Slashdot Mirror
Researchers Looking at Alternatives to Palladium
An anonymous reader writes "Some folks at Stanford have been looking at an alternative architecture for doing trusted computing (ala Palladium) based on using Virtual Machines. They presented a brief paper describing their work a couple weeks ago at the USENIX Workshop on Hot Topics in Operating Systems . In their paper they also discuss a bunch of non-DRM applications of Trusted Computing such as distributed firewalls, improving P2P security, preventing DDOS, and even strengthening civil liberty protections."
The alternative will need a decent clock
Anybody from trusting anybody else now. We could create distrib-firewalls if we wanted to.
The fact is DRM takes away the PEOPLES' rights to choose who to trust.
One good example is the google puzzle contest I'm sure many tried. You downloaded the .pdf before, and got a password when the time started. While nobody should go to jail for cracking the password, it was an example of a good (not evil) use of DRM.
-Libertarian secular transhumanist
Rather this alternative to Palladium does or doesn't work at the fact that OTHER companies are looking into creating this kind of system makes the future of Palladium-esque systems look a lot better. Competition is a Good Thing and handing the reigns to microsoft with out look bad is a bad thing, microsoft or not a company should not have that much power. If this market becomes more diversified we will see better products, rather from microsoft or not, and people will start listening to the peanut gallery ranting for a better system.
transmission_err
One is proposed by some folks in Stanford, the other is proposed by Microsoft and Intel.
Guess which one is going to matter?
"Much work is lost, for the lack of a little more." -Edward H. Harriman
parent author here.sorry about that. here.
1) A safeguard, especially one viewed as a guarantee of the integrity of social institutions: the Bill of Rights, palladium of American civil liberties.
2) A sacred object that was believed to have the power to preserve a city or state possessing it.
I believe that city is called Microsoft.
"Bill of Rights"... whaaaahahaha.
---
At any rate, I have only one more word to say about Palladium. You can read all about that word here
Moreso, would it be possible to fake out Palladium-dependent software by running it in an emulator that simulates the undelying Palladium subsystem?
What does a program REALLY KNOW about where it lives?
Wow, This is JUST like "The Matrix".
"Lawyers are for sucks."
- Doug McKenzie
I'd be happy with Trusted computing as long as I got to be the one who did the trusting, not some outside entity.
autopr0n is like, down and stuff.
Some folks at Stanford have been looking at an alternative architecture for doing trusted computing (ala Palladium) based on using Virtual Machines.
We have that today. It's called JAVA. (Trolls, take a hike. Even Kreskin doesn't know when Java's dying.)
Javascript + Nintendo DSi = DSiCade
With all the security patches MS has each week, I must admit I found it rather amusing that they were propsing a secure computing standard with Paladium.
Personally, I don't think they can pull it off. But with Stanford looking into an alternative now, this means we'll at least have choices down the line. And I'm sure that both sides will look at what each other does and rip off the good ideas.
Security is important and a verifiable identity is as well. Not just for e-commerce applications, either. Even such simple issues as banning some nimrod that wants to post stupidity on your board can be solved by a solid identity model.
Hopefully, one of em will pull it off.
What misleading terms they are. How can Palladium have anything to do with "trust" when they violate trust and anything else by intruding into my computer and controlling my content?
How can DRM "protect rights" when it denies basic rights of fair use?
Don't blame Durga. I voted for Centauri.
So from MS we get Trusted Computing where "trusted" means trusted by big corporations who want to sell you stuff without any chance of copying.
From these guys we get Trusted Computing where trusted means trusted by the guys building the network.
So, which would you choose?
Do you mind, your karma has just run over my dogma.
Why is it called "trusted computing" after all, when it violates trust?
The problem is we are looking at the wrong definition of trust. Most of us have in mind the primary definition: "Firm reliance on the integrity, ability, or character of a person or thing" or "Custody; care"
You have to look down the list to find the definition of "trust" that fits perfectly with Microsoft, RIAA/MPAA and the Palladium idea:
"A combination of firms or corporations for the purpose of reducing competition and controlling prices throughout a business or an industry."
Might as well called it "monopolized computing". Means the same thing.
Don't blame Durga. I voted for Centauri.
à la
"DRM prevents you dirty hippies from stealing copyrighted material"
Knock off the word abuse. There is no theft involved in duplication.
"Some of us have to make a living, you know"
Computers started out simplistic, under the user's complete control...
:)
they got more advanced, users still had full control...
Trusted computing came along, users lost a lot of control...
add in some technological and AI improvements...
???...
MATRIX!
..... is when I see "Researches looking for alternatives to Palladium" I think - well, there's platinum, copper on platinum (mosanto does that), a couple of nickel catalysts.... oh, this is that DRM thingy
Such is life... technology is conspiring to take away my rights to protect me from myself.
merci.
"Computers started out simplistic, under the user's complete control..."
No, they started out controlled by men in white coats in clean rooms.
The microcomputer and PC revolution changed all this.
The regressive trend back to "Master Control" started with Scott McNelly of Sun Microsystems. I remember when he first laid out his grand vision of returning everything to central control via the Internet. Java was part of this. Microsoft copied the rhetoric, announcing a time when your Word app and even your Word docs would all be on Microsoft's central servers.
Don't blame Durga. I voted for Centauri.
