Slashdot Mirror
AMI Introduces 'Trusted Computing' BIOS
An anonymous reader writes "American Megatrends announced its 'trusted computing' Palladium BIOS on Jan 6. It seems that the encrypted BIOS' integrity will be verified by a special chip or flash ROM, and will in turn verify the 'authenticity, integrity and privacy' of the boot loader and the operating system. Does that mean such machines may refuse to boot any other non-'trusted' OS? After all, the list of supporting corporations include AMD, Intel, IBM, and HP, of whom we heard quite favourable statements about Linux (just for example -- *BSDs will be equally affected) so far."
If you read the Inquirer www.theinquirer.net , they cover this announcement.
A representative from AMI explains some of the ideas behind the Trusted Computing initiave.
This will go a long way towards the war on terror. Terrorists wont be able to install and use unauthorized OS's. This could potentially save thousands of lives.
Does that mean such machines may refuse to boot any other non-'trusted' OS?
I'm pretty sure it won't. For now it'll just not have a trusted signature, so no access to Palladium-protected content. But I'm pretty sure that's the bait of a bait&switch operation...
Kjella
Live today, because you never know what tomorrow brings
If you have a palladium processor and palladium motherboard, hard drive whatever, you arent going to be limited to a palladium enabled OS, you just wont be able to use the benefits of a palladium trusted environment. So said microsoft anyhow.
People who think they know everything really piss off those of us that actually do.
Yes, TiVo is trying to play this game with their series 2 and DirectTiVo, it works against most people, except those who have no fear of dead hardware :-)
...the first "trusted" bootsector virus appears?
how much do you want to be that there are jumpers that will let you bypass this thing?
or if there's not. It's a simple check, shouldn't be too hard to force it. Mod chips for our PC's are going to be mainstream soon! (ugh)
Does this mean that *BSD is dying?
If it's true to spec, it will load anything. Just not in the trusted mode.
Comment removed based on user account deletion
This could as easily be for military computers as well as the great unwashed. So I don't think we will be seeing these in home PC's just yet.
Not only that we don't know yet what OS they will work with. So lets not start doomsaying until the first of these are out and there is proof they refuse to run certain operating systems.
--Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
It seems that the encrypted BIOS' integrity will be verified by a special chip or flash ROM, and will in turn verify the 'authenticity, integrity and privacy' of the boot loader and the operating system.
Going by the above statement, one could interpret it as meaning you need a digitally signed bootloader... is this going to be a problem? (OSS that is).
"American Megatrends" appears to be an anagram of "reincarnated smegma". Just felt the urge to share that,
Modest doubt is called the beacon of the wise. - William Shakespeare
From what I understand, yes but I may be mistaken since I'm working from a hazy memory here. I believe it can be turned off just like DRM. I would imagine that Windows (later versions) probably won't run without it turned on.
Of course, it entirely feasible that one could be running a Linux distro that has jumped through all of the hoops to become certified "trusted".
So, with my limited understanding, I think of this thing running the BIOS through a one-way hash and comparing it to what's written in stone on NVRAM.
Doesn't this mean that you cannot upgrade the BIOS?
Or, that any "upgradeability" is tantamount to leaving a door open to unauthorized "upgrades" to the BIOS?
TIA.
"Provided by the management for your protection."
You buy a computer with your hard earned cash but yet, you cannot take full advantage of it since it is controlled by someone else.
To add insult to injury, you pay for the privilege of being abused (controlled). What a wonderful deal, NOT !
AMI can take their Trusted (controlled) computing and shove it where the sun don't shine.
I pray no one will buy this crap.
Why would such protection be necessary? And who stands to benefit from this?
--
Adobe's anti-counterfeiting softw
The original Palladium spec calls for a trusted machine to only allow trusted access by trusted operating systems. This means Palladium-encrypted code won't run except under a Palladium-rated OS. If the OS isn't trusted, then no Palladium-enabled programs can run.
This will mean that WINE will be useless for many future Windows apps, especially those dealing with multimedia. It also means future versions of Windows will be written specifically to defeat applications like VMware, so as to not violate the security.
These are bad, though they don't prevent one from booting a non-Palladium-enabled OS and using alternative applications. What I keep worrying about is the TCPA *2.0* specification. The original spec allows an alternative to a "trusted" platform, but future specs may require a PC boot a Palladium-enabled OS -- or none at all.
Also, conceptually, this will still not solve the trust issue, as someone could still open up their case and replace their BIOS chip.
Most of us build our "seats of trust" on human relationships, like our family and friends. Oh, and these guys, too.
Nothing is so smiple that it can't get screwed up.
Will there be hardware produced that is locked to specific operating systems?
Will it not be able to bot multiple operating systems?
I know those companies mentioned have supported GNU/Linux so I doubt they will start making strictly windows only hardware. But what are the immediate effects we can expect to see when this becomes a little more prevalent?
And what will be the long term effects? Will I be able to boot the Hurd when it's released?
This is left as an exercise for the reader.
Comment removed based on user account deletion
You've just lost one customer, from this point forward, no matter how difficult it may be for me to find other products, I will not buy ANY hardware that contains a BIOS made made by your company.
WHile this may not seem like a big deal, I _am_ in the market for a new system, and have a decent budget to do it with.
"See, we plan ahead! That way, we never have to do anything now."
No lilo/grub/whatever for you! Unless distro vendors will somehow manage to sign their binaries. For dual-boot you'll need to resort to diskettes or other such sillyness.
This is a total troll.
I honestly don't understand the value (or perceived value) in having this.
My beliefs do not require that you agree with them.
Is the TPM based platform limited to a particular operating system or microprocessor?
No. The TCPA specification is designed to be platform and OS agnostic. The TCPA specification is not limited to a specific platform, OS or CPU.
The specifications are available for download free from trustedcomputing.org - Any linux distro should be able to take advantage of them.
Its up to you to decide if you want to trust it or not, but that's what their website states.
AMI Introduces 'Trusted Computing' BIOS!!! more like celda
...but does this mean *BSD really is dying, and all those trolls have been right all along?
Well, we may get the supply - but will there be demand? Somehow I'm not so sure on that.
Besides, how much unbreakable security now lies broken? If Palladium does become a hot fad, it's going to cool down quickly when people find cracks/workarounds - as you know they will.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
Comment removed based on user account deletion
Raping-his-mom funny, but maybe that's just me.
That's it. A remote site can know whether or not you're running a trusted (IOW "unhackable") OS/apps. If you do, they'll send you decryption keys for playback and be reasonably sure you won't intercept them, store them permanently etc.
Just follow this little (hypothetical) chain of events:
/dev/null of the computing industry, the OS community is going to need each other to maintain a DRM-free computing zone. Open source, open protocols, open formats, open beer.
1) BIOS on new motherboard will only go into "Palladium-mode" if you're booting a "trusted" OS. For the time being, you can still run linux, but it won't have access to any "Palladium" features.
2) If you're running a "trusted" OS (eg. MS Windows UY [Up Yours]), the OS can hit the 'Net and automatically download and apply updates to itself. At some point, it could quite easily detect the BIOS on your system and apply an update so that...
3) The BIOS will no longer boot non-trusted systems. Also...
4) The OS could download a new protocol stack that could render it inoperable with other protocols. An entire new Internet based on the MSOY/BO (Microsoft Ownz You/Bend Over) protocol could spring up almost over night. MS-only network services, online shopping, etc.
Is any of this likely to happen? I don't know. But it would be possible, and I'm not sure I trust Microsoft not to try it. Even if Open Source doesn't relegate MS to the
bytesmythe
Hypocrisy is the resin that holds the plywood of society together.
-- Scott Meyer
These are things that we should try to keep everyone we know from buying. Hopefully it will go the way CPRM (for IDE drives) went. Yes I know its still there but the manufacturers are a little bit gun shy about introducing in a public fashion because of the uproar that they caused last time. I know slashdotters are pretty tech savy people but let's try to educate the rest of the world. A disaster would be if they ended up being silently shipped for a little while, until they attained critical mass, and then someone threw the switch and disabled our boxen (or at least the boxes that have their freedom still intact).
Restore America: Dr. Ron Paul for President!
I've heard predictions that as the price of computers drop, the general use PC will be replaced with many specialized computers that do specific things like play media, run office type applications, E-mail etc. They can be user-friendly, but are not as flexible as a PC. I think we are already seeing this a little with TIVO, PS2, x-box, some of the net-appliances.... I think most PC enthusiasts won't want to accept this, but non-technical people might. And these products will lend themselves more toward a trusted-computing model
I guess Microsoft gets sole control of the 'trusted' keystring. Anyone else using it without paying them 'licencing' fees for it will be in violation of th DMCA. So sure, you can have Linux on your computer, but doing so will be illegal because our friends at Microsoft will refuse to sell out their keystring to make Linux legally bootable. Brilliant. If you can't out-compete someone, change the standard to tighten your monopoly.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Can you say www.apple.com/switch ???
"The BIOS then verifies the authenticity and integrity of the OS loader and the OS kernel and then passes the integrity tokens that say the PC is a "trusted entity" to the operating system."
What a load of crap. WTF problem does this actually address other then the fact that it would keep the M$ monopoly alive.
AMI SUCKS...
I think this reminds me of the situation with the CPU IDs in the Intel Pentium processors. I have yet to see a BIOS supporting such processors without the ability to disable the serial number.
I suspect that the "trusted computing" features will be similar it its ability to disable such things. It will be required of virtually every motherboard manufacturer who wants to compete. I can't imagine hardware manufacturers being pressured into making a palladium only system.
This will go a long way towards the war on Open Source. Consumers won't be able to install and use unauthorized OS's. This could potentially save thousands of dollars.
That's one type of motherboard I won't be buying.
Malike Bamiyi wanted my assistance.
Encrypted Chips are found in mystery cookies.
