blobs are bad

classic Classic list List threaded Threaded
41 messages Options
123
Reply | Threaded
Open this post in threaded view
|

blobs are bad

Theo de Raadt
http://news.com.com/Exploit+code+released+for+Nvidia+flaw/2100-1002_3-6126846.html

I just wanted to say... "Told you so".

Quite amusing.

Of course we know this is not the last time this will happen.

More problems like this will be exposed, and it is my hope that
vendors who refuse to participate in the open communities will get
punished more firmly than open vendors.  I also hope that their
embedded^Husers feel the pain, so that one day they will stand beside
us when we ask for open documentaion.

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Nick Price-2
When I read that headline earlier today I thought to myself "I bet Theo will
be getting a chuckle from this when he reads it"

On 10/17/06, Theo de Raadt <[hidden email]> wrote:

>
>
> http://news.com.com/Exploit+code+released+for+Nvidia+flaw/2100-1002_3-6126846.html
>
> I just wanted to say... "Told you so".
>
> Quite amusing.
>
> Of course we know this is not the last time this will happen.
>
> More problems like this will be exposed, and it is my hope that
> vendors who refuse to participate in the open communities will get
> punished more firmly than open vendors.  I also hope that their
> embedded^Husers feel the pain, so that one day they will stand beside
> us when we ask for open documentaion.

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Jacob Yocom-Piatt
In reply to this post by Theo de Raadt
---- Original message ----

>Date: Tue, 17 Oct 2006 17:30:53 -0600
>From: Theo de Raadt <[hidden email]>  
>Subject: blobs are bad  
>To: [hidden email]
>
>More problems like this will be exposed, and it is my hope that
>vendors who refuse to participate in the open communities will get
>punished more firmly than open vendors.  I also hope that their
>embedded^Husers feel the pain, so that one day they will stand beside
>us when we ask for open documentaion.
>

feel the delightful pain!

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Sam Fourman Jr.
In reply to this post by Nick Price-2
Would this in anyway help the OpenBSD devlopers  ongoing campaign to
get documentation from Nvidia?

Sam Fourman Jr.

On 10/17/06, Nick Price <[hidden email]> wrote:

> When I read that headline earlier today I thought to myself "I bet Theo will
> be getting a chuckle from this when he reads it"
>
> On 10/17/06, Theo de Raadt <[hidden email]> wrote:
> >
> >
> > http://news.com.com/Exploit+code+released+for+Nvidia+flaw/2100-1002_3-6126846.html
> >
> > I just wanted to say... "Told you so".
> >
> > Quite amusing.
> >
> > Of course we know this is not the last time this will happen.
> >
> > More problems like this will be exposed, and it is my hope that
> > vendors who refuse to participate in the open communities will get
> > punished more firmly than open vendors.  I also hope that their
> > embedded^Husers feel the pain, so that one day they will stand beside
> > us when we ask for open documentaion.

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Craig Barraclough-2
> Would this in anyway help the OpenBSD devlopers  ongoing campaign to
> get documentation from Nvidia?
>

As I see it, the only way we are going to get documentation, is for it
to make economic sense for nVidia.
Cost of documentation / Perceived loss of IP ($) through documentation
(+ corporate inertia) must be less than the perceived damage to brand
through exploits, which must be less than the profit / brand recognition
/ loyalty from sales into Linux/BSD market.

$Docs < $Damage < $Sales

If that equation doesn't work out, they won't do anything.
--
Craig

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Henrik Enberg
In reply to this post by Sam Fourman Jr.
> Date: Tue, 17 Oct 2006 19:32:19 -0500
> From: "Sam Fourman Jr." <[hidden email]>
>
>> [Nvida exploit]
>
> Would this in anyway help the OpenBSD devlopers  ongoing campaign to
> get documentation from Nvidia?

Probably not, because a cursory glance at what the Linux community
thinks about this is that they feel it's a price worth paying for
oh-so-lickable dropshadows on your windows.  They won't be demanding
specs anytime soon.

