Weekly Edition
Return to the Press page
| |||||||||||
Second batch of FOSDEM interviews
The second batch of
FOSDEM interviews is out. This round includes Kristian
Høgsberg (AIGLX) about 3D, graphics drivers and eye candy, Ronald G
Minnich (LinuxBIOS) about hardware vendors, the OLPC BIOS, and the
dangers of EFI, Peter
Saint-Andre (Jabber) about Jabber and XMPP, Kern Sibbald
(Bacula) about the history and future of Bacula and Andrew Morton
(Linux kernel) very shortly about the current state of Linux in general,
and... at Google.
(Log in to post comments)
Ronald Minnich of LinuxBIOS on EFI Posted Feb 7, 2007 0:09 UTC (Wed) by moxfyre (guest, #13847) [Link] Ronald Minnich's interview about LinuxBIOS is *very* interesting to me, especially his description of EFI. The way he describes it makes it sounds like effectively enables a form of Blue Pill malware for DRM purposes! From the article:Another important thing to realize about EFI is that it also contemplates enabling chipset features that will trap certain OS operations to an EFI-based control system running in System Management Mode. In other words, under EFI, there is no guarantee that the OS owns the platform. Accesses to IDE I/O addresses, or certain memory addresses, can be trapped to EFI code and potentially examined and modified or aborted. Many see this as an effort to build a "DRM BIOS". I am not sure what the real intent of this design is, but is is a real concern in secure environments (such as those found in governments, banks, and large search engine companies). A number of vendors and users have told me that they are not sure they can ship an EFI system they are willing to trust in a secure environment.What it sounds like is that EFI allows vendors to include a hypervisor that traps and redirects certain operations that might infringe on system "security" (e.g. DRM). Yikes!! That is enough to move me out of the "fan of EFI" column in a hurry...
Ronald Minnich of LinuxBIOS on EFI Posted Feb 7, 2007 2:54 UTC (Wed) by zlynx (subscriber, #2285) [Link] Everyone should be aware that this "problem", having the system BIOS/firmware/EFI executing unknown code, already exists. This is why the NSA has groups of people who disassemble and examine the firmware of every component of secure government PCs.
So, if vendors desired it, they could already be doing what you fear. There is nothing special about SMM+EFI that SMM+BIOS cannot already do.
Those on-board NICs? How do you know they don't already accept signed code packets from the FBI, NSA, or their Japanese, Taiwanese, Chinese equivalents and execute them in SMM? Like that Firewire unrestricted DMA hack, it'd be a great way to sneak into the system and pull the encrypt keys out of RAM.
And it isn't just the motherboard BIOS to worry about. Operating systems trust the hardware. The OS tells it to read a block and DMA to memory location X. Nothing prevents hardware from reading two blocks and writing to X and Y (except an IOMMU, perhaps). Your video card could by spying on you. It could even be writing the spy data to hard drive or the network: PCI bus mastering allows that.
Why worry about the future when you're already far too trusting.
Ronald Minnich of LinuxBIOS on EFI Posted Feb 7, 2007 5:15 UTC (Wed) by moxfyre (guest, #13847) [Link] Everyone should be aware that this "problem", having the system BIOS/firmware/EFI executing unknown code, already exists. This is why the NSA has groups of people who disassemble and examine the firmware of every component of secure government PCs.Does the NSA publish their evaluations of such firmware? I know that they *sometimes* publish their evaluations of various cryptography systems (though sometimes keeping them secret, presumably to take advantage of weaknesses). That would be very valuable, I'd say. I know that hardware/firmware can already do such treacherous things... many high-end laser printers secretly reveal their serial numbers and timestamps on every printed page. However, I imagine that the cost pressure and generally chaotic short time scales on which most hardware is produced means that these kind of practices aren't widespread or effective. EFI worries me because it seems to explictly ENCOURAGE and standardize this kind of treachery...
Ronald Minnich of LinuxBIOS on EFI Posted Feb 7, 2007 9:32 UTC (Wed) by eklitzke (subscriber, #36426) [Link] Does the NSA publish their evaluations of such firmware? I don't actually know for sure, but my guess is that securities issues aside, publishing such a technical evaluation would be forbidden because it could reveal the manufacturer's trade secrets. Similarly, it could be construed as an endorsement (or lack thereof). These are all things that the NSA does not want to involve itself with.
Ronald Minnich of LinuxBIOS on EFI Posted Feb 7, 2007 22:07 UTC (Wed) by lutchann (subscriber, #8872) [Link] This is why the NSA has groups of people who disassemble and examine the firmware of every component of secure government PCs. Really? Wouldn't it be easier for them to tell Dell or whoever, "We'll pay you 20x list price for your PCs if you let us compile the BIOS ourselves?" Of course, it wouldn't improve the security of the system one bit to audit the BIOS or other firmware, which is why they could care less what's in there. Military data security is all about paranoia, yes, but let's be serious here...
Ronald Minnich of LinuxBIOS on EFI Posted Feb 8, 2007 0:15 UTC (Thu) by zlynx (subscriber, #2285) [Link] You believe that the government which had cameras installed in Xerox machines shipped to the USSR trusts the firmware provided in computers built in China?
Let's be serious here...