Great .... so how determines which OSes are "trusted" (and how much of a kick back do "they" get)?
... and lets say that I only have 1 windows machine and one linux machine ...)
... and what happens if you try to boot a "non trusted" OS ... is it like an ATM and does it eat your hard drive?
.... but I expect change this time!
But even more importantly, whay happens if my board dies and I have to load the disk into another machine to get the data off of it (
What is the point of this??? If ou have access to the hard ware, you can steal what is on the disk!!! Do what Nike would do if they were a computer compnay: Just mount it!
Just my $0.02 cents
HallmarkOrnaments.Com
may have been right! And to think, I ignored his "The End Is Near" Sign. =P
Not more than you need, just more than you want
Does that mean such machines may refuse to boot any other non-'trusted' OS? ...
After all, the list of supporting corporations include
of whom we heard quite favourable statements about Linux
I sometimes wonder if 'Slashdot editors' get paid enough.
Regardless of whether or not Palladium will lock you in to running specific approved operating systems (not likely if they actually come through on what they originally said), computer sales are sliding as we speak. By the time Palladium-enabled hardware becomes available on the consumer market, virtually every household able to afford a computer will have one already. From my personal experience with most family folks, a computer is more of an appliance than anything else to them, so I doubt they'll fork out another $2-3k on some new machine when what they have already does everything they want. Same reason why you still see old cars from the past two decades being driven around. Sure, they don't have all the spiffy new features of the latest-and-greatest range of cars, but they get passengers from point A to B, and that's all they care about.
The only market I see this making any impact on is PC-based boxes that are used in a tivo-like capacity (ala WinXP media center edition), since those aren't very widespread right now but slowly catching on.
That's from my journal (here).
I wholeheartedly support making this information more public, but I'd like to have the sympathy for my plight. Michael is a prick and a hypocrite, and if he could get over the tension between him and that psychotic fruitcake Seth, they'd have a wonderful relationship.
Also, if you crapflood with my stuff, that won't be cool.
First it was jocks saying my penis is bigger than your penis, now it will be geeks saying my bios is better than your bios.
I just thought about this a bit more and...
Say someone is running a certain email program
and a 12 year old writes a script to exploit this mail program
his exploit does nothing more than pad the kernel with garbage
The original hapless individual shuts his computer down
When he powers it up the next day, it refuses to boot as the kernel has been modified
since his hard disk is encrypted he can't retrieve any of his data from the system, nor can the tech he brought it to...
So he smiles, reinstalls and rebuilds all the work he just lost, as a backup isn't anything he ever thought of making.
Give this a year or two and we'll see IBM make a push to bring reliable, centrally maintained machines into workplaces.
BIOS starts...addressing the TPM chip that verifies the authenticity of the BIOS.
What good is it for the BIOS to verify itself?
If it's not authentic (i.e. compromised), would it really bother to address the TPM chip at all?
"It's a very tangled subsystem." --Windows kernel guru
No. It just means the bios would have to be digitally signed by a trusted party.
'nuff said....
AMIBIOS8 features a revolutionary Windows-based development environment, Visual eBIOS, and number of tools and utilities to ease and speed BIOS project development.
omg, the BIOs is made in a windows enviroment.......what is this world coming to!??!?!?! But does this mean we can buy (or kazaa) BIOS development tools? *grin*
Comment removed based on user account deletion
According to US patent 6,327,652 that is indeed correct-- unsigned code simply doesn't get any access to secured data, and may not even be allowed to run on the same desktop as signed code. If the boot sector doesn't pass the BIOS's signature check, it's not given access to the machine private key, and therefore can neither unlock locally stored encrypted content nor pose as a trusted system to other machines on the net. The only bait-and-switch here is the possibility of a concerted push by software or content producers to require a trusted runtime. One minor wrinkle is that this will require boot-selector programs like LILO to either be code-signed or be unable to properly boot signed operating systems.
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
Comment removed based on user account deletion
Companies like PC Chips have stolen their BIOSes in the past... this is a perfect way to protect their code while gaining support from developers.
Good move, I say.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
this is IT people, this is every nightmare you've ever had about losing your personal freedom, coming true.
First, they'll control your computers, next your entire life.
paranoid? maybe, but I really, REALLY cannot accept that ANYBODY, OTHER THAN ME, can tell my computer what os to boot or programs to run... this is an outrage.
I thought palladium was far off, and might not happen, and now it has.
what can we do? any groups campaigning against this we can join etc?
Machine9dotNet
AKA
Demarcates Renaming
I told AMI (link in the article: marketing@ami.com) that I don't think of this as a "feature". Computer manufacturers have backed down on much less invasive technologies (Pentium III's unique ID, for instance) before; I'm still a little bit hopeful that with all the competition in the mainboard scene we might be able to convince manufacturers not to adopt consumer-hostile technology like this.
Can LinuxBIOS be an alternative ?
http://www.acl.lanl.gov/linuxbios/index.html
(just for example -- *BSDs will be equally affected) so far.
So does this mean BSD is dying yet?
(sorry, had to)
What kind of implications does this have for pirated software? Are we going to see validity checks for OS software?
Forgive my ignorance, it's too close to some companies' attempts to have 'validation' chips for music and DVDs, etc.
Fear is control
The minute Palladium is up and running on these boxes, watch for manufacturers to go "WinModem" only: meaning BIOS's that only boot Windoze.
Want to boot FreeBSD, so you played around with the BIOS? DMCA days "Go Directly To Jail, Do Not Pass SourceForge, Do Not Collect $200"
If it can only run operating systems that can be trusted, how the hell am I going to be able to get it work with Windows?
Ergonomica Auctorita Illico!
Comment removed based on user account deletion
If anyone is good with FPGA's and wants a project,
I could really use a DIMM which is USB
readable to hack this Palladium stuff.
Palladium as I understand it has NO APPLICATION for content protection. It's not a DRM system. It's a security function so that your hardware knows what it's doing. It will provide a level of security between applications, the OS, and hardware.
.wma files? Right. I'm impressed. This is the second +5 Troll I've seen from you :p
So that level of security won't allow a trusted application, say WMP, running on a trusted OS, say Windows, running on trusted hardware, say a DRM-enabled soundcard, to control what you do with those
Kjella
Live today, because you never know what tomorrow brings
Don't quote me on this though. I did read the spec, but I'm not quite sure I fully understand it.
Does this mean that I need to buy a small stash of motherboards and CPUs that are on the shelves right now? Before all new motherboards refuse to boot if you want to avoid all of Microsoft's products?
I think there might end up being "Windows PCs" that will have motherboards that support the Palladium standard and then "other PC's" that won't. When you want to build a box for linux or BSD or whatever else, you'll have to buy the "other" hardware instead of Windows hardware. If there is enough profit in it, somebody will make it.
If this takes off it will mean the end of independant developers. Simply stated, you can have a trusted OS and a trusted application but if some untrusted programmer is allowed to access the restricted hardware then the security is blown.
This means that such a system can only allow programs written by trusted programmers and we all know this means that M$ programmers will be able to write code but you and I won't be allowed to.
Looks like the end of our careers guys.
Is Oracle, BEA, IBM or any of the OSS projects going to do this? For what? What value is brought by wasting time and money implementing a strategy that has little or no benefit to the customer?
Bah, this is a scarcely concealed attempt to appease the media giants (the people who FUND RIAA). Lack of customer interest will likely cause this to fail.
But what do I know? My company (who's in a "budget crunch") burns enough cash to single-handedly cause global warming, and we're profitable. Whatever, I'm going back to Oz where things make sense...
Computer Science is Applied Philosophy
I run OSX and Linux on PPC machines. I do not miss the world of the paranoids in Redmond.
I don't need a 4 gig chip to type a paper or Photoshop a picture of Rumsfeld and a goat.
Frame rate for games? Got my PS2 for that.
photosMy Photostream
"Provided you only use Palladium-approved hardware. And applications. And operating system. And you don't want to make your own software. Or MP3's."
Only a terrorist would NOT want Palladium. And playing MP3s contributes to the Axis of Evil and terrorism.
are possible right now, with no TCPA and stuff. But somehow they're not very popular.
mandating arse creme
Modest doubt is called the beacon of the wise. - William Shakespeare
Please bear in mind that what follows is all hypothetical. It's an idea how a hardware-based "trust" platform can be used by "consumers" for their own good.
Imagine you want to go into an internet cafe to check out your mail. You have to enter your account information (username and password) using a computer that you do not control physically. This means - on current day platforms - that the computer might work against you without your knowledge - you can't really trust it. For all you know, there might be a keylogger on the computer, or some other software that could allow somebody to read your mail without you noticing it. This is a problem, and it could be solved with a hardware solution.
You need a small device that _you_ control physically (a smartcard?) that can connect to the computer and perform a trust handshake checking whether the computer runs an operating system that you trust (Windows, Linux, *BSD, it doesn't matter - you should get to decide). It'll give you an okay signal if the test passes. If it does, you can be very sure that the computer you are using doesn't work against you. IOW, you can be very sure no keylogger or similar is installed.
Obviously this is a hypothetical idea, and I'd be really surprised if that was what the big players of the TCPA had in mind. But it shows that the technology behind the TCPA isn't all evil, it's the people who use it. (Yes, that should have been a no-brainer)
Again and again MS has accused the Open Source movement as being anti-capitolist.
But the more I heard about Palladium, and "Trusted" applications, and creating a standard that forces palladium on consumers.
The more I realise the strategy of protecting the corperation from the consumer is what's to blame.
Again and again laws are created that assume all consumers are criminals, and that companies need to be protected by the government.
I guess you have to ask yourself.... is capitolism failing us? Or is the spirit of capitolism gone, and it is we that have failed capitolism?
--zuchini
(No I'm not a communist)
if your mother had been killed by a terrorist if you would joke about it so casually?
