Sunday, 09 January 2022
11:07 PM
Dirk Eddelbuettel: Rblpapi 0.3.13: Some Fixes and Documentation [Planet Debian] 11:07 PM, Sunday, 09 January 2022 12:40 AM, Monday, 10 January 2022
A new version, now at 0.3.13, of the Rblpapi package just arrived at CRAN. Rblpapi provides a direct interface between R and the Bloomberg Terminal via the C++ API provided by Bloomberg (but note that a valid Bloomberg license and installation is required).
This is the thirteenth release since the package first appeared on CRAN in 2016. It comprises the PRs from three different contributors (with special thanks once again to Michael Kerber), and extends test and documentation, and extends two function interfaces to control explicitly whether returned lists of length one should be simplified.
The list of changes follow below.
Changes in Rblpapi version 0.3.13 (2022-01-09)
Courtesy of my CRANberries, there is also a diffstat report for the this release. As always, more detailed information is on the Rblpapi page. Questions, comments etc should go to the issue tickets system at the GitHub repo.
If you like this or other open-source work I do, you can now sponsor me at GitHub.
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.
10:46 PM
Eertree: Palindromic Tree [blogs.perl.org] 10:46 PM, Sunday, 09 January 2022 03:00 AM, Monday, 10 January 2022
The Weekly Challenge 145
The Task 2 of the Weekly Challenge #145 asked us to build a Palindromic Tree. It also linked to a blog post explaining the "Eertree" data structure.
Maybe it was just me, but I found the blog post confusing. Fortunately, it further linked to a scientific paper that introduced the structure around 2014.
I spent several evenings of the Christmas holidays wrapping my
head around the description of the algorithm to efficiently build
the graph. Most of it is described in the proof of
Proposition 2, but some parts are rather laconic. I
wasn’t able to implement the creation of a suffix link from
P where |P| > 1. The article says:
…just continue traversing suffix-palindromes ofTstarting with the suffix link ofQ.
My implementation passed all the test cases from the Challenge, but I was able to find counter examples (e.g. the string “xabcxc”) for which the implementation didn’t work correctly. I clearly had no idea what “continue traversing” meant, even though I had implemented the traversing up to the moment correctly.
In the end, I noticed the blog post had a reply (kind of hidden in the UI) which (when clicked to reveal the full text) showed a link to a Python implementation. From that I was able to understand the logic and finish my implementation.
Rosetta Code
Once finished, I checked fellow challengers’ solutions. To my surprise, someone just copied the solution from Rosetta Code:
for $n (1 .. length($str)) {
for $m (1 .. length($str)) {
$strrev = "";
$strpal = substr($str, $n-1, $m);
if ($strpal ne "") {
for $p (reverse 1 .. length($strpal)) {
$strrev .= substr($strpal, $p-1, 1);
}
($strpal eq $strrev) and push @pal, $strpal;
}
}
}
print join ' ', grep {not $seen{$_}++} @pal, "\n";My solution had about 100 lines. I’d spent hours working on it, to only discover this short and easy implementation!
“Wait,” thought I to myself, “this is cheating. The Rosetta Code solution just lists all the palindromes, it doesn’t really construct the structure. And the structure was interesting because it was efficient. Maybe my solution is at least faster when it’s not shorter.”
And that’s actually true. For longer strings (more than 12 characters) my solution starts beating the Rosetta Code one, and for 25 characters it’s already 3.5× faster.
You can find my solution on GitHub. As there’s no Eertree module on CPAN (at least the search doesn’t return anything) I might end up uploading it there, but it needs some polishing before it’s ready.
Update: String::Eertree.
09:30 PM
Louis-Philippe Véronneau: Grading using the Wacom Intuos S [Planet Debian] 09:30 PM, Sunday, 09 January 2022 10:00 PM, Sunday, 09 January 2022
I've been teaching economics for a few semesters already and, slowly but surely, I'm starting to get the hang of it. Having to deal with teaching remotely hasn't been easy though and I'm really hoping the winter semester will be in-person again.
Although I worked way too much last semester1, I somehow managed to transition to using a graphics tablet. I bought a Wacom Intuos S tablet (model CTL-4100) in late August 2021 and overall, I have been very happy with it. Wacom Canada offers a small discount for teachers and I ended up paying 115 CAD (~90 USD) for the tablet, an overall very reasonable price.
Unsurprisingly, the Wacom support on Linux is very good and my tablet worked out of the box. The only real problem I had was by default, the tablet sometimes boots up in Android mode, making it unusable. This is easily solved by pressing down on the pad's first and last buttons for a few seconds, until the LED turns white.
