OpenBSD Journal

NVIDIA graphics driver blob root exploit

Contributed by dhartmei on from the wer-den-schaden-hat dept.

From kerneltrap.org Linux: NVIDIA Binary Graphics Driver Exploit:
A recent security advisory announced today by Rapid7 explains, "the NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is attached to this advisory." The advisory goes on to note that the FreeBSD and Solaris binary drivers are also likely vulnerable to the same flaw and cautions, "it is our opinion that NVIDIA's binary driver remains an unacceptable security risk based on the large numbers of reproducible, unfixed crashes that have been reported in public forums and bug databases."

Here's a good real-life example of why blobs are bad. For those that take the "pragmatic" approach and don't understand what all the fuss is about. So, if you're the "rather a binary blob than no accelerated X" type, I guess you get to try the unaccelerated variety for a couple of weeks (or months) now. Or maybe NVIDIA will shame the open source community with an amazingly fast fix. Since you don't have the source, you can't fix it yourself, so there's not much else to do other than wait.

One comment from the exploit reads:

    /*
     * "It's so hard to write a graphics driver that open-sourcing it would
     *  not help."
     *    - Andrew Fear, Software Product Manager (NVIDIA Corporation).
     */

(Comments are closed)


Comments
  1. By niallo (82.195.149.9) on

    Of course, OpenBSD project has been speaking about the security dangers - and other negative implications - of binary blobs for years now. Perhaps people will finally start waking up and resisting this crap.

    Just say NO to binary blobs.

    Comments
    1. By Anonymous Coward (151.188.247.104) on

      > Of course, OpenBSD project has been speaking about the security dangers - and other negative implications - of binary blobs for years now. Perhaps people will finally start waking up and resisting this crap.
      >
      > Just say NO to binary blobs.


      I woke up to this several years ago when I started using GNU/Linux and stopped using MS Windows. It has been several years since I have purchased a video board; the last one was my ATI Radeon 8500, one of the last cards for which ATI released docs. I'd rather take "okay" 3-D performance that works with Free Software than use a blob.

      I am very careful to ensure that any hardware that I purchase does not require blobs. Therefore, I stay away from the likes of Broadcom, TI, nVidious, and ATI nowadays. Eric Raymond's "compromise" attitude is totally misplaced and inappriopriate; he illustrates the difference between the "open sourcers" and the "Free Software advocates."

      RMS and Theo were, and continue to be, right on this.

    2. By Breeno (24.72.118.207) on

      > Of course, OpenBSD project has been speaking about the security dangers - and other negative implications - of binary blobs for years now. Perhaps people will finally start waking up and resisting this crap.
      >
      > Just say NO to binary blobs.

      I hate to say this, but I think the people who care are already part of OpenBSD. Linux, FreeBSD, and Windows all seem to have one thing in common: their user bases are willing to compromise on security to take an easier path. I do not see this changing. I think that NVIDIA is fully aware of this, as well.

      It's raw human nature to take the path of least resistance. The path of highest quality requires the application of intellect, dedication, and uncompromising commitment to producing high quality output. Linux, FreeBSD, and Windows developers tend to be missing one or more of these traits.

      Breeno

      Comments
      1. By Anonymous Coward (151.188.247.104) on

        > > Of course, OpenBSD project has been speaking about the security dangers - and other negative implications - of binary blobs for years now. Perhaps people will finally start waking up and resisting this crap.
        > >
        > > Just say NO to binary blobs.
        >
        > I hate to say this, but I think the people who care are already part of OpenBSD. Linux, FreeBSD, and Windows all seem to have one thing in common: their user bases are willing to compromise on security to take an easier path. I do not see this changing. I think that NVIDIA is fully aware of this, as well.
        >
        > It's raw human nature to take the path of least resistance. The path of highest quality requires the application of intellect, dedication, and uncompromising commitment to producing high quality output. Linux, FreeBSD, and Windows developers tend to be missing one or more of these traits.
        >
        > Breeno
        >


        Not true, Breeno. I'm the guy who posted just above you talking about my own hardware purchases, and I use GNU/Linux nearly all of the time. Also remember that RMS, too, has been fighting for this for years, and he uses GNU/Linux. There are many others; we just don't shout it from the rooftops most of the time. We simply go about our business making wise purchasing decisions. OpenBSD doesn't have a monopoly on people who think about their freedom...fortunately.

