As someone who is pretty skeptical and reads the fine print, I think this is a good move and I really do not see a downside (other than the fact that this probably strengthens the nVidia monoculture).
Having as open-source all the kernel, more precisely all the privileged code, is much more important for security than having as open-source all the firmware of the peripheral devices.
Any closed-source privileged code cannot be audited and it may contain either intentional backdoors, or, more likely, bugs that can cause various undesirable effects, like crashes or privilege escalation.
On the other hand, in a properly designed modern computer any bad firmware of a peripheral device cannot have a worse effect than making that peripheral unusable.
The kernel should take care, e.g. by using the I/O MMU, that the peripheral cannot access anything where it could do damage, like the DRAM not assigned to it or the non-volatile memory (e.g. SSDs) or the network interfaces for communicating with external parties.
Even when the peripheral is so important as the display, a crash in its firmware would have no effect if the kernel had reserved some key combination to reset the GPU (while I am not aware of such a useful feature in Linux, its effect can frequently be achieved by switching, e.g. with Alt+F1, to a virtual console and then back to the GUI, the saving and restoring of the GPU state together with the switching of the video modes being enough to clear some corruption caused by a buggy GPU driver or a buggy mouse or keyboard driver).
In conclusion, making the NVIDIA kernel driver as open source does not deserve to have its importance minimized. It is an important contribution to a more secure OS kernel.
The only closed-source firmware that must be feared is that which comes from the CPU manufacturer, e.g. from Intel, AMD, Apple or Qualcomm.
All such firmware currently includes various features for remote management that are not publicly documented, so you can never be sure if they can be properly disabled, especially when the remote management can be done wirelessly, like through the WiFi interface of the Intel laptop CPUs, so you cannot interpose an external firewall to filter the network traffic of any "magic" packets.
A paranoid laptop user can circumvent the lack of control over the firmware blobs from the CPU manufacturer by disconnecting the internal antennas and using an external cheap and small single-board computer for all wired and wireless network access, which must run a firewall with tight rules. Such a SBC should be chosen among those for which complete hardware documentation is provided, i.e. including its schematics.
There still is a huge difference between running privileged code on the CPU, for which there is nothing limiting what it can do, and code that runs on a device, which should normally be contained by the I/O MMU, except if the I/O MMU is buggy.
The functions of an I/O MMU for checking and filtering the transfers are very simple, so the probability of non-intentional bugs is extremely small in comparison with the other things enumerated by you.
Agreed, that the feature-set of IOMMU is fairly small, but is this function not usually included in one of the Chipset ICs, which do run a lot other code/functions alongside a (hopefully) faithful correct IOMMU routine?
Which -to my eyes- would increase the possibility of other system parts mucking with IOMMU restrictions, and/or triggering bugs.
Did you run this through a LLM? I'm not sure what the point is of arguing with yourself and bringing up points that seem tangential to what you started off talking about (…security of GPUs?)
I have not argued with myself. I do not see what made you believe this.
I have argued with "I don’t believe that much has really changed here", which is the text to which I have replied.
As I have explained, an open-source kernel module, even together with closed-source device firmware, is much more secure than a closed-source kernel module.
Therefore the truth is that a lot has changed here, contrary to the statement to which I have replied, as this change makes the OS kernel much more secure.
But the firmware runs directly on the hardware, right? So they effectively rearchitected their system to move what used to be 'above' the kernel to 'below' the kernel, which seems like a huge effort.
It’s some effort but I bet they added a classical serial CPU to run the existing code. In fact, [1] suggests that’s exactly what they did. I suspect they had other reasons to add the GSP so the amortized cost of moving the driver code to firmware was actually not that large all things considered and in the long term reduces their costs (eg they reduce the burden further of supporting multiple OSes, they can improve performance further theoretically, etc etc)
That's exactly what happened - Turing microarchitecture brought in new[1] "GSP" which is capable enough to run the task. Similar architecture happens AFAIK on Apple M-series where the GPU runs its own instance of RTOS talking with "application OS" over RPC.