Ronald Minnich of LinuxBIOS on EFI Posted Feb 8, 2007 1:22 UTC (Thu) by lutchann (subscriber, #8872) [Link] If the firmware warrants so much scrutiny then of course the hardware (which is even more likely to be from China) can't be trusted either. Do you think they decap and trace every chip in every computer used in a classified environment?
Ronald Minnich of LinuxBIOS on EFI Posted Feb 9, 2007 16:36 UTC (Fri) by moxfyre (guest, #13847) [Link] Maybe not, but they have TEMPEST to prevent unwanted electromagnetic emmissions, and classified computer networks are physically isolated from non-classified networks. So that rules out a lot of the shenanigans that could happen...
Second batch of FOSDEM interviews: Kristian Høgsberg Posted Feb 7, 2007 3:25 UTC (Wed) by t5.4 (guest, #42424) [Link] After reading this interesting interview and continuing to the provided links to his blog, I have only one thing in mind... The fighting between the users and developers of Compiz/Beryl and AIGLX/XGL has to stop.
I think this is the worst aspect of the FOSS community. They should merge these project and do it right and allow the community of hackers to have one platform to develop against.
Fighting? Posted Feb 7, 2007 3:35 UTC (Wed) by proski (subscriber, #104) [Link] Where did you see that fighting? I don't see any. And what's wrong with trying more than one approach to the same problem? Most developers are pretty civilized people. Sure, there are stupid and aggressive users, but there are ways to deal with them. All they want is attention. Just ignore them.
Fighting? Posted Feb 7, 2007 5:06 UTC (Wed) by moxfyre (guest, #13847) [Link] And what's wrong with trying more than one approach to the same problem?I agree completely! People always say that "GNOME vs KDE" is the worst use of the free software community's time and "why can't they merge?" to make a "unified" desktop like Windoze. That makes no sense to me at all. Instead of having one DE, we open source users have *TWO* fabulous desktop environments with slightly different strengths and weaknesses... the competition and collaboration and cross-pollination have improved them both immeasurably. How does having MORE GOOD CHOICES hurt anyone?
Fighting? Posted Feb 7, 2007 9:36 UTC (Wed) by gravious (guest, #7662) [Link] How does having MORE GOOD CHOICES hurt anyone?In no way other than now people have to evaluate or put a little thought into what software they use, poor them - no more hand-holding. I dunno, First they complain about monopolies and then they complain about competition, you can't win, I tells ya!
Fighting? Posted Feb 7, 2007 18:28 UTC (Wed) by eklitzke (subscriber, #36426) [Link] Competition is good. But forks are almost always a bad thing.
If you look at the Gnome vs KDE thing, everything is OK now (a long time ago, it used to be a different story). We have XDG, which has actually improved the quality of both Gnome and KDE (and other DEs like XFCE), and has made applications largely DE independent. The two projects have different aims and a healthy number of developers, and as a user I benefit from this.
On the other hand forks can have a really devastating effect on a project. The best case scenario is that you get something like the XFree/X.org split where one of the projects dies really quickly, and everyone can just get back to work. But other times the forks just linger on, things become incompatible, efforts are duplicated, and you're never really sure what supports what. This is especially true for specialized projects like Compiz/Beryl -- there just aren't very many developers with the expertise to hack on these projects. Splitting the small talent pool just exacerbates the situation, especially when the goals of Compiz and Beryl are 90% the same. As far as I can tell, Beryl is just Compiz with a GUI config tool, better KDE support, and one or two extra plugins. Why was a fork necessary again?
The Beryl project seems to have more momentum behind it right now, so unless Compiz is adopted by Gnome or gets more support thrown behind it from another distributor, it looks like Compiz will quietly die off. But Metacity and KWin are great window managers already, not to mention <insert your favorite lightweight WM here>. This has led to efforts like libcm to create a compositing library that other window managers can easily take advantage. My fingers are crossed that this approach will prove successful, but in the meantime I don't think that the fragmentation in the community is leading to a lot of "cross-pollination".
Fighting? Posted Feb 7, 2007 9:40 UTC (Wed) by masuel (subscriber, #28661) [Link] http://blog.beryl-project.org/?p=23
don't know anything about it myself but certainly looks nasty.
Hope its all good now...
Ronald G Minnich and vanishing vendor interest Posted Feb 7, 2007 20:33 UTC (Wed) by ebirdie (subscriber, #512) [Link] Ronald G Minnich's interview is interesting in another respect as well. Here it appears again that hardware vendors have pulled out their support in recent years. Why?
Here is just two articles for some background:
There has been comments on LWN.net as well that vendors of graphic gear has turned over to closed and unresponsive.
The rules of the game has clearly changed and hardware vendors seem to have chosen their side. Sorry, but I tend to be a bit pessimistic here, but is the era of PC as open and common hardware platform soon gone? The signs are there. I wish OLPC and be there many similar hardware platforms to come, what are designed open from ground up and, say, uninteresting and unreachable to the closing party.
Ronald G Minnich and vanishing vendor interest Posted Feb 9, 2007 2:17 UTC (Fri) by JoeBuck (subscriber, #2330) [Link] I think that DRM is the issue; the big guys are under pressure to provide BIOSes that support DRM.
|
|||||||||||