It probably comes from the earlier days, where people were using things like Pentium 1 machines with 32MB RAM, and had badly tuned distributions that offered to install everything.
The user, not really knowing what they wanted went with that option, expecting something like a complete Windows install. The result would be a machine that took 5 minutes from the moment the kernel started loading, due to loading apache, portmap, bind, NIS, and a whole lot of other things most people had no clue what they were for.
These days it's not near so bad, but I guess the geeky interest in optimizing everything to the max remains. And if the computer can boot in one minute instead of two with no loss of functionality, why not?
I don't know, I only learned that expression in English.
Not everything can be exactly translated to every language. For instance, English has no native word for the German "schadenfreude" and had to loan it.
Uh huh, sure, just like every lost fight is blamed on battlefield conditions while a win magically legitimizes X, Y, or Z all by itself. Funny how that works. Be real here. Failed implementations are just as important as the successful ones, for different reasons.
Have you've ever seen somewhere the release of some game or other program to be trumpeted as a success of the closed source development model?
Of course not. The development methodology alone doesn't mean as much for the success of a project as the people behind it. The best idea means nothing if you don't have the resources or knowledge to execute it.
NONE of these things came to fruition by accident buddy. The good, bad, and ugly details in how the came to be are very relevant.
Well, if you know, please do tell.
I also expect an explanation of why Google's team didn't have those problems.
The explanation is really very simple. OpenMoko started what was a good idea, but implemented it badly, by concentrating on the wrong thing, changing the course of development several times, and using the wrong hardware. That doesn't go well regardless of development platform or philosophy.
Google on the other hand, had a good team, and plenty resources to back them up.
BTW, to keep mods on their toes, the GPL IS VIRAL. That is the intent, to further spread the GPL (I mean OSS), you fuckwits. Does it jive with commercial software development? Not really. Is commercial development important to consumers? YES. If there are no consumers of OSS, is it relevant? NO.
Yawn. There's plenty consumers of OSS. For instance, I worked on credit card payment gateways, and point of sale software. That stuff runs on Linux, talks to a Linux server in the shop, which then talks to yet more Linux servers in a datacenter.
It's mostly written in C and shell script, compiled with GNU make and gcc, with source kept in cvs and subversion, and for a large part typed in vim or emacs.
Funny thing that assertion of that the GPL is viral didn't worry any of those companies in the slightest. I'm talking about large chains of supermarkets here, for instance.
Every time you buy something at a supermarket, there are good chances that a Linux box is involved in processing your purchase, handling the payment for it, or both.
There's no such thing as "head of open source". Open Source is a very loose thing. It's like talking of the "head of atheism", or "head of capitalism".
There are important people in those movements who have a status of leadership of sorts, but there's by no means an unanimous agreement on who those are. For each of those "leaders" there are many who think they they're right, and many who think they're full of it.
Open Source's inability to deliver any sort of consumer-level device that isn't an expensive, misfunctioning joke should be a source of considerable concern to anybody who cares about the future of FOSS.
Open Source doesn't deliver anything. It's a concept, like say, capitalism or democracy. People (or a company) are the ones that deliver in this case, and the ones who have failed.
In fact I see the relevance of open source at all in this case. Whether the code is open or not, it still doesn't change the fact that the hardware was old, and had huge stability problems. If it was simply the problem of that the available code wasn't good enough, the device could easily have been reflashed with something better. But that wouldn't have fixed some of the very important problems anyway.
I would have bought it, if not for that. A phone with about a day worth of battery, which can't be charged if it discharges completely is unacceptable. Especially for a very experimental product made to be tinkered with.
Ha. You live in a strange world if you think giving something a name will suddenly make it popular. For a week, maybe. Then everybody will forget about it.
The reason space isn't as popular as it used to be is that nothing interesting is being done. Back when it got started it was very exciting. America vs the USSR. Things that had never been done before, being done with machines built on monumental scales. Lots of risk and danger, but lots of potential fame and prestige.