The included stylus came with hard plastic nibs, but I find them too slippery. I eventually purchased hard felt nibs, which increase the friction and makes for a more paper-like experience. They are a little less durable, but I wrote quite a fair bit and still haven't gone through a single one yet.
Learning curve
Learning how to use a graphical tablet took me at least a few weeks! When writing on a sheet of paper, the eyes see what the hand writes directly. This is not the case when using a graphical tablet: you are writing on a surface and see the result on your screen, a completely different surface. This dissociation takes a bit of practise to master, but after going through more than 300 pages of notes, it now feels perfectly normal.
Here is a side-by-side comparison of my very average hand-writing2:
- on paper
- using the tablet, the first week
- using the tablet, after a couple of months
I still prefer the result of writing on paper, but I think this
is mostly due to me not using the pressure sensitivity feature. The
support in xournal wasn't great, but now that I've
tried it in xournalpp (more on this below), I think I
will be enabling it in the future. The result on paper is also more
consistent, but I trust my skills will improve over time.
Use case
The first use case I have for the tablet is grading papers. I've been asking my students to submit their papers via Moodle for a few semesters already, but until now, I was grading them using PDF comments. The experience wasn't great3 and was rather slow compared to grading physical copies.
I'm also a somewhat old-school teacher: I refuse to teach using slides. Death by PowerPoint is real. I write on the blackboard a lot4 and I find it much easier to prepare my notes by hand than by typing them, as the end result is closer to what I actually end up writing down on the board.
Writing notes by hand on sheets of paper is a chore too, especially when you revisit the same materiel regularly. Being able to handwrite digital notes gives me a lot more flexibility and it's been great.
So far, I have been using xournal to write notes
and grade papers, and although it is OK, it has a bunch of quirks I
dislike. I was waiting for xournalpp to be packaged in
Debian, and it now is5!
I'm looking forward to using it next semester.
Towards a better computer monitor
I have also been feeling the age of my current computer monitor. I am currently using an old 32" 1080p TV from LG and up until now, I had been able to deal with the drawbacks. The colors are pretty bad and 1080p for such a large display isn't great, but I got used to it.
What I really noticed when I started using my graphics tablet was the input lag. It's bad enough that there's a clear jello effect when writing and it eventually gives me a headache. It's so bad I usually prefer to work on my laptop, which has a nicer but noticeably smaller panel.
I'm currently looking to replace this aging TV6 by something more modern. I have been waiting out since I would like to buy something that will last me another 10 years if possible. Sadly, 32" high refresh rate 4K monitors aren't exactly there yet and I haven't found anything matching my criteria. I would probably also need a new GPU, something that is not easy to come by these days.
-
I worked at two colleges at the same time, teaching 2 different classes (one of which I was giving for the first time...) to 6 groups in total. I averaged more than 60h per week for sure. ↩
-
Yes, I only write in small caps. Students love it, as it's much easier to read on the blackboard. ↩
-
Although most PDF readers support displaying comments, some of my more clueless students still had trouble seeing them and I had to play tech support more than I wanted. ↩
-
Unsurprisingly, my students also love it. One of the most common feedback I get at the end of the semester is they hate slides too and are very happy I'm one of the few teachers who writes on the board. ↩
-
Many thanks to Barak A. Pearlmutter for maintaining this package. ↩
-
It dates back from 2010, when my mom replaced our old CRT by a flat screen. FullHD TVs were getting affordable and I wasn't sad to see our tiny 20-something inches TV go. I eventually ended up with the LG flatscreen a few years later when I moved out in my first apartment and my mom got something better. ↩
07:20 AM
Russell Coker: Video Conferencing (LCA) [Planet Debian] 07:20 AM, Sunday, 09 January 2022 08:40 AM, Sunday, 09 January 2022
I’ve just done a tech check for my LCA lecture. I had initially planned to do what I had done before and use my phone for recording audio and video and my PC for other stuff. The problem is that I wanted to get an external microphone going and plugging in a USB microphone turned off the speaker in the phone (it seemed to direct audio to a non-existent USB audio output). I tried using bluetooth headphones with the USB microphone and that didn’t work. Eventually a viable option seemed to be using USB headphones on my PC with the phone for camera and microphone. Then it turned out that my phone (Huawei Mate 10 Pro) didn’t support resolutions higher than VGA with Chrome (it didn’t have the “advanced” settings menu to select resolution), this is probably an issue of Android build features. So the best option is to use a webcam on the PC, I was recommended a Logitech C922 but OfficeWorks only has a Logitech C920 which is apparently OK.
