Slashdot Mirror
Trusted Computing Group Formed
An anonymous reader writes "How does it come that the formation of the Trusted Computing Group goes unnoticed at /.? On Wednesday, heise had the story. At last, we will get `easily-accessible specifications for trusted computing standards that will ultimately let people work, conduct transactions, and use computing devices with a new level of confidence' ..."
DRM?
This and now Apple which may be owned by a ruthless pro RIAA/MPAA media company out to drm everything on the planet. Can it get any worse?
http://saveie6.com/
And it's an extremely sick joke at that.
Hes, he's whoring, but it's useful. Thanks for mirroring it.
Promoters
* AMD
* Hewlett-Packard
* IBM
* Intel Corporation
* Microsoft
Contributors
* Atmel
* Infineon
* National Semiconductor
* Nokia
* Philips
* Phoenix
* Sony
* STMicroelectronics
* VeriSign, Inc.
* Wave Systems
Adopters
List available shortly.
ie, when there are any
"The PC isn't done until Linux won't run."
This has damned ominous ovetones. You guys better watch out, or they're gonna take the ball away from you just like they snatched it away from Borland, Lotus, Novell, &c. &c.
Ah, well, in fifteen years Gates & Balmer will retire and then the world can make some progress, until then bend over and smile!
Mandatory babelfish translation
Or a zdnet article
.ACMD setaloiv siht gnidaeR
at the moment, at least. might be useful later i suppose.
Nice troll, but even so I think you should have put opengl and direct3d the right way round.
graspee
I've read this list 10 times - I can't find Slashdot in it!! I'd trust /. more than all the other promoters, contributors and adopters combined. Maybe /. is actively boycotting this committee??
If you keep throwing chairs, one day you'll break windows....
This feels like linking the application to the hardware and perhaps the user so nobody else could possibly use it.
I feel that might be good for some things, like my prescription drug might be better off in a container only I could open. I'm not sure I like the idea for software I buy. It is like saying if I buy a book, I can put it on my bookshelf in my house but if my brother tries to read it, or I try to take it on the bus, it will have blank pages.
I suspect that the reason for most of this extra security is not concern for the user and their data, but some way of making extra profit by the manufacturers ie, if the authorised user is indisposed or incapacitated, then the hardware and software has to be re-purchased.
I'd like to make things difficult for a thief, but for me that mostly means encrypting and backing up data, not rendering the hardware and software useless by anyone but me. How inconvenient. Every time I want to rebuild the hard drive, or install a new one or buy a new computer, I'd have to buy the apps all over again.
I can see I'm going to get so very good at open source products.
-- it must be true, it's on the internet.
How does it come that the formation of the Trusted Computing Group goes unnoticed at /.? :
I have a lot anwsers to your question
Slashdot wait that a minimun of two submitions of the same storie to be sure to make a dupe !
Slashdot don't believe in trusted computing!
Slashdot don't believe in news that's not already posted on Slashdot !
Anyway, Slashdot don't post news that's are not already posted on Slashdot !
Ceci n'est pas une Signature !
First it was the turn of Palladium to be rebranded as The-Next-Generation-Secure-Computing-Services or some such. And now TCPA has been replaced by TCC! So the original TCPA/Palladium FAQ will become invalid, all the Slashdot debates on evil Palladium will be ir-relevant.
Is this a new strategy?
1. Announce something evil. Give it a name.
2. Educate consumers about what it does.
3. Debate the pros and cons in fiery fora.
4. Modify the name/acronymn a bit, and ram the same evil stuff!
Seems to be working.
If you keep throwing chairs, one day you'll break windows....
`easily-accessible specifications for trusted computing standards that will ultimately let people work, conduct transactions, and use computing devices with a new level of confidence' ..."
Confidence for who and of what? Hardly for users.
Confidence that users will have no freedom?
Confidence that anything non TCG/TCPA and non DRM is locked out?
Confidence that there will be TCG backdoors?
