Of course, Microsoft would say it's not about DRM (at least right now), it's for "security." Which... its secure as Microsoft's servers are, to be sure.
But I am personally glad to see hardware-level key stores show up on all CPUs. Maybe this is already a thing and I'm being duped by Apple for thinking it's good, but it feels good to me.
Remote attestation is the true enemy of your freedom. The power of the authoritarian corporatocracy to force you to use only the (entire) systems they control. It's worth reading https://www.gnu.org/philosophy/right-to-read.en.html again just to see how prescient Stallman was.
If there were only dystopic uses of this technology, its development wouldn't be able to go on internally. They are specifically taking this path so they always have plenty of good reasons to pursue their agenda.
Therefore win 13 will be a theme for ubuntu packaged with a FOSS version of office. MS will award large weekly prizes for the most useful FOSS app extending the eco system. It will be sold on multi TB external drives that work like live USB only daisy chained. Weekly new releases cramped with so much free stuff every neck beard around the world must own all of them. A few movies, some music, a game or 2. Each comes with a poster, a t shirt and a book. Prices go up and down using RNG making some releases rare and hard to get.
HN has been consistently contrarian. That’s about all that you can say without quickly becoming mistaken.
But of course, that begs the question of whether language is defined by how people use it. :)
Besides, at enterprise scale, how do you trust internal teams? It could all be security theater and they aren't delivering on their promises as well.
Given that remote attestation already had deleterious effects for user freedoms on smartphones and tablets (meaning, choose between banking apps and any deviation from the factory ROM), Pluton should be seen as a danger.
Using "begging the question" to mean something as obscure and unintuitive (as in, it's basically an idiom that must be explained first) as "your question originates from circular logic" is a waste of prime dictionary space.
This term should mean "there is a question that is so blindingly obvious regarding the situation at hand, that it simply begs to be asked" - so, more or less what everyone who didn't have the term explained to them, thinks it's supposed to mean.
You don't need that. Streaming is already crippled on Linux. Hell, Netflix won't even stream full quality on Chrome!
> https://help.netflix.com/en/node/13444
4K Ultra HD on a computer
Netflix is available in Ultra HD on Windows and Mac computers with:
Microsoft Edge for Windows
Windows app for Windows 10 and Windows 11
Safari for MacOS 11.0 or laterHonestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.
Can someone please explain to me how the author might see this level of security as a bad thing?
Wait a few years. Smaller companies won't even be allowed to order high end cpu's. You'll be at 100% mercy of these corporations.
If after 2 years they decide to brick your pc, they'll just do it. You think government will help you out here? Lol...
And I am pretty sure it's a darn good idea and well thought off and executed.
I cannot see why this is a bad idea besides the usual cargo cults claiming corporate distrust.
Heck we trusted Intel for decades and no one asked what Apple put in their silicon, because its Apple and Steve was so trustworthy.
From the USA, we get news of banned book in some states. When I read that, my head goes back to my european history, and I reach the Godwin point very quickly.
Those kind of people will abuse such system to prevent things to be shared.
It will be used for putting DRM on everything and create a more and more closed web.
It will be used by corporations and govs to prevent wisthleblowers and journalists to do their job. Or to prevent employees to get evidences of mistreatments in case they need to sue.
Because if you look at it, it's basically just a system for information control. And bad actors love that.
And of course it will be "for security reasons".
Trusting people with a terrible track record to not abuse a massive power in the future, espacially one that can be scaled up with the push of a button once the infrastructure is in place, is not a good bet.
Not anymore.
https://www.baynews9.com/fl/tampa/news/2022/05/06/florida-ba...
If you're worried about book bannings in states like Florida, DeSantis is up for reelection in just over 3 months. Go volunteer or donate money to his opponent (probably Charlie Crist).
MS remote attestation doesn't require remote cloud or anything like that, I recall it supporting air-gapped environment from the start (guess why, the top-price enterprise clients want that, including resigning windows with their own secure boot keys).
Disclaimer: for various reasons open source remote attestation in corporate is currently on my roadmap at work
RA is a technology that has its fair use, and can be desired for other systems, like in Linux. With a pure RA system your services can decide to trust or not those devices on your network that can be compromised, and report to other devices that there is something suspicious.
As anything, this can be used properly to increase the security of your edge architecture, or wrongly to limit the users actions.
Let me put another example. With RA I should be able to authorize validated systems in my R&D VPN. If you are using your own laptop with the company certificate, and the verifier tag the systems as "unknown" or "unhealthy", it will not allow the access to the internal network, but sure you can still use your laptop for anything else. This, IMHO, is a fair use of this technology.
Yet, you probably don't want to give willingly a nuke to a dictator.
In the same way, giving this kind of power to people that have shown in the past to abuse information control is like banking on the wolf to behave in the hen this time.
> Go volunteer or donate money to his opponent (probably Charlie Crist).
I'm not in the US. I just read those crazy news, compare it to my grandfather stories, and worry.
Some parts of it maybe do. Some others, like multiple different Azure teams, don't even think about anything resembling security, or there wouldn't have been multiple critical and trivially exploitable security vulnerabilities on Azure in the last year only. (If you don't know them, please read up on them. Security is hard, but in those cases nobody even pretended to try!)
It reminds me of the good old "my password takes 2 billion years to crack, but my kneecaps only take a few seconds" metaphor about people in tech forgetting that physical coercion is, in fact, a possible attack vector for your IT security.
- no, I don't need protections for the side channel, I never asked for them
- no, I don't need a unique identifier, who is the demented person who asked you for it
- no, I am not going to glitch the power supply, and even if I did it means I am interested in doing it and wish it worked instead I was prevented from doing it
- no, I don't care at all about having a hw store for certificates, which are ephemeral and dropped from above anyway so what am I supposed to trust?
- and so on
"not secure by design" nowadays comes close to being a coveted feature
To be pedantic, it was diseases and outright, explicit murder. (which is not an excuse. Biological warfare is a modern war crime, after all.)
https://en.wikipedia.org/wiki/Population_history_of_Indigeno...
banking on the wolf to behave in the hen [house] this time
Fair point, but the United States is rapidly moving towards authoritarian governance right now. There are steps that every U.S. citizen who reads my comment can take to help stop this decline immediately. I don't like the idea of this sort of TPM 3.0 module in my computer's hardware, but it's a 'day after tomorrow' problem for me, not a 'right now' problem.
Separating the groups of those who have a good anti cheat system enabled (such as this) and those who don’t is a good compromise for everybody. I think more reasonable companies such as Valve will go that way.
"DRM will be unusable outside Windows" is already the case.
"Documents can only be opened by authorised users" sounds like a dream come true.
"You can't boot Linux by default" is annoying, but hardly a deal breaker. Statistically, almost nobody runs Linux on their devices. Valve could make a change in the Linux landscape if they actually get SteamOS off the ground (third time's the charm, right?) but so far SteamOS 3 is only meant to be used by their own hardware.
It's been decades since I last heard about powerful Windows rootkits because you can't just swap out the bootloader anymore. You could try it and risk a non booting victim system, but you're not extracting data or injecting ads into the kernel that way. Malware hasn't gone away (partially because Microsoft doesn't want to break old, signed, vulnerable device drivers that are used to bypass signature requirements and gain kernel access) but it's harder to gain good persistence now.
I get it, I want to run Linux on these devices as well. All of this stuff should be easy enough to disable if you're the owner of the device. However, your freedom to use your device however you want doesn't imply that others have to put up with your choices. If I choose to only accept Microsoft Panopticon Validated Devices onto my network, that's my business, no matter how foolish it might be. Distributing my software as a .exe isn't some kind of violation of your constitutional right to run OpenBSD, it's a business choice.
Personally, I'd love to see a similar system provide a hardware root of trust for Linux as well. Qubes being able to verify every single step of the boot process and securely loading the system's (several) security keys would be a great security benefit. Hell, I'd even like to see the option to only run signed software on my machine to ensure the executables haven't been tampered with, either signed by the distro maintainers or by myself during the install process, but Linux doesn't have such features or configuration accessible.
As long as it's possible to disable this stuff or to configure it for your own, personal key set, I'm all for this stuff. I want the freedom to secure my (Linux or Windows) system in hardware, as long as you have the freedom to turn it all off if you disagree. I don't buy Microsoft hardware specifically because I can't disable or configure that crap, despite their excellent pen support and fancy designs, and I think others should do the same. That's my personal choice, though.
The video does a good job of the original threat model for this technology and how it works on Xbox.
That device is likely to be a smartphone because everything is slowly moving in the direction of requiring one.
If I need to spend extra money to get an additional "freedom device" and can't afford it, I just won't have one and will miss out on the good stuff.
By forcing the kernel to be untamperable, Microsoft can arbitrarily enforce ANY policy they choose on your PC. They could spy on every single piece of network communication. They could ban any given software from being able to run on Windows - maybe Chrome, maybe Steam, any competitor at all. They actually could easily enforce laws on banned content too - any given website, book, audio or video could be impossible to consume, and an attempt to try could be reported to Microsoft. They could stream the contents of your display and mic and camera at any time to anyone they choose. There is literally nothing they cannot do with complete control over the kernel. And since the kernel and Windows itself is closed source, there are ways to hide all of it so you would never even know.
Security is great but it also goes hand-in-hand with control and surveillance. Every capability to increase security also increases the amount of control those providing the security have.
The difference is for now you can still go to BIOS and enable Microsoft's key for 3rd party OS.
Maybe when Windows 12 comes out that option isn't there.
I write some notes[3] about how to use it in openSUSE MicroOS / Tumbleweed, but can be extrapolated to many other distributions too.
[1] https://github.com/keylime/keylime [2] https://github.com/keylime/rust-keylime [3] https://en.opensuse.org/Portal:MicroOS/RemoteAttestation
It's like your company giving you serious protecting gear to wear while doing your work on a nuclear reactor is a good thing. But having to wear such gear at home is not a popular choice, and should not be required.
If you can't, it goes without saying that that is unacceptable
If today it's "obvious" what's bad; When this generation dies off, who is appointed master of the universe and decides what's bad? It won't be you. It'll be the guys with the money; See Pluton. They're already paving the way for just that (at least in tech and what your wallet must must must spend). But, I digress.
You shouldn't ban books. You should teach morals.
My friend, Swim, who is a Jew living in Israel doesn't support banning Mein Kampf. So much so that when Swim's friend ordered it from Amazon, neither opposed it. Curriculum teaches about Hitler's rise to power and the abuse of his people to do so. That's more than enough to understand not to follow in his footstep. Swim's friend was interested in Hitler's political prowess.
I'm not interested in Mein Kampf. But, if someone is, he most surely has the right to read it. Kill the way some fanatics did because of it? No, that's immoral.
Who decides morality? That's complex, I think. But, I also think it is an innate intuition that lives in all of us.
And yes, there's nothing evil involved if they are owner controlled, something that honestly was heavily Microsoft pushed because they do have clients that insist on them - the DRM functionality in intel ME has keys controlled by broadcasting associations instead (this is why you can't stream HQ on Linux from official sources), same with part of why AMD PSP got some uncontrolled bits (the blackmail goes that if you don't do that, customers will quickly find they can't stream netflix/whatever in high quality on your hw and will stop buying it).
