[HN Gopher] The Dangers of Microsoft Pluton
___________________________________________________________________
The Dangers of Microsoft Pluton
Author : gjsman-1000
Score : 676 points
Date : 2022-07-26 03:46 UTC (19 hours ago)
(HTM) web link (gabrielsieben.tech)
(TXT) w3m dump (gabrielsieben.tech)
| anotheraccount9 wrote:
| Practically speaking, outside Intel and AMD, what CPUs are left
| to use?
| anticensor wrote:
| RISC-V.
| aasasd wrote:
| Sounds like the anti-trust case (heh) can be started as soon as
| the first locked-in computer rolls off the line.
| jhanschoo wrote:
| While I disagree with the author's opinion, it was very
| informative for me.
| gjsman-1000 wrote:
| Not mentioned in the article - but it begs the question, could
| this have something to do with Microsoft's insistence that
| everyone, even Pro users in the next update, use a Microsoft
| Account with Windows 11? If Pluton (or Pluton 2, someday) could
| be tied to a Microsoft Account, wouldn't that be something.
| superchroma wrote:
| It's I think a general desire for end to end traceability and
| therefore accountability, which both managers and developers
| tend to like, albeit for different reasons.
| sillysaurusx wrote:
| Is it okay to talk about language as a meta-topic? I try not
| to stray too far into that, since it's usually boring for
| readers. But one thing I was surprised to learn is that "begs
| the question" is only correct when you're describing a chain
| of circular logic. "Raises the question" is apparently the
| right term for the general case. I felt a little duped, since
| I'd been using "begs the question" for years without looking
| into its origins.
|
| But of course, that begs the question of whether language is
| defined by how people use it. :)
| selfhoster11 wrote:
| I purposefully "misuse" the phrase "begging the question"
| to mean the same thing as the grandparent, because I want
| to do my part to change what this phrase means.
|
| Using "begging the question" to mean something as obscure
| and unintuitive (as in, it's basically an idiom that must
| be explained first) as "your question originates from
| circular logic" is a waste of prime dictionary space.
|
| This term should mean "there is a question that is so
| blindingly obvious regarding the situation at hand, that it
| simply begs to be asked" - so, more or less what _everyone_
| who didn 't have the term explained to them, thinks it's
| supposed to mean.
| bitwize wrote:
| "'When I use a word,' Humpty-Dumpty said in a rather
| scornful tone, 'it means just what I choose it to mean --
| neither more nor less.'"
| dane-pgp wrote:
| Imagine a future where everyone requires an online account to
| use a computer, where every computer can only run software
| approved by the few large corporations that issue those
| accounts, and where a government or governments have those
| corporations on speed dial, to periodically "suggest" to them
| which software and which users should be allowed to transact
| and communicate online.
|
| If you can imagine that, then imagine that every human is
| given a number which is equivalent to (or even more
| significant than) their name, and that name/number appears in
| certificates which are signed by the name/number of a
| certificate authority's key. By accepting the signature, you
| have to accept an EULA that takes an hour to read, so no one
| does, and it changes every month anyway, with future changes
| automatically binding you.
|
| Does that sound like a world where people are free?
| Lapsa wrote:
| and all that crap will get eventually pwned anyways
| no_time wrote:
| Pluton first debuted in the Xbox One. It's possibly the first
| home console that went it's entire lifespan without being
| hacked. That should tell you everything about the threat we are
| facing.
| paulcarroty wrote:
| I will definitely not buy CPU with built-in MS core. If Intel
| will add it too, guess it's time to get 12700 and use it for
| looong time.
| raxxorraxor wrote:
| Problem is that the consoles market is very lucrative for CPU
| vendors because it is a guaranteed turnover of specific models.
| Intel, AMD and Qualcomm will implement them. You can disable it
| though. It would suck if it were enable by default, at least
| lenovo said they will disable it at first.
| acd wrote:
| I would like a free as in freedom Libre Linux PC with open non
| bloated boot loader. Open hardware and open specs.
|
| What I do not want in my next PC is more DRM and adtech spying on
| us.
| Gh0stRAT wrote:
| I'm completely missing how his example of a Word document that
| can only be opened by approved users on approved hardware within
| the corporation is supposed to be a bad thing.
|
| Honestly, that sounds pretty fantastic. I've been using 3rd party
| tools/extensions to do this sort of thing in corporate and
| government environments for years, but having the attestation go
| all the way down to the hardware level is a big value-add,
| especially with so much ransomware/spyware/extortion/espionage
| going on these days.
|
| Can someone please explain to me how the author might see this
| level of security as a bad thing?
| RantyDave wrote:
| Likewise. I see only potential for enormous hassle reduction if
| my employer (a bank, currently) can treat its entire compute
| infrastructure as a honking big cryptographically assured
| parallel universe.
| wazoox wrote:
| Remember when Snowden and Manning leaked huge troves of secret
| information about the crimes of the State? Remember when a
| bunch of journos got their hands on the so-called "Panama
| papers"?
|
| Basically, this will make transparency even harder than it
| already is. That's a terrible danger for democracy at large.
| Stalin's wet dream.
| jeremyjh wrote:
| Yep that's why we should ban passwords.
|
| /s
| zaptheimpaler wrote:
| The same things that make it good in a corporate environment
| can make it abusive in a personal machine.
|
| By forcing the kernel to be untamperable, Microsoft can
| arbitrarily enforce ANY policy they choose on your PC. They
| could spy on every single piece of network communication. They
| could ban any given software from being able to run on Windows
| - maybe Chrome, maybe Steam, any competitor at all. They
| actually could easily enforce laws on banned content too - any
| given website, book, audio or video could be impossible to
| consume, and an attempt to try could be reported to Microsoft.
| They could stream the contents of your display and mic and
| camera at any time to anyone they choose. There is literally
| nothing they cannot do with complete control over the kernel.
| And since the kernel and Windows itself is closed source, there
| are ways to hide all of it so you would never even know.
|
| Security is great but it also goes hand-in-hand with control
| and surveillance. Every capability to increase security also
| increases the amount of control those providing the security
| have.
| resfirestar wrote:
| Microsoft doesn't need an "untamperable" kernel to force
| spying on users. Windows 10/11 has horrible invasive
| telemetry that can't be disabled, but no one has figured out
| how to modify the OS and strip it out, all the "solutions"
| involve temporarily disabling services or blocking network
| traffic. Is there actually some new capability here that
| points to future surveillance and censorship, or are you just
| fitting everything Microsoft does into a narrative where
| these things are just around the corner and waiting for the
| right technology? In my opinion the technology has been there
| for many years, it's just waiting for the US to go insane
| enough to implement massive censorship.
| reedjosh wrote:
| But you can install your own OS. You can't disable this
| tool via another OS.
|
| Particularly now that heterogeneous computing is making it
| big, video decoding can easily just be made not to work
| unless this tech stack okays it--regardless of the OS.
|
| This chip could all out disable other operating systems if
| they don't provide the spyware telemetry that Microsoft
| requires.
| resfirestar wrote:
| By "this tool" do you just mean the Pluton system in
| general or some specific thing? The attestation stuff is
| a software feature that would be disabled by booting
| another OS that doesn't support it. It needs the Pluton
| hardware to be possible, but the software side is in the
| OS not hardcoded on the chip.
|
| Disabling other operating systems would be done by the
| BIOS if manufacturers locked down the configuration of
| existing secure boot functionality, doesn't need any new
| features.
| [deleted]
| cesarb wrote:
| > They could ban any given software from being able to run on
| Windows - maybe Chrome, maybe Steam, any competitor at all.
|
| IIRC, this was the reason Valve created SteamOS: they feared
| Microsoft would use their control over Windows so that the
| only viable software store on PCs would be Microsoft's own
| store.
| oneoff786 wrote:
| Like the App Store.
|
| Hopefully we get the digital markets act over here for
| similar protections
| dane-pgp wrote:
| > They actually could easily enforce laws on banned content
| too
|
| Exactly this. As soon as governments (or lobbyists) discover
| that this level of control is available to them, they will
| introduce whatever remaining laws they need, banning E2E
| encrypted chat apps, or Tor, or bittorrent clients.
|
| I suspect that, like civil asset forfeiture, or running
| commands on botnet-infected devices[0], these actions will
| have only the thinnest veneer of "due process" applied to
| them. After all, if your computer is running "illegal"
| software, why should the government wait for your permission
| before deleting that software, or even tell you that it had
| done it after the fact?
|
| [0] https://uk.pcmag.com/security/139675/us-disrupts-cyclops-
| bli...
| somehnacct3757 wrote:
| Author has a bias against Microsoft. So do hacker news readers.
|
| News of Pluton and its security goals have been readily
| available since 2020 from reputable hardware sites like
| Anandtech, or directly from Microsoft themselves. There's
| nothing new or hidden or surprising about it unless you live to
| dream up Microsoft conspiracy theories.
|
| Many other hardware manufacturers have similar security
| offerings including Intel and Apple. Microsoft is arguably late
| to the game here, given their only recent interest in PC
| hardware. OS integration isn't even new. Macs have been
| shipping with T1 and T2 chips for over five years. Has the sky
| fallen on that ecosystem?
| dx034 wrote:
| And that's why Microsoft needs to include such a chip. If we
| move to a world where security is enforced more and more by
| hardware, you'll need a device that can participate.
| raxxorraxor wrote:
| Because that doesn't work. 2h before someone complains to IT
| that he cannot write/read/delete said Word document. Then
| management says X indeed needs access. Now you have created a
| maintenance nightmare sourced in rather weird security
| requirements.
|
| Could as well gouge out the eyes of everyone not having a read
| permission on said document. There are 1001 solution to solve
| such problems. And as a gigantic bonus it doesn't have to be
| bound to hardware! User permission management is much easier.
| nisegami wrote:
| The difference between ransomware/spyware/extortion/espionage
| and whistleblowing/free sharing of information is just one of
| perspective.
| npteljes wrote:
| The way I see it: Whatever happens, the system will get abused,
| and so, I weigh the potential abuses along with the potential
| benefits. With remote attestation, you put a lot of control in
| the hands whoever controls the "remote", making the situation
| very asymmetrical, and so, ripe for centralized abuse. For
| example, with centralized trust systems, a leak of the signing
| keys are devastating for the system. For an example, see the
| DVD key leak:
|
| https://en.wikipedia.org/wiki/AACS_encryption_key_controvers...
| ctoth wrote:
| So if I'm understanding this correctly, you'd prefer to live in
| the world where the Collateral Murder Wikileaks video of
| journalists being murdered in cold blood was never released
| because it was hardware locked to the original military system
| it was found on? Or maybe some large viral video which triggers
| a social uprising simply won't play. You are seriously so
| focused on pointless corporate secrets that you would actually
| consider giving the people in charge of the control over your
| information stream the ability to decide that something just
| shouldn't be shown? Because what? It might make discovery for a
| lawsuit more difficult? It'll make it easier to hide
| malfeasance? This seems particularly useful if you are trying
| to pretend that May 35th never happened, for instance.
| Terrifying, and rather icky.
| ftyhbhyjnjk wrote:
| What you can install on YOUR pc will be at the sole mercy of
| microsoft/or maybe someone else.... That's the cusp of it. Not
| that it can be used for good, but that it sets the way for
| heavy misuse by large corporations.
|
| Wait a few years. Smaller companies won't even be allowed to
| order high end cpu's. You'll be at 100% mercy of these
| corporations.
|
| If after 2 years they decide to brick your pc, they'll just do
| it. You think government will help you out here? Lol...
| matthewfcarlson wrote:
| This smacks of fear mongering. The scenario you've outlined
| is just absurd. Many manufactures have pledged to turn this
| off by default and be an opt-in model. I'm not disagreeing
| that laptops given out by corporations for to you to use for
| work won't be heavily locked down and could be bricked
| remotely. But most laptops today already come this way from
| IT.
| nightski wrote:
| It's not absurd at all. It already happens on a large
| portion of computing devices in existence (iOS).
| dx034 wrote:
| Secure chips like this are already in all devices but PCs.
| And in none of these areas has any of that happened. Quite
| the opposite, Apple got a fine when they slowed down older
| devices to save battery (at least what they said).
|
| So the government will clearly help out here. And none of
| these companies has an incentives to stop sales to smaller
| companies, they make a lot of money with those.
| hyperdimension wrote:
| > So the government will clearly help out here.
|
| I...don't share your optimism, to put it lightly.
| fsflover wrote:
| > Quite the opposite, Apple got a fine when they slowed
| down older devices to save battery
|
| But the devices _were_ actually slowed down, so the danger
| is real.
| dx034 wrote:
| And Apple had to revert it and got punished for it. What
| more do you want?
| fsflover wrote:
| Good laws should prevent crimes, not just punish for
| committing them.
| GekkePrutser wrote:
| Try to install a BitTorrent client on your iphone, or a
| game emulator, a sexually explicit game or even a browser
| with a different engine.
|
| All this has already happened since 2008 when the app store
| came out.
| reedjosh wrote:
| But you could work around it at the software level.
|
| With this tech stack, you wouldn't be able to.
| GekkePrutser wrote:
| Work around how? As a developer?
|
| I'm sure there will be developer options for this too.
| After all, Microsoft is not going to make all the
| software themselves.
|
| But they could restrict this too. For a lot of platforms
| you now have to sign up for a developer account and
| license agreement. Like on iOS, Oculus Quest..
| autoexec wrote:
| > Secure chips like this are already in all devices but
| PCs. And in none of these areas has any of that happened.
|
| Ah, that must be why we all have root access and can freely
| modify or install anything we want on every device we own!
| Oh, wait, we don't have those things and our non-PC systems
| are increasingly locked down and routinely do things
| against the wishes of the people who own them.
| reedjosh wrote:
| > So the government will clearly help out here.
|
| The government is probably part of the driving factor in
| building this system.
|
| The government probably doesn't want Wikileaks type
| material to be rendered. There are _so_ many ways the
| government likely wants to abuse this.
| [deleted]
| eertvertvbw wrote:
| still waiting on the secure boot lockdown everyone has
| insisted is coming for the better part of two decades...
| pedro2 wrote:
| You may be right, of course. But if you read the article
| closely, it is already here.
|
| The difference is for now you can still go to BIOS and
| enable Microsoft's key for 3rd party OS.
|
| Maybe when Windows 12 comes out that option isn't there.
| m4rtink wrote:
| You mean like this ?
|
| https://www.theregister.com/2022/07/11/lenovo_secured_core/
| Schroedingersat wrote:
| It creeps closer with every release, and is the status quo
| for arm devices (including windows ones).
|
| It's only through constant vigilance and fighting back that
| it has been slowed dowm by two decades.
| vetinari wrote:
| They tried with Windows RT. It was UEFI system, booting
| only Windows. That booted Windows went even further,
| allowing to run only signed binaries.
|
| Market rejected it. At the time, there was an alternative.
| What are most people going to do, when there is not?
| SSLy wrote:
| >As of January 2021 deleting SecureBoot keys and installing
| your own keys (for example by using KeyTool) will brick the
| device. This is a problem that is similar to one which has
| been reported on some other Lenovo laptops [0] and is
| likely due to a faulty firmware. If the device is stuck in
| a boot loop after replacing the SecureBoot keys, the only
| way to repair it is by replacing the mainboard of the
| device.
|
| [0] https://forums.lenovo.com/t5/ThinkPad-X-Series-
| Laptops/BIOS-...
|
| From https://wiki.archlinux.org/title/Lenovo_ThinkPad_T14/T
| 14s_(I...
| userbinator wrote:
| Does reflashing the BIOS EEPROM (via hardware clip) work?
| Or have they "secured" that out of the question too?
| trelane wrote:
| I'd be surprised if that's not one of the bits of
| firmware that's checked on boot. So yeah, probably not
| possible, and not possible to downgrade.
| monocasa wrote:
| The goal is that it's secured as well; the bios image
| itself is measured into the TPM and pluton as part of
| secure boot.
| alex7734 wrote:
| The goal is not to prevent you from running Linux, is to
| make it so that Linux cannot access the content you are
| interested in.
|
| Remote Attestation establishes a root of trust that can be
| used to verify that all of the software down the line is
| "approved":
|
| - You won't be able to browse sites or use apps with ads
| unless you run a 'trusted' device, OS and browser that does
| not block ads.
|
| - You won't be able to browse sites with captchas unless
| you run a 'trusted' device, OS and browser that does not
| allow bots to interact with the browser.
|
| - You won't be able to run Netflix unless you run a
| 'trusted' device, OS and browser so that you can't record
| the content.
|
| - You won't be able to play online games unless, again, you
| run a 'trusted' device and OS so that you cannot cheat, or
| more importantly modify it in any way (why would you
| purchase skins if you can mod them in?).
|
| - You won't be able to use online banking unless you use a
| trusted OS because banks.
|
| Remote Attestation is pretty terrifying and it will be here
| soon unless it is regulated out of existence, which is
| unlikely.
| vel0city wrote:
| As someone who enjoys hacking, looking at that list
| sounds terrible.
|
| As a regular user, most of that list doesn't sound too
| bad. Their future devices will automatically have these
| features enabled, they're not likely to change those
| settings to "break" their device (from the perspective of
| Trusted Computing) so they'll have a smooth experience
| getting into it.
|
| - Can't block ads? A lot of average users already
| don't/don't know how, but this one would probably would
| affect a lot of people. Probably a bad thing no matter
| how you slice it.
|
| - They'll have a better experience online as they won't
| be interrupted with captchas. Wouldn't you prefer if you
| never experienced captchas and logins were smoother and
| easier? So a wash to a positive for an average user.
|
| - This makes it an easier deal for streaming services to
| let you cache their DRM'd content offline and makes the
| deals they have to cut with media companies potentially
| cheaper. Once again they're probably buying off the shelf
| computing devices which will probably work seamlessly
| with these restrictions, so they either won't notice
| anything or potentially get more features than they have
| now with those services they're already using. I'm not
| necessarily a fan of DRM but the market has largely
| spoken, people prefer streaming rather than actually
| owning the media.
|
| - Fewer cheaters in online games sure sounds like a
| positive to me.
|
| - My bank account online is more secure? This is a bad
| thing?
| bilkow wrote:
| This is all just giving away control to corporations.
| Freedom is about having the option, not using it. Even if
| most "regular users" never use it, if they ever change
| their mind they'll surely appreciate having it. It also
| affects the ability to develop new hardware, and being
| locked to hardware/software approved by the remote side
| (e.g. Facebook or whichever app/site you're using) is a
| pretty Dystopian reality.
|
| > My bank account online is more secure?
|
| Sincerely, why? Because I can't customize my own software
| anymore? Fortunately banks around here don't require
| SafetyNet, some of them do require a mobile device
| though.
| vel0city wrote:
| If all clients interfacing with the bank's API are
| required to prove they're locked down devices running
| proven official clients it reduces the potential attack
| surface. Lowering the attack surface increases the
| security.
|
| If the market _really_ cared about being able to run
| whatever software you wanted, nobody would be buying
| iPhones. Fire TV sticks and Rokus wouldn 't move any
| products. Playstations, Xboxes, and Nintendo Switches
| would be crushed under the massive marketshare of Mister
| devices and Steam PCs. One quick look at reality shows
| this _isn 't_ the case.
|
| I think you're massively overestimating the market size
| of people who actually care.
|
| Note that I'm not making any moral argument here, I'm not
| saying whether these things are good or bad. Personally
| as someone who likes to tinker and has been bitten
| several times by DRM and the likes, I'm not too much of a
| fan. As someone who has to try and ensure compliance on
| devices, its a godsend. But at the same time I know lots
| of people who buy Xboxes and Playstations _because_ there
| 's less cheating that happen on that platform. I know
| lots of people who buy iPhones and iPads _because_ they
| know the odds of accidentally getting malware on it is
| very low compared to alternatives. To them, _locked down
| hardware is a selling point_.
|
| I don't like having to lock my bike, its a huge pain. But
| at the same time there's tons of people here arguing
| locks shouldn't exist. Trusted computing, _in the right
| context_ , is a good thing. Being able to lock your door
| is good! Being able to assure your device is what you say
| it is is good! I definitely agree there are potential
| dystopian futures with this technology, but that's true
| of any truly revolutionary technology. Wheels move carts
| of grain and help tanks roll. Being able to break
| dinitrogen into more usable sources gives us cheap
| fertilizer and explosives.
| bilkow wrote:
| > I think you're massively overestimating the market size
| of people who actually care. Note that I'm not making any
| moral argument here, I'm not saying whether these things
| are good or bad.
|
| I think we're just discussing different things here then.
| I'm specifically talking about whether this is good or
| bad for the future of society. Most people buy whatever
| is most convenient at the time, which is fair and
| everyone has done this at some point, but it may or may
| not the best for society.
|
| > I know lots of people who buy iPhones and iPads because
| they know the odds of accidentally getting malware on it
| is very low compared to alternatives. To them, locked
| down hardware is a selling point.
|
| It may be a bubble, but of all the iPhone users I know, I
| don't think any of them has bought it for that reason.
| Most here buy them for either being simpler to use,
| lasting longer, or status. Of all the Android users I
| know, I don't know any that has knowingly got any kind of
| malware, and that includes people with very old phones.
| vel0city wrote:
| I've had several people I've known affected by malware on
| Android. Its not entirely uncommon.
| tester756 wrote:
| >- You won't be able to browse sites
|
| How would that work?
|
| HTTP is just HTTP
| bilkow wrote:
| Sites could require remote attestation via a new API just
| like some sites (Netflix, etc) require DRM to play
| content.