Confidence for software & content providers?
Confidence that your system can be wiped/accessed remotely at TCG's whim?
New level of confidence FOR users? Yes, new in the sense of unprecedented low level of confidence that the system can be trusted.
New level of confidence IN users? Yes, now they just lack the high voltage collar linked to the systems to dish out electrocution to all dissidents.
Ah but what was i thinking, thats coming mainly from "God's own country" so that can be wrong, can it?
... but I trust nobody but myself... not my Mom not my Daddi... and certainly an orgainzation with all the loopholes that this will create... It's a great idea in theory... Standards are the most important thing that can possibly come of this...
||| I still can't believe Parkay's not butter.
"I'd no sooner put my John Thomas in the hands of a lunatic with an axe than I would trust Microsoft with my data"
This article appeared in the February 1997 issue of Communications of the ACM (Volume 40, Number 2).
(from "The Road To Tycho", a collection of articles about the antecedents of the Lunarian Revolution, published in Luna City in 2096)
For Dan Halbert, the road to Tycho began in college--when Lissa Lenz asked to borrow his computer. Hers had broken down, and unless she could borrow another, she would fail her midterm project. There was no one she dared ask, except Dan.
This put Dan in a dilemma. He had to help her--but if he lent her his computer, she might read his books. Aside from the fact that you could go to prison for many years for letting someone else read your books, the very idea shocked him at first. Like everyone, he had been taught since elementary school that sharing books was nasty and wrong--something that only pirates would do.
And there wasn't much chance that the SPA--the Software Protection Authority--would fail to catch him. In his software class, Dan had learned that each book had a copyright monitor that reported when and where it was read, and by whom, to Central Licensing. (They used this information to catch reading pirates, but also to sell personal interest profiles to retailers.) The next time his computer was networked, Central Licensing would find out. He, as computer owner, would receive the harshest punishment--for not taking pains to prevent the crime.
Of course, Lissa did not necessarily intend to read his books. She might want the computer only to write her midterm. But Dan knew she came from a middle-class family and could hardly afford the tuition, let alone her reading fees. Reading his books might be the only way she could graduate. He understood this situation; he himself had had to borrow to pay for all the research papers he read. (10% of those fees went to the researchers who wrote the papers; since Dan aimed for an academic career, he could hope that his own research papers, if frequently referenced, would bring in enough to repay this loan.)
Later on, Dan would learn there was a time when anyone could go to the library and read journal articles, and even books, without having to pay. There were independent scholars who read thousands of pages without government library grants. But in the 1990s, both commercial and nonprofit journal publishers had begun charging fees for access. By 2047, libraries offering free public access to scholarly literature were a dim memory.
There were ways, of course, to get around the SPA and Central Licensing. They were themselves illegal. Dan had had a classmate in software, Frank Martucci, who had obtained an illicit debugging tool, and used it to skip over the copyright monitor code when reading books. But he had told too many friends about it, and one of them turned him in to the SPA for a reward (students deep in debt were easily tempted into betrayal). In 2047, Frank was in prison, not for pirate reading, but for possessing a debugger.
Dan would later learn that there was a time when anyone could have debugging tools. There were even free debugging tools available on CD or downloadable over the net. But ordinary users started using them to bypass copyright monitors, and eventually a judge ruled that this had become their principal use in actual practice. This meant they were illegal; the debuggers' developers were sent to prison.
Programmers still needed debugging tools, of course, but debugger vendors in 2047 distributed numbered copies only, and only to officially licensed and bonded programmers. The debugger Dan used in software class was kept behind a special firewall so that it could be used only for class exercises.
It was also possible to bypass the copyright monitors by installing a modified system kernel. Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers--you could not install one if you had one, without knowing your computer's
It feels like we've been fed buggy apps for two decades, and now we're told the solution for unreliable software is restriction of our abilites and freedoms. It almost sounds like they've intentionally created the problem, having had the solution in mind the whole time. What happened to the concept of solving buggy apps by getting rid of the bugs in the code?