[1] Turing GSP is not the first "classical serial CPU" in nvidia chips, it's just first that has enough juice to do the task. Unfortunately without recalling the name of the component it seems impossible to find it again thanks to search results being full of nvidia ARM and GSP pages...
here's[1] a presentation from nvidia regarding (unsure if done or not) plan for replacing Falcon with RISC-V, [2] suggests the GSP is in fact the "NV-RISC" mentioned in [1]. Some work on reversing Falcon was apparently done for Switch hacking[3]?
Yes makes sense, in the long run it should make their life easier. I just suspect that the move itself was a big effort. But probably they can afford that nowadays.
It is interesting how most M&A transactions trend to have a 30% premium above the trading price. I have tried to investigate why but could not find a good explanation to why this number is so prevalent.
It comes from a 2004 Delaware court case, which found “recent appraisal cases that correct the valuation for a minority discount by adding back a premium ‘that spreads the value of control over all shares equally’ consistently use a 30% adjustment” for the control premium [1]. (Under Delaware law, shareholders are entitled to the pro rata share of a company’s fair value. The courts can and do revise merger prices to reflect this.)
It’s “a premium of 15% over Squarespace's closing share price of $38.19 on the NYSE on May 10, 2024,” the last business day before the buyout was announced.
That said, you see the bankers bending over backwards to find a metric that satisfies Doft.
Companies have big shareholders and small. Absent controls, the big shareholders (and management) have an incentive to negotiate deals that are better for them than for the small shareholders. Delaware is good at designing these controls, which is why savvy investors like companies to be based there.
One of these controls allows shareholders to sue if they think the company they own stock in was sold too cheaply. In those cases, the court will step in to check the math. That happened in Doft.
Most of the case revolved around comparing Travelocity’s value to Expedia’s. But buying a share in Expedia is different from buying all of Travelocity, because the latter lets you e.g. pay yourself—the owner—all the money in the bank account as compensation or unilaterally sack management. The value of this privilege is called the control premium. After the court valued Travelocity conventionally, it added a control premium of 30% to come up with the final enterprise value.
Why 30%? Because that’s what most valuation consultants did. What Doft changed was now that convention was cited in case law. So a shareholder who is upset about their shares being sold at a 15% premium can credibly threaten to sue and win, which companies want to avoid, and so we get this circular convention of a 30% control premium (loosely defined) being the norm for converting companies from widely-held (usually public) to narrowly-held (usually private).
You have to pay enough to convince everyone to sell. The trading price is the marginal price of buying one more unit of stock, not a representation of the stock price at which every owner will sell.
Well, you have to pay enough to convince the board to force everyone to sell and not risk being sued for not doing their fiduciary duty. But yeah, that’s the gist of it. if you were to attempt to simply buy up all of the shares on the open market, it would cost more than whatever it closed at the day before you did that, all else being equal
If you go much lower, shareholders become reluctant wondering if it's really worth it, or if the board are negotiating hard enough.
If you go much higher, shareholders start to wonder why someone is willing to pay so much for a stock. People start to get cagey and wonder what's going on. The sellers interest is to keep it lower as well.
It's just the region things have settled over time. It's generally enough that the board feel they're doing the right thing, it doesn't spook anyone, and it's what the buyer is expecting.
I don't think there's any more magic behind it, it's just what has become the norm over the years.
At 50% it might be easier to just buy up shares on the market til they have a controlling share. The number to do that sets a cap on what the buyer will pay. I don’t have numbers on-hand, but trying to move a majority of a company’s stock (buy or sell) can cause crazy swings. When I worked in hedge funds, it was a thing we worked around. Our larger trades would execute over the course of a day or several days to minimize our impact on pricing.
At 10%, many shareholders will feel that their risk-adjusted returns on the stock would do better than the buyout.
30% is likely below the costs to acquire a controlling share on the market, and above any reasonable belief in risk-adjusted returns for shareholders (barring exceptional companies).
A lot of it is wishy washy because it’s based on math, but math with presumptions baked in. How much do shareholders think their stocks are worth? How much would it cost to buy them on the open market? How much does the buyer think the stocks are worth? There are approximate answers to all of these, from which an even more approximate price needs to be determined.