Now? Things got stuck. Companies launch satellites into orbit regularly. The space station has been in orbit for quite some time. People go up there to do experiments that are of little interest to most people. Nothing groundbreaking seems to be worked on. Hell, the "lock several people into a small capsule to see how a mission to Mars would go" experiment seems more exciting than experimenting with worms at the space station. The first is much easier and low tech than the second, but at least there's a big and worthy goal in sight, which is a lot more interesting than shuffling stuff between ground and orbit.
I don't know, Wikipedia has its problems, but it's certainly useful.
In comparison, nobody outside America knows who this Colbert guy is, and why would anybody care that something got named after him. In fact I had to go to Wikipedia to get an idea of who Colbert is.
Paraphrasing a book (forget the name), if you took a dog and made its brain 1000 times faster, all you'd get is a dog that needs 1/1000th of the time to decide whether to sniff your crotch.
Thinking faster would certainly be very useful, but it may not necessarily mean that the output will be of a higher quality.
Microsoft doesn't have anything about open source actually. They're perfectly fine with the BSD for instance, which they can incorporate in their products. They're also fine with their own "shared source" deal, which goes from "non commercial" to "you can only look at it".
What MS really despises is the GPL. They can't use it, and can't buy the source out in many cases. Of course they could technically use it, but they could apply the "embrace and extend" tactics, and would have to give out any improvements.
They're trying to make it so that not paying won't be an option. You'll be paying a tax to the RIAA whether you buy/download any music or not.
More than that, they don't promise anything in exchange. This isn't a "pay a tax as a compensation for filesharing", it's "pay a tax, and we still will get you disconnected/sued if we catch you". So it's not even clear what exactly is this payment for.
I'm saying this scenario is easy to protect against.
Flash chip has a "write enable" pin. Connect that to a pin on say, the chipset. This pin would start in the "write enabled" on boot, but be implemented, on the hardware level, in such a way that once write is disabled, it can't be reenabled by any software manipulation and a complete reset is the only way.
So, BIOS starts in "write enabled" position, does whatever BIOSes do, and turns write off before starting the OS boot.
Then it won't matter what code is in the BIOS, you can execute it all you want, it won't write anyway.
I don't know if any boards work this way, but it should be absolutely trivial to implement.
If something managed to patch your BIOS, you're already screwed, no SMM trickery needed. It can already do whatever it wants when the BIOS code runs (power management?)
Or maybe it's a man who decided to have sex reassignment surgery.
Though I fail what relevance does that have to security research. There's something with a working brain finding security issues. Whether it's a man, woman, woman that used to be a man, a dog or a machine seems very unimportant to me.
Well, unlike most people in this discussion you actually seem to be informed.
That's certainly interesting to know.
The one and only real way to protect the flash is to have a jumper that actually disconnects the write enable line in hardware. Practically no motherboards seem to take that approach.
Wouldn't it be pretty easy in hardware to have a line that starts in the "flash write enabled" state on boot, but once set to disabled absolutely refuses to turn back on?
A silly statement. Of course I want to be able to remove everything without throwing the chip away. Did you actually read the paper carefully? It's impossible to tell what is running in SMM and so you can never remove or know that the exploit even exists on your chip. Well, unless you want to physically look at the firmware on it with a probe.
I read it, and my understanding is different from that of your. Here's mine:
At boot time (probably) the BIOS initializes an area of RAM for SMM purposes. This area is made inaccessible to the OS. When a SM interrupt is triggered, the CPU saves state, jumps to the SMM code, does its magic, and then continues what it was doing.
This is completely out of the OS' control, and the OS never knows when this happens, can't trigger it on its own, doesn't know what's it doing, and can't read the memory used for this. It can only hope it won't change anything under the OS that will make things break. The exploit breaks this protection and patches the code that runs in SMM.
Nowhere I see any references to that this is anything on the chip. It's simply a higher level of access, above the OS, similar to a hypervisor. Plain normal RAM is used.
The reaon for the reference to a logic probe is that you can't see this from within the OS, since it's less privileged and has no access or control over the SMM code. But that doesn't mean there's some magic area within the CPU that retains state. It's plain RAM, with access controls. And this trick described in the paper must be redone every time the box boots.
My understanding is that "SMM space" refers to an area of memory even the OS kernel can't access, but doesn't mean it's anything that persists across reboots.
