Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Open Source Privacy Security

Hackers Demand NVIDIA Open Source Their Drivers Or They Leak More Data (videocardz.com) 75

New submitter briaguya shares a report from VideoCardz: Hackers that infiltrated NVIDIA systems are now threatening to release more confidential information unless the company commits to open sourcing their drivers. It is unclear what the stolen data contains, but the group confirmed that there are 250GB of hardware related data in their possession. Furthermore, the group confirmed they have evaluated NVIDIA position, which means that NVIDIA is might trying to communicate with the group to prevent future leaks. The group has already published information on NVIDIA DLSS technology and upcoming architectures. Yesterday, Nvidia reportedly retaliated against the hacker group known as "Lapsus$" by sneaking back into the hacker's system and encrypting the stolen data. The group claimed that it had a backup of the data, though.
This discussion has been archived. No new comments can be posted.

Hackers Demand NVIDIA Open Source Their Drivers Or They Leak More Data

Comments Filter:
  • Obviously just speculation, but "evaluated NVIDIA position" sounds like the hackers are considering a buy-off.

  • by Schoenlepel ( 1751646 ) on Wednesday March 02, 2022 @07:53PM (#62320673)

    That'll happen when hell freezes over.

    • It seems the hackers will open the source regardless of what nVIDIA does. However if the hackers do, it will be technically toxic like the Windows NT source code is.

      However that wonâ(TM)t deter miners and others who have a financial rather than an ideological goal from engineering their own compilations without LHR restrictions and better optimizations for their type of work.

      Big business will still buy nVIDIA enterprise cards and licenses, the open source market is really a small hobbyist subgroup in c

      • by dgatwood ( 11270 )

        It seems the hackers will open the source regardless of what nVIDIA does. However if the hackers do, it will be technically toxic like the Windows NT source code is.

        Probably not to the same degree. Unlike Windows, where there's actually likely to be a ton of moderately interesting intellectual property, any two drivers for the same device tend to look an awful lot alike, because they pretty much have to tickle the same registers in the same way (often with the same timing) to perform a given action. The bits that vary from one to another are the uninteresting boilerplate crap, like class hierarchies for drivers that share functionality with other drivers, function/me

        • by tlhIngan ( 30335 )

          That's how the current open-source drivers for nVidia are written, though they don't inspect the code, they inspect what the code does and emulate it.

          The clean room aspect is good, but will be extremely hard to enforce and even the slightest hint of taint can invalidate the whole exercise. That's why the WINE team refused to look at the leaked Windows source code and still continued off the available documentation Microsoft wrote (as do many other projects like ReactOS). It's why Compaq only went off the av

          • by jbengt ( 874751 )

            Once you have access to the source code, it's game over - even trying to describe what the source code does can be considered a derivative work, making the final open source driver a derivative work of a derivative work, and thus copyrighted nVidia.

            If the source code is a trade secret, how could it be copyrightable? That would seem to stand on its' head the "to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Wr

            • by tlhIngan ( 30335 )

              If the source code is a trade secret, how could it be copyrightable? That would seem to stand on its' head the "to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries" language in the constitution.

              I never said it was a trade secret - someone else did. But it's still copyrighted code in the end, and taking source code and writing what it does can create a derivative work if you are not careful

        • Don't underestimate Nvidia's capacity to be a cunt. I wouldn't be surprised if they materially alter their logic cores specifically to make such a reverse engineered driver non-functional on future hardware.

  • Couldn't of happened to a better company. I doubt Ngreedia will open source their drivers. I would assume they would sell the info to a Chinese company so they could make knockoffs.

    • by jmccue ( 834797 )

      The driver I had for and old Nvidia Card I used in Linux went EOL, a new kernel came out and getting the EOL driver working on new kernels failed.

      So my options, a new Nvidia Card one one from another vendor. I purchased one from another Vendor that had Open Drivers.

      I will never buy anything associated with Nvidia until they open their driver.

      I wish these people luck, but I doubt it will achieve anything other than forcing Nvidia to make changes where info they retrieved will not work.

    • couldn't've
      • I try to avoid double contractions, double negatives and doublemint gum.

        • by cas2000 ( 148703 )

          Even so, "Couldn't of" is wrong. "Couldn't've" may be ugly enough to be worth avoiding (in writing, at least. It's common in spoken language), I won't dispute that, but it is a contraction of "Couldn't have", not "Couldn't of".

          Same as all instances of 've in "could've, would've, should've" are contractions of have. And "I've" is a contraction of "I have", not "I of", and "We've" is "We have", not "We of". And so on. The pattern should be obvious by now.

  • Nvidia is more afraid of the thing they've put in that black box than they are of any consequences humans could cause for them.