Personally I believe that owner-control of hw should be enshrined in law, just like right to repair and modify, along with laws against deceptive "looks and quacks like a sale, is actually a lease" practices
Personally I think its very likely MS will eventually push to strongarm OEMs into locking secure boot to be enabled. All it will take is another round of "security improvements" and the public eats it up. The market would then fragment into laptops that can only run Windows and maybe more expensive laptops that allow you to disable secure boot. If the number of people who actually care enough to vote with spending a few extra hundred $ remains as low as it always has, over a decade it will drive open laptops to become wildly overpriced and eventually cease to exist.
Have you seen OCP's Caliptra RoT, which requires OSS firmware, enforced by dual-signing of firmware by both OEM and owner? Currently for hyper-scalers, but this approach can be adopted by other enterprise customers, https://www.youtube.com/watch?v=p9PlCm4tLb8. Attestation will be done to Caliptra, which can then release SoC boot ROM from reset.
Are you talking about brown-out detection circuits, or is there something else?
Of course, the system for it is rudimentary, and puts a disproportionate amount of control in the hands of providers. And that works very well for them too.
You can choose not to wear that gear, but choosing to not use Windows is much more complicated, at least for most people.
Basically, this will make transparency even harder than it already is. That's a terrible danger for democracy at large. Stalin's wet dream.
Not everywhere in the world (https://en.wikipedia.org/wiki/Mein_Kampf#Current_availabilit...)
In the USA, freedom of speech is in very high regard, and that’s in conflict with the idea of banning any publication.
Don't people listen when a guy like Pompeo speaks he has pretty much outlined the plan with his Clean Network Initiative, I wouldn't be surprised that within a decade CloudFlare and other US cloud services will be used as the great firewall of the western sphere.
It's like saying "don't worry about gun control because car accidents kill way more people right now".
https://en.wikipedia.org/wiki/AACS_encryption_key_controvers...
Pluto (Greek: Πλούτων Plouton, "giver of wealth", Pluton in French and German) the most common name for the classical ruler of the underworld. Plouton was one of several euphemistic names for Hades, described in the Iliad as the god most hateful to mortals. https://en.wikipedia.org/wiki/Pluto_(mythology)
You cannot defend against something you don't understand.
Reading it (or the little red book), you will notice there is nothing incredible about it.
It's a good way to understand the banality of evil.
It's a good way to see what currently in our society echoes it: we are not freed from evil, it can come back any time.
And the "push on unsuspecting children" narrative is worn out. Nobody push such dangerous book on children unless already twisted. Nobody ever told me "read it, it's good for you". Everybody always said: "dangerous book, read it with history in mind", if they ever talked about it.
We push Harry Potter on kids, not Mein Kampf.
Microsoft has already tried to monopolize the PC consumer market before. And back then the risks were tiny compared to what is at stake now.
https://www.justice.gov/atr/us-v-microsoft-courts-findings-f...
But to me, this all looks like MS building a house of cards again. If I am writing a rootkit or other malware why can I not use this to make sure only the compromised devices secure processor can read the contents of memory or does defender get a pass?! A defender/analyst won't also be able to dump ram with volatility or a custom driver to analyze the malware/implant? No microsoft solution would prevent a user from downloading and running an executable entirely so malicious code would run, but can it now hide from security solutions? What part of HVCI am I missing?
As far as the rest of it, it will break legitimate use cases for users so I don't expect it to be a default anytime soon. I hate the remote attestation stuff but my hope is it will either fizzle out or regulations will be put in place for enabling user control of the secure computing private key for personally owned devices because code you can't introspect or keys you can't manage should not exist on a device you own (not license).
The software you boot sets up some state and then toggles a bit, and after that something can't be changed. The state is secure against much modification after that time, but not before that time.
The "you" that boots the device are in control, and the "you" that uses the device after that have exactly what "you" set up at boot time, neither more nor less. If both "you" are the same person, then there's no loss of control.
But of course they're often not really the same person. If you want to boot a Microsoft-signed image, the party that boots is more or less Microsoft, not you personally. But in that case, you also want to use that Microsoft-signed OS, right? So the shift towards boot-time control is then a shift from mostly-Microsoft use-time control to mostly-Microsoft boot-time control. Mostly Microsoft here, mostly Microsoft there, even if the two mostlies aren't quite the same percentage it's difficult to regard this as a significant loss of control.
A secure operating system means nothing if the hardware itself cannot be secured, and the case for a new, trusted, transparent manufacturer of Intel-compatible CPUs and hardware in general grows stronger.
>I can't fathom a math textbook with pornographic examples. Is this a thing in the US?
I've been out of school for quite a while, but AFAIK while there is plenty of porn out there, it's not in our math books.
No, it's just Florida politicos pandering to their base[0].
I'm guessing that what GP is going on about (please do correct me if I'm wrong) is probably some word problems that include references to non-heterosexual/non-binary folks, which seems to trigger the intolerant among us.
Which is a result of decades of attempts to put christian dogma and ideology back into US public schools, and failing that, destroy the public school system.
And more's the pity.
[0] https://www.politico.com/news/2022/05/05/fldoe-releases-math...
Edit: Added the missing link.
Once these chips are in everyone's devices, it would be quite easy to add this stuff technically. And in doing so, break the web on non-approved hardware or software (like linux).
Edit: Actually on the subject of worst case scenarios: If the trusted computing attestation process was extended through the web browser, it would be possible to build a website which is impossible to scrape or interact with in any unapproved way, from any unapproved device. Eat your heart out Aaron Schwartz.
I say that as a person of Eastern European/Jewish extraction.
Do I like fascists/fascism? No. Do I like Nazis? No.
But I do like freedom of expression. And if the price of that freedom is that hateful scumbags get to speak their piece, that's okay with me. But I'll have something to say about it too. As it should be.
[0] https://archive.org/details/mein-kampf-audiobook
[1] https://harperandharley.org/pdf/mein-kampf/
[2] https://www.amazon.com/Mein-Kampf-Adolf-Hitler-ebook/dp/B002...
A legislative piece of paper (or many pieces of paper) have the power to reign in corporations far far beyond any technical solution or workaround.
And yes, that requires limiting (intellectual) property rights and regulating what certain contracts can enforce. Sometimes it's needed if you ask me
In my experience this sentiment is rejected primarily by many technical people because it feels like adding the human factor to a pristine world of logic. In reality it's humans all the way down and there is no reason to believe that Microsoft/Apple is a better steward than an elected body of representatives acting according to the rule of law
Exactly this. As soon as governments (or lobbyists) discover that this level of control is available to them, they will introduce whatever remaining laws they need, banning E2E encrypted chat apps, or Tor, or bittorrent clients.
I suspect that, like civil asset forfeiture, or running commands on botnet-infected devices[0], these actions will have only the thinnest veneer of "due process" applied to them. After all, if your computer is running "illegal" software, why should the government wait for your permission before deleting that software, or even tell you that it had done it after the fact?
[0] https://uk.pcmag.com/security/139675/us-disrupts-cyclops-bli...
Actually, IIUC this is already the case on Android[0].
Some (many? most?) banks/banking apps are rejecting (and/or complaining about) access from rooted phones right now.
I can't confirm this personally, as I'd rather have my tonsils extracted through my ears than use a surveillance device^W^W smart phone to do anything financially related.
Perhaps someone who uses banking apps on their surveillance device could chime in on that?
[0] https://www.howtogeek.com/241012/safetynet-explained-why-and...
Because the music/movie industry benefits from DRM and made agreements with the software and hardware industry.
Also NSA and the military complex benefit enormously from having control over hardware around the world.
In this one... that's not what they'll be used for.
This is the end game for the corporate internet. Not only can all your activity be logged, but if any of it is unwelcome - on any scale, from family to school to work to country to world - you can be locked out.
Sure, you can sell yourself and make good money with software on some proprietary app store with proprietary tools. You are a freelance employee of the company providing that infrastructure at that point.
It is short-sighted, lazy and stupid in my opinion. There is merit for such security mechanism, especially for cloud applications, but it should be crystal clear that there are secondary motivations here. And that the security argument often falls short if you take a good look at current threats.
Could as well gouge out the eyes of everyone not having a read permission on said document. There are 1001 solution to solve such problems. And as a gigantic bonus it doesn't have to be bound to hardware! User permission management is much easier.
Unpopular speech needs more protection than popular speech, not less.
Technology is a tool. What is true however is that under the current way how the economy is structured remote attestation weakens freedoms of individuals mostly.
If Facebook was under remote attestation that private information was only used in limited and specific ways and even the NSA can not get to them without breaking the remote attestation, that would be a good thing. If firmware was under remote attestation we would have to worry a lot less about backdoors and the Diesel scandal would have never happened.
The libre computing movement got lazy. We got used to care about free software and just accept free-riding on non-free hardware because "hardware too hard" and frankly we got it easy with x86 CPU and PC manufacturers being generally friendly, actively or passively, to free software and actually benefiting from industry concentration. The less attractive proprietary CPUs and other chips get, the greater chance a small but lively open ecosystem develops?
Perhaps you mean that if you, as owner and legitimate user of a device, are able to perform a particular change only during a brief window of time rather than at any time of your choosing, then that limits your control over the device? If so, then my answer is yes, certainly it does. But it also limits the access of anyone who impersonates you (such as the evil exploity javascript I make your browser execute).
microsoft is smart enough to realize that NSA tinfoil types already do not trust them, and likely will never trust them (which, if you are that worried about security, why are you on windows anyway? NSAKEY?)
the predominant share of windows machines are sold to businesses and enterprises who DO want to lock down at a hardware level.
it's way too easy to steal a windows machine and wipe it clean. you can't do that with DEP-enrolled macs because of the TPM they already have, which is a strange misalignment when Windows' core market (enterprise) really cares about this kind of security.
apple has every reason to care about DRM more than microsoft, but the TPM advent on mac was mostly a welcomed one as I recall. perhaps that is because apple has taken a strong and public stance towards user privacy. but they have to: it is consumers who are buying their devices, and consumers rightly want a device that works for them.
microsoft is not in that position, or at least, is not with windows, from an economic standpoint. similarly, they are mostly selling to enterprises and business and governments for this product line, and those customers rightly want a device that is verifiably secure.
if you're worried about security for your personal use, buy a mac, because they've made their bottom line and your privacy intertwined. or, buy a linux box and purity check it down to the circuits. you have already decided against convenience in your trade-off equation by your a priori decision to care about this in the first place.
https://boingboing.net/2011/12/27/the-coming-war-on-general-...
https://github.com/jwise/28c3-doctorow/blob/master/transcrip...
Don't know enough about the subject to tell if his "attempts to control general computation will converge on rootkits" prediction has held up.
Gee I wonder why. /s Such statements are tedious to say the least, preventions have been implemented, obviously it curtails such abuse, obviously that reduces frequency.
