Remote attestation is the true enemy of your freedom. The power of the authoritarian corporatocracy to force you to use only the (entire) systems they control. It's worth reading https://www.gnu.org/philosophy/right-to-read.en.html again just to see how prescient Stallman was.
HN has been consistently contrarian. That’s about all that you can say without quickly becoming mistaken.
RA is a technology that has its fair use, and can be desired for other systems, like in Linux. With a pure RA system your services can decide to trust or not those devices on your network that can be compromised, and report to other devices that there is something suspicious.
As anything, this can be used properly to increase the security of your edge architecture, or wrongly to limit the users actions.
Let me put another example. With RA I should be able to authorize validated systems in my R&D VPN. If you are using your own laptop with the company certificate, and the verifier tag the systems as "unknown" or "unhealthy", it will not allow the access to the internal network, but sure you can still use your laptop for anything else. This, IMHO, is a fair use of this technology.
I write some notes[3] about how to use it in openSUSE MicroOS / Tumbleweed, but can be extrapolated to many other distributions too.
[1] https://github.com/keylime/keylime [2] https://github.com/keylime/rust-keylime [3] https://en.opensuse.org/Portal:MicroOS/RemoteAttestation
Of course, the system for it is rudimentary, and puts a disproportionate amount of control in the hands of providers. And that works very well for them too.
The software you boot sets up some state and then toggles a bit, and after that something can't be changed. The state is secure against much modification after that time, but not before that time.
The "you" that boots the device are in control, and the "you" that uses the device after that have exactly what "you" set up at boot time, neither more nor less. If both "you" are the same person, then there's no loss of control.
But of course they're often not really the same person. If you want to boot a Microsoft-signed image, the party that boots is more or less Microsoft, not you personally. But in that case, you also want to use that Microsoft-signed OS, right? So the shift towards boot-time control is then a shift from mostly-Microsoft use-time control to mostly-Microsoft boot-time control. Mostly Microsoft here, mostly Microsoft there, even if the two mostlies aren't quite the same percentage it's difficult to regard this as a significant loss of control.
Sure, you can sell yourself and make good money with software on some proprietary app store with proprietary tools. You are a freelance employee of the company providing that infrastructure at that point.
It is short-sighted, lazy and stupid in my opinion. There is merit for such security mechanism, especially for cloud applications, but it should be crystal clear that there are secondary motivations here. And that the security argument often falls short if you take a good look at current threats.
Technology is a tool. What is true however is that under the current way how the economy is structured remote attestation weakens freedoms of individuals mostly.
If Facebook was under remote attestation that private information was only used in limited and specific ways and even the NSA can not get to them without breaking the remote attestation, that would be a good thing. If firmware was under remote attestation we would have to worry a lot less about backdoors and the Diesel scandal would have never happened.
Perhaps you mean that if you, as owner and legitimate user of a device, are able to perform a particular change only during a brief window of time rather than at any time of your choosing, then that limits your control over the device? If so, then my answer is yes, certainly it does. But it also limits the access of anyone who impersonates you (such as the evil exploity javascript I make your browser execute).
https://boingboing.net/2011/12/27/the-coming-war-on-general-...
https://github.com/jwise/28c3-doctorow/blob/master/transcrip...
Don't know enough about the subject to tell if his "attempts to control general computation will converge on rootkits" prediction has held up.
I get the issue with Pluton but TPM is only a dedicated and certified secure key and random number generator that does a better job than CPUs doing it in software, and it's also a secure enclave for storing your encryption keys. Would you rather store the keys in memory where they can be easily grabbed by malicious apps like Mimikatz? Macs had the same feature for years in the T2 chip.
It's the exact system that enables wireless payment and other strong security features on your phone.
So having TPM on PCs and using it for its interested purpose is a boon for everyone's security so I don't see the issue, just FUD.
So in worst case, if your attestation server is very strict, any new binary installed on your machine will prevent it from booting or satisfying the attestation. This is the main concern that TPM enables.
DEF CON 23 - Cory Doctorow - Fighting Back in the War on General Purpose Computers
2015: Governments recognize the importance of TPM 2.0 through ISO adoption https://www.microsoft.com/security/blog/2015/06/29/governmen...