  2. By Anonymous Coward (216.123.188.162) on

    "Quis custodiet ipsos custodes?" If you choose to use a driver for which don't (and can't) have a clue what it is doing, you have no right complaining when its full of holes. This is neither the first, nor likely the last, published exploit against binary-only driver goo!

    The world is indebted to those who find flaws in binary crap like this.

  3. By Paul de Weerd (194.230.53.149) weerd@weirdnet.nl on http://www.weirdnet.nl

    Nice. All we need now is framebuffer wscons/X on i386 and amd64.

    <offtopic>
    I wonder how much of this driver codebase is shared between Windows- and Mac OS X drivers...
    </offtopic>

    Comments
    1. By Renaud Allard (85.201.63.39) on

      > <offtopic>
      > I wonder how much of this driver codebase is shared between Windows- and Mac OS X drivers...
      > </offtopic>

      That's not really offtopic. If the windows/macosx drivers carry the same problem (we don't know, as it's a blob), the problem is just wider than tought and could be replicated to trojan even more windows machines. Of course all users of windows use blobs all the time as the OS in itself is mostly a blob. But if the problem is also present in windows, it could make some more people aware of the blobs problem.

    2. By Anonymous Coward (212.11.9.139) on

      I wonder how much of this driver codebase is shared between Windows- and Mac OS X drivers...

      Given that most programmers are lazy and dumb, you can bet that a ton of code is exactly the same in all the operating systems. The difference would probably be in the way to exploit the different NVidia driver blobs.

  4. By Jaz (134.244.167.55) on

    Watch a car crash, if you have a bit of masochistic voyeur in you.

    Comments
    1. By Breeno (24.72.118.207) on

      > Watch a car crash, if you have a bit of masochistic voyeur in you.

      A lot of the comments on Slashdot sum up the mindset behind blob embracers quite nicely. Lazy beggars. They are getting what they deserve, I guess.

      Breeno

  5. By Chris Humphries (66.197.191.126) chris@unixfu.net on http://blogs.unixfu.net

    it works. i am a believa. cloder knows his stuff.

  6. By Anonymous Coward (213.118.21.55) on

    I have made a wallpaper (1024x768)
    http://users.pandora.be/assarix/blob_protest_nvidia.png
    (well, I am gimping today :-)

    Comments
    1. By Anonymous Coward (216.239.132.34) on

      > I have made a wallpaper (1024x768)
      > http://users.pandora.be/assarix/blob_protest_nvidia.png
      > (well, I am gimping today :-)

      Can you make a 1280x1024 version?

      Comments
      1. By Anonymous Coward (213.118.21.55) on

        > > I have made a wallpaper (1024x768)
        > > http://users.pandora.be/assarix/blob_protest_nvidia.png
        > > (well, I am gimping today :-)
        >
        > Can you make a 1280x1024 version?

        http://users.pandora.be/assarix/blob_protest_nvidia-1280.png

        Comments
        1. By Paul Irofti (80.97.12.10) bulibuta@gmail.com on

          > > > I have made a wallpaper (1024x768)
          > > > http://users.pandora.be/assarix/blob_protest_nvidia.png
          > > > (well, I am gimping today :-)
          > >
          > > Can you make a 1280x1024 version?
          >
          > http://users.pandora.be/assarix/blob_protest_nvidia-1280.png
          >

          Love the wallpaper.. thanks for both versions (one for work and one for home:)

        2. By Anonymous Coward (207.106.86.6) on

          > > > I have made a wallpaper (1024x768)
          > > > http://users.pandora.be/assarix/blob_protest_nvidia.png
          > > > (well, I am gimping today :-)
          > >
          > > Can you make a 1280x1024 version?
          >
          > http://users.pandora.be/assarix/blob_protest_nvidia-1280.png
          >

          Awesome! Thanks!