> the whole TPM module isn't really needed in my opinion
It's nice that you have no key material that would need to be kept strictly on the device, but a lot of users actually do. We don't want people's Webauthn tokens carried away, we don't want Bitlocker keys stolen, most certainly we do not want biometric authentication data stolen. Maybe you have reduced that risk to near zero, but that's not the case for the vast majority of users.
Soon my old 3G dumbphone will be useless as the mobile operator ends the service. People are pushed to newer phones^W surveillance devices and I have to hunt for real 2G phone soon.
I get the issue with Pluton but TPM is only a dedicated and certified secure key and random number generator that does a better job than CPUs doing it in software, and it's also a secure enclave for storing your encryption keys. Would you rather store the keys in memory where they can be easily grabbed by malicious apps like Mimikatz? Macs had the same feature for years in the T2 chip.
It's the exact system that enables wireless payment and other strong security features on your phone.
So having TPM on PCs and using it for its interested purpose is a boon for everyone's security so I don't see the issue, just FUD.
However, for private users these are dark capabilities.
nothing. there's nothing you can do to stop that.
So in worst case, if your attestation server is very strict, any new binary installed on your machine will prevent it from booting or satisfying the attestation. This is the main concern that TPM enables.
DEF CON 23 - Cory Doctorow - Fighting Back in the War on General Purpose Computers
Though I get the feeling we're missing the forest in the trees. Smartphones with proprietary basebands have been here for more than a decade or so. It's not only Intel-compatible we need, it would really take legislation to turn all these things more transparent or controllable.
Btw, you could acquire a Mobile-ID SIM that will work on a rooted phone (but also with feature phones, if you wish).
Don't throw away your current hardware when you "upgrade". You, or others, may need it or parts of it in the future.
Establishing technical means to do something (limiting access to files via DRM) is not as urgent as actually doing it (Florida carting books out of school libraries). And technology is not a monolith. Pluton specifically is far from being a universal requirement on Windows, and the entire PC platform is open enough to support alternatives for a very long time. It's possibly worrying (though it looks like Microsoft's intention is confidentiality management in enterprises for now), but far from "turnkey tyranny".
The frequency dropped even before TPM was deployed on most machines and I guess most systems still haven't it enabled today. Reason for that is that there are simply more direct and profitable ways to get system access, see most applications of ransomware for example.
> It's nice that you have no key material
You can use many different types of authenticators. If you use Windows Hello you need TPM and they try to hinder you adding alternative means without TPM being activated. But that is a different story and solely on Microsoft. No need to falsely or passive aggressively suggest that a system would be insecure without these specific means.
It's only through constant vigilance and fighting back that it has been slowed dowm by two decades.
News of Pluton and its security goals have been readily available since 2020 from reputable hardware sites like Anandtech, or directly from Microsoft themselves. There's nothing new or hidden or surprising about it unless you live to dream up Microsoft conspiracy theories.
Many other hardware manufacturers have similar security offerings including Intel and Apple. Microsoft is arguably late to the game here, given their only recent interest in PC hardware. OS integration isn't even new. Macs have been shipping with T1 and T2 chips for over five years. Has the sky fallen on that ecosystem?
I see tons of interesting comments flagged/dead within minutes. there are rarely controversial, or low-quality, or rule-breaking
there are plenty of topics you are only allowed to express a pre-approved opinion about, and I can't even give you examples without getting muted
Books are not banned, just not used in the classroom anymore. While the reasons for it may be wrong, it's something that happens constantly all over the world. No one prevents children or adults to read those books at home. Banning books could mean that owning them is illegal and that just hasn't happened.
[0] https://forums.lenovo.com/t5/ThinkPad-X-Series-Laptops/BIOS-...
From https://wiki.archlinux.org/title/Lenovo_ThinkPad_T14/T14s_(I...
When computing is controlled at a hardware level, you have far fewer competitors and market places. Working around things can be significantly more difficult and you may be stuck with scrapping up old less capable tech trying to do something you should have better options for. This is the reason technologists fear technology control, not so much because of tunnel vision but because the general population can't work around it, even experts may not be able to work around such protections. Low tech always has easy work arounds--the option exists even if you may fear the consequences.
So the government will clearly help out here. And none of these companies has an incentives to stop sales to smaller companies, they make a lot of money with those.
Choosing a party is not like choosing an OS for your PC, though. Choosing the OS would be like choosing the political system - and recognizing the incredible privilege I have by being born into a democracy, I very much wouldn't like other people to change it.
Going further into democracy, while you might put an X on a paper sometimes, still forbids a very high number of actions. I'd liken it to having the power of choosing between Apple's App Store and Google's Play Store for your phone. Which, getting back to the point, is safer for the users than installing any third party software. Like how in a well functioning democracy, I'm forbidden to do a great many things, but also I can feel safe in the thought that others have the same restrictions too.
The one example that I thought might have been somewhat improper was "Multiple exercises related to a debate between Al Gore and Rush Limbaugh, where the publisher was in favor of Al Gore's arguments based on the questions in the exercises."
If the debate in question was fictional, I'd be tempted to agree it would have been better to avoid using the names of real people although I'd disagree that is enough to ban the use of the textbooks. If the debate was actual and the textbook pointed out very real flaws with Rush Limbaugh's logic (especially if they were a real world example of bad math) I'd say that it makes perfect sense to include it in a math text book.
2015: Governments recognize the importance of TPM 2.0 through ISO adoption https://www.microsoft.com/security/blog/2015/06/29/governmen...
2022: Microsoft Can Kiss My A* | Do You Own Your PC? [Smart App Control] https://www.youtube.com/watch?v=Lv5xHfZnk4s&t=163s
The Trojan Platform Module (TPM)
The only question is whether they will trust metal detectors to prevent whistleblowers from bringing in these devices, or if they will rely on strip searches and CCTV.
Ah, that must be why we all have root access and can freely modify or install anything we want on every device we own! Oh, wait, we don't have those things and our non-PC systems are increasingly locked down and routinely do things against the wishes of the people who own them.
The best progress we’ve seen in decades came from most people using locked-down phone operating systems, followed by stricter desktop OSes. If you don’t like that trajectory, you should be focused on how to get the benefits with other trade offs. One of the first steps is respecting people enough to understand their needs rather than calling them idiots.
Especially when attestation can be used by websites etc. We'll need to have another computer at the side for accessing them.
I interpreted your sentence as two disjoint statements and thought you find UEFI/SB and TPMs all useless. But yes, it indeed started dropping before. TPMs don't deal with that topic unless we're speaking of Trusted Boot, which is a whole separate concept.
> [...] hinder you adding alternative means without TPM being activated. But that is a different story and solely on Microsoft.
No it's not solely on Microsoft. If there isn't a safe place to store keys, it makes sense to dissuade storing them. Fairly obvious, isn't it?
> You can use many different types of authenticators.
It's not a very realistic suggestion for most users and use-cases. Having a built-in module that does the job has a lot of upsides.
> No need to falsely or passive aggressively suggest that a system would be insecure without these specific means.
I didn't say such a system would be insecure, however it can't safely store key material, it would be less secure in a bunch of contexts.
I think it’s also worth asking why he didn’t have more impact despite pretty clearly seeing this problem. Part of the answer has to be resource disparities but I don’t think it’s just that - Linux didn’t really capitalize at all on Microsoft’s lost decade, and much of the innovation in security has happened on other platforms. I think there’s also some kind of blind spot in the open source community where a lot of people see this as something other people need, not them personally.
Because if they don't add whatever garbage Microsoft orders them to include in their chips then Microsoft can simply require that shit for the next version of their OS to boot. They could even force an update on existing PCs to check for it. Nobody is going to buy a chip if having it means they can't run the OS that 99% of computers on the plant are using. If Intel dared to say no, MS could pretty much run them out of business.
At least that's how I managed to understand your comment to the best of my abilities, so hopefully I'm missing something. Though if there is such a something, the point did not get across successfully.
Market rejected it. At the time, there was an alternative. What are most people going to do, when there is not?
https://www.virginiamercury.com/2022/07/06/free-speech-group...
I...don't share your optimism, to put it lightly.
In theory, yes, you could implement it like you said, but that's not what happens in practice nor the direction we've been tending towards in recent times.
IIRC, this was the reason Valve created SteamOS: they feared Microsoft would use their control over Windows so that the only viable software store on PCs would be Microsoft's own store.
Well, it gets even better, even for folks with principles like you have.
If you want to use general computer, you need to log in. For logging in, you need second factor. That second factor is going to be in 99,99% cases exactly the app in the smartphone, that refuses to run on rooted devices.
So no avoidance, if you want access to your account.
And it is a pretty terrible solution to the problem.
- It is also keeping the good guys outside too: Anyone that want to analyse and understand the security of the system for good reasons cannot. Excepted if explicitly allowed by the corporation X and that is a terrible security property.
- No root access also means very little control or ability to scan the system itself if your are not the X corporation controlling it. That means no possibility to mandate reviewer corporation Y to check that corporation X is doing the right thing. TPMs currently make that even worst by design, they are undocumented and complex, therefore rely on blind trust that company X do the rthe ight thing. And since the Intel management engine fiasco, we do know they are not doing the right thing.
- Bonzi Buddy and toolbar type of problem can be easily avoided by separating properly the normal user account from any admin account(the unix way). It should be painful to be admin but not impossible, just to make sure your grandma do not install a rootkit by mistake when she want her 20% coupon.
In summary: That is mainly bullshit from company X to keep full control on the entire user device, and not for their own good.
These people won't respect you until you start taking their money. Become one of their techno-corporate overloads. Demonstrate how you're controlling/profiting off them, why it's bad. Maybe then they'll start listening. Or not. At least you'll have made a nice profit.
If you can imagine that, then imagine that every human is given a number which is equivalent to (or even more significant than) their name, and that name/number appears in certificates which are signed by the name/number of a certificate authority's key. By accepting the signature, you have to accept an EULA that takes an hour to read, so no one does, and it changes every month anyway, with future changes automatically binding you.
Does that sound like a world where people are free?
That is a bit misleading. The TPM is a passive device, it cannot verify any state. It is the OS who measure the system (in Linux via the IMA system). And is the Linux kernel the one that, if you have a TPM, can produce a process where a 3rd party can be sure that the measurements are "true" and "legit" (via PCR#10 extension).
As you state later, it is this 3rd party the one that assert (verify) if you are state considered OK or not.
Maybe I am too simplistic, but I do not see the evil in the TPM here, but only in the 3rd party policy.
TPM can be abused but, as a developer, I am happy that we can use the TPM for good and fair goals in open source projects.
It is the user who can decide to use the TPM or not, and should be noted that in the TCG specification it is stated that the TPM can be disabled and cleared by the user at any moment.
This makes sense to entities providing a service, and also for many who doesn't mind not having control over their something, which is, I think, very similar to how we don't really have control over a great many of things. This is the point I wanted to get across to the original commenter, who protested "god forbid you have control of your own PC?".
When those these restrictive practices were introduced with iOS and to a much lesser extent various Android distributions (not just phone, but other types of appliances), i was genuinely surprised about how quiet the same type of people are, who I thought protested out of principal.
Its the same pattern, like poltics, where people are just basically trying to sell or advocate for you to buy into or sell another product.
until recently. Just like reddit, it has become less niche and more mainstream. For eg: HN majority opinion on covid's origin. It matched the official US govt lines as it switched back and forth between market and lab.