It's now official, I will never buy another motherboard with AMI bios!!
On the otherhand I'm finished with consumer grade computer hardware.
"I bow to no man" - Riddick
Please forget that you ever read this story. Pay no attentiion to the man behind the curtain.
This information is provided on a need to know basis, and we are the one who determine if you need to know it.
Whenever you try to even think of this story, your mind will be obscured by pr0n instead.
Have a nice day.
"It is a greater offense to steal men's labor, than their clothes"
... flash memory that contains the "TPM" ...
You cannot contain The Phantom Menace! (tm)
Let me know when they have a patch which bypasses this flaw.
Thank goodness for the filthy old untrustworthy BIOS on my current motherboard.
A feeling of having made the same mistake before: Deja Foobar
1. Input
2...499. None of your your damn business
500. Output
"Trusted computing", hah! Sure, the apps might trust each other and the system, but I won't!
Just what does "trusted" mean.
Now wait a sec, I'm not being antagonistic or stupid.
Typically, "trusted" means something along the lines of "here's some code, I trust that you'll do the right thing". When the hardware people and software people get together, you really can have that happen. Software can go get a video stream and save it in such a manner that it can only be played in a trusted manner.
I'm not a hardware vendor. But I do know some tricks. Some college kids with a few oscilloscopes and fast FPGAs are going to go after that 300-500MHz system buss (really, only the address lines, which move 2-16x slower matter) and tweak with the hardware. Suddenly, you have the hardware that thinks it's trusted, but on occasion is able to write data where it doesn't think it is. Maybe you detect it, maybe you don't.
In order for consumers to do this, it must be transparent. Performance must be equal or imperceptably lesser. What this means with current hardware is an encrypted file on the hard drive gets decrypted and temporarily dumped to memory -- WHICH CANNOT BE TRUSTED -- and then played on the hardware.
Follow this example with any other application of "trust". Any time data leaves a chip, observation is trivial. Capture is trivial. Fiddling with it and making it still look authentic is harder, but possible.
Is this going to stop video pirating? No, all you need is one person who can capture the stream. Audio pirating? No, we'll still get that one person to capture the stream. Account numbers? Now there's the rub. A good programmer will be able to keep all that stuff on chip. Except when an OS gets busy and swaps data off chip (encrypting it beforehand? can you imagine an encrypt/decrypt function in a context switch?). But, maybe context switching is blocked when you have private data (context switching blocked while you type in your password? multithreads are so pervasive and important to performance).
This is going to do three things:
1) Stop casual pirating. You know, the kind of person who says "Can I borrow your copy of Starcraft, I want to see if it's good enough to buy".
2) Fair use. Archiving data for which a licence is legal, current and paid for.
3) Make consumers really notice when a system comes along that gives them rights. Sheep don't notice when rights get taken away slowly. When they suddenly get a pile of them, it matters.
when even one of the original authors of the spec has serious concerns about it: tcpa concerns
"Weapons should be hardy rather than decorative" - Miyamoto Musashi
I think that goes for OS's too
Phoenix (and remember, they ate Award too) is hardly any better (not to mention their product is miles buggier than AMI at its worst). They're the ones who pioneered the concept of advertising in the BIOS.
In fact, a couple years ago Phoenix was throwing around the idea of an internet app in the BIOS that would auto-download both advertising and BIOS/OS updates (now, what if an update includes the latest upgrade to CIH??)
I hate this "trusted BIOS" idea, and it appalls me that it comes from AMI, which until now had been a sensible company. Unfortunately, the alternatives are likely to be worse.
~REZ~ #43301. Who'd fake being me anyway?
There are variations such as this: http://prices.cclcomputers.co.uk/specs/backup/usbd rive.htm
that actually use "real" RAM and a battery to maintain state, if it's critical that it not be flash-RAM.
The wheel is turning, but the hamster is dead.
As soon as the PC powers on, AMIBIOS starts a fairly complex process. The BIOS boot block addresses the TPM chip that verifies the BIOS authenticity itself. Then BIOS proceeds to verify the authenticity and integrity of the OS loader and OS kernel. Finally BIOS passes the integrity tokens, that identify that PC as a trusted entity, to the OS.
And just how long is this "fairly complex" process going to take? Just when PC BIOS's were started to get faster, it's time to take a giant step back. Maybe we could go back to the manadotory RAM check too.
It's the end applications that counts. *It* won't run unless it's running on a trusted operating system which in turn won't run unless it's booted by a trusted boot loader which in turn won't run unless it's on trusted hardware. As long as there are enough applications that don't require this trusted environment then there will continue to be a use for Linux. Don't give up the apps! Free the apps!
It'll even have it's own installer: fdisk /mbr
Microsoft is not interested in your security. Microsoft doesn't even much care about their own security, as long as the license is already paid for. They only want to make money and lock you into long term deals. The massive and drastic tactics by Microsoft to lock consumers into their platform indefinately is because there is actual competition (Linux, and an invigorated Macintosh) now. It is so plainly obvious that it stuns the senses.
History should already be telling the world never to trust anything from Microsoft.
computer, mobo & chip manufactures are not interested in limiting the number of uses for their hardware.
they are interested in gaining the ability for evil media industry DRM systems to run on it increasing their hardware sales.
no worries, they won't be preventing you from running a different OS on the box. it'll only prevent other OSes from having access to DRM features so that they won't be able to use DRM protected content.
When I recently bought a laptop, the thought crossed my mind several times: This could be my last free-as-in-speech system.
;-)
As long as 1.7 GHZ is a decent speed for Linux-type software, I'll be able to run any software I like, even after the commodity PC's start dis-trust-ing me.
I prefer to have my computer to be a slave to me, not the other way around
Well, I am worried about the development too, but at the same time, I think we must realize that no matter what they throw at us, someone will crack the protection.
Ultimately, the entertainment industry will only be able to control individuals who allow themselves to be controlled.
The rest of us will actively seek solutions that remove us from the evil claws of "Digital Rights Management", or rather "Consumer Ass Ramming" as it should really be called.
They can encrypt and protect all they want, but someone will come through. Someone will work constantly on giving us our rights back - even if it means doing so illegally.
If it becomes illegal to have control over one's own system and play off whatever one pleases, I will stand in line to break the law. Constantly. The more they try to control me, the more I will break laws.
I am not saying that people's concerns about violated rights to control one's own system is not justified. I am just saying that we will prevail in the end. With the incredible amount of brainpower available to those with a liberal mind, the entertainment industry may win over the sheep who do not realize what is happening, but they will not get the ones that don't want to be ass-rammed.
Sorry for the rant, but hopefully someone else agrees that the fight is far from over, and no matter what they tro to do, we will continue to fight...
Clever signature text goes here.
So does this mean that my SoundCard will need Palladium as well?
Reasoning being that quite a few, if not all, expansion cards have their own BIOS which gets executed at startup to "mingle" on the pci/isa/etc bus.
And... what's to prevent someone from writing a wrapper for Palladium which allows arbitrary code to be executed from within Palladium authenticated code?
Winged Power Photography
*knocking on door* "Hello" "Yeah my name is Agent X and this is Agent Y we are from Microsoft's Anti Piracy Unit" "Well what do you want" "We Understand you ware watching Back Door Anal Sluts 9 on your parents computer" "You Guys are fucked up" "Can We see your computer sir" (Realizing they had made a mistake while looking over the computer's contents because the man is a Buhdist) Just proving that nothing is fool proof, and shit happens.
---
Intrastructure paid for by the largest fraud in US history, "the dot-com's"; can anybody say bankruptcy.
This technology is intended to support the TCPA 1.0 specification for "trusted computing". What "trusted computing" is supposed to mean is that if a file has a label on it saying "don't copy me", then it is in principle impossible for the user to copy the file (other than in the ways permitted by the digital "rights" management label).
Once you understand this, you'll see that the purpose is quite clear: of course boxes equipped with this BIOS will refuse to boot Linux. That's the whole point; they will be intended only to boot operating systems that strictly support DRM. Each machine will have unique "integrity tokens" which can be used as digital signatures, so that everything you do on the machine (create a document, contact a web site) can be traced. Since you'll have to pay for your downloads on a credit card, this can all be cross-correlated. The integrity tokens will be digitally signed by the manufacturer, so that any action taken on the net by the owner of one of these beauties can, at least, be traced to the original purchaser of the machine. Secret, DMCA-protected protocols will assure that only "trusted computers" can connect to their web sites.
Now, of course, initial implementations of this concept are likely to have flaws that can be exploited by crackers (example: find some way to write a program that replaces the "trusted" OS with a BSD or Linux kernel; reprogram the flash chip to disable checks), but I fear that they will get it right eventually.
At some point, then, the net will bifurcate: there will be a world of glorified DVD players calling themselves computers interacting with restricted network sites, and a world of general-purpose computers interacting with sites that follow standard protocols. Attempts to outlaw the "free world" will not succeed because it will do too much damage, but those who participate in the "free world" will be viewed with suspicion, called pirates, etc. ISPs might be pressured into refusing to connect with "untrusted" machines.
After five years or so, though, I expect the whole thing to fall apart, because countries that don't go along with this brain damage will acquire a technological lead, as the US enters an era where computer science is treated the way that the USSR treated science: dangerous state secrets not to be shared.
When no one buys computers with palladium and no money is made then things will go back to how they were.
I'm sure we will have sources for Mother boards from
Asia that do not use this.
Intel and AMI will only hurt thier own business.
I will never buy a box with this.
This joke is older than SOVIET RUSSIA.
Forget the whales - save the babies.