If the last transaction was 30% the board as to explain why this one isn't 30% (either to the buyer if they are paying more; or to the shareholders if they are paying less).
> Maybe I'm missing something basic but that still doesn't explain why it's 30% and not 50%.
It's like tipping. There's no ideal value that can be picked; just agreed normal values. If 30% appears to work most of the time then that's probably why it's used.
Is there a way to search for lawsuits from shareholders when the price per share of going private was less than 30%? There's probably no mathematical model here but more a way for the sale to insulate itself from getting dragged into litigation.
If everyone does 30% it quickly becomes what "you should do" and anything lower is looked at with suspicion, and anything higher is suspect from the other side or a "what do they know we don't" viewpoint.
In many transactions, being like all the other ones is the way to go.
The other replies explain the 30% with circular reasoning and I don’t find them convincing, so here’s a more absolute and testable hypothesis: at the average rate of S&P500 return adjusted for inflation, 30% is about 3-5 years of investment. What if that’s the average period of investment (i.e. time between buy and sell) for a typical retail investor for any given stock?
If that’s the case, 30% is the minimum premium at which not only are you speedrunning returns for existing investors, you’re also doing it for the average person who was going to invest in Squarespace today.
I thought about that too, but realized that it is double counting the returns. If you look at the Discounted Cash Flow (DCF) method for valuing the company, the current value of the company is already the sum of the discounted cash flows from the future. i.e. the next 3-5 year returns are already priced into the pre 30% hike value.
DCF and other tools to value companies make sense when the valuation is somewhat stable, but the real world often isn't. MSFT was worth $1T a few years ago because the world presumably expected $1T in profits over the lifetime of the company. But OpenAI came around and suddenly they're worth $2T. It wasn't because their lifetime doubled, it was because most people perceive AI as a major advancement. I believe this is the primary thrust behind the S&P500's 7-10% annualised returns in the last 20 years because most of the gains have come from the top.
Good effort to think outside the box but this is just an “acquisition premium”. Nothing to do with the public markets. It is a very well know concept in the M&A world
It’s a “control premium”. The way the theory explains it is that you are making an offer to acquire control of the company, so you pay a control premium above what others are willing to pay on normal transactions in the market.
In practice, how big of premium the acquirer pays is influenced by considerations specific to the history of the company, the shareholder base, its share price history, etc.
…but theory and practice do link together, and you can trace the historical trend of control premia paid have changed over time, or even how they change from country to country.
I have seen the same. There's likely a sort of "market price" effect here. If everyone is doing it, you should do it too. Some premium over the stock market price is expected - you are buying out all shareholders, not just the ones who want to sell at the current stock market price - but you would not expect "flat 30-40%" to be the premium.
It could be that is the number we always used, and deals seem to get approved with that number. Anything less might be questioned as not enough premium since there is precedent for a 30% premium during a buyout.
There is a baseline trading volume that still expects to have access to the stock. As you buy more stock, less stock is available to buy, driving up the price.
This is not the case because these deals are done privately to the board. Once an investor cross the 5% mark they have to file and companies may adopt a poison bill without the boards blessing.
buyers and sellers have a range of values where they are OK transacting, and historically those ranges has tended to overlap at the 30% point more than at, say, the 15% point
because of those precedents, taking anything below a "standard" premium opens the door for shareholders suing the board for a breach of their fiduciary duty, arguing they should have waited for a better offer. it's a bit of a self fulfilling prophecy. pay more than 30% and the buyers' shareholders will argue the same
which is not to say there aren't 10% or 80% premium transactions, but there's a higher bar to be met before everyone is willing to go outside of the 25-40% premium range (my own numbers)
Imagine ranking all the shareholders of the company. For each, you've asked them how much you'd have to give them to convince them to sell.
At the top of the list would be the one who is the most interested in selling, and thus is willing to take the lowest price. At the bottom of the list would be the person who is the least interested in selling, and is demanding the highest price.
