Most active commenters
  • metadat(4)
  • intelVISA(3)
  • autoexec(3)

←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 56 comments | 26 Jul 22 03:46 UTC | HN request time: 1.778s | source | bottom
1. metadat ◴[26 Jul 22 03:50 UTC] No.32234045[source]
Ew. Why are all the chip manufacturers going along with this stupid plan? I want to buy a processor and then own it and have it work in my best interests, not consume electricity and generatie heat enforcing draconian 3rd party DRM policies.
replies(12): >>32234130 #>>32234281 #>>32234326 #>>32234400 #>>32234486 #>>32234981 #>>32235753 #>>32235848 #>>32236170 #>>32236808 #>>32237073 #>>32240665 #
2. gjsman-1000 ◴[26 Jul 22 04:07 UTC] No.32234130[source]
It's tragic (especially if you care about general-purpose computing and the future of open platforms), and a sign that Microsoft's Palladium project was never really canceled. Boil the frog...

Of course, Microsoft would say it's not about DRM (at least right now), it's for "security." Which... its secure as Microsoft's servers are, to be sure.

replies(1): >>32234772 #
3. kimmeld ◴[26 Jul 22 04:35 UTC] No.32234281[source]
The market (software/system builders) say that locked down platforms like the iPhone are fabulously profitable. Sorry.
replies(3): >>32234304 #>>32236130 #>>32236538 #
4. metadat ◴[26 Jul 22 04:40 UTC] No.32234304[source]
Lol, cargo-cult chip fabbing. What's next? I can't even fathom.. maybe this inability on my part is a blessing in disguise.
5. MikusR ◴[26 Jul 22 04:56 UTC] No.32234400[source]
Intel started putting ME in their cpus 12 years ago.
replies(1): >>32234479 #
6. metadat ◴[26 Jul 22 04:57 UTC] No.32234404[source]
Simple solution: don't care about up or down -votes. Believe me, Internet points are a sham and waste of time. Focus on interesting conversations and connections instead.
replies(3): >>32234658 #>>32236873 #>>32273722 #
7. 2Gkashmiri ◴[26 Jul 22 05:09 UTC] No.32234479[source]
and yet, without any evidence, huawei is being blamed for "spying".... smh
replies(1): >>32234551 #
8. Analemma_ ◴[26 Jul 22 05:10 UTC] No.32234486[source]
The conspiratorial answers here are emotionally satisfying, but ultimately wrong. The reason chip makers and OS vendors are adding this is customer demand, by which I mean enterprises. Companies want remote attestation and guaranteed-immutable OS images on their networks, and I honestly can't say I blame them. In a perfect world they could have it and we could somehow firewall it away from the consumer space entirely, but that's not going to happen.
replies(5): >>32234561 #>>32234804 #>>32234879 #>>32237705 #>>32261846 #
9. superchroma ◴[26 Jul 22 05:20 UTC] No.32234551{3}[source]
It's not mutually excusive. I think risks from hostile powers need to be called out, and I think we also need to be calling out this bad behavior on our side too.
replies(1): >>32234771 #
10. walterbell ◴[26 Jul 22 05:21 UTC] No.32234561[source]
On-premise, open-source, customer-owned remote attestation servers are possible. Avoid outsourcing integrity verification to 3rd-party clouds.
replies(3): >>32234573 #>>32234629 #>>32235239 #
11. ◴[26 Jul 22 05:23 UTC] No.32234573{3}[source]
12. wmf ◴[26 Jul 22 05:30 UTC] No.32234629{3}[source]
The same enterprises asking for this stuff are also asking for it to be taken out of their hands because they don't trust themselves to operate it securely or reliably.
replies(1): >>32234737 #
13. throwaway14356 ◴[26 Jul 22 05:36 UTC] No.32234658{3}[source]
It is much worse than he thinks. If I was to write out the worse case scenario the MS employee would have no choice but to consider it.

Therefore win 13 will be a theme for ubuntu packaged with a FOSS version of office. MS will award large weekly prizes for the most useful FOSS app extending the eco system. It will be sold on multi TB external drives that work like live USB only daisy chained. Weekly new releases cramped with so much free stuff every neck beard around the world must own all of them. A few movies, some music, a game or 2. Each comes with a poster, a t shirt and a book. Prices go up and down using RNG making some releases rare and hard to get.