Even when my password hits the https client software, how do I know that the information is really being sent securely? I don't.
The counter example used by the digital rights people is that when they send me a key to access controlled media, how can they be certain that I don't intercept the decoded bit stream?
In the first case, it is reasonable to have a trusted platform because the user can choose to accept what software he runs. In particular it can allow me to differentiate between an allowable update and one that isn't.
In the second, then then the owner/user of the system can not be permitted to have control. If the user is permitted to have full control then the platform must disclose to the access granter that the link between the media decryption engine and the output can no longer be trusted.
One can argue that the first is reasonable but the second would prevent anyone from looking at digitally licensed media on an open computing platform such as Linux.
In any case, this all supposes that the platform as installed, is indeed secure. It probably isn't. Even systems that implement a good security reference monitor can be compromised by poor configuration and software layers that cross security levels. For example, the original NT kernel is very good, but it has been slowly compromised by the surrounding software.
It would be possible to make a dedicated system into a trusted platform, for example, an ATM. It is practically very difficult to implement a genera; purpose system in a trusted way.
See my journal, I write things there
I honestly don't think that trusted computing will be possible or extant until there are trusted humans.
C|N>K
When I read the rant, I interpreted it as a fairly successful attempt at being funny; I assumed it had been copied from some humour website somewhere and posted/pasted here, probably as a random offtopic troll. Are you sure you're not taking it too seriously?
The headlines read "Trusted Computing Group wants to beerben TCPA"
I dunno what "beerben" is, but that whole sentence sounds so dirty. =)
"Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
They need to get rid of the word 'trust' as it's misleading. If I was to set up to make a product that allowed the user full control of their system would that be 'untrusted' and if so by whom? By the morons pushing TCPA?
The word they are looking for is 'RESTRICTED'! Just how much trust are we supposed to have in companies who collude to bring us a technology that has been deliberately given a misleading name?
That sounds good, but if I was on the ground spasming, I wouldn't want a stranger trying to stuff a tictac or anything else down my throat.
For most things, once you're out on the ground, it's too late for the pills. For epileptics it is best to make sure they can't hurt themselves, ie try to get a pillow or rolled up jacket under their head, and then let them finish. And then for around 20 minutes or so you have to tell them who they are, they're ok, over and over...
If a diabetic is going nutty, try to get a lolly or OJ into them before they collapse, but don't expect them to be nice. And there is no way I'd want to be trying to guess their dose or sticking a needle into them.
If it's heart pills, call an ambulance...With most pill bottles these days, you could probably get away with stomping on one to open it. Put it in a plastic bag first if you want to keep the contents vaguely clean. Again stuffing something into their gob when they are unconscious will probably just block their airway and kill them.
Maybe what we really need is some sort of intelligent security system that will let me and nobody else into whatever, unless it senses that I am incapacitated or have delegated authority, and the additional person has good intentions. A bit like how power of attourney is supposed to work. I know what I mean, even when I say something completely different, but nobody else does...
I have the same mixed feelings about the idea of speed limiters on cars and trucks. Sometimes you really need the accellerator but mostly it gets abused. Would we save more lives with a limiter, or lose more lives?
-- it must be true, it's on the internet.
The TPM spec is open, right? So what if a program like Bochs just emulates the security chip?
... with a new level of ignorance
The above was *written* by Richard M Stallman. It's in that book the FSF sends you when you join.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
Enron collaborates with industry partners to form Trusted Energy Group!
The point? It wasn't developed by corporations.
(Yes, on the other side, you had the Hayes standard for modems, but that was a survival tactic.)
If anything resembling trusted computing is going to be adopted by the computer community at large, it can't be developed by corporations. Either it won't be adopted or people will undermine corporations and take them out of the running in favor of a more open and malleable standard.
This sig no verb.