| dvdkon wrote:
| It is a real thing on most phones, and has been for years.
| We're just lucky PCs haven't been crippled this way.
| yrro wrote:
| They're working on it. Microsoft's latest attempt is to
| disable the 3rd party UEFI CA by default.
| worldofmatthew wrote:
| I'm pretty sure some Windows 10 tablets from 2014 to 2016
| are locked down to only allow Windows on them (Not S-mode).
| pid-1 wrote:
| Yeah I totally would like all "doomsday scenarios" in my
| company, non ironically.
| qweqwerwerwerwr wrote:
| what's stopping someone from taking photos of your precious
| document and posting them on 4chan?
|
| nothing. there's nothing you can do to stop that.
| dane-pgp wrote:
| In corporate and government environments, I imagine that
| they'll ban employees / civil servants from bringing
| camera(phone)s to work, and necessarily forbid them working
| from home.
|
| The only question is whether they will trust metal detectors
| to prevent whistleblowers from bringing in these devices, or
| if they will rely on strip searches and CCTV.
| fsflover wrote:
| Try to scan banknotes with a scanner and you will see.
| anthk wrote:
| Linux/BSD will do it fine.
| fsflover wrote:
| I thought it was in the scanner firmware.
| qweqwerwerwerwr wrote:
| if you mean there are scanners that prevent you from
| scanning of a banknote, that's another great example of
| wasting time, money and resources to accomplish nothing
| autoexec wrote:
| I can discretely copy GBs of email messages and word docs in
| a reasonable amount of time, but I couldn't discretely take
| cell phone pictures of every page of every one of those
| messages and documents if I had years to do it. You don't
| always have to prevent something 100% of the time in every
| possible situation to have a devastating effect on people who
| want to do that thing.
| qweqwerwerwerwr wrote:
| I've just provided the easiest example of bypassing any
| boomer security nonmeasures. give a dedicated and competent
| attacker 15 minutes alone with your highly secure machine
| and highly sensitive documents, and if your entire security
| model depends on DRM rather than actually effective
| methods, they will figure out how to exfiltrate it all.
| TheRealDunkirk wrote:
| I can see a situation where "the authorities" decide that, say,
| the list of people who flew on Epstein's "Lolita express" is
| "evidence in a pending trial" or "confidential" in the name of
| "national security," and simply flip a switch to prevent our
| computers from being able to access any file with particular
| hashes that they've identified as containing the information.
|
| Also, thank God for the Internet Archive.
| BiteCode_dev wrote:
| The capacity for abuse is huge, way beyong the potential
| benefits.
|
| From the USA, we get news of banned book in some states. When I
| read that, my head goes back to my european history, and I
| reach the Godwin point very quickly.
|
| Those kind of people will abuse such system to prevent things
| to be shared.
|
| It will be used for putting DRM on everything and create a more
| and more closed web.
|
| It will be used by corporations and govs to prevent
| wisthleblowers and journalists to do their job. Or to prevent
| employees to get evidences of mistreatments in case they need
| to sue.
|
| Because if you look at it, it's basically just a system for
| information control. And bad actors love that.
|
| And of course it will be "for security reasons".
|
| Trusting people with a terrible track record to not abuse a
| massive power in the future, espacially one that can be scaled
| up with the push of a button once the infrastructure is in
| place, is not a good bet.
| password1 wrote:
| dx034 wrote:
| > From the USA, we get news of banned book in some states.
| When I read that, my head goes back to my european history,
| and I reach the Godwin point very quickly.
|
| Books are not banned, just not used in the classroom anymore.
| While the reasons for it may be wrong, it's something that
| happens constantly all over the world. No one prevents
| children or adults to read those books at home. Banning books
| could mean that owning them is illegal and that just hasn't
| happened.
| ramblenode wrote:
| > Banning books could mean that owning them is illegal and
| that just hasn't happened.
|
| Just within the last century it was illegal to send a copy
| of _Ulyesses_ or _The Canturbury Tales_ through US mail.
| simonh wrote:
| In context I think it's clear the comment was talking
| specifically about the books banned from classroom
| teaching in certain US states.
| sandworm101 wrote:
| Books are just information. Information gets banned all the
| time. Old-timers will remember this:
|
| https://en.wikipedia.org/wiki/Free_Speech_Flag
| acdha wrote:
| Banning their use in classrooms is lesser but still a step
| on that path, and the same Republicans trying to do that
| are not going to stop at schools after they win but will
| rather see that as an invigorating first step in a long
| campaign. For example, book sellers in Virginia are
| currently fighting a lawsuit against an attempt which would
| ban private sales:
|
| https://www.virginiamercury.com/2022/07/06/free-speech-
| group...
| axblount wrote:
| sdlfakjslkdjfs wrote:
| OK then you agree that Amazon taking down Irreversible
| Damage was wrong, and that it should also be in every
| school library, or it's obviously a sign that the Left is
| going to ban books everywhere?
|
| Removing something from a curriculum is not the same as
| banning it. There are many more books that are not in
| school libraries than there are books that are in them.
| howinteresting wrote:
| merlincorey wrote:
| As a bit of an Anarcho-Libertarian who is often in the
| middle of these conversations from either side, I would
| imagine part of the problem is your framing of this issue
| as if it is only coming from one direction, when there is
| plenty of evidence that both sides are into things like
| banning books[0] it's just a question of which books they
| want banned.
|
| [0] When It Comes to Banning Books, Both Right and Left
| Are Guilty | Opinion: https://www.newsweek.com/when-it-
| comes-banning-books-both-ri...
| Bloating wrote:
| Hypocrisy makes good news
| acdha wrote:
| The both sides framing is a common tactic used to make
| this seem even but there's a pretty notable difference if
| you look at the details. For example, Newsweek's right-
| wing owners love this framing but the left example is a
| single school district removing a book from the
| curriculum whereas the right wing examples are far more
| widespread and include books being removed from
| libraries. The motives are also different: banning books
| which depict racism positively (highly debatable in this
| example) is different from banning them because they
| reflect existence of gay people in a positive manner.
| merlincorey wrote:
| According to the article that I linked, California has
| banned "To Kill a Mockingbird" in schools due to racism
| and you seem to be implying that is because the book
| "depict[s] racism positively"; however, I read it back in
| school and I remember discussing extensively how the book
| showed racism in a most negative light.
|
| It doesn't seem to me like you are willing to believe
| that both sides could be over stepping here, but I
| personally am sure of it.
| acdha wrote:
| According to the article you linked:
|
| > Apparently no one told him that the stack of books in
| the photo included one banned in the state he leads, To
| Kill a Mockingbird, which was banned from California
| schools on the grounds that it contained racism.
|
| Clear cut, right? Nope, here's what their own linked
| article says:
|
| > Schools in Burbank will no longer be able to teach a
| handful of classic novels, including Harper Lee's To Kill
| a Mockingbird, following concerns raised by parents over
| racism.
|
| > Until further notice, teachers in the area will not be
| able to include on their curriculum Harper Lee's To Kill
| a Mockingbird, Mark Twain's The Adventures of Huckleberry
| Finn, John Steinbeck's Of Mice and Men, Theodore Taylor's
| The Cay and Mildred D. Taylor's Roll of Thunder, Hear My
| Cry.
|
| The actual memo makes it sound like they'll likely move
| these to the supplemental list and add some black
| authors: https://www.burbankusd.org/cms/lib/CA50000426/Ce
| ntricity/Dom...
|
| This is how the false-equivalence machine works. A single
| school district is expanded to an entire state (15k
| students isn't nothing but it doesn't represent many of
| the ~6M students in the state) and is presented as the
| equivalent of multiple state-wide attempts to remove
| books from schools & libraries, and again ignoring the
| difference between removing something from the curriculum
| with the goal of exclusion versus inclusion.
|
| The urge to censor isn't unique to right-wing politics
| but since they're the ones pushing the most aggressively
| and successfully, I attributed more of it to the people
| causing the lion's share of the harm.
| SauciestGNU wrote:
| I remember the discourse around changing Jim's name in
| Huck Finn and banning To Kill a Mockingbird. Those
| changes and bans were wrong. But still the scope and
| intensity with which the extreme right are gunning for
| books is alarming. They're doing it more, it's more
| widespread, and they're using state power.
|
| When "the left" has opposed books they try to use social
| pressure to get book settlers to voluntarily not stock
| those books. The right is currently using state power to
| prevent the teaching of certain books, their presence in
| public libraries, and are even suing to make private
| sales of certain books a crime in Virginia.
| googlryas wrote:
| resfirestar wrote:
| If you want to use the OS to ban a book or program or
| whatever, you don't need fancy hardware features, just a
| database of hashes pushed down via a software update. Apple
| wanted to do a version of this for CSAM images, it only
| didn't happen because they chose to tell users about it and
| got massive backlash. The implication that governments need
| more powerful DRM features to do something similar just
| obscures the fact that they could do it tomorrow if the US
| government gave up their free speech stances.
| reedjosh wrote:
| But at least you could load your own OS.
|
| Chip manufacturers could even decide that nothing good
| happens on open source operating systems, so you're now
| only allowed to run Mac or Windows operating systems.
|
| The point is really that they're taking full ownership of
| the chips from you.
| resfirestar wrote:
| They could, but not with the new Pluton stuff. That would
| be enforced with secure boot, which has been around for a
| while already. Again, the capabilities already exist. The
| barrier for a would-be censor is political not
| technological.
| oehpr wrote:
| Ah right, the robust guardian of our human freedoms!
| Politics!
|
| I want my technological barrier back please.
| salawat wrote:
| This. We never should have built these things.
| slaymaker1907 wrote:
| I think it may have also been problematic legally for
| Apple. The US laws for CSAM are very strict and Apple
| wanted to do some sort of confirmation that the images are
| indeed CSAM which would have meant moving the images from
| the device to Apple servers.
| raxxorraxor wrote:
| The EU just mandated chats to be scanned for content. Of
| course just for CSAM just as the meta data collection is
| only used for terrorism. Problem is that the latter is also
| used for parking tickets. They really try to hit the
| definition of a totalitarian state by the letter.
| fariszr wrote:
| The law has yet to be passed. And its facing immense
| backlash, even from governments like Germany.
| resfirestar wrote:
| Wider E2EE adoption was the only hope for clawing back
| some privacy for users who do everything on cloud
| services. If the EU bans E2EE and starts mandating all
| kinds of scanning of data stored on third party servers,
| it would be a massive loss.
| retcon wrote:
| In the UK movie screening used to be and probably still is
| decided at the smallest municipal level of town councils, see
| The Life of Brian.
| pmyteh wrote:
| District councils (so the second 'lowest' of the possible
| tiers) but yes. In practice, they've all deferred to the
| judgement of the British Board of Film Classification (nee
| ...Film Censorship) for nearly every film since it was set
| up.
| aaronbrethorst wrote:
| Ron DeSantis doesn't need hardware-level DRM to ban math
| books.
|
| https://www.baynews9.com/fl/tampa/news/2022/05/06/florida-
| ba...
|
| If you're worried about book bannings in states like Florida,
| DeSantis is up for reelection in just over _3 months_. Go
| volunteer or donate money to his opponent (probably Charlie
| Crist).
| 9TRHEsEdDwZAySX wrote:
| Deciding which textbooks that are going to be used in
| public schools isn't banning books. If you don't want the
| government to decide which books are used to teach your
| children then homeschooling or private schooling are what
| you should be focused on.
| sascha_sl wrote:
| Technologists often have such tunnel vision that limits
| their concerns to tyranny driven by technology when there's
| plenty of low tech attacks on open society all the time.
|
| It reminds me of the good old "my password takes 2 billion
| years to crack, but my kneecaps only take a few seconds"
| metaphor about people in tech forgetting that physical
| coercion is, in fact, a possible attack vector for your IT
| security.
| aaronbrethorst wrote:
| Indeed, the XKCD $5 wrench attack vector.
| https://xkcd.com/538/
| BiteCode_dev wrote:
| This is not an Xor proposition.
|
| It's like saying "don't worry about gun control because
| car accidents kill way more people right now".
| sascha_sl wrote:
| But I never said it's not a problem. I said the
| priorities are wrong.
|
| Establishing technical means to do something (limiting
| access to files via DRM) is not as urgent as actually
| doing it (Florida carting books out of school libraries).
| And technology is not a monolith. Pluton specifically is
| far from being a universal requirement on Windows, and
| the entire PC platform is open enough to support
| alternatives for a very long time. It's possibly worrying
| (though it looks like Microsoft's intention is
| confidentiality management in enterprises for now), but
| far from "turnkey tyranny".
| Frost1x wrote:
| The low tech attacks often have low tech workarounds.
| DeSantis may "ban" a math book but there's nothing
| stopping a Florida resident from buying it and giving it
| to a child. There's plenty of other marketplaces and
| similar publishers I can pull from.
|
| When computing is controlled at a hardware level, you
| have far fewer competitors and market places. Working
| around things can be significantly more difficult and you
| may be stuck with scrapping up old less capable tech
| trying to do something you should have better options
| for. This is the reason technologists fear technology
| control, not so much because of tunnel vision but because
| the general population can't work around it, even experts
| may not be able to work around such protections. Low tech
| always has easy work arounds--the option exists even if
| you may fear the consequences.
| sascha_sl wrote:
| I very much disagree.
|
| Any such bans will always take the path of least
| resistance to cover the largest possible population with
| the easiest means. Pareto Style. And I care much more
| about those 80% of people having access over maintaining
| my own. Because ultimately, those people will set
| cultural standards of the future, not some technologist
| with their fully libre laptop.
|
| And those attacks are, as of now, not that sophisticated
| or blatantly censoring. An overwhelming majority already
| do their computing on locked down devices (running iOS,
| Android and ChromeOS) and the big censorship wave hasn't
| hit them. Every half decade or so Amazon removes a book
| from Kindle as a side effect of capitalism and copyright
| and there's a huge HN thread mistaking it for deliberate
| censorship, but overall it really doesn't matter.
|
| Also, let's be completely clear that DeSantis didn't ban
| math books. This was an attack on ideologically
| inconvenient books, mostly queer literature. It's part of
| the push to label us as "groomers" for merely existing
| around underage people that has caused a spike in
| violence and mistrust directed towards trans people. Once
| our rights are sufficiently eroded, they'll go after the
| gays again, and after that, maybe, we'll have progressed
| on the fascist cataclysmic us versus them rhetoric to
| revive blatant antisemitism. Or racism. Who knows. But
| safeguarding the high end bit of tech that is not even
| mainstream anymore wouldn't help society out of this and
| being concerned for it is a very individualistic choice.
| gitanovic wrote:
| While this is true for a few people, applying coercion on
| a mass scale using the kind of tech described in the
| article makes it much more convenient... so IMO the
| argument still holds
| ajvs wrote:
| Mein Kampf is a banned book which I don't think many would
| disagree with. There are many other such books filled with
| propaganda that are rightly banned. I don't see why other
| propaganda-filled books that are being pushed on
| unsuspecting children shouldn't be banned too, unless the
| only reason is that you dislike the direction of the
| propaganda.
| Someone wrote:
| > Mein Kampf is a banned book
|
| Not everywhere in the world (https://en.wikipedia.org/wik
| i/Mein_Kampf#Current_availabilit...)
|
| In the USA, freedom of speech is in very high regard, and
| that's in conflict with the idea of banning any
| publication.
| autoexec wrote:
| I don't even think it's banned in Germany anymore. If I
| remember correctly it was banned for a while, but the ban
| was lifted and people bought it up like crazy. Not
| because they were Secret Nazis all along, but because
| people really hate being told they aren't allowed to
| access certain ideas. It's human nature to want to know
| the things you're forbidden from learning about.
| nobody9999 wrote:
| It's not banned here in the US[0][1][2]. Nor should it be
| IMHO.
|
| I say that as a person of Eastern European/Jewish
| extraction.
|
| Do I like fascists/fascism? No. Do I like Nazis? No.
|
| But I do like freedom of expression. And if the price of
| that freedom is that hateful scumbags get to speak their
| piece, that's okay with me. But I'll have something to
| say about it too. As it should be.
|
| [0] https://archive.org/details/mein-kampf-audiobook
|
| [1] https://harperandharley.org/pdf/mein-kampf/
|
| [2] https://www.amazon.com/Mein-Kampf-Adolf-Hitler-
| ebook/dp/B002...
| sokoloff wrote:
| I think many would disagree with the banning of it, not
| based on its contents but based on the principle of not
| banning books in general and not banning speech that's
| unpopular.
|
| Unpopular speech needs _more_ protection than popular
| speech, not less.
| bigiain wrote:
| > I don't see why other propaganda-filled books that are
| being pushed on unsuspecting children shouldn't be banned
| too
|
| Face book, for example...
|
| :sigh:
| BiteCode_dev wrote:
| Mein Kampf is not banned in my country, I can buy it, and
| I think everybody should be able to read it.
|
| You cannot defend against something you don't understand.
|
| Reading it (or the little red book), you will notice
| there is nothing incredible about it.
|
| It's a good way to understand the banality of evil.
|
| It's a good way to see what currently in our society
| echoes it: we are not freed from evil, it can come back
| any time.
|
| And the "push on unsuspecting children" narrative is worn
| out. Nobody push such dangerous book on children unless
| already twisted. Nobody ever told me "read it, it's good
| for you". Everybody always said: "dangerous book, read it
| with history in mind", if they ever talked about it.
|
| We push Harry Potter on kids, not Mein Kampf.
| bongobingo1 wrote:
| Ironically Harry Potter was banned at my school.
| (Witchcraft!)
| merlincorey wrote:
| Apparently it has also been banned in places for
| Fatphobia among other progressive reasons[0].
|
| [0] When It Comes to Banning Books, Both Right and Left
| Are Guilty | Opinion: https://www.newsweek.com/when-it-
| comes-banning-books-both-ri...
| dTal wrote:
| Call me biased but I do indeed regard "the Jews are an
| evil scourge" to be more worthy of banning than "climate
| change is real".
| freemint wrote:
| Mein Kampf was not banned in Germany either. It is just
| that after Hitler's death, having no heirs, the state of
| Bavaria got the printing rights and decided not to allow
| printing of them (there was a heavily commented version
| made for academics like a study bible). Meaning all
| prints violated copyright until the book enters public
| domain.
| q-big wrote:
| Shouldn't this be considered as strong evidence that
| copyright is just censorship?
| rockemsockem wrote:
| If you're in the US there are not really any truly banned
| books. There are books that are banned from certain
| libraries (mostly school libraries).
|
| But, imagine that a school adopts the DRM processes
| described in the article and requires this study level of
| control even on personal devices that are used for
| school. Suddenly those book bans can be enforced
| digitally by the school and will totally cut off access
| to certain books that the school chooses.
|
| You might say that it's within the school's rights to do
| this for a device that is used for school and if you
| don't like it then use a different device. Now that's a
| system where there is a class-divide on the information
| that one is physically able to consume on their devices.
|
| You might think Mein Kampf is ban-worthy, but the whole
| point is actually that you should not ban any book at
| all, because once you start banning books it becomes far
| too easy for more books to be banned. All it will take is
| one regime change in a school district's PTA for new
| books, that you maybe think should not be banned, to be
| added to the list.
|
| It's worth considering the most banned books in America.
| His Dark Materials. A fantastic young adult fantasy novel
| that pokes harder at religion than some Christians can
| bear.
| shagie wrote:
| > But, imagine that a school adopts the DRM processes
| described in the article and requires this study level of
| control even on personal devices that are used for
| school.
|
| The prerequisite for this to happen is that the school
| removes all physical editions of the books and has
| digital editions for all content, and a lending program
| for the books that is sufficient to satisfy publishers...
| and all students have digital book readers able to access
| the school library.
|
| I don't see this happening in the near (or even within
| the decade) future. There is far too much content that is
| physical only, publishers haven't embraced digital
| editions for libraries, school libraries don't have the
| technical resources (physical or in many cases human) to
| convert their collections to digital.
|
| The hypothetical school book ban for digital editions is
| needlessly alarmist.
|
| When those resources _are_ available to schools, then yes
| - lets talk about it... though the school banning books
| will continue to mean "that resource isn't in our
| collection" and a student can go to another library (or
| in many cases book store) and get a copy of that book for
| themselves. This is no different than today.
| 0xedd wrote:
| You are conflating ban and don't-push.
|
| If today it's "obvious" what's bad; When this generation
| dies off, who is appointed master of the universe and
| decides what's bad? It won't be you. It'll be the guys
| with the money; See Pluton. They're already paving the
| way for just that (at least in tech and what your wallet
| must must must spend). But, I digress.
|
| You shouldn't ban books. You should teach morals.
|
| My friend, Swim, who is a Jew living in Israel doesn't
| support banning Mein Kampf. So much so that when Swim's
| friend ordered it from Amazon, neither opposed it.
| Curriculum teaches about Hitler's rise to power and the
| abuse of his people to do so. That's more than enough to
| understand not to follow in his footstep. Swim's friend
| was interested in Hitler's political prowess.
|
| I'm not interested in Mein Kampf. But, if someone is, he
| most surely has the right to read it. Kill the way some
| fanatics did because of it? No, that's immoral.
|
| Who decides morality? That's complex, I think. But, I
| also think it is an innate intuition that lives in all of
| us.
| RedComet wrote:
| geysersam wrote:
| > pornographic examples in it
|
| I can't fathom a math textbook with pornographic
| examples. Is this a thing in the US?
| nobody9999 wrote:
| >> pornographic examples in it
|
| >I can't fathom a math textbook with pornographic
| examples. Is this a thing in the US?