Okay, my take, based on working knowledge of 'trusted' computing and hardware design (I used to be a support enginner in Intel's server division,) is as follows:
'Trusted computing' relies on the fact that every component is known to be secure. Of course 'secure' is a cagey term, but in this case, it means that the end application knows that nothing is interfering with it. The uses vary, from DRM to financial transactions, to other uses we haven't thought of. But, there are three main pieces in a trusted system:
1. The hardware. The hardware needs to be 'trusted' in that we are certain that there is no hardware tampering or eavesdropping going on (of course, this applies only the the internals of the computer, a packet sniffer, or even a keyboard monitor, would be external, and ouside the scope of monitoring,) and to make sure that the machine is the machine it's supposed to be. This really started with Intel's Pentium III adding a processor serial number. The point of that (as with Palladium) was that each machine could be positively identified. If you had previously made that computer 'trusted', then set it so that only trusted machines could perform a said transaction, we could guarantee that the end user is who he says he is, from a hardware standpoint. This new BIOS is much the same way. Each board with this BIOS will be able to say "Yes, I am the motherboard that was here when this software was installed, so yes, I am the same computer." Obviously, this has implications for hardware failure, even moreso than Windows XP's activation problems.
2. The OS. The OS must have support for trusted computing. It must be able to partition off the 'trusted' applications from the untrusted ones. It must be able to encrypt the contents of the drive, and only allow trusted applications to access protected data, and only allow trusted applications to access the 'trusted' part of memory. (So as to disallow one program from sniffing the program files, memory, or data transport streams of a protected application.) This would probably see alot of use by multiplayer online games, as they could make certain that no third-party applications that reside on the game-running-PC could be used to cheat. (As with some of the 'god map' programs for Everquest.) Again, this does not protect the data stream once it leaves the computer, an encrypted network connection would be required. Obviously, for the OS parts to work, users must log in to the system with a username and password at least. Biometric security would be better, so as to more certainly guarantee that the user is who he says he is.
3. Applications. The entire purpose of 'trusted computing' is the applications. Applications that need to know that the user is who he says he is, and that is done by both the OS and the hardware. As with the game example above, other uses are financial transactions (for example, you could set it so that only your computer has access to your bank account records, so that even if someone stole your hard drive, and your username and password, they still wouldn't be able to get at your data,) and DRM. It makes a perfect DRM vehicle, as now the labels can enforce the one-computer rule. A downloaded file would refuse to play without the original application, OS, and hardware.
The question is if these systems can boot a non-trusted OS? Of course they can! You won't be able to use trusted features (for example, your bank's online account access wouldn't work,) but you could use it just fine for applications that don't use MS' Palladium. Just like the Pentium III's serial number could be disabled, and all you lost was access to the (very few) programs that required it.
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
Let's say the Microsoft Watch is a big success. Go ahead and laugh. They've got the bucks to seed these sorts of things into the marketplace for years. Eventually something will stick. If not the Watch then the MS Clock or the MS Hairdryer or the MS Refrigerator, or something.
Now, let's say you, as a geek, have reprogrammed the thing so that it runs FreeWatch, the oss embedded watch OS that does all the cool stuff you want it to.
The next version of the MS Watch is Trusted. It only runs approved software. It only runs approved services. And if it doesn't recognize the os and the software, it just doesn't run. Of course, approved means approved by Microsoft, or by the Watch Software Consortium. And they'll be happy to add FreeWatch, for $500 million and a 25% cut of the profits.
If you don't think that's the way it will work, think again, very carefully. It isn't Trusted to Microsoft until it's utterly predictable. It will only run MS-approved software. It will only display MS colors. Once it's utterly predictable, then support costs go down, service fees go up, and 3. Profit!
Now, extend that to the PC platform. Microsoft's stated goal is for computers to be as predictible as kitchen appliances. That means they run exactly the way it runs. Support costs go down, service fees go up. Paladium, TCPA, DMCA, DRM, it's all the same. It is to give you absolutely reliable computing. To end hacking, cracking, viruses, tinkering, end-user encryption, and everything else most geeks hold near and dear. And incidently, to put the hands of the electronics and entertainment industries into your wallet, forever.
If you think this is unlikely, as yourself, why is the membership list of the TCPA secret?
Maybe you still don't agree with me. Maybe I'm wrong. I really hope so. But perhaps it's worth keeping an eye on things.
Ok, reading through all of these posts, there seems to be a lot of agreement that people just don't like TCPA or Palladium (which, are not the same thing). But we can't fault AMI for adding this (or any) feature to their BIOS.
1) TCPA is not a technology that AMI has developed on their own. It is a movement by several large companies in the computer industry. AMI sees this as an upcoming technology that it needs to develop for or else get left behind. As far as AMI is concern, this is really no different than adding support for ATA hard drives larger than 137GB.
2) Just because AMI supports a feature/technology, doesn't mean that OEMs and motherbard manufacturers are going to use that technology. I'm sure that AMI supports Serial ATA, but if a motherboard vendor doesn't need it, it doesn't get included into their BIOS build.
3) AMI cannot force this (or any BIOS feature) on it's customers (OEMs/IHVs/etc). If I am a motherboard manufacturer, and I wan't features X and Y but not Z, I don't get Z. Period. I have the final say as to what goes into my BIOS.
If you a really concerned that this will limit your choices, bring it up with the OEMs and motherboard vendors. Push them *NOT* to use this feature of their BIOS. Only buy boards for which this feature was not included or can be disabled. Don't fault AMI for trying to stay current with industry initiatives, no matter how they are perceived by the public.
Ok, So now AMI is on board with many of the processor manufacturers. I have to admit that while I think I understand the basics of the palladium issues, I haven't spent a lot of time researching it. So the question now becomes, what systems are going to be left in the near future that are not getting on this bandwagon? Or are the average geeks going to have to deal with only old technology or mortgage everything we own to get the really high end equipment that doesn't use this technology?
Another small issue I see is when someone decides to write a driver which accesses a piece of hardward for an unsigned OS which bypasses the palladium crap in the BIOS. I have a feeling the legal precident is about to be set for this issue in the Lexmark case discussed earlier today. I think this could have some serious rammifications for the open source world that tends to work with the latest OS they can put their hands on.
my $.002 (inflation is a 8!7(#)
'And all the monkeys aren't in the zoo Every day you meet quite a few...'
Excellent. Now it will take longer to boot up than it does to crash. Well, that race is finally over.
Sure I'm paranoid, but am I paranoid enough?
Hey I just got a prototype of the trusted computing BIOS. It's not so bad. As far as I can tell I can do all the things that I use to.
No one is controlling my hardware but me. I still worry about the way that Microsoft is &$^^ *$(#@) ()%)$! but other than that it's not too bad.
Oh yeah and I still have concerns about how the government is )^%$ $^*** $#*%$ &^. (&$# %$*@% (^% . But I'm sure we'll be able to stop that.
We do need to watch the entertainment industry also because they're still trying to #@*^ %#^ &$ (&$%)*%.
Yep these new BIOS are nothing to worry about.
The race isn't always to the swift... but that's the way to bet!
beta is greek
... then how come I feel like I can't trust it to do what I want?
You'll hit at startup and turn it off.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Ambitious way to start a post...
OK, so let's for a moment suppose the following:
- H/W manufacturers and MS are in cahoot and agree to put together hardware that:
* Only boots certain O/Ses (Windows)
* Only allows certain kind of files to play
* Only allows certain applications to run
* all of the above controlled by very few companies with very conservative agendas.
Isn't it relatively obvious that this isn't going to fly? Isn't that plan a brilliant blueprint to get rid of Intel, Microsoft, AMD, HPQ and whatnot
in one fell swoop?
I for one will just not buy a piece of hardware that limits me in my choices. I am absolutely not at all a pirate, a terrorist or a virus writer, all my files are rightfully owned and within the bounds of fair use. I do not appreciate the `guilty until proven innocent' connotations of these new `technologies'.
Clearly I'd rather pay more to continue to enjoy my freedom (Apple anyone?). Other less enlightened manufacturers and software vendors can shoot themselves in the foot if they want.
Somehow the recent debacles concerning for example
- Software copy protection mechanisms that prevent normal play (NWN anyone?)
- Rightfully purchased CD that won't play so that people return to them to store.
- Unhackable games console that don't sell
give me grounds for cautious optimism. We shall see.
A meme that's been floating around for a while is that the rest of the world is pursuing open source & open hardware...we all know that.
But to put a new twist on an old idea, imagine this: suppose DRM/Palladium becomes law in the USA (to fight terror)...it will be effectively "cyber-isolationism"...The USA already has different electronic standards for everything else...it would not be surprising for networking too.
Yikes, that was bad.
How about:
Please write them and tell them why. keep it short and to the point. Encourage others to do the same.
My fingers are cold.
The Kruger Dunning explains most post on
No, it would be less casual, but a lot more funny.
Michael didn't make a stupid comment. What a surprise!
Okay...why can't someone out there just take the necessary steps to make Linux and related OS capable of handling the necessary TCPA related requirements.
:-)
The specs seem to be available at
http://www.trustedcomputing.org/
What specifically prevents this?
Heck...can't Redhat, IBM, HP, etc do whatever is necessary to become trusted?
As I understand, on the computer is the AMI chip, with a subsystem that sits on top of the chip and interacts with the chip. If a trusted resource is to be used, then it has to make the necessary requests to the OS which in turn interacts with the chip. Is this right? In the case of M$, this is Palladium. Why not make an OpenPalladium or whatever? Is openpalladium.org available?
Eric B
ebresie@gmail.com
"One file slips out and bamo - no one is paying for it anymore."
Well, high-quality digital media with no copy protection has been sold for over 15 years and the people selling it made record profits last year.
Its called the "compact disk". Perhaps you've heard of it? Phillips invented it, and it turns out that not only can you make copies for under five cents, you can compress them digitally to make files to store on any device.
It may catch on.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
So if I give up all my digital rights, I get to watch movies on my PC and play geeky games. Oh, and check my email from anyway.
Now it all makes sense. I mean, I can't do any of that now, right?