The free connection test from freeconference.com [1] is good for testing out how your browser works for videoconferencing. It tests each feature separately and is easy to run.
After buying the C920 webcam I found that it sometimes worked and sometimes caused a kernel panic like the following (partial panic log included for the benefit of people Googling this Logitech C920 problem):
[95457.805417] BUG: kernel NULL pointer dereference, address: 0000000000000000 [95457.805424] #PF: supervisor read access in kernel mode [95457.805426] #PF: error_code(0x0000) - not-present page [95457.805429] PGD 0 P4D 0 [95457.805431] Oops: 0000 [#1] SMP PTI [95457.805435] CPU: 2 PID: 75486 Comm: v4l2src0:src Not tainted 5.15.0-2-amd64 #1 Debian 5.15.5-2 [95457.805438] Hardware name: HP ProLiant ML110 Gen9/ProLiant ML110 Gen9, BIOS P99 02/17/2017 [95457.805440] RIP: 0010:usb_ifnum_to_if+0x3a/0x50 [usbcore] ... [95457.805481] Call Trace: [95457.805484] [95457.805485] usb_hcd_alloc_bandwidth+0x23d/0x360 [usbcore] [95457.805507] usb_set_interface+0x127/0x350 [usbcore] [95457.805525] uvc_video_start_transfer+0x19c/0x4f0 [uvcvideo] [95457.805532] uvc_video_start_streaming+0x7b/0xd0 [uvcvideo] [95457.805538] uvc_start_streaming+0x2d/0xf0 [uvcvideo] [95457.805543] vb2_start_streaming+0x63/0x100 [videobuf2_common] [95457.805550] vb2_core_streamon+0x54/0xb0 [videobuf2_common] [95457.805555] uvc_queue_streamon+0x2a/0x40 [uvcvideo] [95457.805560] uvc_ioctl_streamon+0x3a/0x60 [uvcvideo] [95457.805566] __video_do_ioctl+0x39b/0x3d0 [videodev]
It turns out that Ubuntu Launchpad bug #1827452 has great information on this problem [2]. Apparently if the device decides it doesn’t have enough power then it will reconnect and get a different USB bus device number and this often happens when the kernel is initialising it. There’s a race condition in the kernel code in which the code to initialise the device won’t realise that the device has been detached and will dereference a NULL pointer and then mess up other things in USB device management. The end result for me is that all USB devices become unusable in this situation, commands like “lsusb” hang, and a regular shutdown/reboot hangs because it can’t kill the user session because something is blocked on USB.
One of the comments on the Launchpad bug is that a powered USB hub can alleviate the problem while a USB extension cable (which I had been using) can exacerbate it. Officeworks currently advertises only one powered USB hub, it’s described as “USB 3” but also “maximum speed 480 Mbps” (USB 2 speed). So basically they are selling a USB 2 hub for 4* the price that USB 2 hubs used to sell for.
When debugging this I used the “cheese” webcam utility program and ran it in a KVM virtual machine. The KVM parameters “-device qemu-xhci -usb -device usb-host,hostbus=1,hostaddr=2” (where 1 and 2 are replaced by the Bus and Device numbers from “lsusb”) allow the USB device to be passed through to the VM. Doing this meant that I didn’t have to reboot my PC every time a webcam test failed.
For audio I’m using the Sades Wand gaming headset I wrote about previously [3].
06:00 AM
François Marier: Removing an alias/domain from a Let's Encrypt certificate managed by certbot [Planet Debian] 06:00 AM, Sunday, 09 January 2022 06:40 AM, Sunday, 09 January 2022
I recently got an error during a certbot renewal:
Challenge failed for domain echo.fmarier.org
Failed to renew certificate jabber-gw.fmarier.org with error: Some challenges have failed.
The following renewals failed:
/etc/letsencrypt/live/jabber-gw.fmarier.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
due to the fact that I had removed the DNS entry for
echo.fmarier.org.
I tried to find a way to remove that name from the certificate before renewing it, but it seems like the only way to do it is to create a new certificate without that alternative name.
First, I looked for the domains included in the certificate:
$ certbot certificates
...
