[stoicShell]

The useful gist:

> "To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS)," explained Positive's Mark Ermolov.

> "However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time.

> "When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."

And this formidable response as usual:

> Intel says folks should install the firmware-level mitigations, "maintain physical possession of their platform," and "adopt best security practices by installing updates as soon as they become available and being continually vigilant to detect and prevent intrusions and exploitations."

When will it stop? How deep run the flaws in Intel's platform? Is AMD equally exposed?

[matheusmoreira]

> When this happens, utter chaos will reign.

Utter chaos? I don't think so.

> Hardware IDs will be forged

Seems like a victory for privacy. Who wants to be tracked via hardware IDs?

> digital content will be extracted

Any victory over DRM technology is a good thing. The only people shedding any tears will be those in the copyright industry.

> data from encrypted hard disks will be decrypted

People actually rely on proprietary hardware encryption? They should have learned the lesson when built-in SSD encryption turned out to be worthless.

[gruez]

>> Hardware IDs will be forged

>Seems like a victory for privacy. Who wants to be tracked via hardware IDs?

Those are probably not the hardware ids you're thinking about. They're the hardware ids used in trusted computing (eg. remote attestation, TPM sealing), not the ones used for fingerprinting.

>People actually rely on proprietary hardware encryption? They should have learned the lesson when built-in SSD encryption turned out to be worthless.

This is a very naive take on what's at stake. With disk encryption, there's the risk of an evil maid attack (where the attacker replaces the bootloader with a malicious one and intercepts your key next time it boots). One way of preventing this is by using trusted computing to ensure that the encryption keys are only released when the system is at a known good state (ie. bootloader hasn't been tampered with). This applies to both proprietary solutions (bitlocker) and free ones (tpm-luks).

[gowld]

Anybody who doesn't want their data copied will be shedding tears. Including anybody with private files.

You are more than welcome to decline to use DRM if you don't like it. Just don't expect people to give you copies of data they don't want shared by you.

[dependenttypes]

> Anybody who doesn't want their data copied will be shedding tears. Including anybody with private files.

FDE and things like OpenPGP are not broken by this.

> You are more than welcome to decline to use DRM if you don't like it

Or to try and break it.

[matheusmoreira]

> Anybody who doesn't want their data copied will be shedding tears.

"Their" data? What a ludicrous concept. It's analogous to saying people own numbers.

> Just don't expect people to give you copies of data they don't want shared by you.

I fully expect people to distribute "their" data far and wide to anybody who asks for it. That's what copyright is all about: giving people the illusion they're in control of what happens to that data.

The truth is only one copy of the data is needed. Once it's out there, there are no limits to what can be done with it.

[outworlder]

> "Their" data? What a ludicrous concept. It's analogous to saying people own numbers.

Oh. In that case, where have you posted your bank credentials?

[matheusmoreira]

I haven't posted them. The fact that data is private means I'm currently the only one in possession of it. It doesn't mean it's mine. Should they leak, the solution is to invalidate those credentials and get new ones, not to invoke copyright and try to get all copies off the internet.

[OrangeMango]

> "maintain physical possession of their platform"

That ship has sailed.

[SpicyLemonZest]

I think the average company should and does trust the physical security of Amazon's datacenters more than their own. If I had a nickel for every unvetted janitor allowed to clean an office alone near an easily pickable hardware closet...

[mysterydip]

What about physical possession before you own it? Will this potentially sour a used/refurbished market?

[rolph]

this is more about the chipset on the motherboard.

to backdoor this you need to saddle a chip or a connector onto the PCH chip and win the race to takeover the bus.

or if your intel and you send a firmware update to modify the ME behaviour /state.

it would be fairly suspect in most cases but if this was done at the factory, it would be hard to tell for most people.

What really matters is just how much of a target you might be for someone to take the effort to engage in what really amounts to industrial/corporate espianage.

[Bnshsysjab]

How far fetched would nation states performing this at airports be?