We all understand that "Trusted Computing" simply means whether or not Microsoft trusts us to run a program.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
They keep saying this isn't DRM, but it's most of the building blocks you need for DRM. And most of the applications they mention are possible without hardware support via an encrypted filesystem. All you need for Palladium is an OS which refuses to boot without the right user, computer, and boot parameters.
The other thing to note is that they keep stressing RAND (Reasonable And Non-Discriminatory) licenses. Non-discriminatory means every organization pays patent licenses on the same formula. If the formula doesn't contain provisions to allow for open source software, then open source software can't use the standard.
Make sure a remote system is running in a trusted state.
Make sure data stored localy in a trusted environment can only be accessed by that trusted environment
And by trusted environment, I mean an OS you installed,configured and control. This by oposition to thinks like:
Someone booted an OS they control in your machine and access/modified the data stored in it.
Someone took the harddrive and pluged it into a machine they control.
It doesn't forbid you to run any software, nor it requires that TPCA enabled software to be certified by some entity. You'll still have to trust the hardware and the software to do the right thing, as you do in the present. Nor does it seem to have much aplications for DRM.
Oversimplified, TCPA works like this. A TCPA system will have a hardware module (the TPM) with two functions:
It provides metrics of the software environment, in such a way that if is very hard to find two environments who don't share a root of trust but that yield the same integrity value.
It can encrypt/decrypt/sign data, but always based on the current metric. For example, it will only decrypt a piece of data if the integrity metrics have the same values they had when the data was encrypted. The key used to do this are stored in the TPM itself, who MUST NEVER give them back.
Therefore, the only ways someone can get to your secure data bypassing the enviroment you control is to:
Find a bug in the implementation
Do a chip level analysis of the TPM to get the keys stored in it. This can be done.. by major chips manufacters and a half-dozen other companies. :-)
Break cryptograpy..
There is a lot more to it, of course, like having multiple entities to preserve privacy among other other things. Check the specs, they're on the web for some reason.
Once again people are betraying their total ignorance of what Trusted Computing is supposed to be.
TCPA != Palladium != All Your Base Are Belong To Us.
Read, people. Stop whining and knee-jerking.
Only means what THEY can trust. It will surely have better security, but it is more in their interest than yours. Think of it this way: These corporations (Micro$oft in particular) are NOT on your side. Their only objective is to figure out ways to keep you trapped in their grasp, and, by so doing, capitalize on your dependence.
I have a good idea where they are going with this whole "Trusted" Computing move. Things like open hardware standards and Free Software give you the freedom (MOST IMPORTANT WORD) to have excellent commodity products, as well as competition which acts in the best interest of the consumer by keeping manufacturers honest. The problem is that it diminishes the ability of a company like Micro$oft to control you. Their ONLY option would be to actually *compete* and *innovate*. Considering the incredible pace of Free Software development, they don't stand much of a chance to continue to reap the profits they have in the past. They know this VERY WELL.
So, what do they do instead? Come up with the idea of Trusted Computing. Convince the public (the government especially) that Free/Open Software is somehow less secure (nice fat lie); Convince the government that Free Software is for terrorists (easy in this paranoid, self-righteous era); Convince the government to outlaw Free implementations and require proprietary ones provided by yours truly, Macro$haft.
"He who has ears, let him hear". The encroachment of Big Brother is very real. Security for Big Brother; Paranoia for you; The Almighty Buck for them.
They can never win unless we are ignorant enough to allow their FUD (fear, uncertainty, doubt) propaganda to become law. Be careful what you are made to believe. And be VERY careful WHAT and WHO you vote and pay for.
hateddamntruth.
You can still have bochs (or some equivalent) proxy the chip, forwarding requests to the actual chip, and intercepting all the data, including the clear data coming back from the chip. Turning this system into reliable DRM is orders of magnitude more difficult than most people seem to realize. Not necessarily impossible, but far more difficult than a cursory examination would suggest.
Of course, I have no doubt that there will be attempts to use the chip for naive DRM, which will limit the access for casual users, but probably not for determined "attackers" (if you can be referred to as an "attacker" when hacking your own machine).