If I got it correctly, an userspace app can't write to kernel memory, and the kernel can't write to SMM memory, but it's RAM all the same, and located on the RAM modules plugged into the motherboard and not any particularly special place.
My motherboard seems to be on the right track -- it's possible to flash the BIOS from the BIOS. So there's no need to allow write access at any other moment.
Motherboards seem to come configured to forbid flashing by default, too.
The exploit talks about modifying SMRAM. It's done with root level access on the computer. And in my understanding, the effect is not permanent, since you're changing RAM. Reboot, and it'll be gone.
Now, once it's there, the OS can't have an antivirus scan that memory area. But that's it. If this thing persists across reboots, something has to put it back into the SMRAM, and you could find that something by booting a scanner from a CD, or reformatting the computer.
I don't see this as a particularly scary thing. Yes, it's nasty. But a virus could also disable antiviruses and patch the kernel to hide its presence for the same effect.
This is the same scaremongering as with the virtualization virus. Yes, it's a new way a virus can use to hide. But it's absolutely nothing new. Under DOS, viruses would trap DOS calls, and remove themselves from opened files, so that an antivirus trying to scan the file would see an uninfected one. Boot from a floppy, and none of that trickery will be active.
Below we describe how to exploit cache poisoning to get access to the SMRAM memory. We assume that the attacker has access to certain platform MSR registers. In practice this is equivalent to the attacker having administrator privileges on the target system, and on some systems, like e.g. Windows, also the ability to load and execute arbitrary kernel code.
If they can do that, your box is rooted already. The only difference seems to be that in this way it can hide in a place where the OS can't get at it. But IMO, if you're compromised you can't count on the compromised OS being able to remove everything malicious anyway.
Entropy happens. Complex systems break down, they don't get more (successfully) complex over time.
Sure they get more complex. Don't tell me you didn't get more complex since the moment you were born (when you were tiny and weighted about 3KG). You somehow managed to become bigger and more complex in a few years.
People talk about how "life adapts", then turn around and talk about the demonstrably opposite problems that the world faces - climate change, species becoming extinct, you can fill in the blanks.
"life adapts" isn't mutually exclusive with "species become extinct". Life adapts by those that are unfit dying and those fit persisting.
Some species, like giant pandas are dying out due to being quite fussy. Others, like raccoons, turned out to be very suited to scavenging from garbage cans.
You can't have it both ways, surely?
Sure we can. Take global warming. If the sea level rises enough, we'll have a New Orleans on every coastal city. Will life adapt to that? Sure. Will we as a species continue to exist? Yep. Will that be a pleasant situation? Hell, no.
Life will adapt indeed, but this adaption isn't necessarily a nice and convenient process. The way adaption works is that the things that fail to adapt die.
Slashdot Mirror
It probably comes from the earlier days, where people were using things like Pentium 1 machines with 32MB RAM, and had badly tuned distributions that offered to install everything.
The user, not really knowing what they wanted went with that option, expecting something like a complete Windows install. The result would be a machine that took 5 minutes from the moment the kernel started loading, due to loading apache, portmap, bind, NIS, and a whole lot of other things most people had no clue what they were for.
These days it's not near so bad, but I guess the geeky interest in optimizing everything to the max remains. And if the computer can boot in one minute instead of two with no loss of functionality, why not?
I don't know, I only learned that expression in English.
Not everything can be exactly translated to every language. For instance, English has no native word for the German "schadenfreude" and had to loan it.
Have you've ever seen somewhere the release of some game or other program to be trumpeted as a success of the closed source development model?
Of course not. The development methodology alone doesn't mean as much for the success of a project as the people behind it. The best idea means nothing if you don't have the resources or knowledge to execute it.
Well, if you know, please do tell.
I also expect an explanation of why Google's team didn't have those problems.
The explanation is really very simple. OpenMoko started what was a good idea, but implemented it badly, by concentrating on the wrong thing, changing the course of development several times, and using the wrong hardware. That doesn't go well regardless of development platform or philosophy.
Google on the other hand, had a good team, and plenty resources to back them up.
Yawn. There's plenty consumers of OSS. For instance, I worked on credit card payment gateways, and point of sale software. That stuff runs on Linux, talks to a Linux server in the shop, which then talks to yet more Linux servers in a datacenter.