Be careful to not forget the distinction between "being allowed to" and "being able to". There are documented cases of countries (including the USA) using violence against people even when they aren't the government where these people live.
I've been saying this ad nauseum forever and I'm not the only one.
A related problem is that the OSS world is mostly tech enthusiasts. It's like having car people design cars. They'd be full of special switches and options and stuff that car people want. Car people don't understand that most people hate cars. What they like is mobility. Same goes for computers. Most people hate computers. They just like what computers let them do: communication, making content, getting their work done, etc.
Kind of feels like Microsoft can’t win here. Everything is free and unprotected and their OS is a security joke, or they harden and get accused of DRM and monopolizing.
But it's the other way around, if you improve your old device by installing a up to date Android on your vendor-abandoned previously vulnerable device, you go from working banking to banned from banking.
Also, thank God for the Internet Archive.
And downsides, especially for corporate usage you don't want your data protected by device keys if they aren't set by yourself or replicated elsewhere. But it is a security risk to deploy such keys on local machines in the first place in many circumstances.
> If there isn't a safe place to store keys, it makes sense to dissuade storing them. Fairly obvious, isn't it?
The behavior is that you can only add keys if you already activated TPM. This is an implementation detail of Windows Hello. Perhaps they changed it but I can think of some reasons why they forgot to add the option.
> it would be less secure in a bunch of contexts
No, I disagree. Severely less secure depends on the security model. Applications cannot usually randomly access any memory, but yes, the system would need to ensure that and there can be attacks. If you assume your system is compromised on that level your device encryption will be bypassed via the same channel. TPM comes with its own suite of security flaws in regards of device identification (bug or feature?). That is a relevant threat model compared to many memory attacks regardless of the countless other fingerprinting problems we currently are subjected to. Plus the DRM issues around remote attestation and sealed storage.
For the pro market people want control. Pros also generally know a bit more about how to use that control and tend to be less likely to end up getting pwned immediately.
For regular users people just want shit that works. Not having control is a feature, because if you have control then the malware you are tricked into installing from "ɡeτflrêfox.com" also has control.
You can see it in the Apple ecosystem with iOS vs. macOS. Macs and iPads are now almost the same hardware. (The M chips are just A chips on 'roids.) But Macs can run other OSes and you can "sudo root." That's because Macs are for pros.
Unless that latest chip is vastly superior to what we have today, almost nobody is going to care. Most people couldn't tell you which chip is in their computer right now. They don't even care what a processor is. They just want to be able to click on the little picture that makes facebook happen and they don't want to have to learn anything new to make that happen.
If every chip manufacturer refused, you're right that we'd be pretty safe, but the moment they can get just one chip manufacturer on board every OEM will buy those chips or go out of business. Intel was "evil inside" decades ago for a reason, so we knew how this was going to play out.
While the same CPUs are even fabbed in different locations around the world.
While also going undetected for years and while none of the engineers involved blows the whistle.
In short no, you can get away with a targeted attack but nothing so massive.
That's not always the case: https://www.softwarefreedom.org/blog/2012/jan/12/microsoft-c... "Disabling Secure [Boot] MUST NOT be possible on ARM systems."
The evil is that the "Trusted" in "Trusted Computing" and "Trusted Platform Module (TPM)" means that one deeply distrusts the user (who might tamper with the system), but instead the trust lies in the computing (trusted computing) or TPM. In other words: Trusted Computing and TPM means a disempowerment of the user.
The administrator of my network does not require multi-factor authentication for my logins.
That's probably because I am said administrator.
As for professional settings, if my employer wants me to use a surveillance device and/or an app on said device, they can provide that device to me.
As an alternative, I suppose I could use whatever subsidy is provided by my employer to purchase/use a separate device for such things.
If they choose not to do one of those thing, I guess I won't be logging in and will soon be working elsewhere.
Requiring me to use my personal equipment for work purposes is inappropriate IMHO, and I've yet to hear an argument (other than folks not wanting to carry multiple devices, which is a personal choice) that changes my mind about that.
I'd welcome anyone to make such an argument, mostly to discuss why it's inappropriate, but I'd certainly keep an open mind about it -- perhaps there's an angle(s) I haven't considered.
Sure Infineon can probably get my data, but that's far beyond the scope of my threat model.
As long as the system is open to putting your own keys on there I'm fine with it.
It's a solved problem in corporate environments.
> But it is a security risk to deploy such keys on local machines in the first place in many circumstances.
That's a massive stretch and no normal corporation agrees with that statement.
> No, I disagree.
Other people's threat models are not something you can disagree with.
> If you assume your system is compromised on that level your device encryption will be bypassed via the same channel.
Well not really, it's not a bypass. Continuous abuse of a compromised machine is significantly noisier than exfiltrating the keys needed and then abusing those. Plus you can't touch anything that would change TPM measurements, or you'll lock yourself out. It's much more cumbersome.
If you play video games, you probably have a couple of neat kernel rootkits installed as "anti cheat".
A lot of remote proctoring stuff for exams are looking a lot like rootkits too.
EDR/XDR is also just rootkits. For security. The only thing that can stop a bad guy with a rootkit is a good guy with a rootkit, after all.
iPhone users are safer from malware, PC users are safer from governments and Apple controlling what they can do on their computer.
Never-ending balance between safety and freedom.
The computer that requires a physical switch to disable secure boot is a good compromise (see many Chromebooks)
Why can't hardware vendors embrace standards-based open platforms like Global Platform [1].
[Edit] Google is also pushing Android Ready SE Alliance [2].
[1] https://globalplatform.org/
[2] https://security.googleblog.com/2021/03/announcing-android-r...
Sure, there are theoretical attacks on memory, but they are far less relevant for security than the penalties I have to accept with TPM being widely established.
Not that there aren't different means, but TPM also creates unique hashes of your system which only reinforces the problems around fingerprinting.
> It's the exact system that enables wireless payment and other strong security features on your phone.
Phones suck as computing devices on every conceivable metric and are heavily locked down devices. And it is not true that you need a TPM chip to create secure transfers. I constantly do business transaction on my PC just fine.
> The "you" that boots the device are in control, and the "you" that uses the device after that have exactly what "you" set up at boot time, neither more nor less. If both "you" are the same person, then there's no loss of control.
How is it orthogonal? Okay, we're not strictly speaking of only bootloader locking, but of boot-time-control locking.
Regarding Bonzi Buddy, I disagree. I think user data is as important, if not more important, than root access - which is why I'm dumbfounded when ancient server security features, like Linux's sudo system, are applied to the consumer device like a PC or a smartphone. These contexts are much better server by a sandboxing, permission-based whatever that seems to pick up steam, like the current permission systems on smartphones. Grandma's logins and bank data will be stolen from her own user account just the same as an admin account. Related XKCD[1]
This is a very handwavey sentence and is doing far too much work in your reasoning. Yes, you don't have control "over a great many things", because the point is so vague so as to be meaningless. But it doesn't at all follow from that vague sentence that we should allow total corporate/government control over our personal digital devices.
In this case, the proposed cure is far worse than the disease.
As long as software that uses the TPM cannot detect whether you tampered with the TPM or not, it is principally all right.
But as I wrote down: this is exactly the opposite of what trusted computing was invented for: make the machine trustable (for the companies that have control over the TPM/trusted computing), because the user is distrusted.
I'm definitely not on the "ban all crypto" side, but I see why the governments are in support of that, and for the longest time, strong crypto was (and still is?) classified as a munition; it's very powerful.
I say let them be. As long as they also have the freedom to remove or not install such software, it's a good thing. Instead we have locked-down devices with the functional equivalent of such unwanted software, protected so that you cannot remove it without somehow getting root.
"Those who give up freedom for security deserve neither."
People fought against that and actually won, 23 years ago: https://news.ycombinator.com/item?id=10106870
Unfortunately, that may have been the only victory, as they slowly started introducing a lot of other stuff silently under the guise of "security".
"not secure by design" nowadays comes close to being a coveted feature
Absolutely. As the saying goes, "insecurity is freedom".
With my reasoning I wanted to capture what people might think, while accepting something that they have no control of. I have a hard time with this, because I got a PC in my formative years and I loved to tinker with it, and hated, and still do, everything that stood in the way of that. But the general population doesn't share this experience. And if I look at my own life, I only have this experience with computers (and smartphones), all the other things are, even if not centrally managed, out of my control. At the first wrong noise I have to call an expert who hopefully fixes it and is hopefully benevolent to me, because I have no clue what happens to the device I own. Or even my own body, now that I think about it. And so, the PC and the phone is just in a long list of things that people depend on, but not control.
The addendum being here, and what most people miss who feel the way I described above, is that our ever-connected devices make a "paper trail" unprecendented in history. And it can be centrally managed, activated, replayed, assembled, or even more tracking could be remotely controlled to an extent[0] - and to an even larger extent with a specialized application[1]. This is where the otherwise similar level of "not being controlled" can lead to a much worse situation than ever before. And I wish I could point this out empathetically to people without sounding like a lunatic.
[0] https://money.cnn.com/2014/06/06/technology/security/nsa-tur...
Do they deserve to not be able to shop online without fear of having their payment information stolen? Or mistyping a URL in their non native language and ending up at a scam website that installs malware? Or simply having a device that comes to a crawl such that they cannot reliably video call their grandkids?
That was in the early 1500s. It was another couple hundred years before Europeans started colonizing and conquering those areas. By the time that started those populations were already reduced by around 90% from diseases that has spread across the continent from the Europeans on the east side.
Before those diseases wiped out so many natives no European colonists were able to survive in what is now the US and Canada without the approval and help of the natives. If the local natives didn't want a colony there, they removed it.
Yes, the colonists had guns and the natives then did not but the guns in those times weren't actually superior to bows and arrows. The guns might have better range, but their accuracy was much worse and they took longer to reload.
Before diseases that the colonists (unintentionally) brought greatly weakened the native tribes pretty much the only colonists that did OK were those that allied with a native tribe.
There were a bazillion tribes, and there was a lot of conflict between them including warfare. Some smaller tribes that were losing their wars with bigger tribes allied with some of the colonies to try to get help against the bigger tribes. Those were the colonies that were allowed the stay and thrive.
For a great look at what life was like in the New World before Europe became widely aware of it, and what happened afterwards the book "1491: New Revelations of the Americas Before Columbus" by Charles C Mann is quite good.
That's true, barely, only if you equate "software" with "things that draw stuff presented on a display to a user". Regular non-tech-geeks are using open source software (in the real sense, meaning instructions given to a computer to make it do something) pervasively, everywhere, every day, on all their devices (yes, even the Apple ones, but especially all the devices they use that aren't in their pockets).
Open source certainly isn't a failure, it literally won the war.
Where are the text books in California that teach math using Biblical stories and imagery? Obviously California burned all those books if we accept the argument being put forth with Florida.
As far as hn being contrarian, the only thing I see hn being consistently contrarian on is crypto. Any other examples?