replies(3): >>32234740 #>>32234768 #>>32235772 #
14. pmontra ◴[26 Jul 22 05:49 UTC] No.32234737{4}[source]
So this turns into security theater because ultimately they can't trust those third parties too.
replies(4): >>32234813 #>>32234878 #>>32237183 #>>32241268 #
15. ◴[26 Jul 22 05:49 UTC] No.32234740{4}[source]
16. pmontra ◴[26 Jul 22 05:53 UTC] No.32234768{4}[source]
Reminds me of computer magazines bundled first with cassettes, then floppy disks then CDROMS, 80s to 90s. Occasionally some other gadgets too. Everybody like us was buying them.
replies(1): >>32234897 #
17. Schroedingersat ◴[26 Jul 22 05:54 UTC] No.32234771{4}[source]
The US is a hostile power everywhere else in the world. And then also for about 4-8 out of every 8 years to its own citizens.
replies(2): >>32236148 #>>32239313 #
18. intelVISA ◴[26 Jul 22 05:54 UTC] No.32234772[source]
Next-Generation Secure Computing my ass.
19. intelVISA ◴[26 Jul 22 05:58 UTC] No.32234804[source]
I don't really care for the reason, why can't we as consumers opt out if it's consumer oriented then? For me it's not even about the egregious security and privacy implications -- I just simply want the (illusion of) choice w/r/t silicon rootkit 'features' that I'll never use.
replies(1): >>32235295 #
20. LtWorf ◴[26 Jul 22 05:59 UTC] No.32234813{5}[source]
They don't care about security, they just want proof that they did what they could when disaster happens.
21. uw_rob ◴[26 Jul 22 06:07 UTC] No.32234878{5}[source]
When it comes to security someone must always sleep with one eye open - co-owning this responsibility is totally reasonable. Microsoft takes security seriously and is investing heavily in it; if they are already in your orgs trust boundaries I see no reason why they wouldn't be considered good stewards for this as well.

Besides, at enterprise scale, how do you trust internal teams? It could all be security theater and they aren't delivering on their promises as well.

replies(1): >>32235285 #
22. selfhoster11 ◴[26 Jul 22 06:08 UTC] No.32234879[source]
Good, if companies want those features, then they can be the ones to pay the price in privacy. Otherwise, let me set an OTP bit to disable all Management Engine kinds of functionality on the CPU permanently.
23. metadat ◴[26 Jul 22 06:10 UTC] No.32234897{5}[source]
I'm so confused... What are you two getting on about?

Is it just me or is it like two GPT-3 bots having a conversation?

replies(1): >>32235587 #
24. lern_too_spel ◴[26 Jul 22 06:21 UTC] No.32234981[source]
It sounds like you can still do that. Other people will get to decide if you can use their services with your device, but (unlike an iPhone, for example) it's still your device to do as you please with.
25. p_l ◴[26 Jul 22 07:01 UTC] No.32235239{3}[source]
Yes, they are possible... And they are implemented using all the evil things like Secure Boot, TPM, and Pluton.

MS remote attestation doesn't require remote cloud or anything like that, I recall it supporting air-gapped environment from the start (guess why, the top-price enterprise clients want that, including resigning windows with their own secure boot keys).

Disclaimer: for various reasons open source remote attestation in corporate is currently on my roadmap at work

replies(1): >>32235593 #
26. sofixa ◴[26 Jul 22 07:07 UTC] No.32235285{6}[source]
> Microsoft takes security seriously and is investing heavily in it

Some parts of it maybe do. Some others, like multiple different Azure teams, don't even think about anything resembling security, or there wouldn't have been multiple critical and trivially exploitable security vulnerabilities on Azure in the last year only. (If you don't know them, please read up on them. Security is hard, but in those cases nobody even pretended to try!)

27. sofixa ◴[26 Jul 22 07:08 UTC] No.32235295{3}[source]
You can, it even says in the article that Lenovo and Dell are shipping with the Pluton chips disabled by default. If they can do it, a user can disable it to (for now at least).
replies(2): >>32235606 #>>32236950 #
28. tbjoern ◴[26 Jul 22 08:03 UTC] No.32235587{6}[source]
Quite scary isn’t it? What a time to be alive. I’d never have believed that I am seriously questioning whether a conversation on the internet is real. Even after all the gpt3 quiz sites, like the one where you have to guess if the code is generated or real.
29. fsflover ◴[26 Jul 22 08:03 UTC] No.32235593{4}[source]
> And they are implemented using all the evil things like Secure Boot, TPM, and Pluton.

There is nothing evil with TPM when you fully control it. See: Librem Key.

replies(1): >>32235714 #
30. fsflover ◴[26 Jul 22 08:05 UTC] No.32235606{4}[source]
Proprietary software with full system access tells that it's disabled. Do you trust that?
31. p_l ◴[26 Jul 22 08:24 UTC] No.32235714{5}[source]
You either don't remember or wasn't there when TPMs were first talked about, in either case I envy you then.