Certificate Name: jabber-gw.fmarier.org
Serial Number: 31485424904a33fb2ab43ab174b4b146512
Key Type: RSA
Domains: jabber-gw.fmarier.org echo.fmarier.org fmarier.org
Expiry Date: 2022-01-04 05:28:57+00:00 (VALID: 29 days)
Certificate Path: /etc/letsencrypt/live/jabber-gw.fmarier.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/jabber-gw.fmarier.org/privkey.pem
Then, deleted the existing certificate:
$ certbot delete jabber-gw.fmarier.org
and finally created a new certificate with all other names except for the obsolete one:
$ certbot certonly -d jabber-gw.fmarier.org -d fmarier.org --duplicate
03:19 AM
Russ Allbery: Review: Redemptor [Planet Debian] 03:19 AM, Sunday, 09 January 2022 04:00 AM, Sunday, 09 January 2022
Review: Redemptor, by Jordan Ifueko
| Series: | Raybearer #2 |
| Publisher: | Amulet Books |
| Copyright: | 2021 |
| ISBN: | 1-68335-720-5 |
| Format: | Kindle |
| Pages: | 328 |
Redemptor is the second half of a duology that started with Raybearer. You could read the first book without the second, but reading the second without the first will not make much sense. I'm going to be a bit elliptical in my plot description since there's a lot of potential for spoilers for the first book.
Tarisai has reached a point of stability and power, but she's also committed herself to a goal, one that will right a great historical and ongoing injustice. She's also now in a position to both notice and potentially correct numerous other injustices in the structure of her society, and plans to start by defending those closest to her. But in the midst of her opening gambit to save someone she believes is unjustly imprisoned, the first murderous undead child appears, attacking both Tarisai's fragile sense of security and her self-esteem and self-worth. Before long, she's drowning in feelings of inadequacy and isolation, and her grand plans for reordering the world have turned into an anxiety loop of self-flagellating burnout.
I so much wanted to like this book. Argh.
I think I see what Ifueko was aiming for, and it's a worthy topic for a novel. In Raybearer, Tarisai got the sort of life that she previously could only imagine, but she's also the sort of person who shoulders massive obligations. Imposter syndrome, anxiety, overwork, and burnout are realistic risks, and are also important topics to write about. There are some nicely subtle touches buried in this story, such as the desire of her chosen family to have her present and happy without entirely understanding why she isn't, and without seeing the urgency that she sees in the world's injustice. The balancing act of being effective without overwhelming oneself is nearly impossible, and Tarisai has very little preparation or knowledgeable support.
But this story is told with the subtlety of a sledgehammer, and in a way that felt forced rather than arising naturally from the characters. If the point of emphasis had been a disagreement with her closest circle over when and how much the world should be changed, I think this would be a better book. In the places where this drives the plot, it is a better book. But Ifueko instead externalizes anxiety and depression in the form of obviously manipulative demonic undead children who (mostly) only Tarisai can see, and it's just way too much. Her reactions are manipulated and sometimes externally imposed in a way that turns what should have been a character vs. self plot into a character vs. character plot in which the protagonist is very obviously making bad decisions and the antagonist is an uninteresting cliche.
The largest problem I had with this book is that I found it thuddingly obvious, in part because the plot felt like it was on narrowly constrained rails to ensure it hit all of the required stops. When the characters didn't want the plot to go somewhere, they're sidelined, written out of the story, or otherwise forcibly overridden. Tarisai has to feel isolated, so all the people who, according to the events of the previous book and the established world-building rules, would not let her be isolated are pushed out of her life. When this breaks the rules of magic in this world, those rules are off-handedly altered. Characters that could have had their own growth arcs after Raybearer become static and less interesting, since there's no room for them in the plot. Instead, we get all new characters, which gives Redemptor a bit of a cast size problem.
Underneath this, there is an occasional flash of great writing. Ifueko chooses to introduce a dozen mostly-new characters to an already large cast and I was still able to mostly keep them straight, which shows real authorial skill. She is very good with short bursts of characterization to make new characters feel fresh and interesting. Even the most irritating of the new characters (Crocodile, whose surprise twist I thought was obvious and predictable) is an interesting archetype to explore in a book about activism and activist burnout. I can see some pieces of a better book here. But I desperately wanted something to surprise me, for Tarisai or one of the other characters to take the plot in some totally unexpected direction the way that Raybearer did. It never happened.
That leads directly to another complaint: I liked Raybearer in part because of the freshness of a different mythological system and a different storytelling tradition than what we typically get in fantasy novels. I was hoping for more of the same in Redemptor, which meant I was disappointed when I got a mix of Christianity and Greek mythology.