Outside of corporate IT, what if Microsoft uses this remote attestation to enforce binding non-corporate PCs to a Microsoft account. Some don't have a problem exposing everything to Microsoft's cloud, but Pluto sounds like it could be used to enforce this on a hardware level.
If computing devices without bondage to a cloud service are impossible, Windows has no more value proposition for me for personal computing. I'm going to stick with Apple, because at least Apple allows me to turn it all off, off seems to mean off on at least Apple iPhones/iPads (I don't have to check hundreds of weirdly named services, policy settings, scheduled tasks that are all on for some reason), and settings don't seem to randomly sneak on between updates.
Think about how many devices in a typical users home are incompatible for business reasons - for example that Chromecast that refuses to play Amazon prime movies. Or the iPhone charger cable that won't fit into an android. Users just live with it.
"My weird laptop doesn't support the school WiFi" is the same.
Anyone who calls something secure without publishing the spec is just selling you a bridge.
Also also, his "rape" remarks have been mischaracterized but also came pretty late in the game, and had nothing to with with Linux's alleged lack of impact. Linux existed and was successfully deployed decades before any of these remarks.
I really expect better from comments on HN. This is tabloid level.
I would rather argue that it converges to "you become more and more morally obliged to learn about hacking (and perhaps become a less and less law-abiding citizen) if you buy a computer and use it".
Keep in mind that now many of the people who post on HN earn a lot of money by working a company for which it is part of the business model to track users and collect data about them (officially for advertisement purposes).
You're thinking of SGX enclaves not TPM.
> TPM also creates unique hashes of your system
It doesn't. Your system creates hashes and appends to lists signed by TPM. And the point of those hashes is to be not unique, but verifiability matching known values.
Remote Attestation establishes a root of trust that can be used to verify that all of the software down the line is "approved":
- You won't be able to browse sites or use apps with ads unless you run a 'trusted' device, OS and browser that does not block ads.
- You won't be able to browse sites with captchas unless you run a 'trusted' device, OS and browser that does not allow bots to interact with the browser.
- You won't be able to run Netflix unless you run a 'trusted' device, OS and browser so that you can't record the content.
- You won't be able to play online games unless, again, you run a 'trusted' device and OS so that you cannot cheat, or more importantly modify it in any way (why would you purchase skins if you can mod them in?).
- You won't be able to use online banking unless you use a trusted OS because banks.
Remote Attestation is pretty terrifying and it will be here soon unless it is regulated out of existence, which is unlikely.
Most "car people" would agree that changing the oil in your car is super easy. To me, it is not easy. It's not something I'm willing to do, even though I know the steps of how to do it. I just don't know what I don't know. When I have my oil changed, the mechanic tells me what I should be concerned about. He tells me what upcoming work I need to have done, how much it will cost, and what could happen if I don't do it. He has experience, expertise, and specialized tools. He had knowledge gathered over years to be highly proficient in his profession.
I could do those things. I could read, and listen, and learn. I could be under my car every day learning new things about how to install this, or replace that. But I don't really have the drive or inclination to do so. I'd rather leave it to the pro. I also have the added novice-worry of screwing something up, and hurting myself or others as a result. I don't want that kind of pressure. I don't want my car breaking down while doing some long journey - I just want it to run when I need it to run, without any scary warning lights coming up on my dashboard.
To bring the analogy back to computers, I still know people - people in their 20's or 30's - who do not know how to copy and paste with keyboard shortcuts. I will sit there and see them highlight, right-click, click copy, move their cursor, left-click, right-click, choose paste. I'll tell them how much time they could save if they "just did ..." and get a basic "Yeah...I just don't really care though, ya know? This works." The thing is, there is no investment on their part to want or need to do that more efficiently. They get by well enough with not bothering.
They could get super into computers, and learn something as "technical" as `git clone https: //github.com/some/repo` and follow the process to configure and run a script. They could learn to do those things. But they don't really have that time to invest in it, or don't have that passion for it, or have a professional investment in needing to do it.
They want it to work. They want to not get hacked. They want to not have to think about computers at all. Computers are the interface to do "the thing" more easily. And if the computer breaks? They want it fixed so it won't happen again. The computer "does the internet thing". And I can respect that because they focus their energy into knowledge into other topics that I don't have a clue about, the same way I don't have a clue about cars, even if I know oil changes are "easy".
Normies should be eating our table scraps, not dictating how the software is written.
Normies learned how to drive a car. They can learn how to properly compute. And if they don't like the tech, they don't have to use the tech.
OSS is the last bastion of computing for people who know/like computing, because the armies of "designers" aren't selfless enough to donate their time like programmers are. And frankly it is better off that way, the prevailing trends in design seem to be all about limiting options.
Hard, powerful software over push-button appliances any day.
And, to use the car analogy, BMW gets away with this approach just fine.
https://daringfireball.net/2019/09/richard_stallmans_disgrac...
People have become aware and angry that tech monopolies are exploitative. The winning strategy will involve focusing this fuzzy, ambient anger at a concrete target.
Once Pluton outs itself as an exercise in naked monopolistic power covered by a fig leaf of security -- and it will, as all hustles must eventually involve monetization -- the bad optics will be our opportunity to act. Any strategy on our side that involves putting down TikTok is doomed to failure, but if we put the bad optics in front of people, make the connection, and get them to briefly agree "yeeah, f** the monopolies! F** Pluton!" then a political solution becomes possible. Not easy, but possible.
It's a pity that this dialog has to be so reactive and simplistic, but communication at scale cannot function any other way.
I absolutely don’t want my internet connected pet cam to be accessed remotely (outside the set of companies i’ve decided to trust, namely the manufacturer.)
Protection against hardware tempering is less good and probably mostly anti-consumer. The most legitimate cases I’ve heard:
- Protection from (some) supply chain attacks
- Leasing models. Where you acquire the item for less than it’s hardware cost and pay over time.
But honestly I’m not convinced of either.
Disclosure: I worked on Azure Sphere, the first place Pluton was developed outside Xbox.
Edit: I’ve read the whole article now. These scenarios are really bad and really realistic. Pluton is bad.
If you were to approach a non-tech person and ask them how many open source apps they use on a daily basis, they would probably say "none", even if it's not the case.
The TVs are hardwired, it’d be trivial to have an accomplice show answers or whatever on them.
There are cheats out there that use video captured by capture cards as input for an AI on a separate computer to actually play the game like a human would. Once that becomes widespread there is no way to stop it, save from banning capture cards entirely.
You really wanna be scared? Go look at the multiple comments on the EU DMA announcement complaining that having a sideloading option is just a ploy for malware vendors to get into their iPhones. Or that someone else being able to sideload or jailbreak somehow hurts their security. These are coming from actual HN users!
And you can pretty much guarantee that ~50% of the population will always consider that statement true, no matter the government of the day.
Before you say, "well, they're the government, why don't they just compromise the secure boot CA"; the problem is that cryptographic signatures create evidence. If someone finds your boot sector malware you don't want it to be attributable - but signatures from an already-trusted entity create exactly the kind of paper trail you'd rather avoid. If Microsoft signs a boot sector virus, then it's obviously a US government cyberweapon, and any companies that find it in their systems will start suing. In this particular context, secure boot is a policy of "no execution without attribution".
[0] Which nowadays can even be done in a browser. Modern browsers actually have to have throttling and CPU usage limits because of this.
I also think when RMS made his more salient and prescient points, most people weren't familiar with him personally, just with his remarks. The world was less connected back then. So his personality flaws really didn't make a huge impact (nor should they have).
The great majority of people don't know or understand the difference between single click and double click. This baffled me the first time I found out. Age or education don't matter.
If you dig a little deeper you discover that most people think double-click is a kind of equivalent of "clicking louder". As if sometimes, for some reason, the computer becomes hard-of-hearing. It's both a little sad and quite funny.
And no, it's not smartphones' faults. Most people just don't "get" desktop OS paradigms, or how web pages work, or any of that, and they don't really care to.
Updating the Upton Sinclair quote without the gender bias; it’s difficult getting a person to understand something when their investment portfolio valuation depends on them not understanding it.
Who are they if they’re not what they are now?
When you all stop posting on corporate forums and working their jobs, shopping their stores, I’ll take you all sincerely and seriously.
In order to deal with it, I had to create a subnet with a router, use an old laptop to do the verification, and then the whole subnet was added to the allow-list.
> "not secure by design" nowadays comes close to being a coveted feature
That's a huge market opportunity. I would buy "insecure" products over secure ones every time.
As far as scripts for it, this thread has some sage advice:
https://www.reddit.com/r/privacy/comments/n3v0s5/disable_win...
The tools to disable telemetry and bloat:
https://github.com/irmatade/sharpapp https://www.oo-software.com/fr/shutup10 https://github.com/Sycnex/Windows10Debloater
MSFT doc on what all telemetry is gathered, and what is considered "required" telemetry (although they give you enough info to block it at the router):
https://docs.microsoft.com/en-us/windows/privacy/configure-w...
I do like Win10 as an OS. On the whole I'd say the Satya era of MSFT is a mixed bag, but better on the whole than it was before.
Smart people are a surprisingly small minority.
"No one in this world, so far as I know ... has ever lost money by underestimating the intelligence of the great masses of the plain people." - H. L. Mencken
I know plenty of people, myself included, who lost money overestimating peoples intelligence.
The real problem is continued deference to old ownership memes; that a minority must be empowered due to past contract none of us were even alive to see signed. How do we know in real terms the truth given a past we can never experience?
Historical trends are one thing; that Bezos specifically is that special is another. This is the first period in history where the elders could hold power this long. It’s tacit ageism and everyone is too scared to say that to old people who would collapse in shock at the slightest whiff of real pushback, they’re so used to being coddled; they’re hardly a real threat.
Start telling your elders their past success does not give them ownership of the future.
The absolute worst thing we could do is go to Apple or anyone else and say "You need to use this x or y, because someone else does". That isn't going to breed innovation, ever.
Do I wish Apple used USB-C on phones? Definitely. Does it actually change anything for me day to day except I need a specfic cable if my phone runs dead? Not really because my chances aren't a ton better running into a USB-C on demand. I want Apple to. I would buy an Apple phone with it if given the option. I would never sign-on to force Apple to do it.
Everything nice that they offer eventually gets changed or taken away.
Yes, I'm bitter. We could have a much better world, one that actually empowers anyone willing to step up to the plate, but instead we grab all the low-hanging fruit so we can make them smile and step on workers' rights to deliver them burritos, instead.
A happy cohort is an obedient cohort, amiright?
A big chunk (I don't know the real number, but it's closer to 50% than 10%) of customer vm's on Azure are running Linux.
All this to say, MSFT is highly invested in the Linux ecosystem. They would be shooting themselves in the foot to try and kill it off at this point.
Exactly! We saw precisely this thing with cell phone chargers. Not enough people recognize this.
A healthy dose of market realism is in order - if the market doesn't deliver what people want, it's not the market, it's the people who are wrong.
So the real market is for the very smart people and that’s an even smaller minority.
I built super advanced tech but was intentionally screwed over by my large corporate customers, just because they could, so I quit the industry and that super advanced tech doesn’t exist anymore. Unfortunately a lot of really cool things will live and die with me. I’ve fought the good fight and failed.