    2. By Anonymous Coward (68.100.130.21) on

      > I have made a wallpaper (1024x768)
      > http://users.pandora.be/assarix/blob_protest_nvidia.png
      > (well, I am gimping today :-)

      Can you make a 1152x768 version?

      Comments
      1. By mcbride (210.138.35.53) on

        > > I have made a wallpaper (1024x768)
        > > http://users.pandora.be/assarix/blob_protest_nvidia.png
        > > (well, I am gimping today :-)
        >
        > Can you make a 1152x768 version?

        Can you make me a 1337x666 version?

        (Or just post the .xcf file. Open-source wallpaper, to be scaled by all)

      2. By Anonymous Coward (213.118.21.55) on

        > > I have made a wallpaper (1024x768)
        > > http://users.pandora.be/assarix/blob_protest_nvidia.png
        > > (well, I am gimping today :-)
        >
        > Can you make a 1152x768 version?
        >

        http://users.pandora.be/assarix/blob_protest_nvidia-1152.png
        http://users.pandora.be/assarix/blob_protest_nvidia.xcf

    3. By KA6AH (83.217.192.243) KA6AH2000@mail.ru on http://ka6ah.livejournal.com

      > I have made a wallpaper (1024x768)
      > http://users.pandora.be/assarix/blob_protest_nvidia.png
      > (well, I am gimping today :-)

      404 for now.. Please re-post it one more time

      Comments
      1. By Anonymous Coward (78.21.21.141) on

        > > I have made a wallpaper (1024x768)
        > > http://users.pandora.be/assarix/blob_protest_nvidia.png
        > > (well, I am gimping today :-)
        >
        > 404 for now.. Please re-post it one more time

        http://www.bsdnexus.com/wallpapers/blob_protest_nvidia.png

  7. By Anonymous Coward (76.3.196.122) on

    I just came to undeadly to post about this vulnerability, but the article is already featured here! :)

    BTW, did anyone notice that the sources claim that this bug was present since 2004? It's definitely been a long time for this security vulnerability to be around. And mind you, unlike open source, the fact that it's now officially discovered doesn't mean that it's going to be fixed shortly!

    Comments
    1. By Breeno (24.72.118.207) on

      > I just came to undeadly to post about this vulnerability, but the article is already featured here! :)
      >
      > BTW, did anyone notice that the sources claim that this bug was present since 2004? It's definitely been a long time for this security vulnerability to be around. And mind you, unlike open source, the fact that it's now officially discovered doesn't mean that it's going to be fixed shortly!

      Also, the fact that it was only recently published doesn't mean that the exploit hasn't been used in closed circles for some time.

      Breeno

  8. By Anonymous Coward (156.34.218.41) on

    The story is being carried on Slashdot, and once again it is just sad, sad, sad to see the number of individuals that immediately start bitching about 'opensource fanatics'. I'm sure this won't come as much of a surprise to deadly readers.

    Comments
    1. By Anonymous Coward (203.10.110.133) on

      > The story is being carried on Slashdot, and once again it is just sad, sad, sad to see the number of individuals that immediately start bitching about 'opensource fanatics'. I'm sure this won't come as much of a surprise to deadly readers.

      Yes, I rather think this quote shows how small minded some of those slashot posters can be:

      "I bought a nVidia card with full knowldge and intent to use their binary drivers. I'll not have YOUR idealistic notions crippling MY system."

      So ideals and dialog might cripple that poor persons system! I rather think the remote exploit is somewhat more crippling, but there you go.