As advertised by Raybearer, the central mythological crisis of Redemptor concerns the Underworld. This doesn't happen until about 80% into the book (which is also a bit of a problem; the ending felt rushed given how central it was to the plot), so I can't talk about it in detail without spoiling it. But what I think I can say is that unfortunately the religious connotations of the title are not an accident. Rather than something novel that builds on the excellent idea of the emi-ehran spirit animal, there is a lot of Christ symbolism mixed with an underworld that could have come from an Orpheus retelling. There's nothing inherently wrong with this (although the Christian bits landed poorly for me), but it wasn't what I was hoping for from the mythology of this world.
I rarely talk much about the authors in fiction reviews. I prefer to let books stand on their own without trying too hard to divine the author's original intentions. But here, I think it's worth acknowledging Ifueko's afterword in which she says that writing Redemptor in the middle of a pandemic, major depression, and the George Floyd protests was the most difficult thing she'd ever done. I've seen authors write similar things in afterwords when the effect on the book was minimal or invisible, but I don't think that was the case here. Redemptor is furious, anxious, depressed, and at points despairing, and while it's okay for novels to be all of those things when it's under the author's control, here they felt like emotions that were imposed on the story from outside.
Raybearer was an adventure story about found family and ethics that happened to involve a lot of politics. Redemptor is a story about political activism and governance, but written in a universe whose bones are set up for an adventure story. The mismatch bothered me throughout; not only did these not feel like the right characters to tell this story with, but the politics were too simple, too morally clear-cut, and too amenable to easy solutions for a good political fantasy. Raybearer focused its political attention on colonialism. That's a deep enough topic by itself to support a duology (or more), but Redemptor adds in property rights, land reform, economic and social disparity, unfair magical systems, and a grab bag of other issues, and it overwhelms the plot. There isn't space and time to support solutions with sufficient complexity to satisfyingly address the problems. Ifueko falls back on benevolent dictator solutions, and I understand why, but that's not the path to a satisfying resolution in an overtly political fantasy.
This is the sort of sequel that leaves me wondering if I can recommend reading the first book and not the second, and that makes me sad. Redemptor is not without its occasional flashes of brilliance, but I did not have fun reading this book and I can't recommend the experience. That said, I think this is a book problem, not an author problem; I will happily read Ifueko's next novel, and I suspect it will be much better.
Rating: 5 out of 10
12:59 AM
Matthew Garrett: Pluton is not (currently) a threat to software freedom [Planet Debian] 12:59 AM, Sunday, 09 January 2022 04:00 AM, Sunday, 09 January 2022
At CES this week, Lenovo
announced that their new Z-series laptops would ship with AMD
processors that incorporate Microsoft's
Pluton security chip. There's a fair degree of cynicism around
whether Microsoft have the interests of the industry as a whole at
heart or not, so unsurprisingly people have voiced concerns about
Pluton allowing for platform lock-in and future devices no longer
booting non-Windows operating systems. Based on what we currently
know, I think those concerns are understandable but misplaced.
But first it's helpful to know what Pluton actually is,
and that's hard because Microsoft haven't actually provided much in
the way of technical detail. The best I've found is a discussion of
Pluton in
the context of Azure Sphere, Microsoft's IoT security platform.
This, in association with the block diagrams on page 12 and 13 of
this slidedeck, suggest that Pluton is a general purpose
security processor in a similar vein to Google's
Titan chip. It has a relatively low powered CPU core, an RNG,
and various hardware cryptography engines - there's nothing
terribly surprising here, and it's pretty much the same set of
components that you'd find in a standard Trusted Platform Module of
the sort shipped in pretty much every modern x86 PC. But unlike
Titan, Pluton seems to have been designed with the explicit goal of
being incorporated into other chips, rather than being a standalone
component. In the Azure Sphere case, we see it directly
incorporated into a Mediatek chip. In the Xbox Series devices, it's
incorporated into the SoC. And now, we're seeing it arrive on
general purpose AMD CPUs.
Microsoft's
announcement says that Pluton can be shipped in three
configurations:as the Trusted Platform Module; as a security
processor used for non-TPM scenarios like platform resiliency; or
OEMs can choose to ship with Pluton turned off
. What we're
likely to see to begin with is the former - Pluton will run
firmware that exposes a Trusted Computing Group
compatible TPM interface. This is almost identical to the status
quo. Microsoft have required that all Windows certified hardware
ship with a TPM for years now, but for cost reasons this is often
not in the form of a separate hardware component. Instead, both
Intel and AMD provide support for running the TPM stack on a
component separate from the main execution cores on the system -
for Intel, this TPM code runs on the Management Engine integrated
into the chipset, and for AMD on the Platform Security Processor
that's integrated into the CPU package itself.