We can lament that people are not smarter but there isn’t anything we can do about it.
"Validity" for a device can mean many things (latest patches, is running anti-virus software, among other things).
A general user probably doesn't need to attest to these things. I would argue that anyone trying to access a corporate or some other organization's network SHOULD be required to attest to these things given the cyber threat landscape. The caveat: those same entities should provide or heavily subsidize the platforms they require (work computers). It's their IP at risk. I'm not so naive to think they would actually do this with BYOD initiatives, unfortunately.
For personal users on personal devices, I agree this might go too far (but some principles like MFA are best practices).
But there's nothing wrong with teaching students how they can use math to understand social problems and complex real-world issues. Math is a great tool for thinking about things like income inequality, climate change and economics.
As a regular user, most of that list doesn't sound too bad. Their future devices will automatically have these features enabled, they're not likely to change those settings to "break" their device (from the perspective of Trusted Computing) so they'll have a smooth experience getting into it.
- Can't block ads? A lot of average users already don't/don't know how, but this one would probably would affect a lot of people. Probably a bad thing no matter how you slice it.
- They'll have a better experience online as they won't be interrupted with captchas. Wouldn't you prefer if you never experienced captchas and logins were smoother and easier? So a wash to a positive for an average user.
- This makes it an easier deal for streaming services to let you cache their DRM'd content offline and makes the deals they have to cut with media companies potentially cheaper. Once again they're probably buying off the shelf computing devices which will probably work seamlessly with these restrictions, so they either won't notice anything or potentially get more features than they have now with those services they're already using. I'm not necessarily a fan of DRM but the market has largely spoken, people prefer streaming rather than actually owning the media.
- Fewer cheaters in online games sure sounds like a positive to me.
- My bank account online is more secure? This is a bad thing?
Learning is hard, it makes people uncomfortable, sadly. Which means that the easy road is to stoop to their level, which is what we're seeing.
It sucks that you got screwed by large corporations, and I don't know the story, but that sounds more like standard business fuckery than "software for smart people"?
Removing something from a curriculum is not the same as banning it. There are many more books that are not in school libraries than there are books that are in them.
Chip manufacturers could even decide that nothing good happens on open source operating systems, so you're now only allowed to run Mac or Windows operating systems.
The point is really that they're taking full ownership of the chips from you.
[0] When It Comes to Banning Books, Both Right and Left Are Guilty | Opinion: https://www.newsweek.com/when-it-comes-banning-books-both-ri...
Particularly now that heterogeneous computing is making it big, video decoding can easily just be made not to work unless this tech stack okays it--regardless of the OS.
This chip could all out disable other operating systems if they don't provide the spyware telemetry that Microsoft requires.
But, imagine that a school adopts the DRM processes described in the article and requires this study level of control even on personal devices that are used for school. Suddenly those book bans can be enforced digitally by the school and will totally cut off access to certain books that the school chooses.
You might say that it's within the school's rights to do this for a device that is used for school and if you don't like it then use a different device. Now that's a system where there is a class-divide on the information that one is physically able to consume on their devices.
You might think Mein Kampf is ban-worthy, but the whole point is actually that you should not ban any book at all, because once you start banning books it becomes far too easy for more books to be banned. All it will take is one regime change in a school district's PTA for new books, that you maybe think should not be banned, to be added to the list.
It's worth considering the most banned books in America. His Dark Materials. A fantastic young adult fantasy novel that pokes harder at religion than some Christians can bear.
[0] When It Comes to Banning Books, Both Right and Left Are Guilty | Opinion: https://www.newsweek.com/when-it-comes-banning-books-both-ri...
But even so, that doesn't seem informative. Ask any user how many "Qualcomm apps" they use, or "Meta apps", or "Intel apps". No one knows where this stuff comes from. They buy a phone with a label on the box and then download stuff from an app store.
That's not a statement about how the software is produced, it's just how the market presents products to consumers. People don't know where the gas that goes into their cars comes from either, but that's not an argument that petroleum distillation technology is a failure.
The government is probably part of the driving factor in building this system.
The government probably doesn't want Wikileaks type material to be rendered. There are _so_ many ways the government likely wants to abuse this.
Certainly the businesses were not as smart as they thought they were, which is a common problem. But they indeed have very hard valuable problems and basically everyone involved was much smarter than the average person. Just not smart enough to know their own limitations and accept outside help.
Disabling other operating systems would be done by the BIOS if manufacturers locked down the configuration of existing secure boot functionality, doesn't need any new features.
At a past job, we used Entrust [0] and I'm aware of Virtru [1] as well.
Edit: I forgot about Sharepoint, which also sort-of fills the ACL document-sharing niche. (though I'm less certain about whether it uses encryption to enforce its access policies)
What if you government's tax service requires such proof? Or bank? I cannot count how many machines I booted on Linux to rescue a hard drive, or image it, or wipe it, or just to install linux on them. All those devices, boom, paperweight for regular personal use.
I hate it so much that Microsoft is alone in this. It's not because it's M$, it's because they're alone on it.
* SMM has been part of x86 for decades. The Secured Core requirements around SMM actually reduce its power.
* The claimed requirement to remove the third party UEFI CA certificate from 2022 Secured Core PCs is entirely unrelated to Pluton (it's required regardless of whether Pluton is enabled or not, and even whether the CPU has Pluton or not)
* Most of the description of Pluton is actually a description of a TPM. You don't need DICE for remote attestation. TPMs are already a hardware keystore.
* System firmware is already being updated via Windows Update. The discussion about Pluton and Windows Update is around Pluton getting firmware updates that way (the existing story around firmware updates for TPMs is largely not good)
* Existing TPM-based remote attestation already includes the secure boot state
The short version: everything that the article is worried about being enabled by Pluton is already possible, and has been for years.
But there's a meaningful point here. Remote attestation can certainly be used to restrict access to resources in ways that are incompatible with general purpose computing, or which reduce user choice. Remote attestation can also be used to give end users confidence that their machine is in a good state without constraining what they do with it. As a technology, remote attestation can be used in both good and bad ways. We do need to keep track of whether anyone is threatening to use it in bad ways and react appropriately.
(But tbh remote attestation as an attack on general purpose computing isn't the really scary thing about widespread remote attestation. Remote attestation ties back to the TPM's endorsement key, an immutable cryptographic key certified by the TPM vendor at manufacturing time. The straightforward implementation of allowing arbitrary remote sites to trigger remote attestation would tie all of these accesses back to a single piece of hardware, and would be a privacy nightmare.)
Yep, one state decided to do something about this divisive indoctrination of kids and the peddlers of that stuff obviously don't like it, hence the "banning (math) books" stories. If you actually read into this you quicky realize that someone is clearly lying and (this time) it's not the Republicans.
At that same time, Microsoft started using your HDD serial as an identifier. Nowadays there are unique identifiers in most of your hardware, including the north bridge of your motherboard and the TPM that windows now requires.
Also, mobile devices got all kinds of unique identifiers from day 0.
Any such bans will always take the path of least resistance to cover the largest possible population with the easiest means. Pareto Style. And I care much more about those 80% of people having access over maintaining my own. Because ultimately, those people will set cultural standards of the future, not some technologist with their fully libre laptop.
And those attacks are, as of now, not that sophisticated or blatantly censoring. An overwhelming majority already do their computing on locked down devices (running iOS, Android and ChromeOS) and the big censorship wave hasn't hit them. Every half decade or so Amazon removes a book from Kindle as a side effect of capitalism and copyright and there's a huge HN thread mistaking it for deliberate censorship, but overall it really doesn't matter.
Also, let's be completely clear that DeSantis didn't ban math books. This was an attack on ideologically inconvenient books, mostly queer literature. It's part of the push to label us as "groomers" for merely existing around underage people that has caused a spike in violence and mistrust directed towards trans people. Once our rights are sufficiently eroded, they'll go after the gays again, and after that, maybe, we'll have progressed on the fascist cataclysmic us versus them rhetoric to revive blatant antisemitism. Or racism. Who knows. But safeguarding the high end bit of tech that is not even mainstream anymore wouldn't help society out of this and being concerned for it is a very individualistic choice.
> The claimed requirement to remove the third party UEFI CA certificate from 2022 Secured Core PCs is entirely unrelated to Pluton (it's required regardless of whether Pluton is enabled or not, and even whether the CPU has Pluton or not)
Pluton is de-facto a Secured Core PC implementation, and Secure Core PCs are also making this change. Thus it effects both Pluton and Secured Core, but the new requirement does not effect non-Pluton and non-Secure-Core systems. Because Secured-Core PCs are currently niche and will no longer exist once Pluton is broadly adopted, Pluton will be the first appearance of this change for the vast majority of users.
If I'm selling a 12th Gen Intel system right now, I can keep the 3rd-party UEFI certificate enabled. If I am selling a 12th Gen Secure Core PC, then this year I must disable that certificate, but my non-Secured-Core PCs can again keep it open. When Pluton arrives, that door must be shut.
You can verify this with Microsoft's Secured Core PC documentation:
https://docs.microsoft.com/en-us/windows-hardware/design/dev...
> Most of the description of Pluton is actually a description of a TPM. You don't need DICE for remote attestation. TPMs are already a hardware keystore.
To an extent. The original TPM is very finicky as documented by the comments on this post and elsewhere - even changing a RAM stick could invalidate the TPM's assertion. For this reason, the TPM was very unideal for DRM due to it's all-or-nothing approach, which Microsoft Pluton does not make the mistake of repeating, allowing for much more granular security that makes it much more easily applied. The second reason why Pluton is much more dangerous is that the TPM could be easily virtualized or hacked over the bus rendering DRM use-cases quite broken, whereas Pluton supports neither weakness, making its DRM potential (again) much more potent. Finally, using DICE, unlike a TPM, the Pluton is explicitly designed to give a computer a permanent identity that can never be erased, which (again) TPM does not guarantee.
Useful HN comment explaining: https://news.ycombinator.com/item?id=25193346
That's actually the big reason why the Remote Assertion is an important point here. The TPM version of it was almost unusable outside of very niche business applications and BitLocker, while with DICE, the Pluton is far more potent. (After all, if TPM worked fine on it's own, why does DICE even exist?)
I think the last point to further back this view I will also add is these comments from a Microsoft employee on the subject.
https://lobste.rs/s/fdguww/dangers_microsoft_pluton#c_tdlo1r
> System firmware is already being updated via Windows Update. The discussion about Pluton and Windows Update is around Pluton getting firmware updates that way (the existing story around firmware updates for TPMs is largely not good)
Microsoft themselves states in Pluton's announcement that Pluton will hardware-integrate with Windows Update for various system firmware, through their "chip-to-cloud" security initiative. To quote them:
"One of the other major security problems solved by Pluton is keeping the system firmware up to date across the entire PC ecosystem. Today customers receive updates to their security firmware from a variety of different sources than can be difficult to manage, resulting in widespread patching issues. Pluton provides a flexible, updateable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft. Pluton for Windows computers will be integrated with the Windows Update process in the same way that the Azure Sphere Security Service connects to IoT devices."