2022: Microsoft Can Kiss My A* | Do You Own Your PC? [Smart App Control] https://www.youtube.com/watch?v=Lv5xHfZnk4s&t=163s
The Trojan Platform Module (TPM)
The best progress we’ve seen in decades came from most people using locked-down phone operating systems, followed by stricter desktop OSes. If you don’t like that trajectory, you should be focused on how to get the benefits with other trade offs. One of the first steps is respecting people enough to understand their needs rather than calling them idiots.
I think it’s also worth asking why he didn’t have more impact despite pretty clearly seeing this problem. Part of the answer has to be resource disparities but I don’t think it’s just that - Linux didn’t really capitalize at all on Microsoft’s lost decade, and much of the innovation in security has happened on other platforms. I think there’s also some kind of blind spot in the open source community where a lot of people see this as something other people need, not them personally.
In theory, yes, you could implement it like you said, but that's not what happens in practice nor the direction we've been tending towards in recent times.
And it is a pretty terrible solution to the problem.
- It is also keeping the good guys outside too: Anyone that want to analyse and understand the security of the system for good reasons cannot. Excepted if explicitly allowed by the corporation X and that is a terrible security property.
- No root access also means very little control or ability to scan the system itself if your are not the X corporation controlling it. That means no possibility to mandate reviewer corporation Y to check that corporation X is doing the right thing. TPMs currently make that even worst by design, they are undocumented and complex, therefore rely on blind trust that company X do the rthe ight thing. And since the Intel management engine fiasco, we do know they are not doing the right thing.
- Bonzi Buddy and toolbar type of problem can be easily avoided by separating properly the normal user account from any admin account(the unix way). It should be painful to be admin but not impossible, just to make sure your grandma do not install a rootkit by mistake when she want her 20% coupon.
In summary: That is mainly bullshit from company X to keep full control on the entire user device, and not for their own good.
These people won't respect you until you start taking their money. Become one of their techno-corporate overloads. Demonstrate how you're controlling/profiting off them, why it's bad. Maybe then they'll start listening. Or not. At least you'll have made a nice profit.
That is a bit misleading. The TPM is a passive device, it cannot verify any state. It is the OS who measure the system (in Linux via the IMA system). And is the Linux kernel the one that, if you have a TPM, can produce a process where a 3rd party can be sure that the measurements are "true" and "legit" (via PCR#10 extension).
As you state later, it is this 3rd party the one that assert (verify) if you are state considered OK or not.
Maybe I am too simplistic, but I do not see the evil in the TPM here, but only in the 3rd party policy.
TPM can be abused but, as a developer, I am happy that we can use the TPM for good and fair goals in open source projects.
It is the user who can decide to use the TPM or not, and should be noted that in the TCG specification it is stated that the TPM can be disabled and cleared by the user at any moment.
until recently. Just like reddit, it has become less niche and more mainstream. For eg: HN majority opinion on covid's origin. It matched the official US govt lines as it switched back and forth between market and lab.
I've been saying this ad nauseum forever and I'm not the only one.
A related problem is that the OSS world is mostly tech enthusiasts. It's like having car people design cars. They'd be full of special switches and options and stuff that car people want. Car people don't understand that most people hate cars. What they like is mobility. Same goes for computers. Most people hate computers. They just like what computers let them do: communication, making content, getting their work done, etc.
But it's the other way around, if you improve your old device by installing a up to date Android on your vendor-abandoned previously vulnerable device, you go from working banking to banned from banking.
For the pro market people want control. Pros also generally know a bit more about how to use that control and tend to be less likely to end up getting pwned immediately.
For regular users people just want shit that works. Not having control is a feature, because if you have control then the malware you are tricked into installing from "ɡeτflrêfox.com" also has control.
You can see it in the Apple ecosystem with iOS vs. macOS. Macs and iPads are now almost the same hardware. (The M chips are just A chips on 'roids.) But Macs can run other OSes and you can "sudo root." That's because Macs are for pros.
The evil is that the "Trusted" in "Trusted Computing" and "Trusted Platform Module (TPM)" means that one deeply distrusts the user (who might tamper with the system), but instead the trust lies in the computing (trusted computing) or TPM. In other words: Trusted Computing and TPM means a disempowerment of the user.
Remote attestation would prevent a firmware written by first party and passed certification processes WHAT?
Sure Infineon can probably get my data, but that's far beyond the scope of my threat model.
As long as the system is open to putting your own keys on there I'm fine with it.
If you play video games, you probably have a couple of neat kernel rootkits installed as "anti cheat".
A lot of remote proctoring stuff for exams are looking a lot like rootkits too.