And yes, there's nothing evil involved if they are owner controlled, something that honestly was heavily Microsoft pushed because they do have clients that insist on them - the DRM functionality in intel ME has keys controlled by broadcasting associations instead (this is why you can't stream HQ on Linux from official sources), same with part of why AMD PSP got some uncontrolled bits (the blackmail goes that if you don't do that, customers will quickly find they can't stream netflix/whatever in high quality on your hw and will stop buying it).

Personally I believe that owner-control of hw should be enshrined in law, just like right to repair and modify, along with laws against deceptive "looks and quacks like a sale, is actually a lease" practices

replies(1): >>32235748 #
32. walterbell ◴[26 Jul 22 08:29 UTC] No.32235748{6}[source]
> owner-control of hw should be enshrined in law

Have you seen OCP's Caliptra RoT, which requires OSS firmware, enforced by dual-signing of firmware by both OEM and owner? Currently for hyper-scalers, but this approach can be adopted by other enterprise customers, https://www.youtube.com/watch?v=p9PlCm4tLb8. Attestation will be done to Caliptra, which can then release SoC boot ROM from reset.

33. hammyhavoc ◴[26 Jul 22 08:30 UTC] No.32235753[source]
Because owning your device is a nice bedtime story we've been told for quite some time now since the iPhone became the norm.
34. hammyhavoc ◴[26 Jul 22 08:34 UTC] No.32235772{4}[source]
This is word soup.
35. dragonelite ◴[26 Jul 22 08:47 UTC] No.32235848[source]
Because China and Russia might be hacking your hardware.

Don't people listen when a guy like Pompeo speaks he has pretty much outlined the plan with his Clean Network Initiative, I wouldn't be surprised that within a decade CloudFlare and other US cloud services will be used as the great firewall of the western sphere.

replies(1): >>32237684 #
36. Vespasian ◴[26 Jul 22 09:35 UTC] No.32236130[source]
And that's why the road to a better software ecosystem is not some hackers smart trick to defeat the system for the moment but very clear rules of what is allowed to be done in the name of security and what isn't

A legislative piece of paper (or many pieces of paper) have the power to reign in corporations far far beyond any technical solution or workaround.

And yes, that requires limiting (intellectual) property rights and regulating what certain contracts can enforce. Sometimes it's needed if you ask me

In my experience this sentiment is rejected primarily by many technical people because it feels like adding the human factor to a pristine world of logic. In reality it's humans all the way down and there is no reason to believe that Microsoft/Apple is a better steward than an elected body of representatives acting according to the rule of law

37. ahartmetz ◴[26 Jul 22 09:37 UTC] No.32236148{5}[source]
People should generally be most afraid of their own government - it's the one that is allowed to use violence where they live.
replies(1): >>32237415 #
38. goodpoint ◴[26 Jul 22 09:41 UTC] No.32236170[source]
> Why are all the chip manufacturers going along with this stupid plan?

Because the music/movie industry benefits from DRM and made agreements with the software and hardware industry.

Also NSA and the military complex benefit enormously from having control over hardware around the world.

39. 0xedd ◴[26 Jul 22 10:42 UTC] No.32236538[source]
So is war. Don't reproduce.
replies(1): >>32242445 #
40. boppo1 ◴[26 Jul 22 11:20 UTC] No.32236808[source]
Alphabet soup, probably, along with iphone profitability.
41. qweqwerwerwerwr ◴[26 Jul 22 11:30 UTC] No.32236873{3}[source]
you can't have an interesting conversations if it takes 3 or so powerusers to gag you

I see tons of interesting comments flagged/dead within minutes. there are rarely controversial, or low-quality, or rule-breaking

there are plenty of topics you are only allowed to express a pre-approved opinion about, and I can't even give you examples without getting muted

replies(1): >>32273577 #
42. intelVISA ◴[26 Jul 22 11:41 UTC] No.32236950{4}[source]
the same Lenovo that put a MITM attack in people's BIOS?
43. autoexec ◴[26 Jul 22 11:58 UTC] No.32237073[source]
> Ew. Why are all the chip manufacturers going along with this stupid plan?

Because if they don't add whatever garbage Microsoft orders them to include in their chips then Microsoft can simply require that shit for the next version of their OS to boot. They could even force an update on existing PCs to check for it. Nobody is going to buy a chip if having it means they can't run the OS that 99% of computers on the plant are using. If Intel dared to say no, MS could pretty much run them out of business.

replies(1): >>32237444 #
44. autoexec ◴[26 Jul 22 12:09 UTC] No.32237183{5}[source]
I'm frankly already appalled by how much data (proprietary data, customer data, employee data, etc) companies are fine leaking to 3rd parties, MS especially. Even if you assume that Microsoft could never ever possibly be hacked, or would never favor one of your competitors enough to hand them your data, Microsoft's MO has often been basically stealing other people's work/ideas and stomping out or absorbing the people they took it from. The data they get from outlook alone must be worth a fortune, but with everything the OS collects these days it's insane how little anyone cares.
45. cesarb ◴[26 Jul 22 12:33 UTC] No.32237415{6}[source]
> People should generally be most afraid of their own government - it's the one that is allowed to use violence where they live.