It's mostly written in C and shell script, compiled with GNU make and gcc, with source kept in cvs and subversion, and for a large part typed in vim or emacs.
Funny thing that assertion of that the GPL is viral didn't worry any of those companies in the slightest. I'm talking about large chains of supermarkets here, for instance.
Every time you buy something at a supermarket, there are good chances that a Linux box is involved in processing your purchase, handling the payment for it, or both.
I have no clue, I'm not german.
There's no such thing as "head of open source". Open Source is a very loose thing. It's like talking of the "head of atheism", or "head of capitalism".
There are important people in those movements who have a status of leadership of sorts, but there's by no means an unanimous agreement on who those are. For each of those "leaders" there are many who think they they're right, and many who think they're full of it.
Open Source doesn't deliver anything. It's a concept, like say, capitalism or democracy. People (or a company) are the ones that deliver in this case, and the ones who have failed.
In fact I see the relevance of open source at all in this case. Whether the code is open or not, it still doesn't change the fact that the hardware was old, and had huge stability problems. If it was simply the problem of that the available code wasn't good enough, the device could easily have been reflashed with something better. But that wouldn't have fixed some of the very important problems anyway.
Same here.
I would have bought it, if not for that. A phone with about a day worth of battery, which can't be charged if it discharges completely is unacceptable. Especially for a very experimental product made to be tinkered with.
Ha. You live in a strange world if you think giving something a name will suddenly make it popular. For a week, maybe. Then everybody will forget about it.
The reason space isn't as popular as it used to be is that nothing interesting is being done. Back when it got started it was very exciting. America vs the USSR. Things that had never been done before, being done with machines built on monumental scales. Lots of risk and danger, but lots of potential fame and prestige.
Now? Things got stuck. Companies launch satellites into orbit regularly. The space station has been in orbit for quite some time. People go up there to do experiments that are of little interest to most people. Nothing groundbreaking seems to be worked on. Hell, the "lock several people into a small capsule to see how a mission to Mars would go" experiment seems more exciting than experimenting with worms at the space station. The first is much easier and low tech than the second, but at least there's a big and worthy goal in sight, which is a lot more interesting than shuffling stuff between ground and orbit.
I don't know, Wikipedia has its problems, but it's certainly useful.
In comparison, nobody outside America knows who this Colbert guy is, and why would anybody care that something got named after him. In fact I had to go to Wikipedia to get an idea of who Colbert is.
Paraphrasing a book (forget the name), if you took a dog and made its brain 1000 times faster, all you'd get is a dog that needs 1/1000th of the time to decide whether to sniff your crotch.
Thinking faster would certainly be very useful, but it may not necessarily mean that the output will be of a higher quality.
Definitely not.
Microsoft doesn't have anything about open source actually. They're perfectly fine with the BSD for instance, which they can incorporate in their products. They're also fine with their own "shared source" deal, which goes from "non commercial" to "you can only look at it".
What MS really despises is the GPL. They can't use it, and can't buy the source out in many cases. Of course they could technically use it, but they could apply the "embrace and extend" tactics, and would have to give out any improvements.
That was very sarcastic indeed. I'm in awe of your eloquence.
RTFA.
They're trying to make it so that not paying won't be an option. You'll be paying a tax to the RIAA whether you buy/download any music or not.
More than that, they don't promise anything in exchange. This isn't a "pay a tax as a compensation for filesharing", it's "pay a tax, and we still will get you disconnected/sued if we catch you". So it's not even clear what exactly is this payment for.
I'm saying this scenario is easy to protect against.
Flash chip has a "write enable" pin. Connect that to a pin on say, the chipset. This pin would start in the "write enabled" on boot, but be implemented, on the hardware level, in such a way that once write is disabled, it can't be reenabled by any software manipulation and a complete reset is the only way.
So, BIOS starts in "write enabled" position, does whatever BIOSes do, and turns write off before starting the OS boot.
Then it won't matter what code is in the BIOS, you can execute it all you want, it won't write anyway.
I don't know if any boards work this way, but it should be absolutely trivial to implement.