    2. By Anonymous Coward (80.5.160.5) on

      > The story is being carried on Slashdot, and once again it is just sad, sad, sad to see the number of individuals that immediately start bitching about 'opensource fanatics'. I'm sure this won't come as much of a surprise to deadly readers.


      This is the reason I stopped reading Slashdot years and years ago.
      I'd rather not waste my energy on that site. I've been coming here and have learned more than I could ever had at Slashdot.

  9. By Anonymous Coward (24.218.136.116) on

    A.) nVidia already fixed it two weeks ago.
    B.) Whether it's nVidia or OpenBSD developers I'm waiting for to fix a given security hole, I'm still waiting. The average user does not have the ability or inclination to do it themselves.

    Comments
    1. By Anonymous Coward (156.34.218.41) on

      > A.) nVidia already ... <snip>

      I was going to make a post drawing your attention to the issues you have clearly missed. But then it occurred to me that if you really *wanted* to inform yourself, it would have only taken a few minutes. I will grant you one thing -- in making the point that the 'average' person is both stupid and lazy, you have both said it and demonstrated that it is true all in one post. Very efficient of you.

    2. By J M:son Lindman (62.119.71.155) tybollt-solace_mh_se on

      > A.) nVidia already fixed it two weeks ago.
      > B.) Whether it's nVidia or OpenBSD developers I'm waiting for to fix a given security hole, I'm still waiting. The average user does not have the ability or inclination to do it themselves.

      A. You're uninformed. Nvidia hasn't fixed shit, they have released a beta driver, that's not fixing anything. That's like if OpenBSD would only implement critical _security_ fixes into -current.

      B. You are waiting for OpenBSDs developers to fix a problem in Nvidias closed source driver? Oh dear, what an idiot you are.
      As stated the fix is allready there, use the driver provided by Xorg.

    3. By Anonymous Coward (194.126.24.3) on

      > A.) nVidia already fixed it two weeks ago.
      > B.) Whether it's nVidia or OpenBSD developers I'm waiting for to fix a given security hole, I'm still waiting. The average user does not have the ability or inclination to do it themselves.

      Aren't you lost ? Aren't yousupposed to be lurking in slashdot ?
      And yes you are missing the point by far, waaaay far.

    4. By Simon (83.90.61.34) on

      > A.) nVidia already fixed it two weeks ago.

      True, but what happens when nVidia nolonger wish to update the driver? I own and use a lot of hardware which is nolonger supported by the manufacturer, the only way I can have secure and updated drivers is if the code for the driver i freely available.

      Right now nVidia might be your friend, but they will only care about you as long as it will make them a profit.

      The nVidia graphics drivers might not be that important, they only give me 3D graphics, which I don't really care about, but what if this was the drivers for their network adapters. Their stuff is found i a large number of Opteron servers these days.

      Comments
      1. By Anonymous Coward (193.191.209.28) on

        > > A.) nVidia already fixed it two weeks ago.
        >
        > True, but what happens when nVidia nolonger wish to update the driver?
        >I own and use a lot of hardware which is nolonger supported by the
        > manufacturer, the only way I can have secure and updated drivers is if
        > the code for the driver i freely available.

        AFAIK this is already the case for NVidia drivers. Latest versions do not support TNT2 and older Geforce cards anymore. People using these, have to use the old nvidia_legacy drivers.

        Comments
        1. By Anonymous Coward (24.46.21.229) on

          > AFAIK this is already the case for NVidia drivers. Latest versions do not support TNT2 and older Geforce cards anymore. People using these, have to use the old nvidia_legacy drivers.

          Luckily though the free nv driver supports TNT2 and older GeForce cards just fine (did two openbsd installs last night, both with x, one with a tnt2, one with some old geforce, perty X with the nv driver...)