So in this respect, Pluton changes very little; the only difference
is that the TPM code is running on hardware dedicated to that
purpose, rather than alongside other code. Importantly, in this
mode Pluton will not do anything unless the system firmware or OS
ask it to. Pluton cannot independently block the execution of any
other code - it knows nothing about the code the CPU is executing
unless explicitly told about it. What the OS can certainly do is
ask Pluton to verify a signature before executing code, but the OS
could also just verify that signature itself. Windows can already
be configured to reject software that doesn't have a valid
signature. If Microsoft wanted to enforce that they could just
change the default today, there's no need to wait until everyone
has hardware with Pluton built-in.
The two things that seem to cause people concerns are remote
attestation and the fact that Microsoft will be able to ship
firmware updates to Pluton via Windows Update. I've written about remote
attestation before, so won't go into too many details here, but
the short summary is that it's a mechanism that allows your system
to prove to a remote site that it booted a specific set of code.
What's important to note here is that the TPM (Pluton, in the
scenario we're talking about) can't do this on its own - remote
attestation can only be triggered with the aid of the operating
system. Microsoft's
Device Health Attestation is an example of remote attestation
in action, and the technology definitely allows remote sites to
refuse to grant you access unless you booted a specific set of
software. But there are two important things to note here: first,
remote attestation cannot prevent you from booting whatever
software you want, and second, as evidenced by Microsoft already
having a remote attestation product, you don't need Pluton to do
this! Remote attestation has been possible since TPMs started
shipping over two decades ago.
The other concern is Microsoft having control over the firmware
updates. The context here is that TPMs are not magically free of
bugs, and sometimes these can have security consequences. One
example is Infineon TPMs producing weak
RSA keys, a vulnerability that could be rectified by a
firmware update to the TPM. Unfortunately these updates had to
be issued by the device manufacturer rather than Infineon being
able to do so directly. This meant users had to wait for their
vendor to get around to shipping an update, something that might
not happen at all if the machine was sufficiently old. From a
security perspective, being able to ship firmware updates for the
TPM without them having to go through the device manufacturer is a
huge win.
Microsoft's obviously in a position to ship a firmware update that
modifies the TPM's behaviour - there would be no technical barrier
to them shipping code that resulted in the TPM just handing out
your disk encryption secret on demand. But Microsoft already
control the operating system, so they already have your disk
encryption secret. There's no need for them to backdoor the TPM to
give them something that the TPM's happy to give them anyway. If
you don't trust Microsoft then you probably shouldn't be running
Windows, and if you're not running Windows Microsoft can't update
the firmware on your TPM.
So, as of now, Pluton running firmware that makes it look like a
TPM just isn't a terribly interesting change to where we are
already. It can't block you running software (either apps or
operating systems). It doesn't enable any new privacy concerns.
There's no mechanism for Microsoft to forcibly push updates to it
if you're not running Windows.
Could this change in future? Potentially. Microsoft mention another
use-case for Pluton "as a security processor used for non-TPM
scenarios like platform resiliency", but don't go into any more
detail. At this point, we don't know the full set of capabilities
that Pluton has. Can it DMA? Could it play a role in firmware
authentication? There are scenarios where, in theory, a component
such as Pluton could be used in ways that would make it more
difficult to run arbitrary code. It would be reassuring to hear
more about what the non-TPM scenarios are expected to look like and
what capabilities Pluton actually has.
But let's not lose sight of something more fundamental here. If
Microsoft wanted to block free operating systems from new hardware,
they could simply mandate that vendors remove the ability to
disable secure boot or modify the key databases. If Microsoft
wanted to prevent users from being able to run arbitrary
applications, they could just ship an update to Windows that
enforced signing requirements. If they want to be hostile to free
software, they don't need Pluton to do it.
(Edit: it's been pointed out that I kind of gloss over the fact
that remote attestation is a potential threat to free
software, as it theoretically allows sites to block access based on
which OS you're running. There's various reasons I don't think this
is realistic - one is that there's just way too much variability in
measurements for it to be practical to write a policy that's strict
enough to offer useful guarantees without also blocking a number of
legitimate users, and the other is that you can just pass the
request through to a machine that is running the
appropriate software and have it attest for you. The fact that
nobody has actually bothered to use remote attestation for this
purpose even though most consumer systems already ship with TPMs
suggests that people generally agree with me on that)
comments