|
| I've been out of school for quite a while, but AFAIK
| while there is plenty of porn out there, it's not in our
| math books.
|
| No, it's just Florida politicos pandering to their
| base[0].
|
| I'm _guessing_ that what GP is going on about (please do
| correct me if I 'm wrong) is probably some word problems
| that include references to non-heterosexual/non-binary
| folks, which seems to trigger the intolerant among us.
|
| Which is a result of decades of attempts to put
| _christian_ dogma and ideology back into US public
| schools, and failing that, destroy the public school
| system.
|
| And more's the pity.
|
| [0] https://www.politico.com/news/2022/05/05/fldoe-
| releases-math...
|
| Edit: Added the _missing link_.
| autoexec wrote:
| according to an article linked elsewhere (https://www.bay
| news9.com/fl/tampa/news/2022/05/06/florida-ba...) it was
| because they had too many black people depicted as
| athletes and they had word problems that treated
| scientific facts as if they were scientific facts.
|
| The one example that I thought might have been somewhat
| improper was "Multiple exercises related to a debate
| between Al Gore and Rush Limbaugh, where the publisher
| was in favor of Al Gore's arguments based on the
| questions in the exercises."
|
| If the debate in question was fictional, I'd be tempted
| to agree it would have been better to avoid using the
| names of real people although I'd disagree that is enough
| to ban the use of the textbooks. If the debate was actual
| and the textbook pointed out very real flaws with Rush
| Limbaugh's logic (especially if they were a real world
| example of bad math) I'd say that it makes perfect sense
| to include it in a math text book.
| unixhero wrote:
| Music videos are now porn!
| RedComet wrote:
| Not that I'm aware of. I said that is the _future_ there.
|
| Judging by all of the convenient misreading and straw
| manning in the replies, many of you must know it is
| coming too.
| dspillett wrote:
| It depends on who is defining what is pornographic. To
| some of the swivel-eyed loons deep in the religious
| right, who are very vocal in these matters, all material
| depicting non-heterosexual people doing anything other
| than being deeply unhappy or being subject to a stoning,
| is pornographic. This means examples in textbooks that
| attempt to be inclusive can fall foul of their ire.
| ori_b wrote:
| > _Ron DeSantis doesn 't need hardware-level DRM to ban
| math books._
|
| Enforcement is a different issue.
| 4bpp wrote:
| Did they actually ban the books, or did they merely ban
| their usage in K-12 instruction with the news outlet
| rounding that up to a book ban for dramaturgical reasons?
| Not that a ban in school instruction is necessarily good
| (though, I would guess, not nearly as rare), but the actual
| full-fledged ban that DRM could aid in enforcing, which
| would prevent you as an individual from reading a book you
| want to read in _any_ plausible context, is on a different
| level.
| Covzire wrote:
| All Florida did was add a criteria to their selection
| process to disallow books that include Critical
| Theory/Critical Race Theory or their praxis in the
| teaching of math, etc. Every state selects which text
| books can be used by their schools so if Florida "burns
| books" then by definition every single other state does
| too.
|
| Where are the text books in California that teach math
| using Biblical stories and imagery? Obviously California
| burned all those books if we accept the argument being
| put forth with Florida.
| uwuemu wrote:
| > All Florida did was add a criteria to their selection
| process to disallow books that include Critical
| Theory/Critical Race Theory or their praxis in the
| teaching of math, etc.
|
| Yep, one state decided to do something about this
| divisive indoctrination of kids and the peddlers of that
| stuff obviously don't like it, hence the "banning (math)
| books" stories. If you actually read into this you quicky
| realize that someone is clearly lying and (this time)
| it's not the Republicans.
| IntelMiner wrote:
| "It's not the Republicans"
|
| Do you know what Critical Race Theory actually is, and
| where it's taught?
| welshwelsh wrote:
| Of course, bible stories would be inappropriate because
| superstition and religion have no place in schools. We're
| supposed to educate students about reality.
|
| But there's nothing wrong with teaching students how they
| can use math to understand social problems and complex
| real-world issues. Math is a great tool for thinking
| about things like income inequality, climate change and
| economics.
| Covzire wrote:
| Well since you opened that can of worms, CT/CRT is just
| another religion, and not a nice one.
|
| Ibram X. Kendi, in his book "How to Be an Antiracist"
| states, "The only remedy to racist discrimination is
| antiracist discrimination. The only remedy to past
| discrimination is present discrimination. The only remedy
| to present discrimination is future discrimination."
|
| The whole movement is predicated, explicitly, on
| instilling hatred and animosity on some out-group, it's a
| viscous ideology masquerading as compassion.
| 29athrowaway wrote:
| Have you read the books being banned?
| BiteCode_dev wrote:
| And we don't need guns to do a genocide. We managed to kill
| a good chunk of the american natives with mostly blades.
|
| Yet, you probably don't want to give willingly a nuke to a
| dictator.
|
| In the same way, giving this kind of power to people that
| have shown in the past to abuse information control is like
| banking on the wolf to behave in the hen this time.
|
| > Go volunteer or donate money to his opponent (probably
| Charlie Crist).
|
| I'm not in the US. I just read those crazy news, compare it
| to my grandfather stories, and worry.
| aaronbrethorst wrote:
| _And we don 't need guns to do a genocide. We managed to
| kill most marican native with blades_
|
| To be pedantic, it was diseases and outright, explicit
| murder. (which is not an excuse. Biological warfare is a
| modern war crime, after all.)
|
| https://en.wikipedia.org/wiki/Population_history_of_Indig
| eno...
|
| _banking on the wolf to behave in the hen [house] this
| time_
|
| Fair point, but the United States is rapidly moving
| towards authoritarian governance _right now_. There are
| steps that every U.S. citizen who reads my comment can
| take to help stop this decline immediately. I don 't like
| the idea of this sort of TPM 3.0 module in my computer's
| hardware, but it's a 'day after tomorrow' problem for me,
| not a 'right now' problem.
| tzs wrote:
| A good illustration of how devastating epidemics in North
| America among the natives were is that when the first
| European explorers reached the coast on the west side of
| what is now the United States they found that part of the
| continent to be highly populated.
|
| That was in the early 1500s. It was another couple
| hundred years before Europeans started colonizing and
| conquering those areas. By the time that started those
| populations were already reduced by around 90% from
| diseases that has spread across the continent from the
| Europeans on the east side.
|
| Before those diseases wiped out so many natives no
| European colonists were able to survive in what is now
| the US and Canada without the approval and help of the
| natives. If the local natives didn't want a colony there,
| they removed it.
|
| Yes, the colonists had guns and the natives then did not
| but the guns in those times weren't actually superior to
| bows and arrows. The guns might have better range, but
| their accuracy was much worse and they took longer to
| reload.
|
| Before diseases that the colonists (unintentionally)
| brought greatly weakened the native tribes pretty much
| the only colonists that did OK were those that allied
| with a native tribe.
|
| There were a bazillion tribes, and there was a lot of
| conflict between them including warfare. Some smaller
| tribes that were losing their wars with bigger tribes
| allied with some of the colonies to try to get help
| against the bigger tribes. Those were the colonies that
| were allowed the stay and thrive.
|
| For a great look at what life was like in the New World
| before Europe became widely aware of it, and what
| happened afterwards the book "1491: New Revelations of
| the Americas Before Columbus" by Charles C Mann is quite
| good.
| squiffsquiff wrote:
| Sure it's fantastic in a corporate environment. Not so
| fantastic for personal devices. Basically this:
| https://youtu.be/XgFbqSYdNK4
| nine_k wrote:
| Well, don't put that on a personal device.
|
| It's like your company giving you serious protecting gear to
| wear while doing your work on a nuclear reactor is a good
| thing. But having to wear such gear at home is not a popular
| choice, and should not be required.
| palata wrote:
| How do you choose what you put in your CPU? What when
| Windows forces you to have that kind of hardware?
|
| You can choose not to wear that gear, but choosing to not
| use Windows is much more complicated, at least for most
| people.
| josephg wrote:
| I imagine if the proponents of these systems had their
| way, they'd add remote attestation to websites too.
| Imagine your bank's website only loading on a "secure"
| windows environment, non-rooted android phone or an
| iphone.
|
| Once these chips are in everyone's devices, it would be
| quite easy to add this stuff technically. And in doing
| so, break the web on non-approved hardware or software
| (like linux).
|
| _Edit:_ Actually on the subject of worst case scenarios:
| If the trusted computing attestation process was extended
| through the web browser, it would be possible to build a
| website which is impossible to scrape or interact with in
| any unapproved way, from any unapproved device. Eat your
| heart out Aaron Schwartz.
| nobody9999 wrote:
| > imagine if the proponents of these systems had their
| way, they'd add remote attestation to websites too.
| Imagine your bank's website only loading on a "secure"
| windows environment, non-rooted android phone or an
| iphone.
|
| Actually, IIUC this is _already_ the case on Android[0].
|
| Some (many? most?) banks/banking apps are rejecting
| (and/or complaining about) access from rooted phones
| _right now_.
|
| I can't confirm this personally, as I'd rather have my
| tonsils extracted through my ears than use a surveillance
| device^W^W smart phone to do _anything_ financially
| related.
|
| Perhaps someone who uses banking apps on their
| surveillance device could chime in on that?
|
| [0] https://www.howtogeek.com/241012/safetynet-explained-
| why-and...
| vetinari wrote:
| > I'd rather have my tonsils extracted through my ears
| than use a surveillance device^W^W smart phone to do
| anything financially related.
|
| Well, it gets even better, even for folks with principles
| like you have.
|
| If you want to use general computer, you need to log in.
| For logging in, you need second factor. That second
| factor is going to be in 99,99% cases exactly the app in
| the smartphone, that refuses to run on rooted devices.
|
| So no avoidance, if you want access to your account.
| nobody9999 wrote:
| >If you want to use general computer, you need to log in.
| For logging in, you need second factor.
|
| The administrator of my network does not require multi-
| factor authentication for _my_ logins.
|
| That's probably because _I_ am said administrator.
|
| As for professional settings, if my employer wants me to
| use a surveillance device and/or an app on said device,
| they can provide that device to me.
|
| As an alternative, I suppose I could use whatever subsidy
| is provided by my employer to purchase/use a separate
| device for such things.
|
| If they choose not to do one of those thing, I guess I
| won't be logging in and will soon be working elsewhere.
|
| _Requiring_ me to use my personal equipment for work
| purposes is inappropriate IMHO, and I 've yet to hear an
| argument (other than folks not wanting to carry multiple
| devices, which is a _personal_ choice) that changes my
| mind about that.
|
| I'd welcome anyone to make such an argument, mostly to
| discuss _why_ it 's inappropriate, but I'd certainly keep
| an open mind about it -- perhaps there's an angle(s) I
| haven't considered.
| vetinari wrote:
| I meant access to your _bank_ account -- in the context
| of the thread above --, not to computer account on your
| private or corporate computer.
|
| At least in Europe, it is not even bank's initiative, it
| is from above them. They've got PSD2 directive to
| implement. And when they all have to implement it, is
| kind of difficult to vote with your wallet.
| lostinthought wrote:
| Yes, this is already the case on Android. Two years ago I
| canceled smart-id contract (https://www.smart-id.com/)
| and stopped using any "smart" devices. Because one day
| the smart-id app ceased to work on my rooted smartphone.
|
| Soon my old 3G dumbphone will be useless as the mobile
| operator ends the service. People are pushed to newer
| phones^W surveillance devices and I have to hunt for real
| 2G phone soon.
| Avamander wrote:
| Your 3G dumbphone is not as dumb as you think.
| Considering the threat models from that era, it's most
| likely more manageable remotely and less
| compartmentalised.
|
| Btw, you could acquire a Mobile-ID SIM that will work on
| a rooted phone (but also with feature phones, if you
| wish).
| doctor_lollipop wrote:
| My operator terminated its 2G network last year, forcing
| me to upgrade to a 3G phone. Let's hope your operator
| won't do the same thing.
| tenebrisalietum wrote:
| It's a big value add for you, as a corporate IT deployer.
|
| Outside of corporate IT, what if Microsoft uses this remote
| attestation to enforce binding non-corporate PCs to a Microsoft
| account. Some don't have a problem exposing everything to
| Microsoft's cloud, but Pluto sounds like it could be used to
| enforce this on a hardware level.
|
| If computing devices without bondage to a cloud service are
| impossible, Windows has no more value proposition for me for
| personal computing. I'm going to stick with Apple, because at
| least Apple allows me to turn it all off, off seems to mean off
| on at least Apple iPhones/iPads (I don't have to check hundreds
| of weirdly named services, policy settings, scheduled tasks
| that are all on for some reason), and settings don't seem to
| randomly sneak on between updates.
| POPOSYS wrote:
| What tools are you using today to realize this scenario?
| Thanks!
| Gh0stRAT wrote:
| The plugin my current employer uses is so well integrated
| that I don't even know its name. (I suspect it may be
| developed internally)
|
| At a past job, we used Entrust [0] and I'm aware of Virtru
| [1] as well.
|
| Edit: I forgot about Sharepoint, which also sort-of fills the
| ACL document-sharing niche. (though I'm less certain about
| whether it uses encryption to enforce its access policies)
|
| [0] https://www.entrust.com/ [1] https://www.virtru.com/
| oofbey wrote:
| A lot of this rant reminds me of the justification for crypto.
| The techno-anarchists are terrified of authority they can't
| hack around. The fact that some governments abuse their power
| implies no authority should ever have any power. If we can't
| break the rules then the world will end. It's a slippery slope
| from content providers getting paid to complete big brother
| 1984.
| badrabbit wrote:
| It doesn't protect from malicious document leakage: you can
| still take screenshots or photographs or use a plain txt file.
| For unintentional leakage, MSIP already does what you are
| saying this just bakes into hardware where patching/fixes are
| harder than the cloud
| jonathantf2 wrote:
| All sounds good for enterprise IT admins - who are the target for
| these features.
| icemanx wrote:
| That's it, no more Windows Laptops for me
| l30n4da5 wrote:
| might as well drop apple laptops, as well, since Pluton is
| pretty much Secure Enclave for PC.
| l30n4da5 wrote:
| ohwait, that means no more computers at all.
|
| well shit, time to switch careers.
| __void wrote:
| nowadays 98% of things implying "security" are actually unwanted
| products, protections for "the other side" or trivial distortions
| of reality where, conveyed by "security" itself, the user himself
| becomes the product
|
| - no, I don't need protections for the side channel, I never
| asked for them
|
| - no, I don't need a unique identifier, who is the demented
| person who asked you for it
|
| - no, I am not going to glitch the power supply, and even if I
| did it means I am interested in doing it and wish it worked
| instead I was prevented from doing it
|
| - no, I don't care at all about having a hw store for
| certificates, which are ephemeral and dropped from above anyway
| so what am I supposed to trust?
|
| - and so on
|
| "not secure by design" nowadays comes close to being a coveted
| feature
| userbinator wrote:
| _no, I don 't need a unique identifier_
|
| People fought against that and actually won, 23 years ago:
| https://news.ycombinator.com/item?id=10106870
|
| Unfortunately, that may have been the only victory, as they
| slowly started introducing a lot of other stuff silently under
| the guise of "security".
|
| _" not secure by design" nowadays comes close to being a
| coveted feature_
|
| Absolutely. As the saying goes, "insecurity is freedom".
| marcosdumay wrote:
| Hum... Looks like you didn't notice we losing.
|
| At that same time, Microsoft started using your HDD serial as
| an identifier. Nowadays there are unique identifiers in most
| of your hardware, including the north bridge of your
| motherboard and the TPM that windows now requires.
|
| Also, mobile devices got all kinds of unique identifiers from
| day 0.
| npteljes wrote:
| Absolutely. Security is just a PR term for these, like how
| "think of the children" narrative is pushed when pushing for
| certain legislations.
| fithisux wrote:
| Well stated.
| drpixie wrote:
| Yes ... I certainly look for chips WITHOUT certain "security
| features" when I'm building a system - makes it more difficult
| for the "bad guys" (really, just the greedy guys) to force me
| to do things the way they want.
| autoexec wrote:
| What chips are left? When they've got Intel and AMD that's
| the vast majority right there. We really need some kind of
| open and transparent chip manufacturer who is unwilling to
| infest their product with user hostile code at Microsoft's
| demand.
| drpixie wrote:
| Hmmm, yes. The Core-X seem helpfully lacking in undesirable
| features, but the standard range is certainly heavily
| encumbered. If I can get a half descent RISC-V chip and
| motherboard, that might be the go...
| raxxorraxor wrote:
| Security has degraded to snake oil on a lot of topics. Boot
| infection are really rare and the whole TPM module isn't really
| needed in my opinion and I don't want it either for my systems.
| There are edge cases and sensible applications, but I don't
| want to see it as standard.
| kmeisthax wrote:
| The concern with boot infections aren't for standard every-
| day malware, which is perfectly happy to just mine crypto on
| your machine in a sandbox[0] or read out your browser
| cookiejar for login tokens at normal user privilege. The
| kinds of people dealing in boot infections these days are
| three-letter agencies looking to make very difficult-to-
| detect malware that they can attack other countries'
| infrastructure with. Likewise the companies that run said
| infrastructure would rather buy servers and client machines
| that will defend against such attacks.
|
| Before you say, "well, they're the government, why don't they
| just compromise the secure boot CA"; the problem is that
| cryptographic signatures create evidence. If someone finds
| your boot sector malware you don't want it to be attributable
| - but signatures from an already-trusted entity create
| exactly the kind of paper trail you'd rather avoid. If
| Microsoft signs a boot sector virus, then it's obviously a US
| government cyberweapon, and any companies that find it in
| their systems will start suing. In this particular context,
| secure boot is a policy of "no execution without
| attribution".
|
| [0] Which nowadays can even be done in a browser. Modern
| browsers actually have to have throttling and CPU usage
| limits because of this.
| Avamander wrote:
| > Boot infection are really rare
|
| Gee I wonder why. /s Such statements are tedious to say the
| least, preventions have been implemented, obviously it
| curtails such abuse, obviously that reduces frequency.
|
| > the whole TPM module isn't really needed in my opinion
|
| It's nice that you have no key material that would need to be
| kept strictly on the device, but a lot of users actually do.
| We don't want people's Webauthn tokens carried away, we don't
| want Bitlocker keys stolen, most certainly we do not want
| biometric authentication data stolen. Maybe you have reduced
| that risk to near zero, but that's not the case for the vast
| majority of users.
| raxxorraxor wrote:
| > Gee I wonder why
|
| The frequency dropped even before TPM was deployed on most
| machines and I guess most systems still haven't it enabled
| today. Reason for that is that there are simply more direct
| and profitable ways to get system access, see most
| applications of ransomware for example.
|
| > It's nice that you have no key material
|
| You can use many different types of authenticators. If you
| use Windows Hello you need TPM and they try to hinder you
| adding alternative means without TPM being activated. But
| that is a different story and solely on Microsoft. No need
| to falsely or passive aggressively suggest that a system
| would be insecure without these specific means.
| Avamander wrote:
| > The frequency dropped even before TPM was deployed on
| most machines
|
| I interpreted your sentence as two disjoint statements
| and thought you find UEFI/SB _and_ TPMs all useless. But
| yes, it indeed started dropping before. TPMs don 't deal
| with that topic unless we're speaking of Trusted Boot,
| which is a whole separate concept.
|
| > [...] hinder you adding alternative means without TPM
| being activated. But that is a different story and solely
| on Microsoft.
|
| No it's not solely on Microsoft. If there isn't a safe
| place to store keys, it makes sense to dissuade storing
| them. Fairly obvious, isn't it?
|
| > You can use many different types of authenticators.
|
| It's not a very realistic suggestion for most users and
| use-cases. Having a built-in module that does the job has
| a lot of upsides.
|
| > No need to falsely or passive aggressively suggest that
| a system would be insecure without these specific means.
|
| I didn't say such a system would be insecure, however it
| can't safely store key material, it would be less secure
| in a bunch of contexts.
| raxxorraxor wrote:
| > Having a built-in module that does the job has a lot of
| upsides.
|
| And downsides, especially for corporate usage you don't
| want your data protected by device keys if they aren't
| set by yourself or replicated elsewhere. But it is a
| security risk to deploy such keys on local machines in
| the first place in many circumstances.
|
| > If there isn't a safe place to store keys, it makes
| sense to dissuade storing them. Fairly obvious, isn't it?
|
| The behavior is that you can only add keys if you already
| activated TPM. This is an implementation detail of
| Windows Hello. Perhaps they changed it but I can think of
| some reasons why they forgot to add the option.
|
| > it would be less secure in a bunch of contexts
|
| No, I disagree. Severely less secure depends on the
| security model. Applications cannot usually randomly
| access any memory, but yes, the system would need to
| ensure that and there can be attacks. If you assume your
| system is compromised on that level your device
| encryption will be bypassed via the same channel. TPM
| comes with its own suite of security flaws in regards of
| device identification (bug or feature?). That is a
| relevant threat model compared to many memory attacks
| regardless of the countless other fingerprinting problems
| we currently are subjected to. Plus the DRM issues around
| remote attestation and sealed storage.
| Avamander wrote:
| > And downsides, especially for corporate usage you don't
| want your data protected by device keys if they aren't
| set by yourself or replicated elsewhere.
|
| It's a solved problem in corporate environments.
|
| > But it is a security risk to deploy such keys on local
| machines in the first place in many circumstances.
|
| That's a massive stretch and no normal corporation agrees
| with that statement.
|
| > No, I disagree.