        2. By Igor Sobrado (156.35.192.3) on

          > > > A.) nVidia already fixed it two weeks ago.
          > >
          > > True, but what happens when nVidia nolonger wish to update the driver?
          > >I own and use a lot of hardware which is nolonger supported by the
          > > manufacturer, the only way I can have secure and updated drivers is if
          > > the code for the driver i freely available.
          >
          > AFAIK this is already the case for NVidia drivers. Latest versions do not support TNT2 and older Geforce cards anymore. People using these, have to use the old nvidia_legacy drivers.

          Sadly, this fact was announced some time ago (perhaps by Theo, I do not remember exactly how...): on the one hand large corporations make their money selling hardware. This means that they support products only for a (very) limited amount of time. Supporting legacy hardware means that they target some of their efforts to maintain products that do not provide profit to them again and, even "worse", make people feel happy with these legacy items, not buying new devices again. On the other, projects like OpenBSD maintain drivers for legacy hardware as carefully as drivers for new hardware (in some cases, both "drivers" are the same). Not only new features are added to these old drivers, but bugs are fixed as soon as discovered. Projects like OpenBSD "do not care about hardware becoming obsolete" but about quality, and it means maintaining *all* software in the base system must be maintained with the higuest .

          I certainly choose project as OpenBSD for very good reasons.

          Igor.

    5. By Anonymous Coward (151.188.247.104) on

      > A.) nVidia already fixed it two weeks ago.
      > B.) Whether it's nVidia or OpenBSD developers I'm waiting for to fix a given security hole, I'm still waiting. The average user does not have the ability or inclination to do it themselves.

      How do you know that nVidious fixed this hole? And how do you know that they didn't insert another one? You might *still* be waiting, for all you know.

      Nope, I'll stick with the open driver from X.org, thanks.

  10. By Anonymous Coward (192.16.134.66) on

    Also sad to see some stupid people on OsNews. One posted this:

    ""That should shut up the people who call anti-blob folks "idealists." Closed code can't be easily audited, and thus can't be trusted."

    Actually I don't call anyone idealists. I think Open code is just as bad since me not being a coder, I just have to use it and rely on someone else. Being open means it is easier to slip exploits in. I don't know any of these so called 'Auditors' monitoring the code."

    Comments
    1. By Anonymous Coward (220.239.57.51) on

      > I think Open code is just as bad since me not being a coder, I just have to use it and rely on someone else. Being open means it is easier to slip exploits in. I don't know any of these so called 'Auditors' monitoring the code."




      And I think such a comment is just utter nonsense from another clueless moron who doesn't understand how open-source actually works in the real world. Just because you are not able to look at the code, doesn't mean others don't. You're seriously suffering from the: "If I can't do it, no one can" syndrome. (Typical of those who are well experienced with Windows, but have no clue of Linux, BSD, etc.)

      Devs of open-source have their reputation on the line. If a project is well known for very poor security measures, no one will use it or it gets forked, and thus, it will kill the project. (Its the community that makes a project live. Without a community, its as good as dead. Look at Xfree86.org...Check the activity of their mailinglist archive. Notice the massive drop in activity?)

      Have you ever heard of someone delibrately slipping in exploits or hostile code into an open-source project, resulting in major damage to all its users, thereby killing the project?

      Unlike your bleak world of nonsense, there are actually good/honest programmers out there, working on awesome solutions in their spare time. They give a damn when someone sneaks in some nasty shit. Someone will be very vocal about it when they find out. And it will always get fixed very quickly.

      Take a look at the case with Debian and Gentoo. In both cases, their servers were compromise and the attacker made an attempt to taint the code with malware. The affected servers were quickly taken offline as a result, and an audit or analysis was implemented to see what damage was done. Announcements were made to inform users of what to do.

      Look at OpenBSD, have you seen anyone try to taint the code without being noticed?

      That's the difference between open-source and closed. If something goes wrong, people act on it pretty quickly. Unlike closed-source, where a process of red tape BS is thrown around with a mix of Marketing BS to calm the public. Its what I call the "closed-source masturbation approach to addressing security".

      What do I mean by "red tape BS"?

      * Finding the right people to contact.

