don’t is a good compromise for everybody. I think more reasonable companies such as Valve will go that way.
Anything that prevents me from modding or cheating in my single player games is anathema to me. And companies like Activision, Ubisoft and Rockstar would love a hardware-based system that takes control away from gamers.
I know that this is a popular take here, which is why I proposed that there should be a mechanism to opt out. But that would mean that you would have to play against those who opted out as well.
I would like to have an anti-cheat mechanism (that works), not a god damned security-nightmare rootkit that scans and uploads my private files to god knows where.
That is "exactly" what they are trying to do, I find it sad that people are prepared to accept this as business as usual, considering the efforts made to make Linux available to everyone.
Regardless of all the FUD against Pluton, it has a great feature, it is yet another CPU with hardware memory tagging, as the last resort against C flaws and derived languages.
FUD is no longer FUD when it becomes a realistic danger.
Given that remote attestation already had deleterious effects for user freedoms on smartphones and tablets (meaning, choose between banking apps and any deviation from the factory ROM), Pluton should be seen as a danger.
Those OSes were distributed on ROM by necessity, because that was the most cost effective option available. Any modern limitations that prevent running your own software are not just artificial, but actually require additional effort to implement bootloader locking/integrity checks.
That is precisely the proof I need before I ever buy into either. I'm very optimistic about PinePhone but AIUI it's currently quite far from being a reliable daily driver for the kinds of tasks I need one for.
I care about open smartphones, but not to the extent that I care about other things.
A de-Googled Android or iOS device with a judicious selection of apps is good enough to fulfill 80% of the "geek device" use case segment (though not at the same time - de-Googled Android is better at running arbitrary software, whereas iOS seems to be better at painless privacy). I'm just not invested enough in open smartphones to fight PinePhone's software immaturity, or to spend crazy amounts of cash on a Librem.
On the other hand, I was an adopter of the Pinebook, and will be for (affordable) productivity VR as soon as I get the chance. For both of these form factors, I'm more than happy to write 80% of the UI I use if it gives me what I want otherwise.
* SMM has been part of x86 for decades. The Secured Core requirements around SMM actually reduce its power.
* The claimed requirement to remove the third party UEFI CA certificate from 2022 Secured Core PCs is entirely unrelated to Pluton (it's required regardless of whether Pluton is enabled or not, and even whether the CPU has Pluton or not)
* Most of the description of Pluton is actually a description of a TPM. You don't need DICE for remote attestation. TPMs are already a hardware keystore.
* System firmware is already being updated via Windows Update. The discussion about Pluton and Windows Update is around Pluton getting firmware updates that way (the existing story around firmware updates for TPMs is largely not good)
* Existing TPM-based remote attestation already includes the secure boot state
The short version: everything that the article is worried about being enabled by Pluton is already possible, and has been for years.
But there's a meaningful point here. Remote attestation can certainly be used to restrict access to resources in ways that are incompatible with general purpose computing, or which reduce user choice. Remote attestation can also be used to give end users confidence that their machine is in a good state without constraining what they do with it. As a technology, remote attestation can be used in both good and bad ways. We do need to keep track of whether anyone is threatening to use it in bad ways and react appropriately.
(But tbh remote attestation as an attack on general purpose computing isn't the really scary thing about widespread remote attestation. Remote attestation ties back to the TPM's endorsement key, an immutable cryptographic key certified by the TPM vendor at manufacturing time. The straightforward implementation of allowing arbitrary remote sites to trigger remote attestation would tie all of these accesses back to a single piece of hardware, and would be a privacy nightmare.)