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Theo de Raadt
In reply to this post by Craig Barraclough-2
> > Would this in anyway help the OpenBSD devlopers  ongoing campaign to
> > get documentation from Nvidia?
> >
>
> As I see it, the only way we are going to get documentation, is for it
> to make economic sense for nVidia.
> Cost of documentation / Perceived loss of IP ($) through documentation
> (+ corporate inertia) must be less than the perceived damage to brand
> through exploits, which must be less than the profit / brand recognition
> / loyalty from sales into Linux/BSD market.
>
> $Docs < $Damage < $Sales
>
> If that equation doesn't work out, they won't do anything.

Thanks for the lesson!  I guess we were dreaming every time some other
vendor was convinced to give us documentation!

But Craig, it's the same with women.  They'll only hang out with you
if they feel there is enough positive vibe in you.  And since you so
clearly show that you are a pessimist at heart, you're out of luck
too!

If you keep saying something good won't happen -- well then you can
bet it won't happen.

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Girish Venkatachalam-2
On Tue, Oct 17, 2006 at 08:22:23PM -0600, Theo de Raadt wrote:

> > As I see it, the only way we are going to get documentation, is for it
> > to make economic sense for nVidia.
> > Cost of documentation / Perceived loss of IP ($) through documentation
> > (+ corporate inertia) must be less than the perceived damage to brand
> > through exploits, which must be less than the profit / brand recognition
> > / loyalty from sales into Linux/BSD market.
> >
> > $Docs < $Damage < $Sales
> >
> > If that equation doesn't work out, they won't do anything.
>
> Thanks for the lesson!  I guess we were dreaming every time some other
> vendor was convinced to give us documentation!
>
> But Craig, it's the same with women.  They'll only hang out with you
> if they feel there is enough positive vibe in you.  And since you so
> clearly show that you are a pessimist at heart, you're out of luck
> too!
>
> If you keep saying something good won't happen -- well then you can
> bet it won't happen.

I don't get your point Theo.

One should be optimistic of course but also practical. Craig is both.

In fact most practical statements sound pessimistic, but not so in reality.

I am wondering if you agree with him or not!

Anyway I sincerely hope that hardware vendors start behaving sensibly...

Though I am also somewhat pessimistic about it. Unless forced to change these people simply won't understand what is good for them.

regards,
Girish

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Ingo Schwarze
In reply to this post by Theo de Raadt
Theo de Raadt wrote on Tue, Oct 17, 2006 at 05:30:53PM -0600:

> I just wanted to say... "Told you so".

After reading the Rapid7 exploit, i just wanted to make sure we
are not running this stuff.  Of course, none of our servers has
Nvidia graphics, but some of the workstations do.  And guess
what?  On about half of those, our Linux admins were running
Driver "nvidia" - obviouly, the long-standing unfixed bug didn't
really scare them enough.  <shudder>

Of course, we do not expose Linux workstations directly to the
Internet, but have a firewall in between.  Yet, this will of
course offer little protection against bugs of this class.  :-(

> Quite amusing.

You must be joking!!  ;-)

I just spent an hour ssh'ing from Linux box to Linux box,
editing XF86Configs and restarting X servers.  That's hardly
fun if the hardware configurations vary such that you must
decide for each case whether Driver "nv" or Driver "vesa"
is the way to go...

> Of course we know this is not the last time this will happen.

If only people would realize!

I just dropped a note to our internal Linux admin@ mailing list,
explaining how i fixed those of our workstations being vulnerable -
only to be asked the following question: But we will certainly
return to Driver "nvidia" as soon as Nvidia releases a fix for
this bug?  <shudder again>  This question got asked even though
i forwarded Linus' quote on blobs there - thanks again to the
guy who reminded us by reposting it here.

On the other hand, at least one of our Linux admins suggested
to call a meeting in order to rethink our strategy for purchasing
graphics cards, and in order to consider alternatives to Nvidia -
in particular alternatives so well documented that they allow
fully functional and truely open kernel level drivers.

[...]
> I also hope that their embedded^Husers feel the pain, so that one
> day they will stand beside us when we ask for open documentation.

Thank you kindly for your compassion; i do feel the pain, but little
do i enjoy it.  :-/

Apart from that, obviously, you are just right.