      Usually need to nag or escalate the issue until the right people see it...That's gonna take a while! There's no direct links to contact the devs!

      * Need to sign an NDA of some sort.

      Its usually stating you agree not to disclose info about this issue to the public, etc. I know Microsoft gets you to sign one of these.

      * The way most companies are structured, they ain't designed to efficiently handle security threats quickly.

      They end up dragging their feet...Are you not familiar with Microsoft's infamous monthly "Patch Tuesday"? And what about the need to nag them to show that the issue is a critical one? (Security companies need to nag Microsoft to release a patch to a critical issue? Sounds crazy but its true).

      You don't talk to the devs directly, unlike open-source projects. This causes unnecessary delays. Because you are racing against time to fix the issue. The goal is to be quick as possible. But you don't want to do a piss-poor job, as you'll end up releasing a patch to fix another patch!



      On the matter of this binary blob, I agree. We need to make Nvidia (or whoever) understand the importance of providing the necessary info in producing our own drivers. FFS! We're not planning to steal any ideas! We just want the darn thing to work with drivers (that we know the details of).

      Comments
      1. By Craig (63.226.15.202) kidmosey at gmail.com on http://www.musitu.org/

        > Devs of open-source have their reputation on the line. If a project is well known for very poor security measures, no one will use it or it gets forked, and thus, it will kill the project. <...>

        I think you've hit the nail on the head here. Could this be why nvidia does not go opensource? If they released their source, my guess is they would quickly get discredited and outdone by numerous other non-profit factions in the opensource community. And then if it's pointed out how poorly designed their drivers are, questions about their hardware will be raised, which will make them lose megabucks.

        I fail to see any other reason for them to hold back. They don't sell drivers, they sell hardware. And seeing how the driver interfaces with the hardware is not going to give anyone any more advantage than they have already gotten by reverse engineering.

        But then, I haven't read up on this topic, so I don't know any of their excuses.

  11. By Krunch (139.165.82.240) on http://krunch.be/

    Would anyone care to explain how the remote exploit works ? Is it specific to Firefox ? I don't own a nvidia card myself so I can't really test it.

    Comments
    1. By Anonymous Coward (194.237.142.11) on

      > Would anyone care to explain how the remote exploit works ? Is it specific to Firefox ? I don't own a nvidia card myself so I can't really test it.

      You could try to actualy read the security advisory.

    2. By tedu (69.12.168.114) on

      > Would anyone care to explain how the remote exploit works ? Is it specific to Firefox ? I don't own a nvidia card myself so I can't really test it.

      firefox is hardly the only application that draws glyphs on the screen.

  12. By dingo (198.208.251.24) on

    Hey, doesn't freebsd help you run this binary blob too? I wonder, does freebsd clearly state "The entire state of security of this machine is now compramised" when you install it?

    I am just a user and a moderate programmer. Most of the fanboys on slashdot would try to say the same -- why then do they not understand the freedoms they have signed away?? Is their TOY that important? Do they refuse to process the impact of the 'I Agree'?

    I'll work on a piss slow VAX if thats what it takes to do _Problem Solving_ and _Computing_ on my __Computer__.

    I've always seen these users (nvidia binary blob supporters) as hobbyists, they just want to play with their toys after work. Maybe its all about software that comes free of cost, they're not just hobbyists, they're _cheap_ hobbyists. I am more than happy to fork an extra $50 out for the same specification, but open drivers (X.org has good wiki documentation to help you choose a driver...)

    These users amount to such a huge number.. I used to think this was important, and hope that these numbers would help topple company policies like nvidia holds. Even after a working exploit, they still wont budge from their silly gaming rigs. They'll follow whatever distro helps make their video card work best. If they arn't willing to comprimise, let them go screw themselves back into using another form of microsoft windows. Cheap bastards.

    Comments
    1. By tmclaugh (192.216.27.32) on

      > Hey, doesn't freebsd help you run this binary blob too? I wonder, does freebsd clearly state "The entire state of security of this machine is now compramised" when you install it?

