Ew. Why are all the chip manufacturers going along with this stupid plan? I want to buy a processor and then own it and have it work in my best interests, not consume electricity and generatie heat enforcing draconian 3rd party DRM policies.
And that's why the road to a better software ecosystem is not some hackers smart trick to defeat the system for the moment but very clear rules of what is allowed to be done in the name of security and what isn't
A legislative piece of paper (or many pieces of paper) have the power to reign in corporations far far beyond any technical solution or workaround.
And yes, that requires limiting (intellectual) property rights and regulating what certain contracts can enforce. Sometimes it's needed if you ask me
In my experience this sentiment is rejected primarily by many technical people because it feels like adding the human factor to a pristine world of logic. In reality it's humans all the way down and there is no reason to believe that Microsoft/Apple is a better steward than an elected body of representatives acting according to the rule of law
The conspiratorial answers here are emotionally satisfying, but ultimately wrong. The reason chip makers and OS vendors are adding this is customer demand, by which I mean enterprises. Companies want remote attestation and guaranteed-immutable OS images on their networks, and I honestly can't say I blame them. In a perfect world they could have it and we could somehow firewall it away from the consumer space entirely, but that's not going to happen.
Yes, they are possible... And they are implemented using all the evil things like Secure Boot, TPM, and Pluton.
MS remote attestation doesn't require remote cloud or anything like that, I recall it supporting air-gapped environment from the start (guess why, the top-price enterprise clients want that, including resigning windows with their own secure boot keys).
Disclaimer: for various reasons open source remote attestation in corporate is currently on my roadmap at work
You either don't remember or wasn't there when TPMs were first talked about, in either case I envy you then.
And yes, there's nothing evil involved if they are owner controlled, something that honestly was heavily Microsoft pushed because they do have clients that insist on them - the DRM functionality in intel ME has keys controlled by broadcasting associations instead (this is why you can't stream HQ on Linux from official sources), same with part of why AMD PSP got some uncontrolled bits (the blackmail goes that if you don't do that, customers will quickly find they can't stream netflix/whatever in high quality on your hw and will stop buying it).
Personally I believe that owner-control of hw should be enshrined in law, just like right to repair and modify, along with laws against deceptive "looks and quacks like a sale, is actually a lease" practices
Have you seen OCP's Caliptra RoT, which requires OSS firmware, enforced by dual-signing of firmware by both OEM and owner? Currently for hyper-scalers, but this approach can be adopted by other enterprise customers, https://www.youtube.com/watch?v=p9PlCm4tLb8. Attestation will be done to Caliptra, which can then release SoC boot ROM from reset.
The same enterprises asking for this stuff are also asking for it to be taken out of their hands because they don't trust themselves to operate it securely or reliably.
I'm frankly already appalled by how much data (proprietary data, customer data, employee data, etc) companies are fine leaking to 3rd parties, MS especially. Even if you assume that Microsoft could never ever possibly be hacked, or would never favor one of your competitors enough to hand them your data, Microsoft's MO has often been basically stealing other people's work/ideas and stomping out or absorbing the people they took it from. The data they get from outlook alone must be worth a fortune, but with everything the OS collects these days it's insane how little anyone cares.
When it comes to security someone must always sleep with one eye open - co-owning this responsibility is totally reasonable. Microsoft takes security seriously and is investing heavily in it; if they are already in your orgs trust boundaries I see no reason why they wouldn't be considered good stewards for this as well.
Besides, at enterprise scale, how do you trust internal teams? It could all be security theater and they aren't delivering on their promises as well.
> Microsoft takes security seriously and is investing heavily in it
Some parts of it maybe do. Some others, like multiple different Azure teams, don't even think about anything resembling security, or there wouldn't have been multiple critical and trivially exploitable security vulnerabilities on Azure in the last year only. (If you don't know them, please read up on them. Security is hard, but in those cases nobody even pretended to try!)
You're thinking about companies as monoliths. They are groups of people.
The managers who want remote attestation aren't the people implementing it. They either pay someone else to do it, or they pay someone else to do it. The difference between paying a third-party company and an employee is that employees are more expensive, because the costs aren't amortized over other customers who want the same stuff. Why would they be more trustworthy? Why would they be better at it? Why would it be any less likely to be hacked if you did it at your company than if you outsourced it?
I don't really care for the reason, why can't we as consumers opt out if it's consumer oriented then? For me it's not even about the egregious security and privacy implications -- I just simply want the (illusion of) choice w/r/t silicon rootkit 'features' that I'll never use.
You can, it even says in the article that Lenovo and Dell are shipping with the Pluton chips disabled by default. If they can do it, a user can disable it to (for now at least).
Good, if companies want those features, then they can be the ones to pay the price in privacy. Otherwise, let me set an OTP bit to disable all Management Engine kinds of functionality on the CPU permanently.