But isn't INTEL also going to be placing DRM in there chips also?
It just sends a wake-up call to the TPM chip. "Hey can you take a look at me and tell me I'm clean?" The TPM chip is still the top-level.
Live today, because you never know what tomorrow brings
Viruses have never had to corrupt/attack the BIOS before to get in to the system. I get the feeling this would be far to cumbersum to do. What would be the point ? The OS is easier to attack as it has far more entry points.
So what is actually the point in securing the BIOS in this way ? The only virus this system would prevent is the boot block virus (great!).
OSes now a day are so complex that there is just _NO_ way to have them 100% secure without constant (daily) updates.
MS isn't about to offer that, so why are they promoting this ?
No, this is not, and has never been, meant to protect the user agains viruses/crackers.
Ernest J.W. ter Kuile
Where does this fit, or does it in the 2007 digital TV turnover.
So, if this means that that 'external' people can modify/restrict me from doing things with my computer that I could do in the past, then it sounds like a denial of service attack with a long lead time.
This sounds like another opening shot from corporate organisations preparing to wage electronic warfare against their customers.
The smart thing is that the lead time for this is so long, and the possibilities of this vulnerability are as yet so vague, people won't twig to the problem until it is firmly entrenched.
This is just plain bad ! Just because it's being sponsored by large corporate organisations does not mean that it is either good or benign.
You can use this technology to verify, for example, that some software (for example, DVD viewing software) you want to run has not been altered by a virus to perform functions other than those you choose. Functions like spyware, worm propagation, etc.
The down side is that it enables anyone else to perform the same verification. This could be used (again, for example) by the MPAA to ensure that the DVD viewing software you want to run has not been altered (by you) to perform functions other than those they choose. Functions like allowing the movie to be saved as a file or played on a non-compliant display device.
The fear is that eventually content providers will refuse to offer any content to your general-purpose computing device unless you allow them to verify the software you are running on it. Which will, by economic necessity, require that you be running one of a very limited set of "approved" configurations to get the approval you would need. In essence, your "general-purpose computing device" will need to become a "single purpose computing device". Digital content marketers are probably drooling over the thought of some souped-up Windows system which plays DVD's and Digital Audio and games (and what not) and never lets anyone pirate the content. Instead, it will likely become something more like: Insert the DVD-Player CDROM and reboot to turn your PC into a DVD player, insert the Digital Audio Player CDROM and reboot to turn your PC into a Digital Audio player...
But the fear is misplaced. The real use is not in protecting digital content, but rather in allowing someone who doesn't own a piece of hardware to reliably use the processing power of that piece of hardware.
In reality, however, none of this will come to pass. The world of hardware is nowhere near as clean as the software world. Hardware designers have to make all kinds of assumptions, like assuming that the clock is accurate, assuming that supply voltage remains within spec, assuming at no one tied that patricular bus line to Vcc at the exaxt instant when the "failed" result was being relayed, etc. As soon as there is a hint that someone, somewhere has hacked their hardware enough to create a untrustable trusted system, no content provider will will accept any trusted system as trustable ever again.
Game over.
The thing about things we don't know is we often don't know we don't know them.
I can't imagine hardware manufacturers being pressured into making a palladium only system.
Sure they can be. A decade or so ago, we had a choice of operating systems on new PC desktops, remember? Once Microsoft introduced discounts to manufacturers who only offered Windows or DOS, the choices disappeared.
As soon as Microsoft starts offering significant discounts on Palladium-only Windows licenses, manufacturers and consumers alike will snap up these "trusted" machines just to save a few bucks. Naturally, most consumers won't realize what they're giving up until it's too late.
I never cease to be amazed what the public will sacrifice for the benefit of lower prices.
Comment removed based on user account deletion
Time to change that 'sell' rating for Apple stock to 'buybuybuy!' :)
One of the first laws of security is that any information you give someone is theirs to play with. Public/private encryption works only because you do not send the mastery key -- a man in the middle attack can still decode all the information by picking up the transmitted public key, however. This applies to hardware DRM as well.
Somewhere, somehow, inside your computer, an authentication method happens. It's in your computer. In your house. Yes, right there, under your desk. They've given you all the information you need, it just needs to be extracted.
Someday, a computer will need a mod chip to work properly. You'll pay $10 for a chip, replace one currently on your mobo with it, and voila. All applications are suddenly and mysteriously trusted. Hardware manufacturers will claim their system works except for "rogue" users, the same ones who were pirating software in the first place.
Good emulators will also still work. The OS will say "Am I running in trusted mode?" and the emulator will say "Well of course, silly!" Then the emulator will begin to snicker, then break down giggling uncontrollably as the OS bounces happily off to deal with its not-as-trustworthy-as-it-thinks content.
Just last night I had a problem on my system that I solved (partially, anyway) by booting to my handy-dandy Knoppix CD.
It sounds like this will no longer be possible because my Knoppix CD's boot sector will no longer be authorized.
Comment removed based on user account deletion
Good point. I got it from a quote somewhere and didn't really think about it. Thanks. =)
"It's a very tangled subsystem." --Windows kernel guru
Some good info http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
Essentially, Palladium permanently installs back-orffice on my computer, and prevents me from running programs without it.
So that a more indepth psychological profile can be built than what my shrink is capable of, so that I can be sold icecubes no matter where I live.
Don't we pay taxes to protect ourselves from people like this.
Comment removed based on user account deletion
Dunno. I'm English.
Modest doubt is called the beacon of the wise. - William Shakespeare
I strongly suspect that Microsoft is trying to regain their driver monopoly. They can do that if they encrypt all CPU hardware communication.
...).
Strong encryption will make it extremely hard to write alternative drivers, and laws such as DMCA make it illegal to create and more importantly distribute them.
So the OS itself is not at risk, just its communication with everything around it (network, harddisk, video, audio,
Their technical term for this is "cutting off the air supply", and I fear it is what they will be trying to do to us.
you must get IT buy now?
look for: va.msn.net, ticker: (VAST)?
vast array of payper liesense stock markup FUDgePackers, if you ask US.
Well, as long as there's an option to turn off the "trusted computing" features like you could with the PIII's serial number in the BIOS, what's the big deal? I sincerely hope this isn't some stupid move to appease the obsolete recording and motion picture industries. The computing industry probably dwarves their revenues. That's be like tire manufacturers forcing auto makers to do something against their will. Duh.
Read it here: http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html
The two last sections are worth repeating here:
Trusted Computing FAQ | Free Dawit Isaak!
Maybe AMI should hawk some "trusted computing" products to Nintendo, to stop themselves from stealing The Legend of Zelda's Triforce as their corporate logo.
Glog!
By the way, this is where the Apple fans say "nya nya, Macs will never have this trusted computing garbage." Then we wait 6 months and suddenly Apple rolls it out in their next firmware update and their iLife apps all require it to work. hahaha.
Comment removed based on user account deletion
I see alot of crap being modded up to 4-5 and alot of them are just stupid comments that really aren't informative. Like 92392409 various comments about ..
... and I assure you .. you won't have ANY problems with the new palladium bios on yer good ol' 386 running debian. You know what?... you can even use a brand new p4 3.2 Ghz too in case the 386 is running too slowly for your tastes.. Guess what... no paladium bios on that either.
"what's the point of this it adds no security.."
and you have a modder come along and be like
"oh look at that.. he sounds like he said somethign 34293049203 people have said so I'm going to mod this to 5 because I find it interesting"
Anyhow all you guys do is bitch... Bitch this bitch that.. everything is BITCH BITCH BITCH.
linux runs perfectly fine on a 386
A Gui, and a front end for kaazaa would fix all of this...
What a pitiful, poorly thought out metaphor.
Come on. Is that all you've got? What a condescending, pointless statement.
You already don't have "root" access to your own machine, unless you can hand code assembly language and know the registers and other particulars of your particular architecture.
Haven't you ever heard of "root" before.
Root access means full read/write permissions as well as hardware permissions. It's not the same thing as having performed a full code review on the entire system.
My point is not very complex, why don't you try and understand it?
I can read from and write to anywhere in memory or disk in my machine. The controller in my hard drive does what I want it to.
I could write machine code and access the registers if I wanted to. I have access to them. Yes, I could use that access if I wanted to, but not using that access is not the same thing as not having it, understand?
Life is too short to proofread.
Seems like it's a way to remove safe guards that is inherent with goverment.
Here comes the next step to GPL software--more gpl hardware. Generic chip with specs to meet your board and flashed with GPL software
-NM
Web sites popping up that list non-DRM, non-"we won't trust our users", non-encrypt-everything-except-power-and-ground equipment.
And the Ministry of Justice sending out the Thought Police to shut these "subversive, terrorist" sites down.
TCPA 2.5: the MS "Embrace and extend" version. Lock out non-TCPA hardware, both forcing users to switch and ALL hardware vendors (who wish to stay in business) to switch faster.
In all seriousness, we will all need to know where to buy equipment that won't restrict our computing when the hardware vendors start to fold.
Those who agree with what you said--what are they?
could this mean that MS will make their OS's only boot if Palladium is detected?
Is this the beginning of the end?
Out of all the systems I own (20~) 90% of them have an AM BIOS
After reading this I will buy them no more - But it's food for though
If Microsoft REALLY announced trusted computing - What would people do?
My fear is this: Nothing
> But isn't one of the "advantages" of Palladium that your friendly neighborhood viruses can no longer run and erase your
> MP3s/JPGs/etc, because they are not "trusted" code? I'm not sure how that will relate to unsigned VB scripts. It's designed
> to protect the consumer from themselves... and legislate what (Microsoft's, I assume) programmers could not implement
> properly.
No, Palladium won't help with that. Most viruses and trojans today are just memory resident processes like any other. There is no easy way to separate a "good" program from a "virus" program. (Seriously, how would it? And how would it be able to tell if a "good" program had an exploitable backdoor or buffer-overflow in it?) It's true that palladium might protect you against, say, boot sector viruses, but there are ways a properly implemented operating system can do this, too.