|
| Other people's threat models are not something you can
| disagree with.
|
| > If you assume your system is compromised on that level
| your device encryption will be bypassed via the same
| channel.
|
| Well not really, it's not a bypass. Continuous abuse of a
| compromised machine is significantly noisier than
| exfiltrating the keys needed and then abusing those. Plus
| you can't touch anything that would change TPM
| measurements, or you'll lock yourself out. It's much more
| cumbersome.
| bambax wrote:
| Could not agree more. Security only means control. I don't want
| security. I don't even want safety. I have never cared about
| either, and I'm now too old to die young, so I'm not afraid.
|
| > _" not secure by design" nowadays comes close to being a
| coveted feature_
|
| That's a huge market opportunity. I would buy "insecure"
| products over secure ones every time.
| bencollier49 wrote:
| Ah, but it won't work on the internet once ISPs are forced to
| use remote attestation to prove you're using a government
| approved device.
| darzu wrote:
| It's worth distinguishing between security against software
| attacks and security against physical "attacks".
|
| I absolutely don't want my internet connected pet cam to be
| accessed remotely (outside the set of companies i've decided to
| trust, namely the manufacturer.)
|
| Protection against hardware tempering is less good and probably
| mostly anti-consumer. The most legitimate cases I've heard:
|
| - Protection from (some) supply chain attacks
|
| - Leasing models. Where you acquire the item for less than it's
| hardware cost and pay over time.
|
| But honestly I'm not convinced of either.
|
| Disclosure: I worked on Azure Sphere, the first place Pluton
| was developed outside Xbox.
|
| Edit: I've read the whole article now. These scenarios are
| really bad and really realistic. Pluton is bad.
| notriddle wrote:
| > - no, I am not going to glitch the power supply, and even if
| I did it means I am interested in doing it and wish it worked
| instead I was prevented from doing it
|
| This one makes no sense. Wouldn't 99.9% of power supply
| glitches be some sort of accident, and something that the end
| user probably doesn't want?
| [deleted]
| LaputanMachine wrote:
| > no, I am not going to glitch the power supply, and even if I
| did it means I am interested in doing it and wish it worked
| instead I was prevented from doing it
|
| Are you talking about brown-out detection circuits, or is there
| something else?
| darzu wrote:
| The first xbox was hacked using an attack via the power
| supply I believe. It caused some instructions in the boot
| sequence to be skipped i think. It's a really cool story,
| wish i had a link.
| PaulHoule wrote:
| We've been hearing this story for a real long time...
| xfer wrote:
| This is the problem, when normal people stop buying PCs, only
| gamers and enterprise customers remain. So they will sell what
| their customers want.
| toastal wrote:
| And now the gamers want mostly online competitive games and
| their makers want the strongest DRM and kernel-level inspection
| all in the name of anti-cheat. We shouldn't be surprised if
| online games are one of the first spaces to require Pluton-
| enabled systems or no boot game.
| keyringlight wrote:
| I'd say that stage has already come, there's huge amounts of
| people where their main or only computing device is a phone or
| tablet. I've dealt with recruitment in a non-technical field
| and their phone is the online nexus point for them for any
| emails, documents, or website interactions. Even for gaming I'd
| argue PC is going into enthusiast territory and the GPU pricing
| situation hasn't helped that, consoles and phone gaming is
| strong and streaming has developed a niche.
| beprogrammed wrote:
| I'm all for it, just let me delete the Microsoft keys and start
| the trust chain with my own
| TeeMassive wrote:
| Reminds of of Palladium:
|
| https://www.zdnet.com/article/microsofts-palladium-what-the-...
| https://en.wikipedia.org/wiki/Next-Generation_Secure_Computi...
| metadat wrote:
| Ew. Why are all the chip manufacturers going along with this
| stupid plan? I want to buy a processor and then own it and have
| it work in my best interests, not consume electricity and
| generatie heat enforcing draconian 3rd party DRM policies.
| boppo1 wrote:
| Alphabet soup, probably, along with iphone profitability.
| autoexec wrote:
| > Ew. Why are all the chip manufacturers going along with this
| stupid plan?
|
| Because if they don't add whatever garbage Microsoft orders
| them to include in their chips then Microsoft can simply
| require that shit for the next version of their OS to boot.
| They could even force an update on existing PCs to check for
| it. Nobody is going to buy a chip if having it means they can't
| run the OS that 99% of computers on the plant are using. If
| Intel dared to say no, MS could pretty much run them out of
| business.
| aquova wrote:
| This works both ways however. No one is going to buy the OS
| that can't even run on their latest chip. Microsoft can make
| all the demands they want, but the chip manufacturers still
| have the power to refuse to implement it; if Microsoft wants
| to brick their own OS, that's not their problem.
| autoexec wrote:
| > No one is going to buy the OS that can't even run on
| their latest chip.
|
| Unless that latest chip is vastly superior to what we have
| today, almost nobody is going to care. Most people couldn't
| tell you which chip is in their computer right now. They
| don't even care what a processor is. They just want to be
| able to click on the little picture that makes facebook
| happen and they don't want to have to learn anything new to
| make that happen.
|
| If every chip manufacturer refused, you're right that we'd
| be pretty safe, but the moment they can get just one chip
| manufacturer on board every OEM will buy those chips or go
| out of business. Intel was "evil inside" decades ago for a
| reason, so we knew how this was going to play out.
| paxys wrote:
| Because Apple
| kimmeld wrote:
| The market (software/system builders) say that locked down
| platforms like the iPhone are fabulously profitable. Sorry.
| metadat wrote:
| Lol, cargo-cult chip fabbing. What's next? I can't even
| fathom.. maybe this inability on my part is a blessing in
| disguise.
| Vespasian wrote:
| And that's why the road to a better software ecosystem is not
| some hackers smart trick to defeat the system for the moment
| but very clear rules of what is allowed to be done in the
| name of security and what isn't
|
| A legislative piece of paper (or many pieces of paper) have
| the power to reign in corporations far far beyond any
| technical solution or workaround.
|
| And yes, that requires limiting (intellectual) property
| rights and regulating what certain contracts can enforce.
| Sometimes it's needed if you ask me
|
| In my experience this sentiment is rejected primarily by many
| technical people because it feels like adding the human
| factor to a pristine world of logic. In reality it's humans
| all the way down and there is no reason to believe that
| Microsoft/Apple is a better steward than an elected body of
| representatives acting according to the rule of law
| 0xedd wrote:
| So is war. Don't reproduce.
| Ruq wrote:
| Don't Reproduce?
| dragonelite wrote:
| Because China and Russia might be hacking your hardware.
|
| Don't people listen when a guy like Pompeo speaks he has pretty
| much outlined the plan with his Clean Network Initiative, I
| wouldn't be surprised that within a decade CloudFlare and other
| US cloud services will be used as the great firewall of the
| western sphere.
| fithisux wrote:
| Are there proofs for the easterners? Because for the
| westerners they are plenty.
| smaudet wrote:
| You will notice if you express opinions on here that are not
| cochure with the 'tech gods' I.e. dictators, you will get
| heavily downvoted.
|
| Greed is the reason.
| metadat wrote:
| Simple solution: don't care about up or down -votes. Believe
| me, Internet points are a sham and waste of time. Focus on
| interesting conversations and connections instead.
| qweqwerwerwerwr wrote:
| you can't have an interesting conversations if it takes 3
| or so powerusers to gag you
|
| I see tons of interesting comments flagged/dead within
| minutes. there are rarely controversial, or low-quality, or
| rule-breaking
|
| there are plenty of topics you are only allowed to express
| a pre-approved opinion about, and I can't even give you
| examples without getting muted
| throwaway14356 wrote:
| It is much worse than he thinks. If I was to write out the
| worse case scenario the MS employee would have no choice
| but to consider it.
|
| Therefore win 13 will be a theme for ubuntu packaged with a
| FOSS version of office. MS will award large weekly prizes
| for the most useful FOSS app extending the eco system. It
| will be sold on multi TB external drives that work like
| live USB only daisy chained. Weekly new releases cramped
| with so much free stuff every neck beard around the world
| must own all of them. A few movies, some music, a game or
| 2. Each comes with a poster, a t shirt and a book. Prices
| go up and down using RNG making some releases rare and hard
| to get.
| pmontra wrote:
| Reminds me of computer magazines bundled first with
| cassettes, then floppy disks then CDROMS, 80s to 90s.
| Occasionally some other gadgets too. Everybody like us
| was buying them.
| metadat wrote:
| I'm so confused... What are you two getting on about?
|
| Is it just me or is it like two GPT-3 bots having a
| conversation?
| tbjoern wrote:
| Quite scary isn't it? What a time to be alive. I'd never
| have believed that I am seriously questioning whether a
| conversation on the internet is real. Even after all the
| gpt3 quiz sites, like the one where you have to guess if
| the code is generated or real.
| [deleted]
| hammyhavoc wrote:
| This is word soup.
| goodpoint wrote:
| > Why are all the chip manufacturers going along with this
| stupid plan?
|
| Because the music/movie industry benefits from DRM and made
| agreements with the software and hardware industry.
|
| Also NSA and the military complex benefit enormously from
| having control over hardware around the world.
| gjsman-1000 wrote:
| It's tragic (especially if you care about general-purpose
| computing and the future of open platforms), and a sign that
| Microsoft's Palladium project was never really canceled. Boil
| the frog...
|
| Of course, Microsoft would say it's not about DRM (at least
| right now), it's for "security." Which... its secure as
| Microsoft's servers are, to be sure.
| intelVISA wrote:
| Next-Generation Secure Computing my ass.
| MikusR wrote:
| Intel started putting ME in their cpus 12 years ago.
| 2Gkashmiri wrote:
| and yet, without any evidence, huawei is being blamed for
| "spying".... smh
| superchroma wrote:
| It's not mutually excusive. I think risks from hostile
| powers need to be called out, and I think we also need to
| be calling out this bad behavior on our side too.
| Schroedingersat wrote:
| The US is a hostile power everywhere else in the world.
| And then also for about 4-8 out of every 8 years to its
| own citizens.
| ahartmetz wrote:
| People should generally be most afraid of their own
| government - it's the one that is allowed to use violence
| where they live.
| cesarb wrote:
| > People should generally be most afraid of their own
| government - it's the one that is allowed to use violence
| where they live.
|
| Be careful to not forget the distinction between "being
| allowed to" and "being able to". There are documented
| cases of countries (including the USA) using violence
| against people even when they aren't the government where
| these people live.
| oarsinsync wrote:
| > And then also for about 4-8 out of every 8 years to its
| own citizens.
|
| And you can pretty much guarantee that ~50% of the
| population will always consider that statement true, no
| matter the government of the day.
| lern_too_spel wrote:
| It sounds like you can still do that. Other people will get to
| decide if you can use their services with your device, but
| (unlike an iPhone, for example) it's still your device to do as
| you please with.
| hammyhavoc wrote:
| Because owning your device is a nice bedtime story we've been
| told for quite some time now since the iPhone became the norm.
| Analemma_ wrote:
| The conspiratorial answers here are emotionally satisfying, but
| ultimately wrong. The reason chip makers and OS vendors are
| adding this is customer demand, by which I mean enterprises.
| Companies _want_ remote attestation and guaranteed-immutable OS
| images on their networks, and I honestly can 't say I blame
| them. In a perfect world they could have it and we could
| somehow firewall it away from the consumer space entirely, but
| that's not going to happen.
| intelVISA wrote:
| I don't really care for the reason, why can't we as consumers
| opt out if it's consumer oriented then? For me it's not even
| about the egregious security and privacy implications -- I
| just simply want the (illusion of) choice w/r/t silicon
| rootkit 'features' that I'll never use.
| sofixa wrote:
| You can, it even says in the article that Lenovo and Dell
| are shipping with the Pluton chips disabled by default. If
| they can do it, a user can disable it to (for now at
| least).
| fsflover wrote:
| Proprietary software with full system access tells that
| it's disabled. Do you trust that?
| intelVISA wrote:
| the same Lenovo that put a MITM attack in people's BIOS?
| walterbell wrote:
| On-premise, open-source, customer-owned remote attestation
| servers are possible. Avoid outsourcing integrity
| verification to 3rd-party clouds.
| [deleted]
| wmf wrote:
| The same enterprises asking for this stuff are also asking
| for it to be taken out of their hands because they don't
| trust themselves to operate it securely or reliably.
| pmontra wrote:
| So this turns into security theater because ultimately
| they can't trust those third parties too.
| LtWorf wrote:
| They don't care about security, they just want proof that
| they did what they could when disaster happens.
| notriddle wrote:
| You're thinking about companies as monoliths. They are
| groups of people.
|
| The managers who want remote attestation aren't the
| people implementing it. They either pay someone else to
| do it, or they pay someone else to do it. The difference
| between paying a third-party company and an employee is
| that employees are more expensive, because the costs
| aren't amortized over other customers who want the same
| stuff. Why would they be more trustworthy? Why would they
| be better at it? Why would it be any less likely to be
| hacked if you did it at your company than if you
| outsourced it?
| uw_rob wrote:
| When it comes to security someone must always sleep with
| one eye open - co-owning this responsibility is totally
| reasonable. Microsoft takes security seriously and is
| investing heavily in it; if they are already in your orgs
| trust boundaries I see no reason why they wouldn't be
| considered good stewards for this as well.
|
| Besides, at enterprise scale, how do you trust internal
| teams? It could all be security theater and they aren't
| delivering on their promises as well.
| sofixa wrote:
| > Microsoft takes security seriously and is investing
| heavily in it
|
| Some parts of it maybe do. Some others, like multiple
| different Azure teams, don't even think about anything
| resembling security, or there wouldn't have been multiple
| critical and trivially exploitable security
| vulnerabilities on Azure in the last year only. (If you
| don't know them, please read up on them. Security is
| hard, but in those cases nobody even pretended to try!)
| autoexec wrote:
| I'm frankly already appalled by how much data
| (proprietary data, customer data, employee data, etc)
| companies are fine leaking to 3rd parties, MS especially.
| Even if you assume that Microsoft could never ever
| possibly be hacked, or would never favor one of your
| competitors enough to hand them your data, Microsoft's MO
| has often been basically stealing other people's
| work/ideas and stomping out or absorbing the people they
| took it from. The data they get from outlook alone must
| be worth a fortune, but with everything the OS collects
| these days it's insane how little anyone cares.
| p_l wrote:
| Yes, they are possible... And they are implemented using
| all the evil things like Secure Boot, TPM, and Pluton.
|
| MS remote attestation doesn't require remote cloud or
| anything like that, I recall it supporting air-gapped
| environment from the start (guess why, the top-price
| enterprise clients _want that_ , including resigning
| windows with their own secure boot keys).
|
| Disclaimer: for various reasons open source remote
| attestation in corporate is currently on my roadmap at work
| fsflover wrote:
| > And they are implemented using all the evil things like
| Secure Boot, TPM, and Pluton.
|
| There is nothing evil with TPM when you fully control it.
| See: Librem Key.
| p_l wrote:
| You either don't remember or wasn't there when TPMs were
| first talked about, in either case I envy you then.
|
| And yes, there's nothing evil involved if they are owner
| controlled, something that honestly was heavily Microsoft
| pushed because they do have clients that insist on them -
| the DRM functionality in intel ME has keys controlled by
| broadcasting associations instead (this is why you can't
| stream HQ on Linux from official sources), same with part
| of why AMD PSP got some uncontrolled bits (the blackmail
| goes that if you don't do that, customers will quickly
| find they can't stream netflix/whatever in high quality
| on your hw and will stop buying it).
|
| Personally I believe that owner-control of hw should be
| enshrined in law, just like right to repair and modify,
| along with laws against deceptive "looks and quacks like
| a sale, is actually a lease" practices
| walterbell wrote:
| _> owner-control of hw should be enshrined in law_
|
| Have you seen OCP's Caliptra RoT, which requires OSS
| firmware, enforced by dual-signing of firmware by both
| OEM and owner? Currently for hyper-scalers, but this
| approach can be adopted by other enterprise customers,
| https://www.youtube.com/watch?v=p9PlCm4tLb8. Attestation
| will be done to Caliptra, which can then release SoC boot
| ROM from reset.
| selfhoster11 wrote:
| Good, if companies want those features, then they can be the
| ones to pay the price in privacy. Otherwise, let me set an
| OTP bit to disable all Management Engine kinds of
| functionality on the CPU permanently.
| fithisux wrote:
| Enterprises can put whatever they like on their devices. Not
| mine. So this argument falls apart.
| peter_retief wrote:
| Microsoft are trying to enforce a monopoly on hardware, where is
| the https://www.sec.gov/ on this?
| mordae wrote:
| This. M$ is literally trying to wall off the PC.
| pjmlp wrote:
| Just catching up where IBM failed.
| peter_retief wrote:
| That is "exactly" what they are trying to do, I find it sad
| that people are prepared to accept this as business as usual,
| considering the efforts made to make Linux available to
| everyone.
| goodpoint wrote:
| """Microsoft believes they need to exercise more control over PC
| Security than previously"""
|
| This has little to to with security. It's about having more
| control over the user.
| rtev wrote:
| When I clicked the link, I expected to see media security DRM
| functionality or something along those lines. However, from
| what I can tell, this is all critical security stuff; the
| security community has been begging for features like these for
| ages.
|
| Kind of feels like Microsoft can't win here. Everything is free
| and unprotected and their OS is a security joke, or they harden
| and get accused of DRM and monopolizing.
| mjg59 wrote:
| This is not a good article. At a technical level it's confused
| about a whole bunch of things:
|
| * SMM has been part of x86 for _decades_. The Secured Core
| requirements around SMM actually _reduce_ its power.
|
| * The claimed requirement to remove the third party UEFI CA
| certificate from 2022 Secured Core PCs is entirely unrelated to
| Pluton (it's required regardless of whether Pluton is enabled or
| not, and even whether the CPU has Pluton or not)
|
| * Most of the description of Pluton is actually a description of
| a TPM. You don't need DICE for remote attestation. TPMs are
| already a hardware keystore.
|
| * System firmware is _already_ being updated via Windows Update.
| The discussion about Pluton and Windows Update is around _Pluton_
| getting firmware updates that way (the existing story around
| firmware updates for TPMs is largely not good)
|
| * Existing TPM-based remote attestation already includes the
| secure boot state
|
| The short version: everything that the article is worried about
| being enabled by Pluton is already possible, and has been for
| years.
|
| But there's a meaningful point here. Remote attestation can
| certainly be used to restrict access to resources in ways that
| are incompatible with general purpose computing, or which reduce
| user choice. Remote attestation can also be used to give end
| users confidence that their machine is in a good state without
| constraining what they do with it. As a technology, remote
| attestation can be used in both good and bad ways. We do need to
| keep track of whether anyone is threatening to use it in bad ways
| and react appropriately.
|
| (But tbh remote attestation as an attack on general purpose
| computing isn't the really scary thing about widespread remote
| attestation. Remote attestation ties back to the TPM's
| endorsement key, an immutable cryptographic key certified by the
| TPM vendor at manufacturing time. The straightforward
| implementation of allowing arbitrary remote sites to trigger
| remote attestation would tie all of these accesses back to a
| single piece of hardware, and would be a privacy nightmare.)
| gjsman-1000 wrote:
| You are incorrect yourself in several ways here.
|
| > The claimed requirement to remove the third party UEFI CA
| certificate from 2022 Secured Core PCs is entirely unrelated to
| Pluton (it's required regardless of whether Pluton is enabled
| or not, and even whether the CPU has Pluton or not)
|
| Pluton is de-facto a Secured Core PC implementation, and Secure
| Core PCs are also making this change. Thus it effects both
| Pluton and Secured Core, but the new requirement does not
| effect non-Pluton and non-Secure-Core systems. Because Secured-
| Core PCs are currently niche and will no longer exist once
| Pluton is broadly adopted, Pluton will be the first appearance
| of this change for the vast majority of users.
|
| If I'm selling a 12th Gen Intel system right now, I can keep
| the 3rd-party UEFI certificate enabled. If I am selling a 12th
| Gen Secure Core PC, then this year I must disable that
| certificate, but my non-Secured-Core PCs can again keep it
| open. When Pluton arrives, that door must be shut.
|
| You can verify this with Microsoft's Secured Core PC
| documentation:
|
| https://docs.microsoft.com/en-us/windows-hardware/design/dev...
|
| > Most of the description of Pluton is actually a description
| of a TPM. You don't need DICE for remote attestation. TPMs are
| already a hardware keystore.
|
| To an _extent_. The original TPM is very finicky as documented
| by the comments on this post and elsewhere - even changing a
| RAM stick could invalidate the TPM 's assertion. For this
| reason, the TPM was very unideal for DRM due to it's all-or-
| nothing approach, which Microsoft Pluton does not make the
| mistake of repeating, allowing for much more granular security
| that makes it much more easily applied. The second reason why
| Pluton is much more dangerous is that the TPM could be easily
| virtualized or hacked over the bus rendering DRM use-cases
| quite broken, whereas Pluton supports neither weakness, making
| its DRM potential (again) much more potent. Finally, using
| DICE, unlike a TPM, the Pluton is explicitly designed to give a
| computer a permanent identity that can never be erased, which
| (again) TPM does not guarantee.
|
| Useful HN comment explaining:
| https://news.ycombinator.com/item?id=25193346
|
| That's actually the big reason why the Remote Assertion is an
| important point here. The TPM version of it was almost unusable
| outside of very niche business applications and BitLocker,
| while with DICE, the Pluton is _far more potent_. (After all,
| if TPM worked fine on it 's own, why does DICE even exist?)