      The blob nvidia driver is a separate port from the xorg ports and was marked as FORBIDDEN as soon as the vulnerability was announced.

      Comments
      1. By dingo (198.208.251.24) on

        > > Hey, doesn't freebsd help you run this binary blob too? I wonder, does freebsd clearly state "The entire state of security of this machine is now compramised" when you install it?
        >
        > The blob nvidia driver is a separate port from the xorg ports and was marked as FORBIDDEN as soon as the vulnerability was announced.

        This should have been marked FORBIDDEN in the first place.

        Was your typical freebsd user aware of the large security risk of this blob? This is what I am asking here. Would a non-technical user who doesn't understand the full impact of using a binary blob in their X driver layer at least be warned that this is a very dangerous thing to use?

        FreeBSD has to be willing to completely remove something from the tree when their user's security(and stability) is at risk, and it cannot be fixed.

        There are plenty of well maintained packages in ports with BSD and MIT licenses that I am more than happy to use.

        This belongs somewhere else entirely, with caution tape all around it. It shouldn't take a public exploit of a very old vulnerability to finaly mark it FORBIDDEN.

  13. By pyr (88.138.190.49) pyr@spootnik.org on

    I think most of us here agree on the importance of keeping our systems BLOB-free and I'm actually glad there's a real life example to prove why its wrong to allow vendors to behave like that.

    Now if the exploit had been discovered on an ethernet NIC maybe I'd have been more inclined to understand the stand of misinformed Linux users who are glad to run BLOBs on their "open source" systems.

    But what does every one in the Open Source community need 3d drivers for ?? I've never seen anyone running anything more than xlock/xscreensaver that might require some kind of accelleration, maybe the occasionnal blender launch ?

    Its not like there's tons of games widely available for UNIX systems.

    Anyway I guess I would understand it if some people didn't get the implications of compromising their systems with BLOBs, but compromising their systems in order to run a smoother xscreensaver... come on !

    Comments
    1. By ahafey (82.69.184.245) on

      > I think most of us here agree on the importance of keeping our systems BLOB-free and I'm actually glad there's a real life example to prove why its wrong to allow vendors to behave like that.
      >
      > But what does every one in the Open Source community need 3d drivers for ?? I've never seen anyone running anything more than xlock/xscreensaver that might require some kind of accelleration, maybe the occasionnal blender launch ?
      >
      > Its not like there's tons of games widely available for UNIX systems.
      >

      Robin Hood, Civilisation, SimCity and NeverWinter Nights are the ones I'm running atm. Only NeverWinter Nights needs 3d so I won't be playing it for the moment.

      Have a look at www.tuxgames.com for more. There aren't many but there are some really good ones available.

      I prefer Linux as a gaming platform over Windows for many reasons.

      I used to take the line that if it didn't run on Linux it didn't get a look in. VMware licensing has changed that but then VMware doesn't have great 3d support so MacOSX is the only other option for me.

      OpenBSD as a gaming platform anyone?

      Comments
      1. By Anonymous Coward (68.100.130.21) on

        Unfortunately OpenBSD has no 3D acceleration support, even when documentation (or open-source Linux drivers) are available. I wish it did -- maybe someday implementing such a thing will be within my own skill set, but it's not now.

      2. By Anonymous Coward (87.78.95.219) on

        nethack.

        [if they'd just get it, that documentations for their cards would at least double their sales in the commercial sector.
        "hey cool, documentation. finaly a card i can recommend to the sales guys when they ask."]

      3. By CODOR (67.158.69.254) on

        > OpenBSD as a gaming platform anyone?

        prboom and the already-mentioned nethack are two of the games I play the most, regardless of operating system. No 3D needed, although drivers for an ATI Radeon 9500 ASC would be nice...

        Comments
        1. By Anonymous Coward (64.231.232.11) on

          There are too many games that run on OpenBSD, IMO.