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Sam Fourman Jr.
In reply to this post by Henrik Enberg
Pardon me if my Knowledge is lacking, but is there actually *any*
video card vendor that would support Full 3D acceleration and *most*
of the stuff desktop users want?

Maybe the AMD / ATI merger will yield some results in the future, if i
am not mistaken AMD has been a *decent* company as far as docs go.


Sam Fourman Jr.


On 10/17/06, Henrik Enberg <[hidden email]> wrote:

> > Date: Tue, 17 Oct 2006 19:32:19 -0500
> > From: "Sam Fourman Jr." <[hidden email]>
> >
> >> [Nvida exploit]
> >
> > Would this in anyway help the OpenBSD devlopers  ongoing campaign to
> > get documentation from Nvidia?
>
> Probably not, because a cursory glance at what the Linux community
> thinks about this is that they feel it's a price worth paying for
> oh-so-lickable dropshadows on your windows.  They won't be demanding
> specs anytime soon.

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Nico Meijer
In reply to this post by Girish Venkatachalam-2
Hi Girish,

> > If you keep saying something good won't happen -- well then you can
> > bet it won't happen.
>
> I don't get your point Theo.

Search the net for "karma" and the "law of attraction". Perhaps that will
give you some insight in what -I think- Theo means.

HTH... Nico

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Eliah Kagan
On 10/18/06, Nico Meijer wrote:

> Hi Girish,
>
> > > If you keep saying something good won't happen -- well then you can
> > > bet it won't happen.
> >
> > I don't get your point Theo.
>
> Search the net for "karma" and the "law of attraction". Perhaps that will
> give you some insight in what -I think- Theo means.
>
> HTH... Nico

"Karma" and "the law of abstraction" are very abstract.

The more concrete analogy here is that confidence is an asset. In the
case of convincing vendors to support open source, the idea, I think,
is that if you proclaim that vendors who don't do so profit by failing
to do so, they will believe you.

On the other hand, suppose vendors who support open source only do so
because they believe that it profits them, and the only arguments they
take seriously are those involving their profit. This is at least
highly plausible. Should we then not say that because it's not
functionally useful to do so?

-Eliah

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Han Boetes
In reply to this post by Ingo Schwarze
Ingo Schwarze wrote:
> I just spent an hour ssh'ing from Linux box to Linux box,
> editing XF86Configs and restarting X servers.  That's hardly fun
> if the hardware configurations vary such that you must decide
> for each case whether Driver "nv" or Driver "vesa" is the way to
> go...

I hope you put a comment next to it which explains why people
should not put "nvidia" in there.

Because I bet there will be a lot of people who will miss features
and will look for the cause.

And then the module is still loaded and /dev/nvidia probably still
exists with permissions 666.



# Han

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Breen Ouellette
In reply to this post by Theo de Raadt
Theo de Raadt wrote:
> But Craig, it's the same with women. They'll only hang out with you
> if they feel there is enough positive vibe in you.  And since you so
> clearly show that you are a pessimist at heart, you're out of luck
> too!
>
> If you keep saying something good won't happen -- well then you can
> bet it won't happen.

Theo, you aren't planning on becoming a motivational speaker, are you?  ;)

Breeno

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Nico Meijer
In reply to this post by Eliah Kagan
Hi Eliah,

This discussion is starting to lean not to OpenBSD but life in
general. ;-)

> "Karma" and "the law of abstraction" are very abstract.

In my view, they are most certainly not. It's the law of attraction, btw,
not abstraction.

For instance:
http://en.wikipedia.org/wiki/Law_of_Attraction

Yes, there's a lot of New Age bullshit floating around. It's your choice
to look beyond that and see the practical implications of it.

> On the other hand, suppose vendors who support open source only do so
> because they believe that it profits them, and the only arguments they
> take seriously are those involving their profit. This is at least
> highly plausible. Should we then not say that because it's not
> functionally useful to do so?

I am assuming you mean "monetary gain" in respect to "shareholders" when
you talk of profit. Yes, that most certainly must be communicated. But
that was not what this part of the thread was heading towards and there
are other definitions of "profit" which are gaining momentum at this
point in time.