We already have all the hardware we need to provide computer security (namely, protected memory). Palladium's only purpose is removing the ability for users to inspect and modify their own computers (in an attempt to make DRM schemes fly), so don't listen to what they tell you!
my computer to reject spam, viruses, spyware, do what I tell it to, not do what I don't tell it to and not worry about it "phoning home" to my software and "content" suppliers without my express permission?
Cool!
KFG
If we're unlucky enough to get saddled with a machine with this on it, can't we just put LinuxBIOS on there and move on? I'm not really up on BIOS in general and LinuxBIOS in particular, but it makes sense to me.
jason
Have a good day?! Impossible! I'm at work!
1) Is this "Fawlty Towers Joke Week" or something?
2) Am I correct in thinking that a "Fawlty Towers joke" is a dim-witted non sequitur followed up by an indignant denunciation of the person who failed to recognize the "Fawlty Towers joke"?
I predict that AMI will have an option to turn Palladium verification off, much to the chagrin of DMCA fans. If they don't, people who know better (IE, not your typical luser) will start bitching about how palladium won't allow them to overclock their hardware, or run their favorite video card, or run Linux - and if AMI just doesn't budge on implementing such a feature, they'll watch their marketshare fall as geeks, hackers of any color hat, and generally more advanced users move over to hardware that doesn't restrict them from doing what they need or want to do with their computer.
This sig no verb.
If you did a search of slashdot you would have found a 2 month old article about a project at darpa to produce an opensource BIOs that has the saem funcitonality and allows booting inlinux using Pallidium techniques..
Does anybody remember what they read at this palce or are we all gasping for lack of oxygen to brain cells?
Sometimes I acutally wonder about the posters onthis site..
Don't Tread on OpenSource
PPC
Don't forget SPARC! It is also an open alternative to Wintel with a good selection of excellent operating systems: Solaris, Linux, and *BSD.
We all should embrace PowerPC, SPARC, MIPS, and other well-known and easily licensed brands of ISAs. These--as long as Congress doesn't screw everything up--will be the path forward when Microsoft, Intel, et. al. try to shove TCPA down everyone's throats.
Also, it certainly doesn't hurt that Sun, SGI, IBM (RS/6000), and Apple all produce really good hardware that lasts into the secondary markets. It isn't hard to find ten-year-old examples of each of these brands still serving useful purposes throughout server rooms and hobbyist desktops all over the world.
When the Wintel-brainwashed masses find themselves backed into an alley with the only exit closing rapidly, we can say to them, "We have the way out!" (imagine Microsoft reeling at the bitter taste of their own words:)
Healthcare article at Kuro5hin
Didn't anyone notice the white paper referenced in AMI's press release? I think a lot of the paranoia coming out on this issue is there because unless you load that white-paper and look for the word "disabled" you might miss the fact that the TCPA feature can be turned off.
Believe me, I was as concerned as the next nerd that two or three computer purchases down the line from now would no longer be able to run Linux, but as I read it, backwards compatibility (something hardware and firmware wonks live and die on) dictates that it must be as easy to turn OFF as ON. If we're adults, let not panic, for goodness' sake! Big Brother may be watching, but he won't be preventing us from loading goodthinkful OS's of our choice on our own boxes even after TCPA arrives. At least not before we're forced to visit Room 101 (still under construction apparently).
Still hoping for Gentle Treatment...
...Is Ill be able to make a fortune selling 'cracked' bios chips to people who don't want crippleware MoBos....
Comment removed based on user account deletion
Comment removed based on user account deletion
Wow, Computers are really coming full circle...
Macs get a UNIX (based) core
*NIX Windows emulation wins in court
Windows hardware becomes propetary
Wow, now what can Slashdot possibly bash Macs for? (or are you just going to mod down their user's posts?)
Kurdt
I'm not anti-social. Just pro-technology.
If the post had pictures, nobody here would notice the second coming. In fact, how would any of us know that the second coming hasn't already happened while we've been surfing the Web?
Attack its weak point for massive damage!
Wrong on all accounts, unfortunately. TCPA / Palladium is not a solution to those problems, and in some cases is exactly the opposite to what you would like. Read the FAQ, to see why.
Trusted Computing FAQ | Free Dawit Isaak!
It is clear that this is a good idea, but Microsoft has never been that good with the concept of least privilege. That is, if you find one hole, the protection system is defeated until patched. Once penetrated, any auto updates can be blocked.
Of course, if it is well implemented, the security reference monitor can be used to protect DRM so that it is impossible to access DRM protected media except through DRM as you suggest.
There are also advantages, because it would make systems more secure, but then you depend on the vendo producing good code.
See my journal, I write things there
Palladium by Microsoft will bring me to the new era of secure computing. Why on earth would I trust Microsoft as much as to let them choose what program is or isn't secure for my computer? Why on earth can't I have the right to decide what is secure or isn't secure to ME on MY box?
The only possible answer to this question is: "nobody cares about you, but we need to know you won't be doing stuff we don't want you to do on your box". SECURE TO THEM, and this is not something hard to see. They don't trust me because to their eyes I'm a potential pirate, a potential criminal and competitor, and I don't wanna buy stuff from people that wants to put their interests before my interests. It's as simple as that.
Someone pointed out that palladium could prevent people from cheating in online games... yes that's true. But you know, you could as well prevent people from stealing by putting them in prison before they do so too. The WHOLE concept behind this is WRONG. I don't want such a technology to stop me from having the best of my computer experience in ANY way. Even if it means not being able to run a few of the programs I have in my box now. I simply have NO INTEREST IN PALLADIUM. And it's clear that what Palladium has to offer means nothing for most of us, cos if it was worth something, Microsoft would write it in capital letters instead of talking about a generic concept such as "secure computing".
Palladium, where one entity has the right to choose what is and what isn't secure, could end up going against the concept of innovation, and I don't want to run such a risk. Imagine where we would be now if some really brilliant people in the past weren't able to innovate because of some stupid Palladium-like system?
Just my thoughts, sorry it sounded like a rant, but I really think there's a point where we have to stop accepting what we don't like and fight for what we wish things were like. Microsoft has let me down so many times, and I'm still using it, but not for long if it goes on like this.
Decameron
diegoT
err, no wait..
have to include that in tags? :)
Nice faq by the way. Thanks for pointing it out.
Did you know you can still get Z80's? Maybe it's time to stock up.
KFG
And not just because talking about memes automatically makes you look smart.
"Can you imagine a beowulf cluster of people that don't communicate through cliches? Me neither."
WILL SOMEBODY PLEASE THINK OF THE CHILDREN??!?
Thank you again. That is all.
oo_oo-ooo_ooo-oo_oo
Suddenly, I feel like "Thinking Different".
If there was a system like this in place on all computers I'm sure there is a chance that it will be talked about in some circles.
Personally I really hope not.
-- James Dornan
-- Prepared at the direction of, or to be sent to Legal Counsel, in anticipation of litigation. Attorney Client Pri
Just non-trusted boot-loaders. A non-trusted OS would simply have some restrictions placed on it's access to the hardware, at a hardware level. So, for example, you wouldn't be able to play DRM'd videos or whatnot on a linux box, not matter how hard you tried. But you'd still be able to boot.
autopr0n is like, down and stuff.
The parent post is one example of the way we can render "trusted" computing stillborn. Keep spreading the FUD. Remember that the only thing that is needed for evil to triumph is for good men to do nothing.
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
This really makes me wonder - and I may be completely off-base on my understanding of this here, so please excuse me if this is kind of whacked...
But since this initiative is to make sure that users aren't using a particular hardware/software combination in a way that the copyright holder or software manufacturer doesn't want, would Palladium hypothetically, for instance, give Apple the power to keep users from putting OS X on a non-apple branded x86 pc? Or could it be used to prevent other OSs to be installed on an x86-based mac?
This could be quite a sideline for some of us. Maybe we should be grateful to these short-sighted companies giving us another cash-in-hand source of income. If thay make modding mobos illegal then EVERYONE will want me to mod their boxen. I can just see my new Lexus....
Hands up everyone who refuses to obey orders.
PLEASE go and read about both TCPA and Palladium before flaming them. They are NOT the same thing. Really.
Both TCPA and Palladium are ways of achieving "trusted computing", which is the ability for a program to run in an environment where the program knows (and can certify to people other than the computer's owner) that no other unwanted software is monitoring or modifying its actions. But how they are implemented is quite different.
TCPA uses a secure boot process. The BIOS verifies that the boot block is trusted; the boot block verifies that the os kernel is trusted; the kernel then verifies the trust level of specific applications; etc. This is what this BIOS implements. The main feature of TCPA (in my mind) is HARDWARE SIMPLICITY -- all that is needed is a small extension to the BIOS which modifies the boot process.
Palladium is from Microsoft, and it shows. Palladium is designed to start up in already running copy of pretty-much-unmodified Windows. Loading the Palladium subsystem (now known as a nexus) is supposed to be fairly easy, sort of like loading a device driver. But to get this ability they PAY with hardware complexity -- the CPU itself has to be changed so that the address space of the nexus can be partitioned, so it is not visible to or under the control of the main Windows kernel. This is one of many reasons why you don't see any Palladium enhanced systems in the real world yet -- Intel (or AMD) has not yet started selling a chip which supports what Microsoft needs to make Palladium work. A main design goal in Palladium seems to be "don't mess with Windows, we don't want to break legacy code".
Please don't assume the wishes of the record companies match those of the actual creators. Even in cases where the creators wanted their music freely shared (like the Grateful Dead, for example), the record companies did not like it.
To date, I know of no music that has been created by the RIAA.