This is a little frustratingly vague and thus part of the reason why Pluton requires some speculation. Judging by the reference to "different sources that are difficult to manage", it appears you don't update Pluton, Pluton updates you. Pluton has an active role in your system's security, whereas TPM was only passive.
I'm sure there will be developer options for this too. After all, Microsoft is not going to make all the software themselves.
But they could restrict this too. For a lot of platforms you now have to sign up for a developer account and license agreement. Like on iOS, Oculus Quest..
The managers who want remote attestation aren't the people implementing it. They either pay someone else to do it, or they pay someone else to do it. The difference between paying a third-party company and an employee is that employees are more expensive, because the costs aren't amortized over other customers who want the same stuff. Why would they be more trustworthy? Why would they be better at it? Why would it be any less likely to be hacked if you did it at your company than if you outsourced it?
No, it's not. You can deploy Pluton without having to implement the Secured Core PC spec.
> Microsoft Pluton does not make the mistake of repeating,
No, seriously, the only remote attestation supported by Pluton on x86 at present is literally this TPM-based remote attestation. There's no meaningful fragility here - remote attestation means you can look at the individual log events rather than just looking at the composite PCR values, and that lets you ignore the noise created by things like hardware configuration changes. I have helped build and deploy infrastructure that makes use of remote attestation to validate secure boot state.
> the TPM could be easily virtualized
No, because the EK certificate won't chain back to a trusted CA>
> hacked over the bus
True in some cases, but already mitigated on all systems that are using fTPMs (ie, most Windows 11 systems).
> the Pluton is explicitly designed to give a computer a permanent identity that can never be erased, which (again) TPM does not guarantee.
TPM does, in fact, guarantee that. The endorsement key is static over the lifetime of the TPM.
> why does DICE even exist
DICE provides a set of features that don't require the functionality of a full TPM. This allows you to implement things like device identity attestation in a standardised way that works for both hardware with a full TPM and also IoT devices where a TPM would be too expensive.
> Today customers receive updates to their security firmware from a variety of different sources
Look at the diagram immediately above that quote. They're talking about the firmware that runs on Pluton, not the firmware executed by the main CPU.
Again, you're raising a legitimate issue (remote attestation can be used for bad things), but you're burying it under a bunch of misconceptions and just flat out inaccuracies. I agree that we should be worried about widespread use of remote attestation, both from a "War on general purpose computing" perspective and a privacy perspective. But literally everything you're legitimately worried about happening could happen right now. Framing this as something that's tied to Pluton risks giving people the impression that they can avoid it by just not buying anything with Pluton, and that's simply untrue.
Do you know what Critical Race Theory actually is, and where it's taught?
Just within the last century it was illegal to send a copy of Ulyesses or The Canturbury Tales through US mail.
> My bank account online is more secure?
Sincerely, why? Because I can't customize my own software anymore? Fortunately banks around here don't require SafetyNet, some of them do require a mobile device though.
The prerequisite for this to happen is that the school removes all physical editions of the books and has digital editions for all content, and a lending program for the books that is sufficient to satisfy publishers... and all students have digital book readers able to access the school library.
I don't see this happening in the near (or even within the decade) future. There is far too much content that is physical only, publishers haven't embraced digital editions for libraries, school libraries don't have the technical resources (physical or in many cases human) to convert their collections to digital.
The hypothetical school book ban for digital editions is needlessly alarmist.
When those resources are available to schools, then yes - lets talk about it... though the school banning books will continue to mean "that resource isn't in our collection" and a student can go to another library (or in many cases book store) and get a copy of that book for themselves. This is no different than today.
This one makes no sense. Wouldn't 99.9% of power supply glitches be some sort of accident, and something that the end user probably doesn't want?
It doesn't seem to me like you are willing to believe that both sides could be over stepping here, but I personally am sure of it.
I may update the article to reflect this, I will look into that further. So far the few Pluton systems available all seem to also implement Secured Core, however, as more systems become available perhaps that will change...? I am OK with being wrong here and openly admit that there may be inaccuracies and speculation due to the limited public information and limited number of systems and configurations with Pluton so far.
I'm not quite at the point of agreement yet, mainly because your argument leaves Pluton's addition and functionality almost redundant and inexplicable. From your perspective, almost everything the Pluton is capable of is also possible with a TPM. However, this does not make sense to me, as why implement the Pluton if an fTPM is fully capable of everything the Pluton can do? Why can't an fTPM just be updated with CPU microcode which Windows Update already can handle? What is the point of SHACK then if TPM is fully capable of handling keys already? Why would Microsoft make a grand announcement about how this allows for "chip-to-cloud" security with Project Cerberus and all that, if nothing actually changes almost at all?
Also, can you explain how this checks out with Microsoft RIoT?
Manufacturers sell Linux workstations designed for power users and developers. UEFI/TPM, and now Pluton won't be a stumbling block for that as it hasn't been so far.
Dell is the biggest seller of pre-installed Linux desktop machines, and they are all billed as Workstations for power users or developers. Their home machines only have as an option Windows or ChromeOS. (Count that as Linux if you like, but I wouldn't...)
Why? Being more price competitive by bundling a free or cheap OS is not worth it in scaling up their support for a new OS. That's your stumbling block to better Linux desktop adoption, in my opinion.
Causing issues with remote attestation are probably more a side effect of just not caring about other OS's, rather than some sinister plot to sink Linux on the desktop.
Ibram X. Kendi, in his book “How to Be an Antiracist” states, “The only remedy to racist discrimination is antiracist discrimination. The only remedy to past discrimination is present discrimination. The only remedy to present discrimination is future discrimination.”
The whole movement is predicated, explicitly, on instilling hatred and animosity on some out-group, it's a viscous ideology masquerading as compassion.
If the market really cared about being able to run whatever software you wanted, nobody would be buying iPhones. Fire TV sticks and Rokus wouldn't move any products. Playstations, Xboxes, and Nintendo Switches would be crushed under the massive marketshare of Mister devices and Steam PCs. One quick look at reality shows this isn't the case.
I think you're massively overestimating the market size of people who actually care.
Note that I'm not making any moral argument here, I'm not saying whether these things are good or bad. Personally as someone who likes to tinker and has been bitten several times by DRM and the likes, I'm not too much of a fan. As someone who has to try and ensure compliance on devices, its a godsend. But at the same time I know lots of people who buy Xboxes and Playstations because there's less cheating that happen on that platform. I know lots of people who buy iPhones and iPads because they know the odds of accidentally getting malware on it is very low compared to alternatives. To them, locked down hardware is a selling point.
I don't like having to lock my bike, its a huge pain. But at the same time there's tons of people here arguing locks shouldn't exist. Trusted computing, in the right context, is a good thing. Being able to lock your door is good! Being able to assure your device is what you say it is is good! I definitely agree there are potential dystopian futures with this technology, but that's true of any truly revolutionary technology. Wheels move carts of grain and help tanks roll. Being able to break dinitrogen into more usable sources gives us cheap fertilizer and explosives.
PSP and ME firmware isn't part of the CPU microcode. There's no fundamental reason why the updates couldn't be provided via Windows Update, but that would require Intel and AMD to choose to do so. There's frequently fairly tight binding between ME/PSP firmware and the system firmware, so it may well be the case that the vendors simply don't feel comfortable providing updates without board vendors having validated that first. The ME and PSP also offer significantly larger attack surfaces than Pluton does, so there are legitimate concerns over whether they can offer the same level of security assertion.
TPMs normally sequester keys to themselves, but the spec doesn't say anything about how that's handled - the keys could be in a separate hardware block that's isolated from the rest of the TPM, or they could be just living in RAM on the TPM. In the latter case, any vulnerability in the TPM firmware would potentially allow the keys to be exfiltrated. SHACK is intended to provide a higher degree of isolation, such that even if the Pluton firmware is compromised the keys will still be inaccessible to an attacker.
I'm not quite sure what you mean with respect to RIoT. Devices that make use of RIoT aren't intended to be general purpose computing devices.
1. This would require that Intel and AMD find it less intrusive to build an entire additional SoC into their processors, on whatever node necessary, than to package their software for Windows Update. Also, it leaves out the question, why couldn't Microsoft have required that AMD and Intel just implement a TPM outside of the PSP/ME with similar hardware protections? Intel would have vastly preferred that, as then they could have just marketed it as part of their vPro solution.
2. For RIoT, it was reported by IEEE in their report that the Pluton does implement RIoT, and this report was endorsed by the Vice President of OS Security at Microsoft as the best write-up so far just yesterday (see https://twitter.com/dwizzzleMSFT/status/1551594590087438336). So there is more to the story than you believe on this subject. Unless the Vice President of OS Security at Microsoft who actually worked on Pluton is incorrect, Pluton does have RIoT.
I will dare quote a fair-use bit of the paywalled report:
"Pluton also implements the device identifier composition engine (DICE) specification, as defined by the TCG, along with the Robust Internet of Things (RIoT) specification, as defined by Microsoft, to achieve DICE+RIoT. Using this technology, a device cannot masquerade its boot path; more simply, it provides a strong method for attesting to a device’s current state and status (e.g., patch version, firmware version, etc.). It is important that this is implemented in hardware, rather than firmware, because the hardware which performs the initial measurements and checks on power-on cannot be modified by an attacker. Relying on device attestation rooted in firmware or software is dangerous because if the initial stages of the boot process are compromised then the entire boot process can be falsified and a bogus attestation can be produced. While Microsoft intends for this technology to be compatible with their Azure Attestation service, since it is built using open standards it can be leveraged by any attestation service, which supports DICE+RIoT."
Edit: On that note, I have added an update to the blog post noting this conversation and that while I am not fully convinced of your points, it is also worth reading.
Edit 2: On a third note, I doubt that Microsoft intends "Secured Core" to be a thing that just sticks around forever. Even though this is just speculation, I find it hard to believe Microsoft would not one day make Secured Core or parts thereof (say, everything except the Thunderbolt protection) mandatory. That is yet another possibility, that "Secured Core" become more and more similar to mainline Windows over time. They may have already to OEMs, but I will admit there is no way to prove one way or the other.
Can you explain what you mean by this? As far as I am aware, an application (aka "app") is a piece of software.
---
I think Microsoft feels threatened at this point about Linux becoming more popular on PCs; what with hardware like the Steam Deck. Can't have Linux dominate the PC platform if you forcefully bind all hardware to the Windows ecosystem. Imagine if back in the day Microsoft used their dominance to block out all competing software on PCs but their own.
---
I can see a dystopian future where Government can enforce code/file signing with technologies like this (DRM), so that you can never again have an open computing platform; you could only ever use code or view files approved by the State, and if you try to write code or create content, it won't work period unless it is first approved by the State. (such as with an AI scanning tool to detect and block "wrong-think" or "dangerous functionality" (i.e. dissent or otherwise that threatens the powers that be))
I think we're just discussing different things here then. I'm specifically talking about whether this is good or bad for the future of society. Most people buy whatever is most convenient at the time, which is fair and everyone has done this at some point, but it may or may not the best for society.
> I know lots of people who buy iPhones and iPads because they know the odds of accidentally getting malware on it is very low compared to alternatives. To them, locked down hardware is a selling point.