The bulk of the matter is, that if we, as OpenBSD's userbase for
instance, but also the free software community at large, keep on hammering
the fact that most vendors suck hairy moose balls, they will keep on
sucking hairy moose balls.

Theo said earlier:
> If you keep saying something good won't happen -- well then you can
> bet it won't happen.

That is the "Law of Attraction" in full swing right there.

HTH... Nico

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

mal content
On 18/10/06, Nico Meijer <[hidden email]> wrote:
>
> Yes, there's a lot of New Age bullshit floating around. It's your choice
> to look beyond that and see the practical implications of it.
>

They do tend to get everywhere, don't they...

MC

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Theo de Raadt
In reply to this post by Sam Fourman Jr.
> Pardon me if my Knowledge is lacking, but is there actually *any*
> video card vendor that would support Full 3D acceleration and *most*
> of the stuff desktop users want?

> Maybe the AMD / ATI merger will yield some results in the future, if i
> am not mistaken AMD has been a *decent* company as far as docs go.

AMD won't change a thing.

But the minute people who really want this stop being vendor-lickers
and engage the vendor, it will happen.

But first about 10-20% of the community have to learn to stop making
excuses for the vendor.

We are not fighting the chip makers.  We are really fighting the
OEMs who buy from them.

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Martin Schröder
In reply to this post by Sam Fourman Jr.
2006/10/18, Sam Fourman Jr. <[hidden email]>:
> Pardon me if my Knowledge is lacking, but is there actually *any*
> video card vendor that would support Full 3D acceleration and *most*
> of the stuff desktop users want?

Not really. Matrox is open, but the cards don't do DVI higher than
1280x1024. And ATI is as closed as NVIDIA, but the drivers are even
more broken.

Best
   Martin

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

Stuart Henderson
On 2006/10/18 13:40, Martin Schrvder wrote:
> Not really. Matrox is open, but the cards don't do DVI higher than
> 1280x1024.

They are not.

They used to be, but started closing some parts in the dualhead G550
era (istr some feature upgrade being sold as a software-only update
which may be the reasoning behind this; very annoying because otherwise
I'd be quite happy with Matrox G cards as they're stable, not too
power-hungry and fanless).

Parhelia/P650 range is closed.

Matrox G range is variable - main driver works well, but needs a blob
to use some features. One of those features appears to be init'ing
the DVI correctly if the monitor needs something setup differently to
how the card's BIOS does it (i.e. it is meant to work with some DVI
monitors but definitely does not work with all).

Reply | Threaded
Open this post in threaded view
|

Re: blobs are bad

ICMan
I have read this thread, and I don't get it.  Doesn't it benefit card
companies to have open source communities making their drivers better?  
They get free labour, a larger source of talent, and more stable
drivers.  Their driver developers can take ideas from ports of their
drivers to put into their own (aka Windows drivers) to make them more
efficient and stable.  It provides a learning pool for their own
developers, who can now openly participate in the community.  And
finally, it makes happy customers.  Happy customers means more sales =
more revenue.

Are they worries that competitors will learn about the inner workings of
their cards, and they will loose competitive advantage?  Isn't their
competitive advantage in their ability to continuously innovate?  
Drivers have little to do with that.  Besides, if a competitor is trying
to reverse engineer last months version of your card, you are pulling
ahead with your next rev, which is already built on your previous good
works.

I just don't understand their arguments.

ICMan

Stuart Henderson wrote:

>On 2006/10/18 13:40, Martin Schrvder wrote:
>  
>
>>Not really. Matrox is open, but the cards don't do DVI higher than
>>1280x1024.
>>    
>>
>
>They are not.
>
>They used to be, but started closing some parts in the dualhead G550
>era (istr some feature upgrade being sold as a software-only update
>which may be the reasoning behind this; very annoying because otherwise
>I'd be quite happy with Matrox G cards as they're stable, not too
>power-hungry and fanless).
>
>Parhelia/P650 range is closed.
>
>Matrox G range is variable - main driver works well, but needs a blob
>to use some features. One of those features appears to be init'ing
>the DVI correctly if the monitor needs something setup differently to
>how the card's BIOS does it (i.e. it is meant to work with some DVI
>monitors but definitely does not work with all).

123