|
| I think the last point to further back this view I will also
| add is these comments from a Microsoft employee on the subject.
|
| https://lobste.rs/s/fdguww/dangers_microsoft_pluton#c_tdlo1r
|
| > System firmware is already being updated via Windows Update.
| The discussion about Pluton and Windows Update is around Pluton
| getting firmware updates that way (the existing story around
| firmware updates for TPMs is largely not good)
|
| Microsoft themselves states in Pluton's announcement that
| Pluton will hardware-integrate with Windows Update for various
| system firmware, through their "chip-to-cloud" security
| initiative. To quote them:
|
| "One of the other major security problems solved by Pluton is
| keeping the system firmware up to date across the entire PC
| ecosystem. Today customers receive updates to their security
| firmware from a variety of different sources than can be
| difficult to manage, resulting in widespread patching issues.
| Pluton provides a flexible, updateable platform for running
| firmware that implements end-to-end security functionality
| authored, maintained, and updated by Microsoft. Pluton for
| Windows computers will be integrated with the Windows Update
| process in the same way that the Azure Sphere Security Service
| connects to IoT devices."
|
| This is a little frustratingly vague and thus part of the
| reason why Pluton requires some speculation. Judging by the
| reference to "different sources that are difficult to manage",
| it appears you don't update Pluton, Pluton updates you. Pluton
| has an active role in your system's security, whereas TPM was
| only passive.
| mjg59 wrote:
| > Pluton is de-facto a Secured Core PC implementation
|
| No, it's not. You can deploy Pluton without having to
| implement the Secured Core PC spec.
|
| > Microsoft Pluton does not make the mistake of repeating,
|
| No, seriously, the only remote attestation supported by
| Pluton on x86 at present is literally this TPM-based remote
| attestation. There's no meaningful fragility here - remote
| attestation means you can look at the individual log events
| rather than just looking at the composite PCR values, and
| that lets you ignore the noise created by things like
| hardware configuration changes. I have helped build and
| deploy infrastructure that makes use of remote attestation to
| validate secure boot state.
|
| > the TPM could be easily virtualized
|
| No, because the EK certificate won't chain back to a trusted
| CA>
|
| > hacked over the bus
|
| True in some cases, but already mitigated on all systems that
| are using fTPMs (ie, most Windows 11 systems).
|
| > the Pluton is explicitly designed to give a computer a
| permanent identity that can never be erased, which (again)
| TPM does not guarantee.
|
| TPM does, in fact, guarantee that. The endorsement key is
| static over the lifetime of the TPM.
|
| > why does DICE even exist
|
| DICE provides a set of features that don't require the
| functionality of a full TPM. This allows you to implement
| things like device identity attestation in a standardised way
| that works for both hardware with a full TPM and also IoT
| devices where a TPM would be too expensive.
|
| > Today customers receive updates to their security firmware
| from a variety of different sources
|
| Look at the diagram immediately above that quote. They're
| talking about the firmware that runs _on_ Pluton, not the
| firmware executed by the main CPU.
|
| Again, you're raising a legitimate issue (remote attestation
| can be used for bad things), but you're burying it under a
| bunch of misconceptions and just flat out inaccuracies. I
| agree that we should be worried about widespread use of
| remote attestation, both from a "War on general purpose
| computing" perspective and a privacy perspective. But
| literally everything you're legitimately worried about
| happening could happen right now. Framing this as something
| that's tied to Pluton risks giving people the impression that
| they can avoid it by just not buying anything with Pluton,
| and that's simply untrue.
| gjsman-1000 wrote:
| > No, it's not. You can deploy Pluton without having to
| implement the Secured Core PC spec.
|
| I may update the article to reflect this, I will look into
| that further. So far the few Pluton systems available all
| seem to also implement Secured Core, however, as more
| systems become available perhaps that will change...? I am
| OK with being wrong here and openly admit that there may be
| inaccuracies and speculation due to the limited public
| information and limited number of systems and
| configurations with Pluton so far.
|
| I'm not quite at the point of agreement yet, mainly because
| your argument leaves Pluton's addition and functionality
| almost redundant and inexplicable. From your perspective,
| almost everything the Pluton is capable of is also possible
| with a TPM. However, this does not make sense to me, as why
| implement the Pluton if an fTPM is fully capable of
| everything the Pluton can do? Why can't an fTPM just be
| updated with CPU microcode which Windows Update already can
| handle? What is the point of SHACK then if TPM is fully
| capable of handling keys already? Why would Microsoft make
| a grand announcement about how this allows for "chip-to-
| cloud" security with Project Cerberus and all that, if
| nothing actually changes almost at all?
|
| Also, can you explain how this checks out with Microsoft
| RIoT?
| mjg59 wrote:
| Given the apparent requirements around the Third Party
| UEFI CA, it's impossible for any device with a plug-in
| GPU to meet the Secured Core PC requirements. Unless
| Pluton is never going to be present in workstations,
| Pluton does not imply Secured Core.
|
| PSP and ME firmware isn't part of the CPU microcode.
| There's no fundamental reason why the updates couldn't be
| provided via Windows Update, but that would require Intel
| and AMD to choose to do so. There's frequently fairly
| tight binding between ME/PSP firmware and the system
| firmware, so it may well be the case that the vendors
| simply don't feel comfortable providing updates without
| board vendors having validated that first. The ME and PSP
| also offer significantly larger attack surfaces than
| Pluton does, so there are legitimate concerns over
| whether they can offer the same level of security
| assertion.
|
| TPMs normally sequester keys to themselves, but the spec
| doesn't say anything about how that's handled - the keys
| could be in a separate hardware block that's isolated
| from the rest of the TPM, or they could be just living in
| RAM on the TPM. In the latter case, any vulnerability in
| the TPM firmware would potentially allow the keys to be
| exfiltrated. SHACK is intended to provide a higher degree
| of isolation, such that even if the Pluton firmware is
| compromised the keys will still be inaccessible to an
| attacker.
|
| I'm not quite sure what you mean with respect to RIoT.
| Devices that make use of RIoT aren't intended to be
| general purpose computing devices.
| gjsman-1000 wrote:
| I'm not entirely sold for a few reasons.
|
| 1. This would require that Intel and AMD find it less
| intrusive to build an entire additional SoC into their
| processors, on whatever node necessary, than to package
| their software for Windows Update. Also, it leaves out
| the question, why couldn't Microsoft have required that
| AMD and Intel just implement a TPM outside of the PSP/ME
| with similar hardware protections? Intel would have
| vastly preferred that, as then they could have just
| marketed it as part of their vPro solution.
|
| 2. For RIoT, it was reported by IEEE in their report that
| the Pluton _does_ implement RIoT, and this report was
| endorsed by the Vice President of OS Security at
| Microsoft as the best write-up so far just yesterday (see
| https://twitter.com/dwizzzleMSFT/status/15515945900874383
| 36). So there is more to the story than you believe on
| this subject. Unless the Vice President of OS Security at
| Microsoft who actually worked on Pluton is incorrect,
| Pluton does have RIoT.
|
| I will dare quote a fair-use bit of the paywalled report:
|
| "Pluton also implements the device identifier composition
| engine (DICE) specification, as defined by the TCG, along
| with the Robust Internet of Things (RIoT) specification,
| as defined by Microsoft, to achieve DICE+RIoT. Using this
| technology, a device cannot masquerade its boot path;
| more simply, it provides a strong method for attesting to
| a device's current state and status (e.g., patch version,
| firmware version, etc.). It is important that this is
| implemented in hardware, rather than firmware, because
| the hardware which performs the initial measurements and
| checks on power-on cannot be modified by an attacker.
| Relying on device attestation rooted in firmware or
| software is dangerous because if the initial stages of
| the boot process are compromised then the entire boot
| process can be falsified and a bogus attestation can be
| produced. While Microsoft intends for this technology to
| be compatible with their Azure Attestation service, since
| it is built using open standards it can be leveraged by
| any attestation service, which supports DICE+RIoT."
|
| Edit: On that note, I have added an update to the blog
| post noting this conversation and that while I am not
| fully convinced of your points, it is also worth reading.
|
| Edit 2: On a third note, I doubt that Microsoft intends
| "Secured Core" to be a thing that just sticks around
| forever. Even though this is just speculation, I find it
| hard to believe Microsoft would not one day make Secured
| Core or parts thereof (say, everything except the
| Thunderbolt protection) mandatory. That is yet another
| possibility, that "Secured Core" become more and more
| similar to mainline Windows over time. They may have
| already to OEMs, but I will admit there is no way to
| prove one way or the other.
| userbinator wrote:
| salawat wrote:
| Ah... Yes. The vaunted, "we want a UUID for everything to
| eventually use to identify any system to create a
| namespace of for no reason at all, why are you acting so
| funny? There's no abuse potential at all."
|
| Truly, there are days I feel like Oedipus had a good
| idea. Tired of reading the rampant industry gaslighting
| around what our current crop of engineering talent is
| whipping up for the up-and-comings to be subjected to.
| mjg59 wrote:
| Like I said, firmware updates for the ME and PSP are
| generally tied to system firmware updates, so it's not
| just a matter of Intel and AMD packaging stuff - they'd
| need to change a lot of development methodology to ensure
| that these updates could be decoupled from the board
| vendor. And as far as Microsoft requiring that they
| implement a TPM - that's basically what they did?
| Microsoft just provided an implementation for them to use
| as well.
|
| Pluton can be used in different contexts, and it can
| certainly be used in more IoT focused scenarios. UEFI
| doesn't really integrate with the DICE case terribly well
| (I'm dealing with DICE at the moment professionally,
| because I've made some poor choices in life), so I don't
| imagine it'll be relevant in the general purpose
| computing segment.
| userbinator wrote:
| trh0awayman wrote:
| Can RISC-V save us here? Or is it time to start hoarding CPUs?
| zogomoox wrote:
| I would assume chinese made RISC-V have their own special
| sauce.
| hammyhavoc wrote:
| That's a big assumption.
| goodpoint wrote:
| ...if the schematics and tapeouts are entirely public.
|
| Otherwise you can be assured that there will be backdoors.
| freemint wrote:
| You can post hoc modify circuits so they look like doing
| logic A but they actually do logic B by adding new p or n
| junctions.
| goodpoint wrote:
| In theory, yes. In practice it is not realistic to
| implement a plausible-deniable hardware backdoor
| targeting all CPUs being manufactured while keeping the
| schematics and tapeout open.
|
| While the same CPUs are even fabbed in different
| locations around the world.
|
| While also going undetected for years and while none of
| the engineers involved blows the whistle.
|
| In short no, you can get away with a targeted attack but
| nothing so massive.
| ftyhbhyjnjk wrote:
| It's time to start rejecting such corporations. Nothing else
| would work.
| meltedcapacitor wrote:
| Might be a blessing in disguise?
|
| The libre computing movement got lazy. We got used to care
| about free software and just accept free-riding on non-free
| hardware because "hardware too hard" and frankly we got it easy
| with x86 CPU and PC manufacturers being generally friendly,
| actively or passively, to free software and actually benefiting
| from industry concentration. The less attractive proprietary
| CPUs and other chips get, the greater chance a small but lively
| open ecosystem develops?
| dagaci wrote:
| I remember when Microsoft introduced driver signing, i remember
| articles in Slashdot and TheRegister going wild about how
| Microsoft was about block side-loading third party software, and
| only allow software which they specifically authorized to run on
| Windows or that they would charge large % fees to allow 3rd party
| software to be installed.
|
| When those these restrictive practices were introduced with iOS
| and to a much lesser extent various Android distributions (not
| just phone, but other types of appliances), i was genuinely
| surprised about how quiet the same type of people are, who I
| thought protested out of principal.
|
| Its the same pattern, like poltics, where people are just
| basically trying to sell or advocate for you to buy into or sell
| another product.
| bejelentkezni wrote:
| Yep. People have been banging the drum on TPMs and similar
| security chips being the end of personal computing for about 18
| years now. Still waiting.
| worldofmatthew wrote:
| Atom Bay Trail tablets were often locked to running Windows
| only.......
| Lucasoato wrote:
| > The road to hell is paved with good intentions.
|
| If there were only dystopic uses of this technology, its
| development wouldn't be able to go on internally. They are
| specifically taking this path so they always have plenty of good
| reasons to pursue their agenda.
| hgazx wrote:
| Regardless, I think that the pc platform deserves a good anti
| cheat solution.
|
| Separating the groups of those who have a good anti cheat system
| enabled (such as this) and those who don't is a good compromise
| for everybody. I think more reasonable companies such as Valve
| will go that way.
| shmerl wrote:
| Good anti-cheat solution is server side AI. Anything client
| side is malware.
| hammyhavoc wrote:
| Louder for the Cheeto-dust-covered people in the back.
| hgazx wrote:
| I know that this is a popular take here, which is why I
| proposed that there should be a mechanism to opt out. But
| that would mean that you would have to play against those who
| opted out as well.
| tpxl wrote:
| I would like to have an anti-cheat mechanism (that works),
| not a god damned security-nightmare rootkit that scans and
| uploads my private files to god knows where.
| Sakos wrote:
| Anything that prevents me from modding or cheating in my single
| player games is anathema to me. And companies like Activision,
| Ubisoft and Rockstar would love a hardware-based system that
| takes control away from gamers.
| whywhywhywhy wrote:
| Who needs to cheat in a Ubisoft game? Just point to the
| marker, walk, then hit R1 a few times, rinse repeat for 30
| hours.
| hgazx wrote:
| I didn't say anything about single player games.
| Sakos wrote:
| You didn't, but if the tech is there, it will be used.
| nojito wrote:
| The larger rationale for this is likely due to them losing very
| important share to macOS because of things like the secure
| enclave.
| [deleted]
| RicoElectrico wrote:
| The slowly rising "consolization" of PC, as my friend put it, is
| unnerving to watch.
| UberFly wrote:
| I've always thought that at some point the only "stomachable"
| version of windows is going to be some hacked offering, by god-
| knows-who or from where, but it'll still end up being preferable
| to what MS is requiring.
| hammyhavoc wrote:
| Isn't that the way it's been for several versions now with
| scripts to disable all the telemetry and shovelware?
| autoexec wrote:
| As far as I know there are no scripts that are capable of
| disabling _all_ of the telemetry and nothing that can 't be
| undone the instant the computer has an internet connection
| and connects to windows update.
| RajT88 wrote:
| Yes, you'll likely have to keep re-doing it.
|
| As far as scripts for it, this thread has some sage advice:
|
| https://www.reddit.com/r/privacy/comments/n3v0s5/disable_wi
| n...
|
| The tools to disable telemetry and bloat:
|
| https://github.com/irmatade/sharpapp https://www.oo-
| software.com/fr/shutup10
| https://github.com/Sycnex/Windows10Debloater
|
| MSFT doc on what all telemetry is gathered, and what is
| considered "required" telemetry (although they give you
| enough info to block it at the router):
|
| https://docs.microsoft.com/en-
| us/windows/privacy/configure-w...
|
| I do like Win10 as an OS. On the whole I'd say the Satya
| era of MSFT is a mixed bag, but better on the whole than it
| was before.
| Ruq wrote:
| Security can be used to create both a safe, and a jail. Remember
| that.
|
| ---
|
| I think Microsoft feels threatened at this point about Linux
| becoming more popular on PCs; what with hardware like the Steam
| Deck. Can't have Linux dominate the PC platform if you forcefully
| bind all hardware to the Windows ecosystem. Imagine if back in
| the day Microsoft used their dominance to block out all competing
| software on PCs but their own.
|
| ---
|
| I can see a dystopian future where Government can enforce
| code/file signing with technologies like this (DRM), so that you
| can never again have an open computing platform; you could only
| ever use code or view files approved by the State, and if you try
| to write code or create content, it won't work period unless it
| is first approved by the State. (such as with an AI scanning tool
| to detect and block "wrong-think" or "dangerous functionality"
| (i.e. dissent or otherwise that threatens the powers that be))
| sandworm101 wrote:
| Don't worry. Linux will always run on server hardware. We will
| just learn how to build rack-mounted gaming PCs.
| Ruq wrote:
| This made me laugh.
|
| I also look forward to the potential of open technologies
| like what RISC-V appears to enable. It's not all bad for
| sure.
| oaiey wrote:
| This is exactly what big corporations ask for. In the
| pharmaceutical industry stakes are very high and directed attacks
| are common. It is just the next step securing your IT.
|
| However, for private users these are dark capabilities.
| 29athrowaway wrote:
| Can you trust your computer? by Richard Stallman
|
| https://www.gnu.org/philosophy/can-you-trust.en.html
| zczc wrote:
| Interesting naming. "Microsoft Hell God".
|
| Pluto (Greek: Plouton Plouton, "giver of wealth", Pluton in
| French and German) the most common name for the classical ruler
| of the underworld. Plouton was one of several euphemistic names
| for Hades, described in the Iliad as the god most hateful to
| mortals. https://en.wikipedia.org/wiki/Pluto_(mythology)
| raxxorraxor wrote:
| Well, they already use Kerberos, his dog.
| Semiapies wrote:
| MIT named that.
| superchroma wrote:
| But they also have winsock trumpet. They need to pick a lane,
| I can't deal with the oscillation between goofy and evil.
| Semiapies wrote:
| Dude, that was 28 years ago.
| superchroma wrote:
| Ok, fair enough, it's true. I guess they're just bad
| dudes now :(
| mah4k4l wrote:
| The spouse of Kali Linux? After all they seem to be on the same
| page politically despite their seeming differences.
| _joel wrote:
| Hey, did I tell you I use Doric Arch? No MS here!
| idealmedtech wrote:
| Pluton is also a geological term, referring to magma domes that
| have solidified and since eroded to yield granite structures
| like Half Dome.
| oaiey wrote:
| And the processor etc are under the operating system.
| tsujamin wrote:
| maybe its because pluto is the "king of the underworld", the
| underworld being the root of trust?
| q-big wrote:
| > the underworld being the root of trust
|
| Pun intended?
| [deleted]
| balls187 wrote:
| > It may contain inaccuracies or speculation...
|
| This means to take anything written in that article with a grain
| of salt.
| danielovichdk wrote:
| In a landscape where security and privacy is imminent Pluton will
| sold as a saviour.
|
| And I am pretty sure it's a darn good idea and well thought off
| and executed.
|
| I cannot see why this is a bad idea besides the usual cargo cults
| claiming corporate distrust.
|
| Heck we trusted Intel for decades and no one asked what Apple put
| in their silicon, because its Apple and Steve was so trustworthy.
| BiteCode_dev wrote:
| After PRISM and xkeyscore, you don't get to doubt it's going to
| be abused for the worse.
|
| Not anymore.
| Bolkan wrote:
| What this needs is a (write only) way of physically updating the
| keys inside pluton. Doing that will practically do a factory
| reset of the entire device. Then we can have our cake and eat it
| too.
| jeroenhd wrote:
| "Companies will be able to control their network" doesn't sound
| like a problem to me, more like a solution.
|
| "DRM will be unusable outside Windows" is already the case.
|
| "Documents can only be opened by authorised users" sounds like a
| dream come true.
|
| "You can't boot Linux by default" is annoying, but hardly a deal
| breaker. Statistically, almost nobody runs Linux on their
| devices. Valve could make a change in the Linux landscape if they
| actually get SteamOS off the ground (third time's the charm,
| right?) but so far SteamOS 3 is only meant to be used by their
| own hardware.
|
| It's been decades since I last heard about powerful Windows
| rootkits because you can't just swap out the bootloader anymore.
| You could try it and risk a non booting victim system, but you're
| not extracting data or injecting ads into the kernel that way.
| Malware hasn't gone away (partially because Microsoft doesn't
| want to break old, signed, vulnerable device drivers that are
| used to bypass signature requirements and gain kernel access) but
| it's harder to gain good persistence now.
|
| I get it, I want to run Linux on these devices as well. All of
| this stuff should be easy enough to disable if you're the owner
| of the device. However, your freedom to use your device however
| you want doesn't imply that others have to put up with your
| choices. If I choose to only accept Microsoft Panopticon
| Validated Devices onto my network, that's my business, no matter
| how foolish it might be. Distributing my software as a .exe isn't
| some kind of violation of your constitutional right to run
| OpenBSD, it's a business choice.
|
| Personally, I'd love to see a similar system provide a hardware
| root of trust for Linux as well. Qubes being able to verify every
| single step of the boot process and securely loading the system's
| (several) security keys would be a great security benefit. Hell,
| I'd even like to see the option to only run signed software on my
| machine to ensure the executables haven't been tampered with,
| either signed by the distro maintainers or by myself during the
| install process, but Linux doesn't have such features or
| configuration accessible.
|
| As long as it's possible to disable this stuff or to configure it
| for your own, personal key set, I'm all for this stuff. I want
| the freedom to secure my (Linux or Windows) system in hardware,
| as long as you have the freedom to turn it all off if you
| disagree. I don't buy Microsoft hardware specifically because I
| can't disable or configure that crap, despite their excellent pen
| support and fancy designs, and I think others should do the same.
| That's my personal choice, though.
| RandomBK wrote:
| Obligatory link to the talk from MS where they covered the
| origins of Pluton on the Xbox:
| https://www.youtube.com/watch?v=U7VwtOrwceo
|
| The video does a good job of the original threat model for this
| technology and how it works on Xbox.
| sgammon wrote:
| i think this is simply Microsoft noticing Nike's embrace of
| Taking a Stance for the Bottom Line.