Still, the utility of all this seems limited.
If something managed to patch your BIOS, you're already screwed, no SMM trickery needed. It can already do whatever it wants when the BIOS code runs (power management?)
Or maybe it's a man who decided to have sex reassignment surgery.
Though I fail what relevance does that have to security research. There's something with a working brain finding security issues. Whether it's a man, woman, woman that used to be a man, a dog or a machine seems very unimportant to me.
What does that matter? SMM or not, that attack is already possible
Well, unlike most people in this discussion you actually seem to be informed.
That's certainly interesting to know.
Wouldn't it be pretty easy in hardware to have a line that starts in the "flash write enabled" state on boot, but once set to disabled absolutely refuses to turn back on?
I read it, and my understanding is different from that of your. Here's mine:
At boot time (probably) the BIOS initializes an area of RAM for SMM purposes. This area is made inaccessible to the OS. When a SM interrupt is triggered, the CPU saves state, jumps to the SMM code, does its magic, and then continues what it was doing.
This is completely out of the OS' control, and the OS never knows when this happens, can't trigger it on its own, doesn't know what's it doing, and can't read the memory used for this. It can only hope it won't change anything under the OS that will make things break. The exploit breaks this protection and patches the code that runs in SMM.
Nowhere I see any references to that this is anything on the chip. It's simply a higher level of access, above the OS, similar to a hypervisor. Plain normal RAM is used.
The reaon for the reference to a logic probe is that you can't see this from within the OS, since it's less privileged and has no access or control over the SMM code. But that doesn't mean there's some magic area within the CPU that retains state. It's plain RAM, with access controls. And this trick described in the paper must be redone every time the box boots.
My understanding is that "SMM space" refers to an area of memory even the OS kernel can't access, but doesn't mean it's anything that persists across reboots.
If I got it correctly, an userspace app can't write to kernel memory, and the kernel can't write to SMM memory, but it's RAM all the same, and located on the RAM modules plugged into the motherboard and not any particularly special place.
Where does it say that? I read the PDF, it talks about modifying RAM. RAM is cleared after a reboot.
Well, and why would the firmware allow a rewrite?
My motherboard seems to be on the right track -- it's possible to flash the BIOS from the BIOS. So there's no need to allow write access at any other moment.
Motherboards seem to come configured to forbid flashing by default, too.
And you fail at understanding.
The exploit talks about modifying SMRAM. It's done with root level access on the computer. And in my understanding, the effect is not permanent, since you're changing RAM. Reboot, and it'll be gone.
Now, once it's there, the OS can't have an antivirus scan that memory area. But that's it. If this thing persists across reboots, something has to put it back into the SMRAM, and you could find that something by booting a scanner from a CD, or reformatting the computer.
I don't see this as a particularly scary thing. Yes, it's nasty. But a virus could also disable antiviruses and patch the kernel to hide its presence for the same effect.
This is the same scaremongering as with the virtualization virus. Yes, it's a new way a virus can use to hide. But it's absolutely nothing new. Under DOS, viruses would trap DOS calls, and remove themselves from opened files, so that an antivirus trying to scan the file would see an uninfected one. Boot from a floppy, and none of that trickery will be active.
From the PDF:
If they can do that, your box is rooted already. The only difference seems to be that in this way it can hide in a place where the OS can't get at it. But IMO, if you're compromised you can't count on the compromised OS being able to remove everything malicious anyway.
Sure they get more complex. Don't tell me you didn't get more complex since the moment you were born (when you were tiny and weighted about 3KG). You somehow managed to become bigger and more complex in a few years.
"life adapts" isn't mutually exclusive with "species become extinct". Life adapts by those that are unfit dying and those fit persisting.
Some species, like giant pandas are dying out due to being quite fussy. Others, like raccoons, turned out to be very suited to scavenging from garbage cans.
Sure we can. Take global warming. If the sea level rises enough, we'll have a New Orleans on every coastal city. Will life adapt to that? Sure. Will we as a species continue to exist? Yep. Will that be a pleasant situation? Hell, no.
Life will adapt indeed, but this adaption isn't necessarily a nice and convenient process. The way adaption works is that the things that fail to adapt die.