In order to buy one share you ask the guy at the top of the list. But to get the whole company you need the guy at the bottom of the list to agree too.
That's definitely not a perfect analogy at all, there's more subtlety than that. But it accurately describes the underlying dynamic.
For the stock market quote, you're always talking about the guy at the top of the list.
But I think you’re spot-on. If someone owns the stock, usually it’s because they think the company is worth more in the future than it is currently.
And you need to convince the majority of the shareholders to sell it to you now.
So you need to take into account their expected future value on holding, and give them a reasonable risk-adjusted premium for that expected future value of their shares.
just works out to be a socially accepted level where the board has no choice but to accept the tender offer i guess. but nothing stopping it being 40% or 10%.
Becuase it is the one that the system has evolved to consider the rule of thumb. The equilibrium appears to be 30% above asking and, and least local to our time period, appears to be stable.
Great-Grandparent> most M&A transactions trend to have a 30% premium above the trading price. I [...] could not find a good explanation to why
You> It’s probably just a good rule of thumb.
Me> But why is 30% better than 15%?
You> The equilibrium appears to be 30% above asking
I still don't understand how that's supposed to explain why 30% is the stable value, instead of another, as the GGP was asking. How does what you are saying add anything more than "It is what it is" to the discussion?
The point poorly expressed is that public markets transactions are highly scrutinised, and it is easy for shareholders to be highly litigious toward the directors.
The directors therefore have a strong incentive to only accept offers at a normal premium to current price, which seems to be about 30% by back of the cigarette packet maths.
Bidders therefore have an incentive to bid around 30% so their bids are more likely to be accepted.
The key thing is an incentive to avoid liability and get deals done. If the equilibrium was 80% then bids would be all at 80% and there would be less of them.
Sometimes complicated dynamical systems have equilibria that just are without a known reason. I can see that once 30% gained a bit of traction is just coalesced into an equilibrium. The common decision making analysis of just looking at what others have done and basing your decisions on that mean that things evolve to wherever “monkey see, monkey do” gains traction.
Not every number has to be derivable through some kind of formula. Realtors tend to take 6% as their commission. Why not 6.5%? or 5%? The answer is that sometimes they do, but it's just traditionally by default 6% unless one or more parties chooses to negotiate it. There's no math.
Remember that shareholders are in the stock because they expect some type of risk adjusted return. 5% is out because that's the risk free return. 7-10% can be gotten with lower risk by index investing. 15-20-30 we're starting to get into a range where the investor is willing to part with their stock given the risk they took on. 30% tends to be enough to get everyone to sell. If it was a hot, fast growing company, it would be higher - if it was possible to get everyone to sell at all.
I can see the other things but "Apple home button scandal" either does not belong in the same league or there might be something I do not know about. Can you expand a little bit on your thinking?
When Apple introduced a fingerprint unlock in the home button, it wanted to keep the fingerprint scans secure. The security chip that stores the fingerprint scans needs to verify that the home button's fingerprint scanner is trustworthy, to prevent man in the middle attacks.
However, when an unauthorized or unofficial button is used as a replacement for repair, the phone will permanently brick itself. No warning is given that the fingerprint scanner's trustworthiness can not be verified, no ability to just use the phone with the fingerprint scanner disabled. Just straight to a permanent bricking.
IMO it wasn’t nearly as egregious as the other examples. I only defend them because they didn’t do this when you replaced the screen etc.
You don’t want phones to work if someone swaps out that specific piece of hardware without your knowledge. Bricking the phone forever makes it harder for people to find back doors around that security feature as they would risk large numbers of expensive phones. Presumably people developing replacement fingerprint readers would notice the issue before most customers where harmed. Further, anyone actually harmed would have gotten hardware from an very untrustworthy source.
They reversed course after a backlash, but I can see an argument for them standing their ground on this one.
As a user, that’s what I’d want it to do. If someone is trying to bypass the fingerprint sensor by replacing it because they know that’s where the authorization is stored, that’s exactly what I’d want the phone to do.