It may be a bubble, but of all the iPhone users I know, I don't think any of them has bought it for that reason. Most here buy them for either being simpler to use, lasting longer, or status. Of all the Android users I know, I don't know any that has knowingly got any kind of malware, and that includes people with very old phones.
The usual rebuttal is "Well, yeah, things are fine NOW, but they're moving the chess pieces into place to do these things LATER". Yawn. I have heard this for 20+ years. See you in another 20...
Pluton can be used in different contexts, and it can certainly be used in more IoT focused scenarios. UEFI doesn't really integrate with the DICE case terribly well (I'm dealing with DICE at the moment professionally, because I've made some poor choices in life), so I don't imagine it'll be relevant in the general purpose computing segment.
When "the left" has opposed books they try to use social pressure to get book settlers to voluntarily not stock those books. The right is currently using state power to prevent the teaching of certain books, their presence in public libraries, and are even suing to make private sales of certain books a crime in Virginia.
At least in Europe, it is not even bank's initiative, it is from above them. They've got PSD2 directive to implement. And when they all have to implement it, is kind of difficult to vote with your wallet.
Was it voted so high it triggered some bot detection? That would only explain the former, not the latter. Either way, there's something funny going on.
As a developer of a banking app, I do my best to avoid implementing this user-hostile crap, but not all developers are empowered to say "no" to this requirement and not all care. There is zero benefit to the user to block them from using your services, and I would argue the net benefit is negative to the service. Users aren't hacked via privilege escalation exploits, they are hacked by phishing, and they can be phished on a SafetyNet-compliant device just fine.
Then why is everything on the consumer side becoming more closed?
The reality is that proprietary just moved to the cloud in the form of SaaS-as-DRM and we-own-your-data. Open source runs everything, but few things are open. The availability of the source for components of the stuff they use is irrelevant to 99% of users.
> Apparently no one told him that the stack of books in the photo included one banned in the state he leads, To Kill a Mockingbird, which was banned from California schools on the grounds that it contained racism.
Clear cut, right? Nope, here’s what their own linked article says:
> Schools in Burbank will no longer be able to teach a handful of classic novels, including Harper Lee's To Kill a Mockingbird, following concerns raised by parents over racism.
> Until further notice, teachers in the area will not be able to include on their curriculum Harper Lee's To Kill a Mockingbird, Mark Twain's The Adventures of Huckleberry Finn, John Steinbeck's Of Mice and Men, Theodore Taylor's The Cay and Mildred D. Taylor's Roll of Thunder, Hear My Cry.
The actual memo makes it sound like they’ll likely move these to the supplemental list and add some black authors: https://www.burbankusd.org/cms/lib/CA50000426/Centricity/Dom...
This is how the false-equivalence machine works. A single school district is expanded to an entire state (15k students isn’t nothing but it doesn’t represent many of the ~6M students in the state) and is presented as the equivalent of multiple state-wide attempts to remove books from schools & libraries, and again ignoring the difference between removing something from the curriculum with the goal of exclusion versus inclusion.
The urge to censor isn’t unique to right-wing politics but since they’re the ones pushing the most aggressively and successfully, I attributed more of it to the people causing the lion’s share of the harm.
Truly, there are days I feel like Oedipus had a good idea. Tired of reading the rampant industry gaslighting around what our current crop of engineering talent is whipping up for the up-and-comings to be subjected to.
everything that the article is worried about being enabled by Pluton is already possible, and has been for years.
There's a HUGE difference between "possible" and "very easy to deploy". https://news.ycombinator.com/item?id=29859106
Even if all of the harassment claims are the social awkwardness his defenders claim, turning off that many people is a terrible way to build a movement. Maybe we say many open source developers are willing to overlook that, and there aren’t many developers deterred (citation needed, but let’s ignore that for now), but that’s still a problem if it means that reporters and people who are not developers say “this guy’s a weirdo” and that leads to skepticism or simply not investing energy promoting those ideas.
That means in three years, every supported PC will have TPM 2.0. Within ~1 year, assuming that Intel and AMD fulfill what they've implied in the launch announcement, every new PC will also come with Pluton.
That's a lot easier to deploy to compared to having some PCs with TPM, others without, some out-of-date on TPM 1.1, some with unpatched firmware (like the 2017 Infineon bug), so forth.
Now... some say, what about non-Windows systems, like macOS and Chrome? Think bigger for a second - Cisco (as an example) is in the Trusted Computing Group that designed a lot of this stuff, and Cisco Meraki is deployed in so many businesses for Wi-Fi security its incredible. All Cisco Meraki has to do (for example, maybe its not Cisco) is make a connection app that uses Pluton/TPM on Windows, Secure Enclave/T2 on macOS/iOS with Apple DeviceCheck, and SafetyNet on ChromeOS/Android. And you are all done - you've successfully made sure every new system is almost certainly untampered with. You've locked the door. For any system that can't be verified, no problems sending them to the IT Help Desk to be manually registered with a private key and sign a disclaimer.
It wasn't possible before, but five years from now, it will be much easier. Every Windows PC will be on the same page, and all major systems will have consistent assertion frameworks. Now, is Pluton wholly responsible? No. Windows 11 plays a role. Pluton just makes it broader and stronger, and Pluton also provides a long-term strengthening as eventually the TPM 2.0-only level will be able to be cut off for just Pluton.
This is mainly because, at this point,
A. A TPM's level of access and capabilities to a system is well-known at this point. Pluton, we do not know with certainty what all of its capabilities are.
B. Microsoft has explicitly stated Pluton will have functionality added to it in the future though software updates, most likely that cannot be downgraded, that are not present yet. It's not that Pluton might have stuff added later - Microsoft has said stuff will be added later. What these upgrades entail or are capable of is also unknown.
C. Because of the above, Pluton requires a previously-unknown level of trust for Microsoft, because Pluton almost certainly has anti-downgrade procedures. Microsoft could, potentially, send out an update just blocking Linux and if Pluton received the update, it would be irreversible. Maybe this isn't within Pluton's abilities, but we just don't know. Just that Microsoft (or a hacker of Microsoft - I'm more concerned about a rogue employee than Microsoft at the moment) could have permanent effects on the security of a system is worth paying attention over.
D. Because of the reasons above, Pluton should be regarded with extra skepticism as it is a magical black box, with unknown capabilities, that it is not clear whether it can actually be disabled. (Already on my blog, there's a user talking about how Pluton briefly boots and then disables itself if the UEFI says that it should be disabled, not that it never starts, so theoretically a Pluton update could ignore its own disable switch.) I don't have verification of that, but until we know more... TPM is known, TPM can screw people, Pluton has the potential to extremely screw people over, and while many of my doomsday speculations can actually be recreated with just a TPM if TPMs are widely adopted, perhaps it could be enhanced with more Pluton-specific ones. Perhaps my doomsday predictions actually weren't far enough.
Thus, your point that Pluton doesn't add too much might be completely valid right now. That doesn't mean Pluton isn't also a potential Trojan horse that Microsoft updates as they please with new things that we didn't expect or ask for with no ability to undo them.
Edit: Removed a previous edit, and adding that, to complement the above notes, it does not help instill confidence that Microsoft isn't telling what Pluton can and cannot do at a hardware level. They've said a few things it can do right now, and just said more stuff will be coming in the future, but they won't talk about where its limits are. So... trust the black box without questions please. To be fair, this isn't the first time (Intel ME, AMD PSP?), but it is unsettling to have another one.
Say you have a game, you can make the source available and still charge money for the game, and it doesn't get any easier to pirate than before. You even get tons of people modding your game and contributing to its appeal.
There are also techniques like 'selling support' for your software.
They certainly will be, if most people don't have Pluton. If only a minority have it, they wouldn't be able to even come close to requiring it.
The FSF was strongly against secure boot, then inexplicably started seeming to be in favour of it.
Connect the dots yourself.
That's because they "won't miss freedom they never had".
https://www.bleepingcomputer.com/forums/t/613941/tpm-20-is-m...
I mean, this isn't even about Republicans, Trumpians or whatever, any self-respecting liberal can't possibly subscribe to c(r)t and still call himself/herself a "liberal".
We’re not just talking about the freedom to run software on your own device here, we’re talking about interacting with outside systems. There is an important distinction in context.
As long as it adheres to basic web standards, I believe no, the bank should have no say in what browser you use to access their webpage.
A de-Googled Android or iOS device with a judicious selection of apps is good enough to fulfill 80% of the "geek device" use case segment (though not at the same time - de-Googled Android is better at running arbitrary software, whereas iOS seems to be better at painless privacy). I'm just not invested enough in open smartphones to fight PinePhone's software immaturity, or to spend crazy amounts of cash on a Librem.
On the other hand, I was an adopter of the Pinebook, and will be for (affordable) productivity VR as soon as I get the chance. For both of these form factors, I'm more than happy to write 80% of the UI I use if it gives me what I want otherwise.
Let's say I'm a healthcare provider, and I'm about to send your medical data to a third party vendor. Wouldn't you prefer that your data only be able to be decrypted by a computer can prove to the world it booted a clean OS image with all the latest security patches installed?
If the vendor wants to install some self-built OS that they trust on their computer and not update it for 5 years, that's their business, but I may not want to trust their computer to have access to my data.
Remote attestation gives more control to the owners of data to dictate how that data is processed on third-party machines (or even their own machines that may have been compromised). This is useful for more than just DRM.
As does every financial or government website for 'security'
Thank you for being a smart banking app developer. There is so much bullshit in most of those apps that I consider them as "worst apps on my phone", but due to management incompetence rather than developer incompetence.
Speculation, Zuckerberg, Musk read new-sites like this, can't bear their egos to be deflated. I don't think that's necessarily realistic, but I would suspect someone like that, personally.
However, interesting conversations are missed because of noise (e.g. down-votes) - I'm less likely to interact with a down-voted post, they usually are not as informative or interesting.
Proposed solution - abolish negative points entirely, points should be per-thread, not per user. If a user is causing frequent problems (frequently downvoted), per admin review then issue ban/rate limits, etc.
I view the positive/negative points mostly as a sentiment rating - if I receive downvotes I can tell my point is unpopular/uncontroversial, if not I know someone found it interesting. That does affect how I post in two ways:
I make more effort to expose common context for posts which are down-voted, people who are lazy and don't care won't read the expanded post, people who are more open-minded (the ones I want to attract and start conversations with) are more likely to come around to my viewpoint, or at least offer more interesting conversation (disagreement is necessary to have a discussion).
So I find both positive and negative votes to be useful, even on my own posts. Even the manner in which I've been down-voted recently tells me something, and it tells me valuable data about who has which opinions.
The kernel could do the same with an in-kernel process. It wouldn't have quite the same depth of defense against userspace sandbox escapes, but could be done. That's roughly how /dev/random was implemented for many years.
Look at the APIs provided — it's nothing new. It's nothing OSes haven't provided before, it's just further removed from a Chrome/FF/Safari sandbox escape, because overcoming the write-once hardware toggles is harder than getting kernel read/write primitives for a sandbox privilege escalation.