I would assume that since this a module, it could be disabled in the BIOS settings (of course AMI wants to sell BIOS-tech ;-) to motherboard mfgr's, so they will want to support the wide variety of OS's.
The result would be that Windows Palladium would be able to detect whether this was enabled or disabled and respond accordingly but one could still run Linux.
LedgerSMB: Open source Accounting/ERP
"If the post had pictures, nobody here would notice the second coming. In fact, how would any of us know that the second coming hasn't already happened while we've been surfing the Web?"
The first does tend to be a distraction.
I find it interesting that slashdotters complain that the RIAA is trying to hang on to an old business model, and then in the next breath complain that DRM limits their freedom. Make up your minds, either accept no legal online music from the RIAA or accept DRM, because you can't have both. People have shown they aren't trustworthy with unprotected digital media.
Vote for Pedro
If it's not valid, the TPM chip won't allow the boot process to proceed.
That's not what I perceived when I read a couple TCPA and Palladium white papers. Under current plans, if the BIOS has been "compromised", the TPM chip will shut itself off and get the heck out of the way. However, TCPA apps won't load.
Will I retire or break 10K?
Thank you for taking time to contact us here at AMI. We are sorry to hear
/ /www.theinquirer.net/?article=7103
h itepaper.pdf
of your decision to not seek out an AMI solution for your next purchase.
While we respect your right to make that decision we would like to take a
minute to underline some relevant points about our announcement that were
not adequately conveyed in the "article" posted on Slashdot. We urge you to
please give us a minute of your time to fully understand what AMI is
offering and thus be able to make a fully informed decision.
It must be noted that AMI has not announced support for Palladium. Palladium
is an initiative by an OS entity that is slated for the future. To be
honest, though we do know about it, AMI has not begun any development
related to it. At this point we have not made any decisions on support
either.
TCPA does not equal Palladium. While certainly there is some future
development overlap between the two, TCPA is being introduced by OEM's as a
security option to protect systems through hardware and firmware. This
feature is completely optional to our customers (OEM's, ODM's, CM's and
other system builders) that they may choose to make it available or not
depending on the needs of their market. We have had requests from a number
of customers for this technology.
Regarding the limitations of a system with TCPA I would offer the link below
to the public specification for further information on compatibility with
different OS's, and hardware. Based on that spec we can tell you that it
does not limit the ability to run Linux (or any other open source solution).
As a smaller company itself, AMI has always supported innovation and
creativity as these have been our main tools in competing against much
larger companies in our industry. We would not do anything that in our
minds would damage our credibility or reputation for world class BIOS
solutions and will carefully evaluate this type of feedback when it does
come time to examine any future technologies. We would also like to
recommend that anyone who is opposed to a Palladium-type solution in the
future, please make that known to OEM's and system builders. As they are
our customers, we definitely listen to them in terms of what they (and
hopefully their customers) will want in future BIOS.
Thank you again for your time in contacting us and we hope that this and
some of the links below will shed some light on AMI's plans.
LINKS
Original Articles on theinquirer.net
http://www.theinquirer.net/?article=7089
http:
AMI TCPA module Whitepaper
http://www.ami.com/support/doc/TCPA_w
TCPA Website
Basically wrote them and told them I wouldn't be buying from them from now on. I would reckon this looks like the company is receiving a bit of angry emails from people who build their own computers and/or are involved in the computer industry.
Maybe they're worried about what WE think!? Nahhh...
This guy is way out there
I must say, we must fight this all the way. If we don't who knows what the world might end up like. George Orwell was right on target, but I think about twenty years off. I want to sent props out too, to the people who elected of Senator Fritz Hollings of South Carolina. Heh.
Except that one of the key things Microsoft et al have been saying is that the DRM features in the OS can be disabled - so basically it is just to prevent backdoor hacker apps from getting into your system - somewhat like a hardware (more global) Zone-Alarm. Of course, I don't believe for a second that MS won't try and make some of it impossible to disable, or at least very difficult.
But then, if somebody can get an X-box to run linux... I'm fairly sure some of the whiz kids out there will figure out how to hack DRM hardware
That would still be annoying as hell, but you wouldn't lose any functionality over what you get now; it would just become harder and harder to access things like the next generation of digital audio/video and Windows media from Linux--at least if the big studios and record companies get their way.
Overall, though, I still think that this will just flop: no hardware or software vendor really needs the hassle or additional support costs that result from this.
So if I don't trust Windows it won't boot? Oh well I guess I'll have to swich to Linux ;-)
Ok, so they got "trusted" computing.. who gives a damn. I just became proud owner of red hat 8.0 and I like it, it isn't good enough yet to be handed over to my mom, but that day isn't all that far off. If the community (linux) refuses to adapt DRM in its OS _and_ the install procedure of linux gets even easier to do (theres some naste questions of partitioning and thats a nogo with older generations, you might argue that windows has same questions, thats true, but their machine was bundled..) then theres not gonna be a DRM bios.
Also people seems to be forgetting the what is really driving the markets. It's games, musik, movies and some companies. (generely the need for speed)(illeagal stuff imo is the main factor *uff*)
At some point the avarege no brain gamer is going to realise that he has to _pay_ for his music, games and movies, that day he is going to shop for new OS _without_ drm. I think if the linux community refuses to adapt this "technology" everybody is sooner or later going to come to the other side of the pawn (is that the word?) and do it linux style. We can only hope that more game makers are following the UT2003 approach and distributes linux versioins.
Microsoft keep digging that hole youre almost readdy for the burial.
Those are perfectly valid points.
If they make it so computers can only run on a preset number of "trusted" operating systems... that pretty much kills any new OS development on future hardware. Is that legal?
Aren't they delivering digital media right to your computer?
And I believe they are popular and selling like hotcakes.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
If they're making record profits without DRM, why do they think they need it?
Do they really think music will be more popular if its more restricted?
Something doesn't quite make sense.
Comment removed based on user account deletion
Proven means more than "it technically works". Its more like "will consumers embrace this technology" and "will it make me more money"?
The answer to the 2nd is critical.
DiVX worked technically (actually, considering what the RIAA/MPAA wants, its pretty tame, really), but consumers stayed away in droves. So it was dropped.
What's changed in the last 3 years that makes anyone think consumers will embrace DRM any more today than yesterday?
The RIAA and MPAA can threaten to withhold their content, but if they wont' sell content, then they're a non-factor in the decision.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Now, which Japanese owned mega-conglomerate is it that supports the DMCA, trusted computing, and RIAA's antics all at the same time?
The hypocrisy of open source groupies and wannabes dumping Windows because they don't like Microsoft's political actions and then loudly proclaiming how great their new gaming console/DVD-player is never ceases to amaze me. Compared to the Gamecube and PS2, Windows is really "open".
In the great CONS chain of life, you can either be the CAR or be in the CDR.
"a fairly long and complex process"...
:-\
Seems to me we've been headed that way all along. My TRS-80 in 1981 would boot off floppy in about 15 seconds... my first 386 took at least a minute... and now with Win2K my 1Ghz box takes even *longer* to boot. So now we'll introduce encryption, and make it a "long and complex process"...
Geez, I just can't wait for my Palladium 27.9Ghz PC that takes 10 minutes to boot!
... brought to you by the company that tells you to "not trust" active-X downloads from themselves... in fact, just check the "dont trust content from Microsoft" box.
:-)
Trust us, believe everything that we say. Check the box that stops you from trusting us. Trust us. No, wait, don't... no... oh geez.
Yes, this is off topic, but I get a personal guffaw out of the ironies of capitalism...:
This Palladium stuff is about big companies ($) trying to control the users under the guise of empowering the users, and squealing like female piggies when things don't work in their favour.
I find it amusing how today, the Ottawa Senators hockey team has filed for bankruptcy protection because they can't afford to pay their players obscene salaries ($). Yet, general NHL institution screams like a female piggy about the lack of attendance and how it's the fans who need to throw in their $ and support to make it all work.
The amusing thing is that the address of the Corel Centre (where the Senators play) is on Palladium Drive in Ottawa.
I detect a similar stench wafting from two corners...
-b
(trivia: as the arena was being built -- prior to Corel's buying out the name -- the facility was called the Palladium, in keeping with the Senators' roman theme. The roadway still retains its original name.)
myselfmusic
So, is there a problem? Yes, there is. You can't modify the kernel. If you try, it will not be trusted by the TCPA chip and so no application running on that kernel can gain access to any feature, media or application that requires TCPA. Certifying a Linux kernel (or any other OS) as TCPA-compliant is expensive and you would need to do it for every modification of the kernel. What value is the GPL if you can't use the source to create your own kernel?
Ross Anderson's TCPA / Palladium FAQ has a more detailed discussion (excerpt from section 18):
[TCPA hardware is referred to as the "Fritz chip" in the FAQ]
Trusted Computing FAQ | Free Dawit Isaak!
You do know that Sony does endorse Open Source to an extent. They do offer a distribution of Linux for their PS2 console, so you can't really say such a thing.
This doesn't sound viable. Given the choice, I would vote, buy, etc. to avoid setting this precedent.
Your government moderates YOU!
Offering a crippled version of Linux (since the hardware/bootloader is intentionally handicapped, and the kit comes with a restrictive EULA) to push sales by a few thousand extra units (and apparently boost their PR image among unwitting techies and open-source groupies) doesn't undo Sony's current corporate policies.
In the great CONS chain of life, you can either be the CAR or be in the CDR.
Since there is a large and fully legitimate market for other operating systems (PC-UNIX variants, novell, Linux) which is already being used on a large scale by large business as well, it is impossible that there won't be any PC's that run non "trusted" platforms.
You'll just see a divide in the PC architecture: one for "trusted", i.e. windows-only PC's, one for the rest (just as there are Apples and PC's today).