Sony for example had a supperior IPOD clone but its shareholders and SONY entertainment sued them to prevent it from being launched.
That's ridiculous. Sony "Entertainment" does not exist. Sony Music, Sony Pictures, Sony Computer (PS2), and Sony Electronics are all part of Sony Corporation. They didn't fucking sue themselves you clod.
They had no such 'iPod clone'. They are committed to their Network Walkman, and may release a 2.5HD based player soon, but it wouldn't be an iPod clone, especially since Sony's implementation of Firewire (they call it iLink) does NOT carry power, requiring a separate power cord.
After all burning cd's= pirating in this world. These idiots will now own %50 of Apple.
Are you a complete idiot? APPLE IS CONSIDERING BUYING UMG, NOT THE OTHER WAY AROUND.
There are a lot of rules in Australia that try to prevent contracts that expect drivers to break the limits. Things are much better than they used to be, because the employers/hirers cannot push the limits as far as they used to.
For instance there are cameras along the Hume Highway that links our biggest towns, Sydney and Melbourne. They photograph the truck at various points along the highway and then use those to calculate how fast the truck was going. If the truck makes the distance, say, in less than 5 hours then he's been speeding and he hasn't had his compulsory 30 minute break (for every 5 hours of driving). And there are no faster shortcuts between Sydney and Melbourne, something to do with a mountain range.
The truck union in Australia is really strong and I think that helps a lot of the independent drivers. You still get "cowboys", but I suspect they have other problems besides trying to make a living. Mostly they can't use the main links if they're speeding anymore. It isn't a perfect system but it is a whole lot better than it used to be on the main highways.
We still have a problem with drivers of cars falling asleep and drifting into the trucks. We're trying to fix that with driver revivers. Community clubs of country towns will run a free coffee and muchie and toilet stop just before their town so that drivers are encouraged to take a break. That's been reasonably successful. But they're usually only out there on the holiday weekends.
Other rules that make it harder to exploit workers are: minimum wage (but that gets abused by excessive overtime), minimum sick leave, holiday leave, superannuation. For contract or casual workers they are deemed to have the same rights to employer super contributions if they have worked for the same employer for more than 3 months straight or earn 80% of their income from the same employer. So things are a bit different in Australia.
-- it must be true, it's on the internet.
Yes. People still do it. I've done the nullabor once, each way (east west) and once north south (ouch - like 200km of uneven concrete steps with 24 open-gate shut-gate stops) but not by myself, we were sharing driving. On the east-west trip, one guy managed to fall asleep, fortunately he woke up when he went onto the shoulder, and fortunately it was a good flat shoulder. After that we were much stricter about changing drivers every stop or every second service station (they are around 130 to 180km apart). BTW 60mph is approximately 100km/h, which is the National limit on open, not otherwise marked roads. Some properly built roads or long straight bits or bits in South Australia have 110. The NT is supposed to be limited to 100km/h because of the National road funding deal that everyone signed up to was tied to that, but they don't enforce it much. They used to be what ever people thought they could manage. Their road toll was fairly low, but I think thats because there aren't many people out there. WA has more of a problem with rural drivers pranging each other, the wild life, the farm animals, and trees.
My special used to be the Hay plains (South Western NSW between Sydney and Adelaide). If you didn't stop at Hay, you could do 300km without a stop. And my car can do 800 - 1000km on one fill. But I like to stop every couple of hours. I get a lot further if I eat and drink cordial while I'm driving and cruise control makes things much easier because you can watch the road 100% and not worry about lead foot. I haven't driven the Hay plains for a while, but I don't like flying either. The way they are cutting costs on airplane maintenance and my flights last year were all held up due to planes not properly maintained, puts me off flying.
And yes I could do the Adelaide - Sydney trip (1200km) in a day, and the faster you did it the better. But I've also experienced an accident due to flat tyre at 80km/h and that was very scary, nobody hurt seriously. I hate to think what the same thing would be like at 100km/h or faster. Fuel economy goes to shit at 120km/h anyway, even though that speed can cut an hour or more off the trip.