[rolph]

in socratic fashion...

how long does it take for a machine to be opened and booted up, and what sort of charade would be required to make the opportunity.

if someone flatout stole your laptop, how long would it take for you to notice its been replaced by a stand in? would someone have the opportunity to swap your real laptop back to you unnoticed?

and seriously it doesnt need to be a nation state that does this, as all you need to be capable of physically is to inject digital pulses into the bus crafting an exploit is where the skill comes in.

some people are motivated just by the opportunity to stir a pot.

[castratikron]

On the contrary it sounds like the secondhand market is going to be flooded with used laptops very soon...

[dexen]

>That ship has sailed.

Not in the least.

"Cloud" is merely the modern spin on "terminal in the office, mainframe at the HQ". We moved from terminals to local mini/microcomputers back then, and we will move from "cloud" to edge computing again. Notably, serverless and "installable web apps" are already a growing thing.

And no, Sun, the network is the computer will not come to pass during this cycle.

[yjftsjthsd-h]

>> That ship has sailed.

AWS makes up a massive fraction of the whole internet. That ship has absolutely not sailed. If your company doesn't own the mainframe, it doesn't control the hardware.

> And no, Sun, the network is the computer will not come to pass during this cycle.

... we are arguing about this via web browser. O365, Google docs, Dropbox, iCloud and company are common ways to work with documents, SaaS has been a wild success in business, and major players (no pun intended) are pushing game streaming. The network isn't the only computer, but for a lot of people it's the main one.

[dexen]

>If your company doesn't own the mainframe

The historical mainframes usually were rented from IBM and the likes. Less sunk investment, less reasons to stick with it.

>we are arguing about this via web browser

Which works equally well for remote AND local resources. Electron is popular for a reason.

All the centralized services - online Docs, Dropbox, Github etc., - are more subject to disruption and replacement than they would want you to believe.

SaaS has been a success in the same way "bring your own device" was a success - an end-run around the ossified, slow-moving and bureaucratic ICT department. It was nimble, fast and elastic; allowed for quick iteration and experimentation. Now that the SaaS is a big game, it's subject to the very same kind of disruption.

Take a look around, you'll see people using local Git repositories, and locally hosted web-based services to get shit done. Just to avoid the hassle of procurement & upkeep of big-name SaaS. Containers let you move the data & code to unmanaged iron where it's close to the user, instead of one big managed datacenter. SaaS and datacenter computing is not nimble anymore; local is nimble, and Google Stadia delivered the eulogy.

[bitwize]

> And no, Sun,

Now that's a ship that has sailed.

[gowld]

It's a sun that has set.

[wayoutthere]

> When will it stop? How deep run the flaws in Intel's platform? Is AMD equally exposed?

We're seeing the tide turn from x86 to ARM pretty quick in both the datacenter and laptop markets. AMD should come through relatively unscathed as they're pretty diversified, but Intel is fucked. Graviton2 (Amazon's proprietary ARM stack) absolutely crushes x86 from a $/performance perspective, and there are plenty of other companies building 80+ core ARM chips.

Combined with the persistent rumors that Apple is shifting the Mac to ARM along with Microsoft reviving ARM Windows are a pretty strong signal as to where the laptop / desktop market is headed too. x86 (and by extension Intel's platform) is definitely headed towards a more niche role in the computing landscape.

[anthk]

ARM is a joke on raw computing. Also, RISC-V will crush down ARM on servers once it begins to grow a little.

[wayoutthere]

ARM is shit compared to x86 for single-threaded computing; you're right about that. But ARM is great at the types of hypervisor-driven cloud workloads that most applications fit into. Most cloud workloads are limited by network latency far more than single-threaded performance.

x86 will still exist for high-performance workloads, and companies will happily pay a premium where they need it like they already do with GPU instances. But I do think we'll see the vast majority of cloud usage shift to ARM over the next 5 years. RISC-V may come in and replace it some time after that, but not without major cost advantages over both ARM and x86.

[fredgrott]

let's put this way Apple's redesign Mac laptop launch in 2021 is not using intel chips but their own chip