EDR/XDR is also just rootkits. For security. The only thing that can stop a bad guy with a rootkit is a good guy with a rootkit, after all.
Sure, there are theoretical attacks on memory, but they are far less relevant for security than the penalties I have to accept with TPM being widely established.
Not that there aren't different means, but TPM also creates unique hashes of your system which only reinforces the problems around fingerprinting.
> It's the exact system that enables wireless payment and other strong security features on your phone.
Phones suck as computing devices on every conceivable metric and are heavily locked down devices. And it is not true that you need a TPM chip to create secure transfers. I constantly do business transaction on my PC just fine.
> The "you" that boots the device are in control, and the "you" that uses the device after that have exactly what "you" set up at boot time, neither more nor less. If both "you" are the same person, then there's no loss of control.
How is it orthogonal? Okay, we're not strictly speaking of only bootloader locking, but of boot-time-control locking.
Regarding Bonzi Buddy, I disagree. I think user data is as important, if not more important, than root access - which is why I'm dumbfounded when ancient server security features, like Linux's sudo system, are applied to the consumer device like a PC or a smartphone. These contexts are much better server by a sandboxing, permission-based whatever that seems to pick up steam, like the current permission systems on smartphones. Grandma's logins and bank data will be stolen from her own user account just the same as an admin account. Related XKCD[1]
As long as software that uses the TPM cannot detect whether you tampered with the TPM or not, it is principally all right.
But as I wrote down: this is exactly the opposite of what trusted computing was invented for: make the machine trustable (for the companies that have control over the TPM/trusted computing), because the user is distrusted.
I'm definitely not on the "ban all crypto" side, but I see why the governments are in support of that, and for the longest time, strong crypto was (and still is?) classified as a munition; it's very powerful.
I say let them be. As long as they also have the freedom to remove or not install such software, it's a good thing. Instead we have locked-down devices with the functional equivalent of such unwanted software, protected so that you cannot remove it without somehow getting root.
"Those who give up freedom for security deserve neither."
Do they deserve to not be able to shop online without fear of having their payment information stolen? Or mistyping a URL in their non native language and ending up at a scam website that installs malware? Or simply having a device that comes to a crawl such that they cannot reliably video call their grandkids?
That's true, barely, only if you equate "software" with "things that draw stuff presented on a display to a user". Regular non-tech-geeks are using open source software (in the real sense, meaning instructions given to a computer to make it do something) pervasively, everywhere, every day, on all their devices (yes, even the Apple ones, but especially all the devices they use that aren't in their pockets).
Open source certainly isn't a failure, it literally won the war.
As far as hn being contrarian, the only thing I see hn being consistently contrarian on is crypto. Any other examples?
Think about how many devices in a typical users home are incompatible for business reasons - for example that Chromecast that refuses to play Amazon prime movies. Or the iPhone charger cable that won't fit into an android. Users just live with it.
"My weird laptop doesn't support the school WiFi" is the same.
I would rather argue that it converges to "you become more and more morally obliged to learn about hacking (and perhaps become a less and less law-abiding citizen) if you buy a computer and use it".
Of course, I guess most people don’t care.
You are totally right that open source is powering countless things people use regularly but I expect most people don't even know what open source software is, much less care about it.
Keep in mind that now many of the people who post on HN earn a lot of money by working a company for which it is part of the business model to track users and collect data about them (officially for advertisement purposes).
You're thinking of SGX enclaves not TPM.
> TPM also creates unique hashes of your system
It doesn't. Your system creates hashes and appends to lists signed by TPM. And the point of those hashes is to be not unique, but verifiability matching known values.
Most "car people" would agree that changing the oil in your car is super easy. To me, it is not easy. It's not something I'm willing to do, even though I know the steps of how to do it. I just don't know what I don't know. When I have my oil changed, the mechanic tells me what I should be concerned about. He tells me what upcoming work I need to have done, how much it will cost, and what could happen if I don't do it. He has experience, expertise, and specialized tools. He had knowledge gathered over years to be highly proficient in his profession.
I could do those things. I could read, and listen, and learn. I could be under my car every day learning new things about how to install this, or replace that. But I don't really have the drive or inclination to do so. I'd rather leave it to the pro. I also have the added novice-worry of screwing something up, and hurting myself or others as a result. I don't want that kind of pressure. I don't want my car breaking down while doing some long journey - I just want it to run when I need it to run, without any scary warning lights coming up on my dashboard.