Haven’t looked at the Intel space, but doesn’t AMD have an “PRO” tier available for OEM only? Ryzen Pro, Threadripper Pro… Or Nvidia and their segmented RTX/GTX vs Quadro. These hardware companies love segmentation, let them have it, do that for PRO enterprise only, leave my personal use, no remote attestation, immutable OS needed PC alone.
It's tragic (especially if you care about general-purpose computing and the future of open platforms), and a sign that Microsoft's Palladium project was never really canceled. Boil the frog...
Of course, Microsoft would say it's not about DRM (at least right now), it's for "security." Which... its secure as Microsoft's servers are, to be sure.
Because China and Russia might be hacking your hardware.
Don't people listen when a guy like Pompeo speaks he has pretty much outlined the plan with his Clean Network Initiative, I wouldn't be surprised that within a decade CloudFlare and other US cloud services will be used as the great firewall of the western sphere.
It's not mutually excusive. I think risks from hostile powers need to be called out, and I think we also need to be calling out this bad behavior on our side too.
> People should generally be most afraid of their own government - it's the one that is allowed to use violence where they live.
Be careful to not forget the distinction between "being allowed to" and "being able to". There are documented cases of countries (including the USA) using violence against people even when they aren't the government where these people live.
> Ew. Why are all the chip manufacturers going along with this stupid plan?
Because if they don't add whatever garbage Microsoft orders them to include in their chips then Microsoft can simply require that shit for the next version of their OS to boot. They could even force an update on existing PCs to check for it. Nobody is going to buy a chip if having it means they can't run the OS that 99% of computers on the plant are using. If Intel dared to say no, MS could pretty much run them out of business.
This works both ways however. No one is going to buy the OS that can't even run on their latest chip. Microsoft can make all the demands they want, but the chip manufacturers still have the power to refuse to implement it; if Microsoft wants to brick their own OS, that's not their problem.
> No one is going to buy the OS that can't even run on their latest chip.
Unless that latest chip is vastly superior to what we have today, almost nobody is going to care. Most people couldn't tell you which chip is in their computer right now. They don't even care what a processor is. They just want to be able to click on the little picture that makes facebook happen and they don't want to have to learn anything new to make that happen.
If every chip manufacturer refused, you're right that we'd be pretty safe, but the moment they can get just one chip manufacturer on board every OEM will buy those chips or go out of business. Intel was "evil inside" decades ago for a reason, so we knew how this was going to play out.
It sounds like you can still do that. Other people will get to decide if you can use their services with your device, but (unlike an iPhone, for example) it's still your device to do as you please with.
Simple solution: don't care about up or down -votes. Believe me, Internet points are a sham and waste of time. Focus on interesting conversations and connections instead.
However, interesting conversations are missed because of noise (e.g. down-votes) - I'm less likely to interact with a down-voted post, they usually are not as informative or interesting.
Proposed solution - abolish negative points entirely, points should be per-thread, not per user. If a user is causing frequent problems (frequently downvoted), per admin review then issue ban/rate limits, etc.
I view the positive/negative points mostly as a sentiment rating - if I receive downvotes I can tell my point is unpopular/uncontroversial, if not I know someone found it interesting. That does affect how I post in two ways:
I make more effort to expose common context for posts which are down-voted, people who are lazy and don't care won't read the expanded post, people who are more open-minded (the ones I want to attract and start conversations with) are more likely to come around to my viewpoint, or at least offer more interesting conversation (disagreement is necessary to have a discussion).
So I find both positive and negative votes to be useful, even on my own posts. Even the manner in which I've been down-voted recently tells me something, and it tells me valuable data about who has which opinions.
It is much worse than he thinks. If I was to write out the worse case scenario the MS employee would have no choice but to consider it.
Therefore win 13 will be a theme for ubuntu packaged with a FOSS version of office. MS will award large weekly prizes for the most useful FOSS app extending the eco system. It will be sold on multi TB external drives that work like live USB only daisy chained. Weekly new releases cramped with so much free stuff every neck beard around the world must own all of them. A few movies, some music, a game or 2. Each comes with a poster, a t shirt and a book. Prices go up and down using RNG making some releases rare and hard to get.
Reminds me of computer magazines bundled first with cassettes, then floppy disks then CDROMS, 80s to 90s. Occasionally some other gadgets too. Everybody like us was buying them.
Quite scary isn’t it? What a time to be alive. I’d never have believed that I am seriously questioning whether a conversation on the internet is real. Even after all the gpt3 quiz sites, like the one where you have to guess if the code is generated or real.
Indeed - I'm pretty sure a small cabal of people with low self-esteem is responsible.
Speculation, Zuckerberg, Musk read new-sites like this, can't bear their egos to be deflated. I don't think that's necessarily realistic, but I would suspect someone like that, personally.