  • I like it. We would finally get working and well supported drivers after all those decades of waiting. Good thinking, Lapsus$.

    • Is that the way to go about it? Breaking and entering isn't the reputation open-source needs.

    • by dgatwood ( 11270 ) on Wednesday March 02, 2022 @09:31PM (#62320891) Homepage Journal

      I like it. We would finally get working and well supported drivers after all those decades of waiting. Good thinking, Lapsus$.

      The last thing anybody should be asking for is an open source version of driver code that is likely to be Windows-specific garbage with badly written glue code and who knows what else. Nobody really wants that. What we need is for new hardware to always provide full register-level documentation so that proper drivers can be written.

      • I like it. We would finally get working and well supported drivers after all those decades of waiting. Good thinking, Lapsus$.

        The last thing anybody should be asking for is an open source version of driver code that is likely to be Windows-specific garbage with badly written glue code and who knows what else. Nobody really wants that. What we need is for new hardware to always provide full register-level documentation so that proper drivers can be written.

        LOL. No, NVIDIA drivers are not "windows specific garbage". They are rock solid, performant, and with no missing features, neither of which can be said of the OSS alternative, nouveau. I'd very much like to seem them open-sourced (though not at gunpoint obviously).

        We've seen what happens with your approach of "provide documentation and hope OSS community magically writes drivers of their own", with ATI/AMD, in olden, thankfully gone, times. Those drivers were FAMOUSLY shit, and continued to be so until AM

        • by Pimpy ( 143938 )

          And when Matrox and 3dfx opened their docs, those open source drivers were the best and most performant of their time. Someone has an awfully selective memory.

          • Sure. That's why I said *modern* GPU. These days drivers are several orders of magnitude more complicated than back then.
      • What we need is for new hardware to always provide full register-level documentation so that proper drivers can be written.

        Even with that documentation you won't get a decent GPU driver. Drivers for graphics cards are insanely complex, contain a variety of optimisations, contain software level capabilities which companies consider their closely guarded IP (think PhysX from NVIDIA or FSR from AMD), and contain a world of optimisations and bug fixes for specific games.

        Maintaining drivers for one vendor's GPU is a full time job for a team of people. It's not something an open source group will hack together with documentation in a

        • by dgatwood ( 11270 )

          What we need is for new hardware to always provide full register-level documentation so that proper drivers can be written.

          Even with that documentation you won't get a decent GPU driver. Drivers for graphics cards are insanely complex, contain a variety of optimisations, contain software level capabilities which companies consider their closely guarded IP (think PhysX from NVIDIA or FSR from AMD), and contain a world of optimisations and bug fixes for specific games.

          If they're really doing that at the driver level, then that supports my assumption that the driver is a dumpster fire. A driver shouldn't even know what game is running, much less have optimizations for a specific game. That sort of functionality should be either in the game itself or in a middleware layer that sits on top of the driver.

          PhysX, etc. is middleware that sits at least one or two layers above the driver. As long as the complete API exposed by the driver is publicly documented (so that the mid

          • If they're really doing that at the driver level, then that supports my assumption that the driver is a dumpster fire.

            You say "the driver" as if this is an NVIDIA thing. No. GPU drivers do far more than just translate calls over to hardware. Every company includes game optimisations and fixed in their drivers. It's not a dumpster fire, it's just more complex than you seem to think.

            Just some examples:
            AMD Adrenalin 22.2.3
            - Formal Elden Ring support
            - Shadow Warrior 3 5% speed boost vs previous driver
            - GRID legends 5% speed boost vs previous driver.
            - Cyberpunk 2077 1.5 known issue where indoor area lighting is darker than it s

          • If they're really doing that at the driver level, then that supports my assumption that the driver is a dumpster fire.

            No, it supports the fact that you didn't realize this has always been standard practise. Application-specific optimizations exist in drivers from Nvidia, AMD, Intel and even back in the old days of 3Dfx.

            A driver shouldn't even know what game is running, much less have optimizations for a specific game.

            Why not? What makes you think you know better than every GPU vendor?

            That sort of functionality should be either in the game itself or in a middleware layer that sits on top of the driver.

            How does that help when the open specification API is too high of a level of abstraction and thus doesn't provide the level of control over the underlying hardware that one would need to add these kinds of optimizations?

    • There's nothing "non working" about NVIDIA's drivers. They may not be open, but they do work, and making them open wouldn't magically fix them if they were broken. GPU Drivers are insanely complex.

  • by rsilvergun ( 571051 ) on Wednesday March 02, 2022 @08:24PM (#62320753)
    I know, it's off topic, but is AMD competitive in this space? They are for gaming except at the very very very top end (think $1500 cards even w/o the current price gouging), but that's gaming. I'm guessing if you really care about open source drivers you're running a workstation though, and I seem to remember hearing AMD still lags there.
    • AMDs integrated gpu's on desktop hardware arent exactly low end, which keeps those APU's out of workplaces.