I guess it is a bit of a double edged sword. Do you decrease the speed limit and increase the number of accidents but hopefully decrease the number of deaths? Are the people having deaths from excessive speed, exceeding a little bit or a whole lot?
And how do you avoid a suicide kangaroo at 100km/h in the dusk/dark - you can't. But if you are doing 60 - 80km/h they're a lot better at avoiding you. After all they can do 60km/h too and that speed they can judge right. 80km/h and over they stuff up. I don't even see them.
Of course you can avoid pranging kangaroo by not travelling at dusk or later. But during daylight you have a much better chance of getting a farm animal instead.
Oh yeah, there is a rail line that goes from Sydney to Perth sort of. I think the guage changes once or twice. And there used to be problems getting your car on the rail car past Pt Augusta (ie the locals used to help themselves). But people who have put their car on the train recently haven't had problems that I know of. It's a very boring train trip.
If you like train trips to avoid dangerous roads, I recommend NZ. Great train rides (especially if you pack your own food). Spectacular scenery. For the same reason that the scenery is spectacular, the roads are dangerous (mad NZ drivers and excessively windy narrow roads).
I write too much.
-- it must be true, it's on the internet.
or brahmen cattle
Although they're not often roadkill. Dunno why, but perhaps they are less nocturnal. There's nothing worse than a wombat though. They tend to kill the car. And sometimes the driver too. We don't have night time speed limits although perhaps we should. The only place a speed limit is variable depending on what time it is, for the same stretch of road, is a school zone.
In Canberra, I had to drive through a farm to get where I was going, and if I was late the cows would be bedded down on the dirt road cos it was warmer than the pasture. The only thing that would shift them was the sound of a blue heeler dog (they like biting cows). Fortunately I can imitate that noise.
My bladder usually gets me well before 400 miles (650km) is up especially if I've been drinking water.
I dunno what the rules for roadkill are in Oz. Mostly people leave it there, although some councils send trucks to pick it up. Nobody thinks it is any good for anything, even feeding the farm dogs. The Wedgetail eagles like it.
Camels. Hmm on the desert tracks, the camels will run in front of the car and won't leave the track. And eventually they'd drop from exhaustion. We learnt to stop and get out. Initially to take photos. And then they clear off the track to get a better look at us because we've gone off the track to take a photo.
You've got to be careful about what camels though. The males can be a bit nasty. The females usually travel without the males, and they are curious like cows. Obviously depends a bit on how much they've been shot at.
They want to reduce the country speed limits here. Somebody has pointed out to the minister that it can cause other problems, but a govt site of statistics would be handy.
Slow driving round australia is very popular with our retired people. And they can organise to be in the best weather all year round. I like to laugh at tourists who want to do Adelaide - Darwin including Uluru, and Kakadu with a stop at kings canyon, by road in one weekend. Just because they can see all these places on the same map, doesn't mean they can visit them all in a weekend without an airforce fighter jet. And then I don't think Kings Canyon has a suitable airstrip. Some of our road trip movies, eg Priscilla, are very misleading about what spectacular scenery is where.
I think it would take two years to do a slow driving trip around Australia. But it would be excellent fun. NZ is quicker. I still only did about half what I wanted with three or four weeks. My parents took three months to do Adelaide - Broome - Kununurra and back through the deserts. I joined them for a month between Broome and Kununurra. And there were lots of places they missed like the Pilbarra and the stuff between Alice Springs and Darwin. The best places were the ones that didn't have names on the map.
Until Bush got in charge the USA - Oz exchange rate was very good. Ie a coffee here is around $2.50 and it would only have cost you $1.25 USA. I think our fuel might be dearer though, $1 for a litre of diesel in town, and double in the desert centre. Dunno how many litres in a gallon.
-- it must be true, it's on the internet.