|
| microsoft is smart enough to realize that NSA tinfoil types
| already do not trust them, and likely will never trust them
| (which, if you are that worried about security, why are you on
| windows anyway? NSAKEY?)
|
| the predominant share of windows machines are sold to businesses
| and enterprises who DO want to lock down at a hardware level.
|
| it's way too easy to steal a windows machine and wipe it clean.
| you can't do that with DEP-enrolled macs because of the TPM they
| already have, which is a strange misalignment when Windows' core
| market (enterprise) really cares about this kind of security.
|
| apple has every reason to care about DRM more than microsoft, but
| the TPM advent on mac was mostly a welcomed one as I recall.
| perhaps that is because apple has taken a strong and public
| stance towards user privacy. but they have to: it is consumers
| who are buying their devices, and consumers rightly want a device
| that works for them.
|
| microsoft is not in that position, or at least, is not with
| windows, from an economic standpoint. similarly, they are mostly
| selling to enterprises and business and governments for this
| product line, and those customers rightly want a device that is
| verifiably secure.
|
| if you're worried about security for your personal use, buy a
| mac, because they've made their bottom line and your privacy
| intertwined. or, buy a linux box and purity check it down to the
| circuits. you have already decided against convenience in your
| trade-off equation by your a priori decision to care about this
| in the first place.
| 29athrowaway wrote:
| This is basically a form of collusion and monopoly between
| Microsoft and CPU manufacturers.
|
| Microsoft has already tried to monopolize the PC consumer market
| before. And back then the risks were tiny compared to what is at
| stake now.
|
| https://www.justice.gov/atr/us-v-microsoft-courts-findings-f...
| rtpg wrote:
| I'm not hyped about most of the DRM stuff (and yeah, frog boiling
| is definitely a worry, though I don't know how we could ever end
| up with devices that can't boot alternative OSes just cuz of how
| servers are set up).
|
| But I am personally glad to see hardware-level key stores show up
| on all CPUs. Maybe this is already a thing and I'm being duped by
| Apple for thinking it's good, but it feels good to me.
| gjsman-1000 wrote:
| I'm not really worried myself that alternative Operating
| Systems will be locked out. However, I am concerned that the
| functionality of alternative Operating Systems will be locked
| out. If you see the (speculative but grounded) area near the
| end of the article - imagine if assertion becomes popular for
| things such as games or digital movies or the school WiFi. Your
| Linux PC will never be able to do that, and WINE (probably)
| won't be able to help. Won't stop you from hosting a server,
| but it will make it much harder to enjoy a Linux desktop.
| That's an issue.
| vladvasiliu wrote:
| > imagine if assertion becomes popular for things such as
| [...] digital movies
|
| You don't need that. Streaming is already crippled on Linux.
| Hell, Netflix won't even stream full quality on Chrome!
|
| > https://help.netflix.com/en/node/13444 4K
| Ultra HD on a computer Netflix is available in
| Ultra HD on Windows and Mac computers with:
| Microsoft Edge for Windows Windows app for
| Windows 10 and Windows 11 Safari for MacOS
| 11.0 or later
| plmu wrote:
| I have netflix, but also a usenet server account and many
| TB of disk. I might cancel the first, if the added value
| becomes too small.
| arpa wrote:
| ... and this is why piracy will always continue to be a
| viable alternative.
| hammyhavoc wrote:
| Until access to the internet or methods of circumventing
| DRM are crippled without submitting to these
| technologies. That's the road we're heading down. Can't
| hack the current-gen Xbox, apparently. I'm wondering if
| someone will take that as a "challenge accepted".
| Beltiras wrote:
| > Can't hack the current-gen Xbox, apparently.
|
| Yet.
| hammyhavoc wrote:
| Well, the Xbox One wasn't hacked either. That was
| released in 2013. If it was going to be hacked, it likely
| would have already happened given that its most popular
| moment has come and gone.
| Avamander wrote:
| There's always the analog loophole.
| Avamander wrote:
| Fun fact, that app hasn't been updated in years. It's super
| buggy.
|
| It's a nice demonstration how vendors won't bother to
| improve if the user has no choice.
| fartcannon wrote:
| This is about money. This is about having to upgrade your CPU
| to get updates to your OS. The Android/iPhone business model.
| raymondgh wrote:
| Very impressive analysis and understandable breakdown. And the
| author is only 20. Or maybe that's a normal age for this kind of
| work and I'm just getting old.
| badrabbit wrote:
| HVCI is truly revolutionary, you can no longer just dump lsass
| and get credentials if it is enabled among other use cases.
|
| But to me, this all looks like MS building a house of cards
| again. If I am writing a rootkit or other malware why can I not
| use this to make sure only the compromised devices secure
| processor can read the contents of memory or does defender get a
| pass?! A defender/analyst won't also be able to dump ram with
| volatility or a custom driver to analyze the malware/implant? No
| microsoft solution would prevent a user from downloading and
| running an executable entirely so malicious code would run, but
| can it now hide from security solutions? What part of HVCI am I
| missing?
|
| As far as the rest of it, it will break legitimate use cases for
| users so I don't expect it to be a default anytime soon. I hate
| the remote attestation stuff but my hope is it will either fizzle
| out or regulations will be put in place for enabling user control
| of the secure computing private key for personally owned devices
| because code you can't introspect or keys you can't manage should
| not exist on a device you own (not license).
| Harvesterify wrote:
| For now (and I haven't seen an annoucement of a coming change
| about it), only trustlets signed by Microsoft can be executed
| in the VSM (Virtual Secure Mode), so you won't be able to write
| a malware or a rootkit that leverages it to hide the execution
| flow.
| badrabbit wrote:
| Thanks for clarifying. With drivers they get around that by
| using vulnerable drivers, but this isn't regular kernel mode
| code execution, and MS will probably revoke certs for future
| vulnerable trustlets? (Or not, since that can cause outages).
| Sounds like a whole new area of research.
| thriftwy wrote:
| I don't see how this Babel tower of acronyms will not fail in a
| spectacular fashion, such as producing malware which is run upon
| receipt, cannot be by any action removed from your PC and
| installs crypto miner and ransomware on it.
| FutureReminder wrote:
| Reminder from the future:
|
| Don't throw away your current hardware when you "upgrade". You,
| or others, may need it or parts of it in the future.
| choeger wrote:
| I think the fear mongering is spot-on and there's no way back.
| The only positive way forward would be a non-profit org taking
| over the role of key manager. No for-profit org and no government
| should be in the position to control computing. So instead of
| blocking the technology that inevitably will come (or is already
| there), let's focus on legislation that prevents corporate
| entities from controlling computation.
| CoffeeCollector wrote:
| Privacy and user empowerment stopped around 2007 and most
| technological advances suit the capital and political classes
| for their benefit, hegemony and ability to control us. It's
| time to stop buying new hardware and to be content using older
| hardware to halt the erosion of our privacy and maintain what
| little independence we have.
| JustSomeNobody wrote:
| Is this the part where they extinguish Linux (except for where
| they've embraced it with WSL)?
| RajT88 wrote:
| No. MSFT has bet the business on Cloud and while the
| virtualization stack they use is Hyper-V, they have a TON of
| products running Linux under the hood in the cloud.
|
| A big chunk (I don't know the real number, but it's closer to
| 50% than 10%) of customer vm's on Azure are running Linux.
|
| All this to say, MSFT is highly invested in the Linux
| ecosystem. They would be shooting themselves in the foot to try
| and kill it off at this point.
| jacooper wrote:
| I think author meant Linux desktop Andy client facing Linux
| is, like the SteamOS.
| RajT88 wrote:
| I don't think Microsoft feels threatened by desktop Linux.
| If it catches on, it will be because manufacturers start
| shipping it, not because it's easier to install.
|
| Manufacturers sell Linux workstations designed for power
| users and developers. UEFI/TPM, and now Pluton won't be a
| stumbling block for that as it hasn't been so far.
|
| Dell is the biggest seller of pre-installed Linux desktop
| machines, and they are all billed as Workstations for power
| users or developers. Their home machines only have as an
| option Windows or ChromeOS. (Count that as Linux if you
| like, but I wouldn't...)
|
| Why? Being more price competitive by bundling a free or
| cheap OS is not worth it in scaling up their support for a
| new OS. That's your stumbling block to better Linux desktop
| adoption, in my opinion.
|
| Causing issues with remote attestation are probably more a
| side effect of just not caring about other OS's, rather
| than some sinister plot to sink Linux on the desktop.
| stakkur wrote:
| Every story about Microsoft--every time--ends with "...and then
| Microsoft fucked people over". After decades of watching the
| shitshow that is Microsoft, and the moral equivocating around
| defending them, I always return to this.
| bodge5000 wrote:
| Just to be clear, is this a case where you can't dual boot
| windows and another OS, or you can't boot another OS at all (in
| either case, the other OS being non Microsoft authorised)? Or
| something else entirely? Would it be possible to disable this at
| all, even that means you can't boot Windows?
| zaptheimpaler wrote:
| You cannot boot the other OS at all if secure boot is enabled
| and Microsoft drops support for the 3rd party UEFI CA list. The
| machine will refuse to boot any kernel that has not been signed
| by the CAs already included in the machine. This is typically
| only Microsoft and sometimes the OEM like Lenovo or Dell.
| 7373737373 wrote:
| Can't wait for EU antitrust and the courts to punish this
| attempt
| bodge5000 wrote:
| Could this be disabled by the user? Presumably doing so would
| mean you cannot boot Windows, but if thats a trade off
| Microsoft is forcing me to make, I'll accept it.
|
| If you can't, it goes without saying that that is
| unacceptable
| jhanschoo wrote:
| Yes, you can disable secure boot.
| cesarb wrote:
| > you can disable secure boot.
|
| That's not always the case: https://www.softwarefreedom.o
| rg/blog/2012/jan/12/microsoft-c... "Disabling Secure
| [Boot] MUST NOT be possible on ARM systems."
| zaptheimpaler wrote:
| You can disable it for now. But there is no guarantee that
| you will always be able to.
|
| Personally I think its very likely MS will eventually push
| to strongarm OEMs into locking secure boot to be enabled.
| All it will take is another round of "security
| improvements" and the public eats it up. The market would
| then fragment into laptops that can only run Windows and
| maybe more expensive laptops that allow you to disable
| secure boot. If the number of people who actually care
| enough to vote with spending a few extra hundred $ remains
| as low as it always has, over a decade it will drive open
| laptops to become wildly overpriced and eventually cease to
| exist.
| tpxl wrote:
| > more expensive laptops that allow you to disable secure
| boot
|
| This makes me sad. Old low-powered laptops with a light-
| weight distro are a joy to see and give out to family
| members to browse the web.
| freemint wrote:
| > Personally I think its very likely MS will eventually
| push to strongarm OEMs into locking secure boot to be
| enabled.
|
| Not as long as the EU remains functioning.
| mikro2nd wrote:
| This matched my guess: it's about MS extracting a $x per
| machine tax on all non-MS OSs to stay on their certificate
| list. Same playbook they've used on Android.
| userbinator wrote:
| _What is to prevent school WiFi from one day requiring a Pluton
| assertion that your Windows PC hasn't been tampered with before
| you can join the network?_
|
| Remote attestation is the true enemy of your freedom. The power
| of the authoritarian corporatocracy to force you to use only the
| (entire) systems they control. It's worth reading
| https://www.gnu.org/philosophy/right-to-read.en.html again just
| to see how prescient Stallman was.
| acdha wrote:
| > It's worth reading https://www.gnu.org/philosophy/right-to-
| read.en.html again just to see how prescient Stallman was.
|
| I think it's also worth asking why he didn't have more impact
| despite pretty clearly seeing this problem. Part of the answer
| has to be resource disparities but I don't think it's just that
| - Linux didn't really capitalize at all on Microsoft's lost
| decade, and much of the innovation in security has happened on
| other platforms. I think there's also some kind of blind spot
| in the open source community where a lot of people see this as
| something other people need, not them personally.
| api wrote:
| The reason the OSS community has had no impact is that it's
| never managed to produce software that regular non-tech-geeks
| want to use. The reason it's never managed to do that is lack
| of an economic model to finance the incredible amount of work
| required to make software usable by normal people.
|
| I've been saying this ad nauseum forever and I'm not the only
| one.
|
| A related problem is that the OSS world is mostly tech
| enthusiasts. It's like having car people design cars. They'd
| be full of special switches and options and stuff that _car
| people_ want. Car people don 't understand that most people
| hate cars. What they like is mobility. Same goes for
| computers. Most people hate computers. They just like what
| computers let them do: communication, making content, getting
| their work done, etc.
| ajross wrote:
| > the OSS community [...] never managed to produce software
| that regular non-tech-geeks want to use
|
| That's true, barely, only if you equate "software" with
| "things that draw stuff presented on a display to a user".
| Regular non-tech-geeks are using open source software (in
| the real sense, meaning instructions given to a computer to
| make it do something) pervasively, everywhere, every day,
| on all their devices (yes, even the Apple ones, but
| especially all the devices they use that aren't in their
| pockets).
|
| Open source certainly isn't a failure, it literally won the
| war.
| registeredcorn wrote:
| You're correct, of course. I think the point that was
| being made was more about people _actively choosing_ to
| use open source.
|
| If you were to approach a non-tech person and ask them
| how many open source apps they use on a daily basis, they
| would probably say "none", even if it's not the case.
| ajross wrote:
| I'll point out that you're still doing the thing where
| you equate "software" with "apps".
|
| But even so, that doesn't seem informative. Ask any user
| how many "Qualcomm apps" they use, or "Meta apps", or
| "Intel apps". No one knows where this stuff comes from.
| They buy a phone with a label on the box and then
| download stuff from an app store.
|
| That's not a statement about how the software is
| produced, it's just how the market presents products to
| consumers. People don't know where the gas that goes into
| their cars comes from either, but that's not an argument
| that petroleum distillation technology is a failure.
| registeredcorn wrote:
| > I'll point out that you're still doing the thing where
| you equate "software" with "apps".
|
| Can you explain what you mean by this? As far as I am
| aware, an application (aka "app") is a piece of software.
| ajross wrote:
| Not all software is "apps", is the point.
|
| You literally exercised huge amounts (seriously: millions
| of lines!) of open source code just now, in the process
| of posting that very comment and transmitting it to me to
| read.
| InitialBP wrote:
| Out of sight, out of mind.
|
| You are totally right that open source is powering
| countless things people use regularly but I expect most
| people don't even know what open source software is, much
| less care about it.
| shreyshnaccount wrote:
| yeah, over the last few years I've seen more and more
| companies launching open source software, and hosting it
| as a service. it seems to be working well. on the
| software side they don't sell a product, but a service.
| api wrote:
| > it literally won the war.
|
| Then why is everything on the consumer side becoming more
| closed?
|
| The reality is that proprietary just moved to the cloud
| in the form of SaaS-as-DRM and we-own-your-data. Open
| source runs everything, but few things are open. The
| availability of the source for components of the stuff
| they use is irrelevant to 99% of users.
| the_af wrote:
| The OSS community had a huge impact. Chances are a big
| chunk of the software you use daily is OSS.
| tomc1985 wrote:
| This atrocious attitude is absolutely why software is such
| a hellscape of shitty UI and lack of features.
|
| Normies should be eating our table scraps, not dictating
| how the software is written.
|
| Normies learned how to drive a car. They can learn how to
| properly compute. And if they don't like the tech, they
| don't have to use the tech.
|
| OSS is the last bastion of computing for people who
| know/like computing, because the armies of "designers"
| aren't selfless enough to donate their time like
| programmers are. And frankly it is better off that way, the
| prevailing trends in design seem to be all about limiting
| options.
|
| Hard, powerful software over push-button appliances any
| day.
|
| And, to use the car analogy, BMW gets away with this
| approach just fine.
| api wrote:
| Driving a car is far, far easier than administrating a
| Linux system (beyond a stock distro install that is
| working properly). The latter requires a ton of deep
| complex knowledge. It's more like rebuilding an engine
| than driving.
| cjbgkagh wrote:
| Normies pay the bills.
|
| Smart people are a surprisingly small minority.
|
| "No one in this world, so far as I know ... has ever lost
| money by underestimating the intelligence of the great
| masses of the plain people." - H. L. Mencken
|
| I know plenty of people, myself included, who lost money
| overestimating peoples intelligence.
| tomc1985 wrote:
| All these folks trying to "pay their bills" have laid
| waste to a verdant field of possibility.
|
| Everything nice that they offer eventually gets changed
| or taken away.
|
| Yes, I'm bitter. We could have a much better world, one
| that actually empowers anyone willing to step up to the
| plate, but instead we grab all the low-hanging fruit so
| we can make them smile and step on workers' rights to
| deliver them burritos, instead.
|
| A happy cohort is an obedient cohort, amiright?
| cjbgkagh wrote:
| If smart people were smarter they'd open their wallets
| and support the things they like. Instead the reaction is
| often, why would I pay so much for something that I could
| build myself.
|
| So the real market is for the very smart people and
| that's an even smaller minority.
|
| I built super advanced tech but was intentionally screwed
| over by my large corporate customers, just because they
| could, so I quit the industry and that super advanced
| tech doesn't exist anymore. Unfortunately a lot of really
| cool things will live and die with me. I've fought the
| good fight and failed.
|
| We can lament that people are not smarter but there isn't
| anything we can do about it.
| tomc1985 wrote:
| I'm not convinced this is about smartness, so much as an
| ability and willingness for people to learn.
|
| Learning is hard, it makes people uncomfortable, sadly.
| Which means that the easy road is to stoop to their
| level, which is what we're seeing.
|
| It sucks that you got screwed by large corporations, and
| I don't know the story, but that sounds more like
| standard business fuckery than "software for smart
| people"?
| cjbgkagh wrote:
| I used to think exactly that. That those who were
| incapable of learning were simply just lazy. I eventually
| saw enough evidence to be convinced that raw intelligence
| is basically almost entirely genetic.
|
| Certainly the businesses were not as smart as they
| thought they were, which is a common problem. But they
| indeed have very hard valuable problems and basically
| everyone involved was much smarter than the average
| person. Just not smart enough to know their own
| limitations and accept outside help.
| registeredcorn wrote:
| You really nailed it with that car analogy.
|
| Most "car people" would agree that changing the oil in your
| car is super easy. To me, it is not easy. It's not
| something I'm willing to do, even though I know the steps
| of _how_ to do it. I just don 't know what I don't know.
| When I have my oil changed, the mechanic tells me what I
| should be concerned about. He tells me what upcoming work I
| need to have done, how much it will cost, and what could
| happen if I don't do it. He has experience, expertise, and
| specialized tools. He had knowledge gathered over _years_
| to be highly proficient in his profession.
|
| I _could_ do those things. I could read, and listen, and
| learn. I could be under my car every day learning new
| things about how to install this, or replace that. But I
| don 't really have the drive or inclination to do so. I'd
| rather leave it to the pro. I also have the added novice-
| worry of screwing something up, and hurting myself or
| others as a result. I don't want that kind of pressure. I
| don't want my car breaking down while doing some long
| journey - I just want it to run when I need it to run,
| without any scary warning lights coming up on my dashboard.
|
| To bring the analogy back to computers, I still know people
| - people in their 20's or 30's - who do not know how to
| copy and paste with keyboard shortcuts. I will sit there
| and see them highlight, right-click, click copy, move their
| cursor, left-click, right-click, choose paste. I'll tell
| them how much time they could save if they "just did ..."
| and get a basic "Yeah...I just don't really _care_ though,
| ya know? This works. " The thing is, there is no investment
| on their part to _want or need_ to do that more
| efficiently. They get by well enough with not bothering.
|
| They could get super into computers, and learn something as
| "technical" as `git clone https: //github.com/some/repo`
| and follow the process to configure and run a script. They
| _could_ learn to do those things. But they don 't really
| have that time to invest in it, or don't have that passion
| for it, or have a professional investment in needing to do
| it.
|
| They want it to work. They want to not get hacked. They
| want to not have to think about computers at all. Computers
| are the interface to do "the thing" more easily. And if the
| computer breaks? They want it fixed so it won't happen
| again. The computer "does the internet thing". And I can
| respect that because they focus their energy into knowledge
| into other topics that I don't have a clue about, the same
| way I don't have a clue about cars, even if I know oil
| changes are "easy".
| bambax wrote:
| > _I still know people - people in their 20 's or 30's -
| who do not know how to copy and paste with keyboard
| shortcuts_
|
| The great majority of people don't know or understand the
| difference between single click and double click. This
| baffled me the first time I found out. Age or education
| don't matter.
|
| If you dig a little deeper you discover that most people
| think double-click is a kind of equivalent of "clicking
| louder". As if sometimes, for some reason, the computer
| becomes hard-of-hearing. It's both a little sad and quite
| funny.
| underclocked wrote:
| > I think it's also worth asking why he didn't have more an
| impact
|
| Yes... https://opensourcetogo.blogspot.com/2009/07/good-gcds-
| beginn...
|
| I https://selamjie.medium.com/remove-richard-stallman-
| fec6ec21...
|
| Wonder https://www.wired.com/story/richard-stallman-and-the-
| fall-of...
|
| Why https://arstechnica.com/tech-policy/2019/09/richard-
| stallman...
| the_af wrote:
| That's character assassination and it has nothing to do
| with Stallman's prescient warnings, which have proven more
| or less true. Also, Stallman != Linux.
|
| _Also_ also, his "rape" remarks have been
| mischaracterized but also came pretty late in the game, and
| had nothing to with with Linux's alleged lack of impact.
| Linux existed and was successfully deployed decades before
| any of these remarks.