          Wesnoth stole a few weeks of my summer. :-)

          No blob required.

      4. By Anonymous Coward (134.100.120.76) on

        > OpenBSD as a gaming platform anyone?

        Sometimes, some old ScummVM based games keep me busy.

      5. By Anonymous Coward (198.208.251.24) on

        > OpenBSD as a gaming platform anyone?

        games/nethack
        games/openttd (great for zaurus!)

        working on commits to send upstream to exult team (ultima 7) to make their next release much more openbsd (and non-linux/i386 ;/) friendly

        Comments
        1. By Anonymous OpenBSD Geek (161.97.198.33) on

          > > OpenBSD as a gaming platform anyone?
          There always is *bsdgames* such as atc(air traffic controller game).
          Also, nobody will know if this security hole was known by NVIDIA, or even placed on purpose. With opensource, people still can place insecure code, but anyone can still review the code. In downloading a Blob, you do not know if there is a vuln. Also, anyone can do an mitm attack when you download the blob, and you will not know better. Someone can also do an mitm attack when i download an openbsd iso, but I can always recompile everythink to verify that there are no security holes. Also, even if we assume that the nvidia programmers are perfect, nobody knows if the C compiler insterted a bug( read Ken Thompson's paper: "reflections on trusting trust") for a great example.

          Also, I applaud de Raat's conviction of never compromising, and refusing to use blobs. Even though openbsd may be slightly behind in hardware support, I always will cherish openbsd as the OS i can most trust.

          Comments
          1. By rene (202.63.60.49) on

            > Also, I applaud de Raat's conviction of never compromising, and refusing to use blobs. Even though openbsd may be slightly behind in hardware support, I always will cherish openbsd as the OS i can most trust.
            >

            behind what, wireless support in linux?
            what about being able to monitor your sensors or raid array? how many os' do this natively?

      6. By ahafey (82.69.184.245) on

        Life is now more complex due to trust (or lack thereof)

        initlevel 3 so I'm not loading X anywhere

        $ cat startx-nv
        startx -- -config xorg.conf.pre-NVIDIA

        for normal work

        $ cat startx-nvidia
        startx -- -config xorg.conf.8774

        for anything requiring 3D accel - NeverWinter Nights only for me.

        Thanks for all the posts about alternative games. It's been a while since I played some of them and they deserve a revisit!

        Cheers,
        Alex.

        P.S. Apologies for the late reply, haven't had much time lately!

  14. By Anonymous Coward (66.42.176.26) on

    Other video drivers and exploits/concerns? I know wrong place for this:

    Interesting observed video: Lock-up of OS and corruption of ncurses, with exit of X with FVWM, everytime, needed firefox loaded. Pkg_delete of firefox, gone!. Firefox back on, all ok. Use startx, no xdm.

    Most of OS schg, xterm lowered to 0555, stackgap 524288, malloc.conf, FGZRPA<<<<, other security mods, system been good for a while!

    Should of had firefox folder more schg, little slip up. Otherwise?

    Black ncurses screen with thin blue vertical lines, sometimes, other graphics.

    OpenBSD-3.9-cdrom version-ATI-driver-ATI-Mobility M3-Dell 4000 Inspiron laptop. Machdep.allowaperature=1, X windows, Firefox 1.5.0.7 from ftp:openbsd. Hash, xorg.conf and dmesg upon request.

    Yes, I should ktrace and other stuff. Just fixed and moved on.
    Just a JFYI. Not worried, just interested.

    POINT: Drivers, video cards, X and firefox = concerns, even with OpenBSD.

    Comments
    1. By Anonymous Coward (87.78.89.210) on

      You still make no sense.

  15. By Martynas Venckus (204.13.236.244) martynas@altroot.org on

    Let's convince NV to do the right thing as well as express your feelings about why can't you fix the driver yourself.

    I believe Andy Ritger <aritger@nvidia.com> and Christian Zander <czander@nvidia.com> are responsible.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]