To bring the analogy back to computers, I still know people - people in their 20's or 30's - who do not know how to copy and paste with keyboard shortcuts. I will sit there and see them highlight, right-click, click copy, move their cursor, left-click, right-click, choose paste. I'll tell them how much time they could save if they "just did ..." and get a basic "Yeah...I just don't really care though, ya know? This works." The thing is, there is no investment on their part to want or need to do that more efficiently. They get by well enough with not bothering.
They could get super into computers, and learn something as "technical" as `git clone https: //github.com/some/repo` and follow the process to configure and run a script. They could learn to do those things. But they don't really have that time to invest in it, or don't have that passion for it, or have a professional investment in needing to do it.
They want it to work. They want to not get hacked. They want to not have to think about computers at all. Computers are the interface to do "the thing" more easily. And if the computer breaks? They want it fixed so it won't happen again. The computer "does the internet thing". And I can respect that because they focus their energy into knowledge into other topics that I don't have a clue about, the same way I don't have a clue about cars, even if I know oil changes are "easy".
Normies should be eating our table scraps, not dictating how the software is written.
Normies learned how to drive a car. They can learn how to properly compute. And if they don't like the tech, they don't have to use the tech.
OSS is the last bastion of computing for people who know/like computing, because the armies of "designers" aren't selfless enough to donate their time like programmers are. And frankly it is better off that way, the prevailing trends in design seem to be all about limiting options.
Hard, powerful software over push-button appliances any day.
And, to use the car analogy, BMW gets away with this approach just fine.
People have become aware and angry that tech monopolies are exploitative. The winning strategy will involve focusing this fuzzy, ambient anger at a concrete target.
Once Pluton outs itself as an exercise in naked monopolistic power covered by a fig leaf of security -- and it will, as all hustles must eventually involve monetization -- the bad optics will be our opportunity to act. Any strategy on our side that involves putting down TikTok is doomed to failure, but if we put the bad optics in front of people, make the connection, and get them to briefly agree "yeeah, f** the monopolies! F** Pluton!" then a political solution becomes possible. Not easy, but possible.
It's a pity that this dialog has to be so reactive and simplistic, but communication at scale cannot function any other way.
If you were to approach a non-tech person and ask them how many open source apps they use on a daily basis, they would probably say "none", even if it's not the case.
The TVs are hardwired, it’d be trivial to have an accomplice show answers or whatever on them.
There are cheats out there that use video captured by capture cards as input for an AI on a separate computer to actually play the game like a human would. Once that becomes widespread there is no way to stop it, save from banning capture cards entirely.
You really wanna be scared? Go look at the multiple comments on the EU DMA announcement complaining that having a sideloading option is just a ploy for malware vendors to get into their iPhones. Or that someone else being able to sideload or jailbreak somehow hurts their security. These are coming from actual HN users!
Ugh, except that one goes overboard in the completely opposite direction, and often doesn't let me properly share data between apps even when I want to.
The great majority of people don't know or understand the difference between single click and double click. This baffled me the first time I found out. Age or education don't matter.
If you dig a little deeper you discover that most people think double-click is a kind of equivalent of "clicking louder". As if sometimes, for some reason, the computer becomes hard-of-hearing. It's both a little sad and quite funny.
And no, it's not smartphones' faults. Most people just don't "get" desktop OS paradigms, or how web pages work, or any of that, and they don't really care to.
Updating the Upton Sinclair quote without the gender bias; it’s difficult getting a person to understand something when their investment portfolio valuation depends on them not understanding it.
Who are they if they’re not what they are now?
When you all stop posting on corporate forums and working their jobs, shopping their stores, I’ll take you all sincerely and seriously.
In order to deal with it, I had to create a subnet with a router, use an old laptop to do the verification, and then the whole subnet was added to the allow-list.
Smart people are a surprisingly small minority.
"No one in this world, so far as I know ... has ever lost money by underestimating the intelligence of the great masses of the plain people." - H. L. Mencken
I know plenty of people, myself included, who lost money overestimating peoples intelligence.
The real problem is continued deference to old ownership memes; that a minority must be empowered due to past contract none of us were even alive to see signed. How do we know in real terms the truth given a past we can never experience?
Historical trends are one thing; that Bezos specifically is that special is another. This is the first period in history where the elders could hold power this long. It’s tacit ageism and everyone is too scared to say that to old people who would collapse in shock at the slightest whiff of real pushback, they’re so used to being coddled; they’re hardly a real threat.