|
| I really expect better from comments on HN. This is tabloid
| level.
| albinofrenchy wrote:
| I think it's a pretty good explanation of why he didn't
| gain more traction than he had -- he's always been a
| zealot with a proclivity of misguided rants that he
| proclaims loud and far.
| underclocked wrote:
| The statement was why Stallman specifically has not had
| much of an impact, not Linux writ large. and, you're
| right. The rape comments came late. But let me remind you
| that it's emblematic of a larger... issue with Stallman's
| ability to communicate effectively. If you don't think
| the way Stallman behaves is at least partly to blame for
| people's ability to take him seriously, I don't know what
| to tell you.
|
| https://daringfireball.net/2019/09/richard_stallmans_disg
| rac...
| the_af wrote:
| Not a fan at all of Gruber. But more importantly,
| Stallman's lack of hygiene is not terribly relevant to
| his points. We're not talking about being _friends_ with
| Stallman, after all.
|
| I also think when RMS made his more salient and prescient
| points, most people weren't familiar with _him
| personally_ , just with his remarks. The world was less
| connected back then. So his personality flaws really
| didn't make a huge impact (nor should they have).
| raxxorraxor wrote:
| He is a character with certain arrogance and some of his
| jokes might not be too funny, but these are basically
| smears and his detractors don't seem convincing at all to
| be honest.
| turns0ut wrote:
| Engineers could leverage their economic might via collective
| action; don't open your wfh laptop today.
|
| Updating the Upton Sinclair quote without the gender bias; it's
| difficult getting a person to understand something when their
| investment portfolio valuation depends on them not
| understanding it.
|
| Who are they if they're not what they are now?
|
| When you all stop posting on corporate forums and working their
| jobs, shopping their stores, I'll take you all sincerely and
| seriously.
| r3trohack3r wrote:
| This was the case at my university. In order to use the dorm
| network, you had to download a software package that validated
| your setup. It would then add your computer (I assume MAC) to
| an allow-list.
|
| In order to deal with it, I had to create a subnet with a
| router, use an old laptop to do the verification, and then the
| whole subnet was added to the allow-list.
| jart wrote:
| Stallman was right again.
| slowmovintarget wrote:
| ...and before Stallman, Hayek. Hayek couldn't have seen the
| technological means, but he did see the "self-regulated
| monopolies" shaping up from anti-competition moves on the part
| of government (most of which are driven by lobbying).
| freemint wrote:
| > Remote attestation is the true enemy of your freedom.
|
| Technology is a tool. What is true however is that under the
| current way how the economy is structured remote attestation
| weakens freedoms of individuals mostly.
|
| If Facebook was under remote attestation that private
| information was only used in limited and specific ways and even
| the NSA can not get to them without breaking the remote
| attestation, that would be a good thing. If firmware was under
| remote attestation we would have to worry a lot less about
| backdoors and the Diesel scandal would have never happened.
| kasabali wrote:
| > If firmware was under remote attestation ... the Diesel
| scandal would have never happened.
|
| _Remote attestation would prevent a firmware written by
| first party and passed certification processes_ WHAT?
| userbinator wrote:
| It is a tool, just like nuclear weapons are a weapon.
|
| I'm definitely not on the "ban all crypto" side, but I see
| why the governments are in support of that, and for the
| longest time, strong crypto was (and still is?) classified as
| a munition; it's _very_ powerful.
| raxxorraxor wrote:
| Well, I think governments are mostly concerned with people
| having secrets. Who would need secrets who isn't a
| terrorist? That it was classified as munition is probably
| more due to old war hawks and how they saw encryption
| employed.
| leksak wrote:
| But it'd make a lot of whistleblowing impossible too
| gfo wrote:
| This is almost the entire thesis of Zero Trust Networking
| principles. Somehow, the user AND the device need to attest to
| validity during the authorization process.
|
| "Validity" for a device can mean many things (latest patches,
| is running anti-virus software, among other things).
|
| A general user probably doesn't need to attest to these things.
| I would argue that anyone trying to access a corporate or some
| other organization's network SHOULD be required to attest to
| these things given the cyber threat landscape. The caveat:
| those same entities should provide or heavily subsidize the
| platforms they require (work computers). It's their IP at risk.
| I'm not so naive to think they would actually do this with BYOD
| initiatives, unfortunately.
|
| For personal users on personal devices, I agree this might go
| too far (but some principles like MFA are best practices).
| raxxorraxor wrote:
| Same with TPM and why it had so many critics. Some people still
| seem adamant to say that boot viruses are the greatest threat
| in the 21st century, but the economic interest are far more
| dangerous for general computing in my opinion. And it isn't
| even close.
| FridayoLeary wrote:
| Agreed. For proof, just look at how so much anti virus
| software can be considered malware in their own right.
| ChuckNorris89 wrote:
| Can you explain what is the issue with TPM?
|
| I get the issue with Pluton but TPM is only a dedicated and
| certified secure key and random number generator that does a
| better job than CPUs doing it in software, and it's also a
| secure enclave for storing your encryption keys. Would you
| rather store the keys in memory where they can be easily
| grabbed by malicious apps like Mimikatz? Macs had the same
| feature for years in the T2 chip.
|
| It's the exact system that enables wireless payment and other
| strong security features on your phone.
|
| So having TPM on PCs and using it for its interested purpose
| is a boon for everyone's security so I don't see the issue,
| just FUD.
| furtiman wrote:
| Among that, the TPM enables verification of a particular
| state of your system, i.e., a particular set of binaries
| and OS configuration. Simplifying the description of the
| process a bit - at every bootup it checks the checksum of
| all programs loaded at every boot stage (UEFI, kernel,
| userspace) with respect to one that is known to be approved
| - process called "attestation".
|
| So in worst case, if your attestation server is very
| strict, any new binary installed on your machine will
| prevent it from booting or satisfying the attestation. This
| is the main concern that TPM enables.
| aplanas wrote:
| > the TPM enables verification of a particular state of
| your system, i.e., a particular set of binaries and OS
| configuration
|
| That is a bit misleading. The TPM is a passive device, it
| cannot verify any state. It is the OS who measure the
| system (in Linux via the IMA system). And is the Linux
| kernel the one that, if you have a TPM, can produce a
| process where a 3rd party can be sure that the
| measurements are "true" and "legit" (via PCR#10
| extension).
|
| As you state later, it is this 3rd party the one that
| assert (verify) if you are state considered OK or not.
|
| Maybe I am too simplistic, but I do not see the evil in
| the TPM here, but only in the 3rd party policy.
|
| TPM can be abused but, as a developer, I am happy that we
| can use the TPM for good and fair goals in open source
| projects.
|
| It is the user who can decide to use the TPM or not, and
| should be noted that in the TCG specification it is
| stated that the TPM can be disabled and cleared by the
| user at any moment.
| q-big wrote:
| > Maybe I am too simplistic, but I do not see the evil in
| the TPM here, but only in the 3rd party policy.
|
| The evil is that the "Trusted" in "Trusted Computing" and
| "Trusted Platform Module (TPM)" means that one deeply
| _distrusts_ the user (who might tamper with the system),
| but instead the trust lies in the computing (trusted
| computing) or TPM. In other words: Trusted Computing and
| TPM means a disempowerment of the user.
| carlhjerpe wrote:
| I'm not sure if I understand your argument. As long as
| you can put your own things on your TPM and use it for
| your own good it's not too bad right? And in corporate
| environments it's reasonable to not own your own device
| right?
|
| Sure Infineon can probably get my data, but that's far
| beyond the scope of my threat model.
|
| As long as the system is open to putting your own keys on
| there I'm fine with it.
| q-big wrote:
| > I'm not sure if I understand your argument. As long as
| you can put your own things on your TPM and use it for
| your own good it's not too bad right?
|
| As long as software that uses the TPM cannot detect
| whether you tampered with the TPM or not, it is
| principally all right.
|
| But as I wrote down: this is exactly the opposite of what
| trusted computing was invented for: make the machine
| trustable (for the companies that have control over the
| TPM/trusted computing), because the user is distrusted.
| mavhc wrote:
| Indeed, so the user should not buy a computer where
| they're not in control of the TPM, if you can't disable
| it/add your own keys, then don't buy that computer
| ori_b wrote:
| That rapidly converges on "you can't buy a computer and
| use it", because economic interests favor trusted
| computing devices.
| q-big wrote:
| > That rapidly converges on "you can't buy a computer and
| use it", because economic interests favor trusted
| computing devices.
|
| I would rather argue that it converges to "you become
| more and more morally obliged to learn about hacking (and
| perhaps become a less and less law-abiding citizen) if
| you buy a computer and use it".
| pixl97 wrote:
| Your way rapidly turns into "I was shot by a SWAT team
| for running a program I legally own"
|
| Yea, maybe we shouldn't live in the US, or other
| authoritarian nations, but few of us have options like
| that.
| throwaway48292 wrote:
| TPM is part of the system that means I can't my phone for
| wireless payment or use all sorts of other apps if I also
| want to do something outlandish like record phone calls,
| change the theme or delete Facebook... and everything it
| achieves can be done by other means anyway, making the
| device's owner a 2nd class citizen is a lazy solution.
| aibrahem wrote:
| I've always heard this argument but never understood it,
| what other ways are available to have a SRTM?
| raxxorraxor wrote:
| TPM has features like remote attestation and is in general
| a mechanism to bind data to hardware, which is interesting
| for DRM purposes.
|
| Sure, there are theoretical attacks on memory, but they are
| far less relevant for security than the penalties I have to
| accept with TPM being widely established.
|
| Not that there aren't different means, but TPM also creates
| unique hashes of your system which only reinforces the
| problems around fingerprinting.
|
| > It's the exact system that enables wireless payment and
| other strong security features on your phone.
|
| Phones suck as computing devices on every conceivable
| metric and are heavily locked down devices. And it is not
| true that you need a TPM chip to create secure transfers. I
| constantly do business transaction on my PC just fine.
| viraptor wrote:
| > which is interesting for DRM purposes.
|
| You're thinking of SGX enclaves not TPM.
|
| > TPM also creates unique hashes of your system
|
| It doesn't. Your system creates hashes and appends to
| lists signed by TPM. And the point of those hashes is to
| be not unique, but verifiability matching known values.
| raxxorraxor wrote:
| No, I meant TPM. Media could be bound to have the TPM
| report certain hashes of the configuration registers that
| are either already set or TPM sets on system boot. Same
| mechanism that allows you to only open a document on
| specific hardware basically or allows an application to
| check if the system was perhaps compromised.
| viraptor wrote:
| I don't think it's going to be useful this way for DRM.
| TPM is useful for verifying your boot chain is secure and
| validating this to an external party. But locally you can
| lie to apps all you want. You can emulate the TPM device
| (https://qemu-project.gitlab.io/qemu/specs/tpm.html) - it
| can tell you whatever you want. Locally it's as useful as
| hiding the DRM in a driver. Rising the bar a bit, but you
| can still work around it.
| xjay wrote:
| 2013: German Federal Government Warns on the Security Dangers
| of Windows 8 https://www.infosecurity-
| magazine.com/news/german-federal-go...
|
| 2015: Governments recognize the importance of TPM 2.0 through
| ISO adoption https://www.microsoft.com/security/blog/2015/06/
| 29/governmen...
|
| 2022: Microsoft Can Kiss My A* | Do You Own Your PC? [Smart
| App Control]
| https://www.youtube.com/watch?v=Lv5xHfZnk4s&t=163s
|
| The Trojan Platform Module (TPM)
| aplanas wrote:
| The common component here is Microsoft, not the TPM.
| vanderZwan wrote:
| So basically, Cory Doctorow's _" The Upcoming War Against
| General Computation"_?
|
| https://boingboing.net/2011/12/27/the-coming-war-on-
| general-...
|
| https://github.com/jwise/28c3-doctorow/blob/master/transcrip.
| ..
|
| Don't know enough about the subject to tell if his "attempts
| to control general computation will converge on rootkits"
| prediction has held up.
| q-big wrote:
| To this talk, there exists a less well-known sequel:
|
| DEF CON 23 - Cory Doctorow - Fighting Back in the War on
| General Purpose Computers
|
| https://www.youtube.com/watch?v=pT6itfUUsoQ
| nibbleshifter wrote:
| > "attempts to control general computation will converge on
| rootkits" prediction has held up.
|
| If you play video games, you probably have a couple of neat
| kernel rootkits installed as "anti cheat".
|
| A lot of remote proctoring stuff for exams are looking a
| _lot_ like rootkits too.
|
| EDR/XDR is also just rootkits. For security. The only thing
| that can stop a bad guy with a rootkit is a good guy with a
| rootkit, after all.
| mwint wrote:
| The remote proctoring stuff is downright dystopian. I
| bought an extra laptop to do tests; most people can't do
| that and have to install this garbage on their daily
| driver.
|
| Of course, I guess most people don't care.
| nibbleshifter wrote:
| What's hilarious is it doesn't seem to prevent exam
| cheating in any meaningful way anyway, according to some
| students I've chatted to.
| mwint wrote:
| It really doesn't. I took an exam in a meeting room at
| work with huge TVs on the wall... they made me show them
| the TVs were "unplugged", so I just unplugged some random
| thing from the wall and they were happy.
|
| The TVs are hardwired, it'd be trivial to have an
| accomplice show answers or whatever on them.
| agileAlligator wrote:
| Kernel rootkits are going to be redundant pretty soon.
|
| There are cheats out there that use video captured by
| capture cards as input for an AI on a separate computer
| to actually play the game like a human would. Once that
| becomes widespread there is no way to stop it, save from
| banning capture cards entirely.
| [deleted]
| VoodooJuJu wrote:
| It's so true, but I'm trying to imagine a normie's reaction to
| reading this, and all I'm coming up with is, "This guy is a
| paranoid schizo, back to TikTok for me...", and so
| unfortunately, I don't see us steering away from this fate
| anytime soon.
|
| These people won't respect you until you start taking their
| money. Become one of their techno-corporate overloads.
| Demonstrate how you're controlling/profiting off them, why it's
| bad. Maybe then they'll start listening. Or not. At least
| you'll have made a nice profit.
| jjoonathan wrote:
| An economic niche supports one or two overlords, not a bunch
| of them. You and I aren't overlords. We need a different
| strategy.
|
| People have become aware and angry that tech monopolies are
| exploitative. The winning strategy will involve focusing this
| fuzzy, ambient anger at a concrete target.
|
| Once Pluton outs itself as an exercise in naked monopolistic
| power covered by a fig leaf of security -- and it will, as
| all hustles must eventually involve monetization -- the bad
| optics will be our opportunity to act. Any strategy on our
| side that involves putting down TikTok is doomed to failure,
| but if we put the bad optics in front of people, make the
| connection, and get them to briefly agree "yeeah, f** the
| monopolies! F** Pluton!" then a political solution becomes
| possible. Not easy, but possible.
|
| It's a pity that this dialog has to be so reactive and
| simplistic, but communication at scale cannot function any
| other way.
| turns0ut wrote:
| I don't have a problem with central organization of effort;
| mathematician by education; there a real efficiencies in
| material use and lack of redundancy.
|
| The real problem is continued deference to old ownership
| memes; that a minority must be empowered due to past
| contract none of us were even alive to see signed. How do
| we know in real terms the truth given a past we can never
| experience?
|
| Historical trends are one thing; that Bezos specifically is
| that special is another. This is the first period in
| history where the elders could hold power this long. It's
| tacit ageism and everyone is too scared to say that to old
| people who would collapse in shock at the slightest whiff
| of real pushback, they're so used to being coddled; they're
| hardly a real threat.
|
| Start telling your elders their past success does not give
| them ownership of the future.
| londons_explore wrote:
| You can take their money and still they won't care.
|
| Think about how many devices in a typical users home are
| incompatible for business reasons - for example that
| Chromecast that refuses to play Amazon prime movies. Or the
| iPhone charger cable that won't fit into an android. Users
| just live with it.
|
| "My weird laptop doesn't support the school WiFi" is the
| same.
| squarefoot wrote:
| We should thank widespread technical illiteracy for this:
| "Devices are from different vendors? Of course they can't
| share the same services or charger!" Marketers just love
| this, for enabling them to sell multiple times the same
| thing. What if basic technology familiarity (which has
| absolutely nothing to do with knowing how to use the latest
| gadget) and resistance to manipulative advertising was
| taught in school? That would be quite a change, but I guess
| it's going to remain a dream.
| SV_BubbleTime wrote:
| There is no objective proof that Charger A is better than
| B. Not typically. There are preferences, and those will
| lead way to eventually a market that picks a winner -
| maybe, typically, IDK, free market works when it's
| actually free. Which it isn't a lot times people rant
| about it.
|
| The absolute worst thing we could do is go to Apple or
| anyone else and say "You need to use this x or y, because
| someone else does". That isn't going to breed innovation,
| ever.
|
| Do I wish Apple used USB-C on phones? Definitely. Does it
| actually change anything for me day to day except I need
| a specfic cable if my phone runs dead? Not really because
| my chances aren't a ton better running into a USB-C on
| demand. I want Apple to. I would buy an Apple phone with
| it if given the option. I would never sign-on to force
| Apple to do it.
| kelseyfrog wrote:
| > There are preferences, and those will lead way to
| eventually a market that picks a winner - maybe,
| typically, IDK, free market works when it's actually
| free.
|
| Exactly! We saw precisely this thing with cell phone
| chargers. Not enough people recognize this.
|
| A healthy dose of market realism is in order - if the
| market doesn't deliver what people want, it's not the
| market, it's the people who are wrong.
| SQueeeeeL wrote:
| Damn, now I'm nostalgic for the older days of hacker news where
| RMS was quoted every other post. The community is forgetting
| it's roots.
| sillysaurusx wrote:
| As someone who was here from day two, this is not how old HN
| was. It was many things to many people, and it's very
| difficult to break out of the illusion that rose-tintedness
| tends to give us. (Guilty of it myself.)
|
| HN has been consistently contrarian. That's about all that
| you can say without quickly becoming mistaken.
| quetzthecoatl wrote:
| >HN has been consistently contrarian. That's about all that
| you can say without quickly becoming mistaken.
|
| until recently. Just like reddit, it has become less niche
| and more mainstream. For eg: HN majority opinion on covid's
| origin. It matched the official US govt lines as it
| switched back and forth between market and lab.
| aidenn0 wrote:
| Presumably, HN will turn into reddit, but nobody will
| believe it's happening because people have been
| predicting it's turning into reddit for over a decade.
| lubesGordi wrote:
| I've been around for a while too, and I've learned a lot
| from this forum. I can't tell if now I'm learning less here
| because I've leveled up or if there's just less tech talk.
|
| As far as hn being contrarian, the only thing I see hn
| being consistently contrarian on is crypto. Any other
| examples?
| enriquto wrote:
| But it's still the case... Stallman is quoted every day
| around here: https://hn.algolia.com/?dateRange=all&query=Stal
| lman&sort=by...
| 01100011 wrote:
| That sounds more like /. than HN.
| HeckFeck wrote:
| There was a time when someone ran a bot on /g/ where every
| post that mentioned just 'Linux' would get the full 'Excuse
| me...' copypasta interjected. Good times.
| pjmlp wrote:
| The community has long forgotten those roots the day they
| started pushing for anti-GPL licenses.
| q-big wrote:
| > Damn, now I'm nostalgic for the older days of hacker news
| where RMS was quoted every other post. The community is
| forgetting it's roots.
|
| Keep in mind that now many of the people who post on HN earn
| a lot of money by working a company for which it is part of
| the business model to track users and collect data about them
| (officially for advertisement purposes).
| kmeisthax wrote:
| Top-voted comments are linking directly to _Right to Read_
| and _The Coming War on General-Purpose Computing_ , so I
| don't think the community has forgotten its roots.
|
| You _really_ wanna be scared? Go look at the multiple
| comments on the EU DMA announcement complaining that having a
| sideloading _option_ is just a ploy for malware vendors to
| get into their iPhones. Or that someone _else_ being able to
| sideload or jailbreak somehow hurts _their_ security. These
| are coming from actual HN users!
| userbinator wrote:
| Well, my comment that linked to RtR _was_ highly voted...
| But now it 's near the bottom and what's at the top is, for
| lack of better phrasing, a corporate mouthpiece.
|
| Was it voted so high it triggered some bot detection? That
| would only explain the former, not the latter. Either way,
| there's something funny going on.
| raxxorraxor wrote:
| What fascinates me is that for many here software and tech is
| their livelihood. You should be able to take care of access
| and ensure future generations still have the same
| opportunities.
|
| Sure, you can sell yourself and make good money with software
| on some proprietary app store with proprietary tools. You are
| a freelance employee of the company providing that
| infrastructure at that point.
|
| It is short-sighted, lazy and stupid in my opinion. There is
| merit for such security mechanism, especially for cloud
| applications, but it should be crystal clear that there are
| secondary motivations here. And that the security argument
| often falls short if you take a good look at current threats.
| aplanas wrote:
| Windows security models and policies are the enemy, not remote
| attestation (RA).
|
| RA is a technology that has its fair use, and can be desired
| for other systems, like in Linux. With a pure RA system your
| services can decide to trust or not those devices on your
| network that can be compromised, and report to other devices
| that there is something suspicious.
|
| As anything, this can be used properly to increase the security
| of your edge architecture, or wrongly to limit the users
| actions.
|
| Let me put another example. With RA I should be able to
| authorize validated systems in my R&D VPN. If you are using
| your own laptop with the company certificate, and the verifier
| tag the systems as "unknown" or "unhealthy", it will not allow
| the access to the internal network, but sure you can still use
| your laptop for anything else. This, IMHO, is a fair use of
| this technology.