The fingerprint scanner is just a scanner, it doesn't handle authorization, that's what the security chip does. The scanner has two ways of communicating with the security chip. It can authenticate itself with the chip, and it can send the chip images of fingerprints.
If a compromised scanner fails to authenticate, then the security chip can just ignore the scanner. Not much it can do if its only avenue of communication is cut off. A warning message telling users to not touch their compromised fingerprint scanner would have been sufficient.
You are assuming it is fine to swap authentification hardware for incompatible parts? I guess this is from the spirit of "right t repair". While I get the idea in princple, I still think going dark is the best option you have if essential hardware was apparently tampered with. Find a back-alley smartphone shop which at least swaps your FP reader with compatible hardware. But if someone gained access to my phone, and put a piece of hardware in which is not recognized by the OS, I want it to stop right there. That doesn't feel like bricking, more like a security feature.
This attack scenario doesn't make any sense. If your phone is out of your sight and unsecured for long enough to take it apart and replace the fingerprint sensor, it's unsecured and out of sight long enough to be entirely replaced by a clone that will steal all your credentials and send everything to whatever bad guy you are imagining
And it won’t work anyway because the phone will detect and reject the sensor and just fall back to PIN authentication which is how it worked before the update
Ah, I see the use case now-where you get it replaced by a 3rd party or buy a stolen phone, do you want it bricked by a software update? I don't know. I don't know that I care much about that use case TBH.
What I don't want is this: someone steals my phone and then replaces the fingerprint sensor and has access to everything, including the ability to reset and resell the phone.
That’s not possible anyway because the phone can detect and reject the replacement sensor. If it couldn’t then how would it know to brick itself? Instead it should just fall back to PIN authentication, which is actually more secure and how it worked before the update
You want your own phone that you paid money for wiped and bricked remotely at random without your permission while you’re using it for no security advantage whatsoever (since it can just fall back to PIN authentication which is actually more secure than a fingerprint) until you give Apple money to “repair” it?
It was funny to see everyone with a very expensive phone just moving around this fake button everywhere on their screen because their physical button was not working.
But then people stopped finding it funny.
Because Apple said it was a hardware problem, and said the fix was to buy the next iphone generation.
However, a few weeks later, jailbreak iphone received a patch from the community fixing the home button problem, showing not only that it was a software issue that was easy to fix, but Apple just conned their entire customer base.
I think you have a point but part of this was self-inflicted. Instead of knowledgeable salespersons who could help with the purchase, the stores tried to cut costs and replace them with lower cost people who did not know/care as much. If they reverse this trend I think the malls can come back.
Most of what malls around here have are clothes, just a few tiny shops and a supermarket (food, etc.). Considering there's not much choice in elecroics etc. in the first place, and most of the stuff is just clothes, I don't really care about the salespeople, I just wan't the shirt and shoes, pants, etc. to fit. A large t-shirt in C&A fits me perfectly, but in Primark the XL model is too short, and I need an XXL slim size. If i buy nike sneakers, I sometimes need one or even two numbers larger shoe than with other brands (adidas, reebok,...).
Buying online has been a pain and in case of cheaper stuff, a waste of money, since returning a 9eur shirt meant driving to the post office, packing it up, paying postage to return and wait for a couple of weeks to get 9eur back after spending 10eur to ship stuff back.
Looking at it again, it's not that long, but yes, it's a cool look into highbrow journalism from a time long gone by, and nice of The Atlantic to expose a bit of their archives online.
Pretty straightforward. The current value of the company is the Net Present Value of all the future expected cash flows. Basically you can take the money Apple will make in 2024, 2025, 2026 ... and reduce them to today's values by discounting with the interest rates: pretty much divide by (1+r)^n. Since Apple already makes a ton of money each year it is valued pretty high. Nvidia on the other hand has to GROW its earnings a LOT to justify its valuations.
I am not an expert in this space but dabble a bit. This comment is spot on. AMD's software is pretty bad and NVDA has captured all the developer attention with CUDA and is the basis for lot of the frameworks people use. It is not a trivial advantage to break. I do wish good luck to AMD.