Start telling your elders their past success does not give them ownership of the future.
The absolute worst thing we could do is go to Apple or anyone else and say "You need to use this x or y, because someone else does". That isn't going to breed innovation, ever.
Do I wish Apple used USB-C on phones? Definitely. Does it actually change anything for me day to day except I need a specfic cable if my phone runs dead? Not really because my chances aren't a ton better running into a USB-C on demand. I want Apple to. I would buy an Apple phone with it if given the option. I would never sign-on to force Apple to do it.
Everything nice that they offer eventually gets changed or taken away.
Yes, I'm bitter. We could have a much better world, one that actually empowers anyone willing to step up to the plate, but instead we grab all the low-hanging fruit so we can make them smile and step on workers' rights to deliver them burritos, instead.
A happy cohort is an obedient cohort, amiright?
Exactly! We saw precisely this thing with cell phone chargers. Not enough people recognize this.
A healthy dose of market realism is in order - if the market doesn't deliver what people want, it's not the market, it's the people who are wrong.
So the real market is for the very smart people and that’s an even smaller minority.
I built super advanced tech but was intentionally screwed over by my large corporate customers, just because they could, so I quit the industry and that super advanced tech doesn’t exist anymore. Unfortunately a lot of really cool things will live and die with me. I’ve fought the good fight and failed.
We can lament that people are not smarter but there isn’t anything we can do about it.
Yea, maybe we shouldn't live in the US, or other authoritarian nations, but few of us have options like that.
"Validity" for a device can mean many things (latest patches, is running anti-virus software, among other things).
A general user probably doesn't need to attest to these things. I would argue that anyone trying to access a corporate or some other organization's network SHOULD be required to attest to these things given the cyber threat landscape. The caveat: those same entities should provide or heavily subsidize the platforms they require (work computers). It's their IP at risk. I'm not so naive to think they would actually do this with BYOD initiatives, unfortunately.
For personal users on personal devices, I agree this might go too far (but some principles like MFA are best practices).
Learning is hard, it makes people uncomfortable, sadly. Which means that the easy road is to stoop to their level, which is what we're seeing.
It sucks that you got screwed by large corporations, and I don't know the story, but that sounds more like standard business fuckery than "software for smart people"?
But even so, that doesn't seem informative. Ask any user how many "Qualcomm apps" they use, or "Meta apps", or "Intel apps". No one knows where this stuff comes from. They buy a phone with a label on the box and then download stuff from an app store.
That's not a statement about how the software is produced, it's just how the market presents products to consumers. People don't know where the gas that goes into their cars comes from either, but that's not an argument that petroleum distillation technology is a failure.
Certainly the businesses were not as smart as they thought they were, which is a common problem. But they indeed have very hard valuable problems and basically everyone involved was much smarter than the average person. Just not smart enough to know their own limitations and accept outside help.
Can you explain what you mean by this? As far as I am aware, an application (aka "app") is a piece of software.
You literally exercised huge amounts (seriously: millions of lines!) of open source code just now, in the process of posting that very comment and transmitting it to me to read.
Was it voted so high it triggered some bot detection? That would only explain the former, not the latter. Either way, there's something funny going on.
Then why is everything on the consumer side becoming more closed?
The reality is that proprietary just moved to the cloud in the form of SaaS-as-DRM and we-own-your-data. Open source runs everything, but few things are open. The availability of the source for components of the stuff they use is irrelevant to 99% of users.
Say you have a game, you can make the source available and still charge money for the game, and it doesn't get any easier to pirate than before. You even get tons of people modding your game and contributing to its appeal.
There are also techniques like 'selling support' for your software.
The FSF was strongly against secure boot, then inexplicably started seeming to be in favour of it.
Connect the dots yourself.
That's because they "won't miss freedom they never had".
We’re not just talking about the freedom to run software on your own device here, we’re talking about interacting with outside systems. There is an important distinction in context.
As long as it adheres to basic web standards, I believe no, the bank should have no say in what browser you use to access their webpage.
The kernel could do the same with an in-kernel process. It wouldn't have quite the same depth of defense against userspace sandbox escapes, but could be done. That's roughly how /dev/random was implemented for many years.
Look at the APIs provided — it's nothing new. It's nothing OSes haven't provided before, it's just further removed from a Chrome/FF/Safari sandbox escape, because overcoming the write-once hardware toggles is harder than getting kernel read/write primitives for a sandbox privilege escalation.