      Their E-series stuff is all laptops and minis, and as such always end up being support nightmares no matter who makes what.
    • I know, it's off topic, but is AMD competitive in this space?

      TensorFlow uses CUDA which is Nvidia-only. So AMD is not an option for many people.

      Someone should blackmail Google into adding OpenCL support to TensorFlow.

      • by AmiMoJo ( 196126 )

        On the other hand AMD cards are much faster for transcoding and for hashing (password cracking, crypto coins). It really depends what your use case is.

  • If you want open source drivers for nvidia cards then use an open source OS and the nouveau driver.
    The hackers are merely vandals. If they release nvidia's proprietary code it can only harm users of free software nouveau driver as developers working on genuine free software can't legitimately learn from it.

    • If Nouveau wasn't hopelessly broken on laptops with discrete Nvidia GPUs, then sure. However, it's hopelessly broken on laptops with discrete GPUs and has been for years. The only way to get these to work is to blacklist Nouveau from even attempting to load and install proprietary drivers.

      Presumably, opening the source so that the Nouveau guys could figure out how the whole Optimus thing works would fix it.

      Oh, and Nvidia's support for wayland is garbage, if it exists at all.

  • by account_deleted ( 4530225 ) on Wednesday March 02, 2022 @11:26PM (#62321075)
    Comment removed based on user account deletion
    • Unlocking artificially blocked features is possible no matter whether driver is open-source or not. RTFB
      • Comment removed based on user account deletion
        • Is it actually worth it though? Most people wouldn't need gpu for anything other than gaming/mining, and even open-source driver can honor those restrictions. Of course you could start a lawless fork but it would have to be maintained too, not something that is likely to work for long time if all such forks are being removed from all hosting providers especially if it's some geeky professional feature. On the other hand if it had mass appeal then it would have been broken long time ago, binaries be damned.
          • Comment removed based on user account deletion
            • Most people are fine using nvidia-drivers because it's still free, nouveau would see lot more development if it was the only option. nouveau most definitely has HDMI audio implemented for most cards. Having crypto signing isn't antithetical to opensource, you don't have to share keys.
              • Comment removed based on user account deletion
                • https://www.phoronix.com/forum... [phoronix.com] - even more detailed info. Seems it's possible to extract needed blobs from binary driver but it's too much of a pain in the ass and nvidia doesn't provide them separately. So a proper opensource driver can just contain them. There is nothing secret about them. Only that they're signed so hardware wouldn't reject them.
            • Take a look at e.g. the Nouveau-project: it's STILL, after all these years, missing a ton of basic features -- features that do have mass appeal, like e.g. HDMI audio.

              Right but it's like whining that Microsoft won't open source Windows or that Apple won't provide open source Linux drivers for it's SoCs in iPhones, iPads and Macs. Go support the companies that support you, people who care about open source drivers don't buy Nvidia hardware just like people who want to run Linux on their phones don't buy iPhones. Do some research, you're insistent on using the wrong tool for the job instead of supporting the companies that build the right tool for the job.

              • Comment removed based on user account deletion
                • there is no company that does "build the right tool for the job": only NVIDIA supports CUDA

                  That's because CUDA is an Nvidia technology. So don't use CUDA, use ROCm or OpenCL. Tensorflow, for example, has been ported to ROCm.

                  but they don't support open-source.

                  They do support open source, they quite literally have a driver explicitly to support open source Linux operating systems. They provide technologies like CUDA that can be used in open source projects like Tensorflow. They provided nvidia-docker which allows you to access the GPU inside docker Linux containers.

  • I would really like to know if there is anything shitty going on with nvidia drivers in the way of being surveillance friendly.

    without open source drivers, we can't check.

    • Because you spend your time auditing driver code? Or were you planning on having "someone else" do that for you like literally everyone else that uses this reasoning behind yearning for the open sourcing of code?

    • I would really like to know if there is anything shitty going on with nvidia drivers in the way of being surveillance friendly.

      without open source drivers, we can't check.

      If you really cared about that you wouldn't be using any hardware with embedded firmware, you would be using open source hardware so whether the drivers for proprietary hardware are open source or not makes no difference.

  • I'm as pro-FOSS as anyone. And probably of no more than average intelligence for a Slashdotter. Maybe less.

    But even I can see how this is likely to blow back.

    Stronger "laws" to "protect" proprietary crapware, which, coincidentally, happen to restrict or outright ban FOSS.

  • This article position is might trying to communicate with me?

  • And I thought nVidia would be mad at me back in 2003.

You are always doing something marginal when the boss drops by your desk.

Working...