Be careful to not forget the distinction between "being allowed to" and "being able to". There are documented cases of countries (including the USA) using violence against people even when they aren't the government where these people live.

46. aquova ◴[26 Jul 22 12:37 UTC] No.32237444[source]
This works both ways however. No one is going to buy the OS that can't even run on their latest chip. Microsoft can make all the demands they want, but the chip manufacturers still have the power to refuse to implement it; if Microsoft wants to brick their own OS, that's not their problem.
replies(1): >>32237506 #
47. autoexec ◴[26 Jul 22 12:43 UTC] No.32237506{3}[source]
> No one is going to buy the OS that can't even run on their latest chip.

Unless that latest chip is vastly superior to what we have today, almost nobody is going to care. Most people couldn't tell you which chip is in their computer right now. They don't even care what a processor is. They just want to be able to click on the little picture that makes facebook happen and they don't want to have to learn anything new to make that happen.

If every chip manufacturer refused, you're right that we'd be pretty safe, but the moment they can get just one chip manufacturer on board every OEM will buy those chips or go out of business. Intel was "evil inside" decades ago for a reason, so we knew how this was going to play out.

48. fithisux ◴[26 Jul 22 13:03 UTC] No.32237684[source]
Are there proofs for the easterners? Because for the westerners they are plenty.
49. fithisux ◴[26 Jul 22 13:05 UTC] No.32237705[source]
Enterprises can put whatever they like on their devices. Not mine. So this argument falls apart.
50. oarsinsync ◴[26 Jul 22 15:02 UTC] No.32239313{5}[source]
> And then also for about 4-8 out of every 8 years to its own citizens.

And you can pretty much guarantee that ~50% of the population will always consider that statement true, no matter the government of the day.

51. paxys ◴[26 Jul 22 16:44 UTC] No.32240665[source]
Because Apple
52. notriddle ◴[26 Jul 22 17:35 UTC] No.32241268{5}[source]
You're thinking about companies as monoliths. They are groups of people.

The managers who want remote attestation aren't the people implementing it. They either pay someone else to do it, or they pay someone else to do it. The difference between paying a third-party company and an employee is that employees are more expensive, because the costs aren't amortized over other customers who want the same stuff. Why would they be more trustworthy? Why would they be better at it? Why would it be any less likely to be hacked if you did it at your company than if you outsourced it?

53. Ruq ◴[26 Jul 22 18:59 UTC] No.32242445{3}[source]
Don't Reproduce?
54. synapse26 ◴[28 Jul 22 08:47 UTC] No.32261846[source]
Haven’t looked at the Intel space, but doesn’t AMD have an “PRO” tier available for OEM only? Ryzen Pro, Threadripper Pro… Or Nvidia and their segmented RTX/GTX vs Quadro. These hardware companies love segmentation, let them have it, do that for PRO enterprise only, leave my personal use, no remote attestation, immutable OS needed PC alone.
55. smaudet ◴[29 Jul 22 05:48 UTC] No.32273577{4}[source]
Indeed - I'm pretty sure a small cabal of people with low self-esteem is responsible.

Speculation, Zuckerberg, Musk read new-sites like this, can't bear their egos to be deflated. I don't think that's necessarily realistic, but I would suspect someone like that, personally.

56. smaudet ◴[29 Jul 22 06:13 UTC] No.32273722{3}[source]
Agreed.

However, interesting conversations are missed because of noise (e.g. down-votes) - I'm less likely to interact with a down-voted post, they usually are not as informative or interesting.

Proposed solution - abolish negative points entirely, points should be per-thread, not per user. If a user is causing frequent problems (frequently downvoted), per admin review then issue ban/rate limits, etc.

I view the positive/negative points mostly as a sentiment rating - if I receive downvotes I can tell my point is unpopular/uncontroversial, if not I know someone found it interesting. That does affect how I post in two ways:

I make more effort to expose common context for posts which are down-voted, people who are lazy and don't care won't read the expanded post, people who are more open-minded (the ones I want to attract and start conversations with) are more likely to come around to my viewpoint, or at least offer more interesting conversation (disagreement is necessary to have a discussion).

So I find both positive and negative votes to be useful, even on my own posts. Even the manner in which I've been down-voted recently tells me something, and it tells me valuable data about who has which opinions.