| POPOSYS wrote:
| Is it possible to realize this with Linux systems / networks
| today? Do you have any good project / description / URL?
| Thanks!
| ajvs wrote:
| GrapheneOS remote attestation arguably fits this criteria
| by being built on Android.
| aplanas wrote:
| It is still under development, but try Keylime[1]. They
| have also a nice agent written in Rust[2] with low
| footprint.
|
| I write some notes[3] about how to use it in openSUSE
| MicroOS / Tumbleweed, but can be extrapolated to many other
| distributions too.
|
| [1] https://github.com/keylime/keylime [2]
| https://github.com/keylime/rust-keylime [3]
| https://en.opensuse.org/Portal:MicroOS/RemoteAttestation
| fulafel wrote:
| Yes, lots of Linux devices apply it like that today: You
| can't use your banking app or consume DRM crippled media on
| your Android phone if you have root or run a open source
| Android distribution.
| Aeolun wrote:
| > if you have root
|
| Because god forbid you have control of your own PC?
| kahnclusions wrote:
| I think this is more for Android phones, and preventing a
| malicious app on your phone from using the root access to
| hijack data from your banking app.
| ajsnigrutin wrote:
| Well that's the problem.... the next step would be
| requiring users to use MS Edge, because a malicious
| version of firefox could capture/modify
| banking/transaction data. Want to pay bills? Give money
| to microsoft first.
| fulafel wrote:
| If this was the reason they'd be blocking access from
| phones that are not up to date on security updates and
| are being actively exploited by malware to get root.
|
| But it's the other way around, if you improve your old
| device by installing a up to date Android on your vendor-
| abandoned previously vulnerable device, you go from
| working banking to banned from banking.
| newsclues wrote:
| For me that's a problem for the average user? That's
| everyone else's problem that idiots don't care to control
| their technology and need big tech to do so with an iron
| fist
| acdha wrote:
| Calling the problem is "idiots" is a cognitive trap which
| prevents you from meaningfully dealing with it. Everyone
| is at risk from zero-days, almost anyone can be phished
| (yes, this includes you), many people have no way or time
| to investigate whether some well-known vendor is
| misrepresenting their product, and even security experts
| have to trust other people on a daily basis because they
| don't have time to reverse-engineer every software
| update. Most people who get snide about this are a single
| malicious package in their favorite programming language
| away from a big mess!
|
| The best progress we've seen in decades came from most
| people using locked-down phone operating systems,
| followed by stricter desktop OSes. If you don't like that
| trajectory, you should be focused on how to get the
| benefits with other trade offs. One of the first steps is
| respecting people enough to understand their needs rather
| than calling them idiots.
| Ycombigatorz wrote:
| Because if you have control, so many numerous other
| parties.
| feanaro wrote:
| This doesn't follow at all. Those other parties cannot
| authenticate as me.
| palata wrote:
| Those are independent. Having root access does not mean
| that other parties do, but more importantly, NOT having
| root does not mean AT ALL that other parties don't.
| api wrote:
| This is the root of the pro market / mainstream market
| split.
|
| For the pro market people want control. Pros also
| generally know a bit more about how to use that control
| and tend to be less likely to end up getting pwned
| immediately.
|
| For regular users people just want shit that works. Not
| having control is a feature, because if you have control
| then the malware you are tricked into installing from
| "getflrefox.com" also has control.
|
| You can see it in the Apple ecosystem with iOS vs. macOS.
| Macs and iPads are now almost the same hardware. (The M
| chips are just A chips on 'roids.) But Macs can run other
| OSes and you can "sudo root." That's because Macs are for
| pros.
| katbyte wrote:
| You can also disable all the system integrity protection
| stuff on macOS pretty easily if you do want to mess
| around where apple rather people not.
| Arnt wrote:
| Uhm, these things don't really take away your control,
| rather, they shift it from you to you.
|
| The software you boot sets up some state and then toggles
| a bit, and after that something can't be changed. The
| state is secure against much modification after that
| time, but not before that time.
|
| The "you" that boots the device are in control, and the
| "you" that uses the device after that have exactly what
| "you" set up at boot time, neither more nor less. If both
| "you" are the same person, then there's no loss of
| control.
|
| But of course they're often not really the same person.
| If you want to boot a Microsoft-signed image, the party
| that boots is more or less Microsoft, not you personally.
| But in that case, you also want to use that Microsoft-
| signed OS, right? So the shift towards boot-time control
| is then a shift from mostly-Microsoft use-time control to
| mostly-Microsoft boot-time control. Mostly Microsoft
| here, mostly Microsoft there, even if the two mostlies
| aren't quite the same percentage it's difficult to regard
| this as a significant loss of control.
| raxxorraxor wrote:
| This is false and just redefining control.
| Arnt wrote:
| How so? Redefines from what to what? Please elaborate.
|
| Perhaps you mean that if you, as owner and legitimate
| user of a device, are able to perform a particular change
| only during a brief window of time rather than at any
| time of your choosing, then that limits your control over
| the device? If so, then my answer is yes, certainly it
| does. But it also limits the access of anyone who
| impersonates you (such as the evil exploity javascript I
| make your browser execute).
| feanaro wrote:
| You're wrong because the bootloader is more often locked
| than not, and there are various other nefarious controls
| in place that prevent you from doing it without voiding
| your warranty, such as one-time fuses.
|
| In theory, yes, you could implement it like you said, but
| that's not what happens in practice nor the direction
| we've been tending towards in recent times.
| Arnt wrote:
| Bootloader locking is orthogonal to whether there's a
| second CPU like that Pluton in the system.
| feanaro wrote:
| To quote you:
|
| > The "you" that boots the device are in control, and the
| "you" that uses the device after that have exactly what
| "you" set up at boot time, neither more nor less. If both
| "you" are the same person, then there's no loss of
| control.
|
| How is it orthogonal? Okay, we're not strictly speaking
| of _only_ bootloader locking, but of boot-time-control
| locking.
| npteljes wrote:
| Yep! Basically, it's safer if you don't own your PC.
| Think about users with a million toolbars and Bonzi Buddy
| installed.
|
| Of course, the system for it is rudimentary, and puts a
| disproportionate amount of control in the hands of
| providers. And that works very well for them too.
| adev_ wrote:
| > Yep! Basically, it's safer if you don't own your PC.
| Think about users with a million toolbars and Bonzi Buddy
| installed.
|
| And it is a pretty terrible solution to the problem.
|
| - It is also keeping the good guys outside too: Anyone
| that want to analyse and understand the security of the
| system for good reasons cannot. Excepted if explicitly
| allowed by the corporation X and that is a terrible
| security property.
|
| - No root access also means very little control or
| ability to scan the system itself if your are not the X
| corporation controlling it. That means no possibility to
| mandate reviewer corporation Y to check that corporation
| X is doing the right thing. TPMs currently make that even
| worst by design, they are undocumented and complex,
| therefore rely on blind trust that company X do the rthe
| ight thing. And since the Intel management engine fiasco,
| we _do_ know they _are not_ doing the right thing.
|
| - Bonzi Buddy and toolbar type of problem can be easily
| avoided by separating properly the normal user account
| from any admin account(the unix way). It should be
| _painful_ to be admin but not impossible, just to make
| sure your grandma do not install a rootkit by mistake
| when she want her 20% coupon.
|
| In summary: That is mainly bullshit from company X to
| keep full control on the entire user device, and not for
| their own good.
| npteljes wrote:
| I agree. In a proposal like this, security is basically a
| byproduct, and sometimes not even that[0]. This is also a
| domain where the governmental and corporate powers have a
| similar goal, which is wresting away the control from the
| public / individual. They basically work in synergy, only
| to a point of course, but still.
|
| Regarding Bonzi Buddy, I disagree. I think user data is
| as important, if not more important, than root access -
| which is why I'm dumbfounded when ancient server security
| features, like Linux's sudo system, are applied to the
| consumer device like a PC or a smartphone. These contexts
| are much better server by a sandboxing, permission-based
| whatever that seems to pick up steam, like the current
| permission systems on smartphones. Grandma's logins and
| bank data will be stolen from her own user account just
| the same as an admin account. Related XKCD[1]
|
| [0] https://en.wikipedia.org/wiki/Security_theater
|
| [0] https://xkcd.com/1200/
| iggldiggl wrote:
| > like the current permission systems on smartphones
|
| Ugh, except that one goes overboard in the completely
| opposite direction, and often doesn't let me properly
| share data between apps even when I want to.
| 29athrowaway wrote:
| I wonder what your views on democracy are.
|
| "It's safer if you don't have the right to vote".
| throwaway1348b3 wrote:
| npteljes wrote:
| I feel like it's flawed. Voters and politicians abuse it
| left and right - pun intended. I don't think we ever came
| up with anything more humane though, and I don't wish to
| change it for anything other - to be honest, for the
| simple reason of not wanting the responsibility that goes
| along with it.
|
| Choosing a party is not like choosing an OS for your PC,
| though. Choosing the OS would be like choosing the
| political system - and recognizing the incredible
| privilege I have by being born into a democracy, I very
| much wouldn't like other people to change it.
|
| Going further into democracy, while you might put an X on
| a paper sometimes, still forbids a very high number of
| actions. I'd liken it to having the power of choosing
| between Apple's App Store and Google's Play Store for
| your phone. Which, getting back to the point, is safer
| for the users than installing any third party software.
| Like how in a well functioning democracy, I'm forbidden
| to do a great many things, but also I can feel safe in
| the thought that others have the same restrictions too.
| feanaro wrote:
| So, putting it all together, _someone_ should choose and
| restrict which OS can be installed on your PC, so that
| you can feel safe in the thought that everyone has the
| same restriction?
|
| At least that's how I managed to understand your comment
| to the best of my abilities, so hopefully I'm missing
| something. Though if there is such a something, the point
| did not get across successfully.
| npteljes wrote:
| I think if I pick two groups: all iPhone users, and all
| PC users, PC users en bloc are in greater general digital
| danger than iPhone users. By digital danger, I'm thinking
| of malware, ransomware, phishing and successful hacking.
| And I think this is because of how tightly Apple controls
| their devices. And so, I'd consider an iPhone a safe
| choice - for example a safe recommendation for someone
| who doesn't want to spend time managing their device.
|
| This makes sense to entities providing a service, and
| also for many who doesn't mind not having control over
| their something, which is, I think, very similar to how
| we don't really have control over a great many of things.
| This is the point I wanted to get across to the original
| commenter, who protested "god forbid you have control of
| your own PC?".
| feanaro wrote:
| > [...] which is, I think, very similar to how we don't
| really have control over a great many of things.
|
| This is a very handwavey sentence and is doing far too
| much work in your reasoning. Yes, you don't have control
| "over a great many things", because the point is so vague
| so as to be meaningless. But it doesn't at all follow
| from that vague sentence that we should allow total
| corporate/government control over our personal digital
| devices.
|
| In this case, the proposed cure is far worse than the
| disease.
| npteljes wrote:
| I agree. It's basically appointing a dictator and hope
| that they'll stay benevolent.
|
| With my reasoning I wanted to capture what people might
| think, while accepting something that they have no
| control of. I have a hard time with this, because I got a
| PC in my formative years and I loved to tinker with it,
| and hated, and still do, everything that stood in the way
| of that. But the general population doesn't share this
| experience. And if I look at my own life, I only have
| this experience with computers (and smartphones), all the
| other things are, even if not centrally managed, out of
| my control. At the first wrong noise I have to call an
| expert who hopefully fixes it and is hopefully benevolent
| to me, because I have no clue what happens to the device
| I own. Or even my own body, now that I think about it.
| And so, the PC and the phone is just in a long list of
| things that people depend on, but not control.
|
| The addendum being here, and what most people miss who
| feel the way I described above, is that our ever-
| connected devices make a "paper trail" unprecendented in
| history. And it can be centrally managed, activated,
| replayed, assembled, or even more tracking could be
| remotely controlled to an extent[0] - and to an even
| larger extent with a specialized application[1]. This is
| where the otherwise similar level of "not being
| controlled" can lead to a much worse situation than ever
| before. And I wish I could point this out empathetically
| to people without sounding like a lunatic.
|
| [0]
| https://money.cnn.com/2014/06/06/technology/security/nsa-
| tur...
|
| [1] https://en.wikipedia.org/wiki/Pegasus_(spyware)
| mavhc wrote:
| God forbid most people I know have control of their own
| PC, they have no clue, and nor should they need one.
|
| iPhone users are safer from malware, PC users are safer
| from governments and Apple controlling what they can do
| on their computer.
|
| Never-ending balance between safety and freedom.
|
| The computer that requires a physical switch to disable
| secure boot is a good compromise (see many Chromebooks)
| TheOtherHobbes wrote:
| In a sane society these features would allow secure
| voting.
|
| In this one... that's not what they'll be used for.
|
| This is the end game for the corporate internet. Not only
| can all your activity be logged, but if any of it is
| unwelcome - on any scale, from family to school to work
| to country to world - you can be locked out.
| 29athrowaway wrote:
| An operating system that prevents other operating systems
| from being installed is the equivalent of a citizen that
| becomes a dictator.
| userbinator wrote:
| _Think about users with a million toolbars and Bonzi
| Buddy installed._
|
| I say let them be. As long as they also have the freedom
| to remove or not install such software, it's a good
| thing. Instead we have locked-down devices with the
| functional equivalent of such unwanted software,
| protected so that you cannot remove it without somehow
| getting root.
|
| "Those who give up freedom for security deserve neither."
| lotsofpulp wrote:
| My parents grew up in a non English speaking developing
| country, and they cannot be reasonably expected to learn
| the nuances of malware laden links to figure out which
| English text link is good or bad.
|
| Do they deserve to not be able to shop online without
| fear of having their payment information stolen? Or
| mistyping a URL in their non native language and ending
| up at a scam website that installs malware? Or simply
| having a device that comes to a crawl such that they
| cannot reliably video call their grandkids?
| npteljes wrote:
| I don't mind the lock, but why don't we have the key?
| There's no reason to centally hold these hostage.
| agileAlligator wrote:
| The problem you are describing will be irrelevant in a
| generation or two, as kids grow up on the internet.
| corrral wrote:
| I can assure you that the upcoming generations aren't
| much better at any of this, on average.
|
| And no, it's not smartphones' faults. Most people just
| don't "get" desktop OS paradigms, or how web pages work,
| or any of that, and they don't really care to.
| lizardactivist wrote:
| The NSA and other three-letter US agencies will be all inside
| this chip, or have side-channels to the firmware update
| mechanism, obviously.
|
| A secure operating system means nothing if the hardware itself
| cannot be secured, and the case for a new, trusted, transparent
| manufacturer of Intel-compatible CPUs and hardware in general
| grows stronger.
| hoffs wrote:
| Obviously
| Avamander wrote:
| It's not out of the question.
|
| Though I get the feeling we're missing the forest in the trees.
| Smartphones with proprietary basebands have been here for more
| than a decade or so. It's not only Intel-compatible we need, it
| would really take legislation to turn all these things more
| transparent or controllable.
| [deleted]
| phendrenad2 wrote:
| These paranoid delusions never get old. If Microsoft accidentally
| changes their license agreement to lorem ipsum, bloggers like
| this will surely be trying to decipher exactly how it steals
| their freedom. The fatal flaw in these posts is, as it always is,
| the _blind assumption_ that Microsoft can just do whatever they
| want, unimpeded. If Microsoft declared, as an april 1st joke,
| that app PCs henceforth must be painted sky blue, these bloggers
| would take it seriously. They act as though Microsoft is the high
| priesthood of computers, and they can declare literally anything
| with the stroke of a pen. They act like Mac doesn 't exist, cheap
| Linux computers don't exist, RISC-V (which doesn't even run
| Windows) doesn't exist. Non-Windows-compatible ARM devices don't
| exist. PC vendors are mindless drones that do whatever Microsoft
| tells them (even if it means losing billions of dollars to Apple)
| and they certainly aren't selling (Dell:
| https://news.ycombinator.com/item?id=4847720) linux (HP:
| https://news.ycombinator.com/item?id=31617198) laptops (Lenovo:
| https://news.ycombinator.com/item?id=28186204) right now (and
| don't even think about installing Linux on your Google
| Chromebook, it won't work!
| https://support.google.com/pixelbook/answer/9031351?hl=en ).
|
| The usual rebuttal is "Well, yeah, things are fine NOW, but
| they're moving the chess pieces into place to do these things
| LATER". Yawn. I have heard this for 20+ years. See you in another
| 20...
| crudbug wrote:
| Is Pluton IP open? All hardware vendors embracing this is not the
| right path for security / computing.
|
| Why can't hardware vendors embrace standards-based open platforms
| like Global Platform [1].
|
| [Edit] Google is also pushing Android Ready SE Alliance [2].
|
| [1] https://globalplatform.org/
|
| [2] https://security.googleblog.com/2021/03/announcing-
| android-r...
| tlb wrote:
| Authoritarian tech has two problems: the obvious one, and the
| fact that good hackers don't want to work on such things, so it's
| all built by consultants and stooges and is probably 10x clunkier
| than the clunkiest Bluetooth - X.25 gateway.
| pjmlp wrote:
| Regardless of all the FUD against Pluton, it has a great feature,
| it is yet another CPU with hardware memory tagging, as the last
| resort against C flaws and derived languages.
| selfhoster11 wrote:
| FUD is no longer FUD when it becomes a realistic danger.
|
| Given that remote attestation already had deleterious effects
| for user freedoms on smartphones and tablets (meaning, choose
| between banking apps and any deviation from the factory ROM),
| Pluton should be seen as a danger.
| pjmlp wrote:
| Smartphones and tablets are electronic gadgets.
|
| If you want a general purpose computer get a laptop.
|
| Most likely one sold by Linux OEMs, like Tuxedo and System76.
| fsflover wrote:
| Librem 5 and Pinephone smartphones are general-purpose
| computers.
| pjmlp wrote:
| Up to the community to prove their have a market value to
| be kept around and aren't yet another OpenMoko.
| selfhoster11 wrote:
| That is precisely the proof I need before I ever buy into
| either. I'm very optimistic about PinePhone but AIUI it's
| currently quite far from being a reliable daily driver
| for the kinds of tasks I need one for.
| fsflover wrote:
| If everyone behaved as you do, we probably wouldn't have
| any progress.
| selfhoster11 wrote:
| That's an invalid argument for multiple reasons, not the
| least of which is that some people can afford just one
| device.
|
| That device is likely to be a smartphone because everything
| is slowly moving in the direction of requiring one.
|
| If I need to spend extra money to get an additional
| "freedom device" and can't afford it, I just won't have one
| and will miss out on the good stuff.
| pjmlp wrote:
| Welcome to the 8 and 16 bit home computer days when OSes
| were written in ROMs.
| selfhoster11 wrote:
| Those OSes were distributed on ROM by necessity, because
| that was the most cost effective option available. Any
| modern limitations that prevent running your own software
| are not just artificial, but actually require additional
| effort to implement bootloader locking/integrity checks.
| pessimizer wrote:
| Or back to books where the OSes were written in ink.
| What's the point of this comparison?
| pjmlp wrote:
| I guess, the way Compaq was able to take advantage from
| IBM.
| oynqr wrote:
| Those still allowed you to run your own code.
| pjmlp wrote:
| ROM disassembly books existed for a reason.
| GekkePrutser wrote:
| This is definitely a big risk to commodity hardware being used
| for Linux :(
|
| Especially when attestation can be used by websites etc. We'll
| need to have another computer at the side for accessing them.
| Beltiras wrote:
| What this article warns as the Apocalypse some suits that make
| computer use decisions for large organizations will see as
| features they want implemented.
| dane-pgp wrote:
| "For all the nations have drunk of the wine of the wrath of her
| fornication, the kings of the earth have committed fornication
| with her, and the merchants of the earth have become rich
| through the abundance of her luxury."
| Beltiras wrote:
| It's a very rare Bible quote to get a thumbs up from me. Well
| done.
| tuetuopay wrote:
| The thing I fear the most with this is "proof that secure boot
| has never been disabled". This is just a way to brick your device
| from accessing services.
|
| What if you government's tax service requires such proof? Or
| bank? I cannot count how many machines I booted on Linux to
| rescue a hard drive, or image it, or wipe it, or just to install
| linux on them. All those devices, boom, paperweight for regular
| personal use.
|
| I hate it so much that Microsoft is alone in this. It's not
| because it's M$, it's because they're alone on it.
| cryptonector wrote:
| You get two devices.
| tadfisher wrote:
| This is already a problem with SafetyNet hardware attestation
| on Android. Because it's so easy to implement on the app side,
| everything from banking apps to games is verifying the device
| is running a blessed system image with a locked bootloader and
| no root access (read: no access to general-purpose computing).
|
| As a developer of a banking app, I do my best to avoid
| implementing this user-hostile crap, but not all developers are
| empowered to say "no" to this requirement and not all care.
| There is zero benefit to the user to block them from using your
| services, and I would argue the net benefit is negative to the
| service. Users aren't hacked via privilege escalation exploits,
| they are hacked by phishing, and they can be phished on a
| SafetyNet-compliant device just fine.
| ajuc wrote:
| Hopefully EU bans this.
| cosmiccatnap wrote:
| It's not open...well...at least not to you.
|
| Anyone who calls something secure without publishing the spec is
| just selling you a bridge.
___________________________________________________________________
(page generated 2022-07-26 23:02 UTC)