Gigabyte offers mobos that support two bios copies. It's there to provide BIOS failover (not that I've ever, ever had a problem with BIOS failing), but perhaps it could be adapted to allow dual-boot bios between Palladium and non-Palladium OSs. Tom's hardware explains Gigabyte Dual Bios
Last time I checked, Microsoft had never created a piece of software that someone hadn't hacked. Security holes have been found in every operating system from the oldest version of windows to the latest version of OpenBSD.
That being said, I don't believe that suddenly, with a help of a single new chip, all of Microsoft's software security problems will be resolved by a "magic chip" that proves that the software is secure.
As I understand the technology so far, software must be declared secure by a central reviewing agency. Once this has been done, any security flaw in the software can be exploited, just like usual.
I don't think any single fancy chip is going to stop the computer community of the world from breaking through Microsoft's attempt at world computer domination.
And hey, If I'm wrong, I can always resort to the notepad and printing press.
Hmm.. so we have progressed enough with technology to do the BI (Biological Impossibility => Fuck Oneself) Of course, in Soviet Russia, the same happens :)
If I dont have an alternative to this so called "trustworthy" hw, thats what Ill do...
FUCK AMI.
I believe the end result will turn out much like M$'s present ActiveX signaturs work; in most cases, if you dont pay to have your control signed, standard settings block it. Seeing as my mom can't change her desktop wallpaper, I dont see the common consumer knowing any better.
Microsoft has been easing us into acceptance for a long time now. People are simply starting to take notice.
Even if Palladium eventually dries up and blows away it's serving as a good distraction: either Windows is being dropped from .Net or .Net is being dropped from Windows.
Stay focused on standards, interoperability, and development.
They're replacing all his dangerous speech with perl code! The fiends must be stopped!
Source -> Middle Computer 1 -> Middle Computer 2 -> Destination
:p But, how do you stop that? And how do you justify it...? The record industry was a special situation like newspapers and cotton industry were in a long time before. The Luddites would be proud of the RIAA.
All 4 sections of the chain are a liability.
So, LAN Topography = ?
and Internet = ??
Please remember the issue of the chain effect!
- Effectively this makes ISPs *extremely* powerful (as if they aren't already?)
- Security tends to be an inconvenience, I expect this will amount to little more when attempting to crack it and use it.
- Specialised hardware isn't actually required to do this? In thoery could do it by examining the way hardware reacts to various things, no 2 computers being the same. Far fetched or inefficient?
- on the idea of protecting music:
We can still copy things, I can re-route my speakers into my minidisc. I the worst I can try to learn the song on my guitar and re-record
A blog I run for the wealth
Does this mean that Microsoft by introducing Palladium for the first time ever, actually manages to kill dual-boot systems? Like its been trying ever since bootmenus appeared?
Now, I donnu about the rest of you, but in my system that would mean the end of Win32, not Linux!
Not Buzzword 2.0 compliant. Please speak english.
Prominently mentioned in the AMI letter is the fact that this feature will not significantly delay the boot process and thus insure that the boot process will still be fast enough to comply with the relevant standards (I forget the acronym).
I wonder why this is so important. Aren't the times that we had to reboot 10 times a day way behind us now, even for Windows systems???
Not to be all paranoid or anti-USA (Im only anti-Bush), but here goes.
As far as I can tell, the TCPA/Palladium schema is beeing developed by americans in the USA. And we all know that your goverment does not accept secure encryption, unless they have a backdoor. (Think PGP and export guys)
So this platform would be entirely unsecure and transparent. It would be impossible to protect your content from the USA-goverment. Your privacy gone void! And as a sideeffect, all of the western world using palladium is now open to the US goverment as well...
And what if the keys/backdoors got leeked? Palladium rendered unsecure worldwide in .. what? 15 minutes tops!
This sounds like flamebait, I know, but it isnt meant as flamebait. Anyway, I wouldn't "trust" it, and so should noone else.
Not Buzzword 2.0 compliant. Please speak english.
think "win" . . . "winMODEM, winBIOS" maybe, throw it through the window? na, just remember, if it says win don't buy it. don't sell it. don't use it. don't support it. don't give it away. just destroy it. (or desolder it)
Love Music? Got a Band? Are you a Label? http://garageradio.com
Now we have to solder mod chips into PCs to be able to program :-)
Btw. PC modding becomes a totally new meaning this way.
Let's face it... most of us are bright enough to keep their private data off their "trusted" computers. What we are really worried about is losing the privilege to use pirated software and play pirated digital media. I admit, most of my software/music i own is pirated. This is because things are just too darn expensive. I'd have spent a FORTUNE if i had bought all those things. Just to make something clear... i like linux. I like perl, shell programming etc. But i really like windows as my desktop OS and no, i'm not gonna pay for it. I use pirated windows (and other software) because I CAN. Now, if we were to lose this privilege... what would become of windows? Office? Would you pay $500-600 for a really complex and feature-packed office suite if you're going to use about 2% of its abilities? If you're a home-user, I think not. I believe that today, this "cheaper" software product is losing ground to more expensive one because most people can use the pirated version on their home computers and who's gonna play around with some cheap or free app if you're not going to buy it whether it's expensive or cheap. If DRM would put an end to pirated software, I believe that software industry would actually thrive and end-users would get more cheaper or free (beer and speech) software of greater quality. What would become of microsoft? Major platforms will always run linux hardware unless the US of A government manages somehow to clobber it with DMCA. I think many users will switch to linux and gnu/open source software which won't spy on us. Either that, or we'll see some major changes in licencing and pricing.
These--as long as Congress doesn't screw everything up
Put the terrorist-of-the-day name on it ("TCPA or terrorists") and the US Congress WILL screw it up - requiring TCPA on hardware, or banning non-TCPA wares from selling in the US, or else. And Motorola, IBM, Sun, SGI are US companies, probably they doesn't want to find themselves in trouble with the US Gov't.
Cesar Cardoso can be found at cesar at zyakannazio dot eti dot br (or at least I believe so)
If I do, then this could be a surefire way to prevent boot sector corruption (since the BIOS won't allow it unless *I* allow).
If "they" control it, then I'll always be performing some kind of authentication myself by calling 1-800...
As far as I see it, this could be a great step in protecting my systems...or a major pain...
Suncoast Linux - Sarasota, FL
NOT what Microsoft (or whoever else makes the decision) what I can and cannot run.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Shouldnt you append an "In Soviet Russia" to that?
- We are the slashdot. Resistance is futile. Prepare to be moderated -
It is true that there exists a large bevy of non-us governments out there supporting linux but that may not be enough. Consider first off that many of these governments (such as China) have their own interests in controlling computer use. To some if not all of then DRM may be a viable alternative.
Now consider the fact that their support of Linux is mainly an opposition to Microsoft more than an embracement of "the people's needs". For China and other countries Linux is a proven way to get into the high-tech world and one that is significantly cheaper than any other. For Germany it was a way to have "their own" operating system, one that they could trust for security reasons. I must have missed the UK announcement because last time I checked their e-government portal was still Windows/MacOS only.
Now Consider this. There is nothing in the DRM standard that forbids you from producing your own operating system. In order for it to work howevber you must have it certified. So what's to stop someone like IBM from producing their own "official" GNU/Linux distribution. This distribution could be shipped to the users in the form of precompiled binaries, and updated just like Microsoft's. The system is robust, full featured and, because of all the work that other people have done, IBM (or whoever) can sell it for a nominal licencing fee and still make a profit.
I may just be waxing paranoid but I see this as one possible way for linux to be co-opted. Yes it is still free and GNU licenced but you need the "official copy" in order to run it. For other countries this may be a win. China has already shown their willingness to produce their own official OS (and chips). Countries like Peru might not mind this so much so long as the system is cheaper. And, if the U.S. and other major markets go this way the small "emerging countries" may have no real choice.
Comment removed based on user account deletion
Offline storage is not my concern. I want a memory module that looks just like a normal one so Palladium can't reject it. When the computer is up and running I want a second computer to snoop on the memory of the first. USB seems like the easiest option, but firewire would be fine too.
I wonder if their north bridge will encrypt main memory. Will they shuffle the address too, to scatter the contents? I suspect that timing constraints will drastically constrain their cypher quality.
In reality this is much easier implemented as a bus mastering PCI card, unless new bridge chips limit bus masters' memory access. They must or Paladium would be incompatible with existing cards, instead requiring new ones that cyrpographically authenticate. Even still each card can snoop on the PCI transfers of others.
My speculation is that their TCPA BIOS is still a long way from a "trustworthy" computer. I can break into any computer I have physical access to.
Disclaimer: This is of course only my interpretation of the information I've read about Palladium. I did not write the BIOS, and neither did you. :)
The palladium BIOS in question is not claimed to only boot signed operating systems. It merely claims to provide the "trusted system/user verification" only to signed trusted operating systems.
For example, if a company was providing Rights Managed content to your machine, it would first verify if your machine was trusted. If you had booted Linux on your Palladium enabled machine, then Linux (potentially) wouldn't have access to the "trusted system verification" and the company/website would not provide the rights managed content for fear that the rights management would be compromised.
Of course, it's not a long jump from here to there, so watch out.
The playback keys are encrypted to the session key. Your box-in-the-middle can't get it.
Oh, wait, that's not Soviet Russia, that's the status quo. So it must read "IN SOVIET RUSSIA you have to trust the computer". But that's exactly what M$'s "Trusted Computing" means ...
Who's that stupid moro^H^Hderator who modded that `troll'?
He saw some dirty arabs and fired. Too bad it was just some friendly kurds, BBC reporters and his fellow cowboys.
Parent post plagiarized from http://msbetas.net/news/news_item.asp?NewsID=182.
Despite the best efforts of a quantum bigfoot drive (yes I know everyone
told me they suck, now I know they were right) 2.1.109ac1 is now available
-- Alan Cox announcing Linux 2.1.109ac1
- this post brought to you by the Automated Last Post Generator...