I find this branch of research and publication somewhat disturbing. As legitimate, morally appealing, uses for this technology appear, the opposition should become less vehemently opposed to the technology. It's the rational reaction for rational people. If you still oppose it, you're probably irrational.
We're capitalists, however. Civil liberties have not been terribly profitable products in the past. The old-world investors will not invest in end-point civil liberties protection technologies, and will continue to put on blinders to the true value in information networks--their end-points.
However, perhaps one or two capitalists out there has realized that (1) networks have no inherent value or use on their own, and (2) people are terrified of being ruled by any network. There's a fucking market for civil liberty weapons: tools to defend end-points, tools to protect individual's rights to connect and communicate with any other end-points, tools to insure security and authenticity between any two or more individuals. Justin Frankel's "Waste" is a beautiful start.
On a related, but off-topic tangent, I've got a new buzz-word: Intellectual Macro-Economics, a way to increase the value of the US dollar.
Here's how it works, in magic-bullet glory: Article 1, Section 8, of the US Constitution provides Congress with the power to increase the artists and scientific wealth of the US, providing a mechanism for doing so (limited terms). The concept is to increase the unlimited common wealth of the US (and probably Humanity), by encouraging the creation of new works. For the last 20 years our cultural wealth has been depleted by private interests, looting the cultural commons, robbing us of the creative wealth to build with. In this, the copyright law is our asset which has been mis-managed, and stopped delivering our wealth. To increase our national cultural wealth, require the creation of new works, and consequently increase foreign confidence in the US dollar, increasing its exchange value, we must repair copyright, patent, and trademark law so that the commons will resume growing, and an immediate idea-influx (through a retro-active term truncation) would have massive midterm-longterm beneficial effects.
Another aside. One side of the IP arguement sees the limited terms as the promotion of progress. The other side (ours, and the one that wrote the damned Constitution) sees the progress as the effect of limited terms: an increase in common intellectual wealth, with a "necessary evil" to promote the production of those works. Bleh. Communications barriers. And you thought it was so fucking obvious, didn't you?
I'm as mimsy as the next borogove but your mome raths are completely outgrabe.
The moderators must be on crack.
This is a great post because it shows that in every industry, power corrupts and we NEED checks and balances. This Palladium alternative research is GOOD for the world because we can limit a corrupt power where it is in medicine or computers.
(What are the chances of two Alan Coxes in this field of business!? Bummer for the other Alan Cox. Probably often mistaken as Linus' lieutenant...)
-------
Warning: Slashdot may contain traces of nuts.
I thought it was funny.
Boobies never hurt anyone. - Sherry Glaser.
... not to use any DRM at all ...
Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
Comment removed based on user account deletion
DRM should be treated like viruses. If we could only get the DMCA out of the way (with its huge $$$ fines for listening to the song you bought on the "wrong" player), we could have Norton and McAfee come out with software that strips all incoming content of DRM just like their other products which remove viruses from incoming files.
Don't blame Durga. I voted for Centauri.
It's funny, insightful and informative all at once.
oh brave new world, that has such people in it!
"If the Riaa and Mpaa do not trust people with the media, why show it? They, in effect, release the idea to everybody when they put some show/song in mass media."
Not only that, but the MPAA commonly encourages piracy.
Let's say I want to see "The Two Towers". It is no longer in theatres, can't go there. It is a LONG time before they sell a DVD; so I can't pay them that way by buying a DVD. The only alternative is to obtain somehow a pirated DVD copy of "The Two Towers".
No way should they whine about money-loss to piracy when they aren't selling it in the first place! There is a demand for their product, and in this example, they refuse to meet it in any way.
Don't blame Durga. I voted for Centauri.
How would a virtual machine based approach to Trusted Computing such as this be different from a JVM/CLR/equivalent virtual machine executing code signed only by a certain party?
"DRM does protect fair use - it allows copyright holders to mark their content so it can be copied for personal use (between different devices for example)"
No, it does not. The most common form of DRM out there right now, contained in the most recent Windows Media Player, prevents me from playing a song on my MP3 player.
"and the rights of the consumer, and doesn't intrude if you don't choose to purchase protected content - suddenly that's wrong too."
There would not be anything wrong with DRM if it was OK to bypass/remove it.
What about the world's largest computer manufacturer (last time i checked) shipping BSD as the only manufacturer supported OS on their computers?
No, I haven't RFTA, but I'm wondering :
if you need to trust the VM binary, why not trust the very programs you want to trust directly ? because you put the VM in rom ? (or something in ROM is trusting the VM ? but, there, why not verify other programs, even downloaded ?)
Other remark, I though palladium was evil, but not TCPA ?
There are some cool sounding papers!
:-)
- TCP Offload Is a Dumb Idea Whose Time Has Come
- Crash-Only Software
- Using Computers to Diagnose Computer Problems
...and I'll say it again: "Those who are willing to give up an essential liberty for a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin
You should use AdiumX on your Mac.
I've take class from both Prof. Boneh and Prof. Rosenblum (2 of the 3 names on the paper), and I can tell you that they're some of the most intelligent people I've met. I'd definitely trust anything those guys have to say.
> Trusted clients for multiplayer games
e s. pdf
m l
Given all the effort that was put into aimbot network proxies, reverse engineering
graphic card drivers etc, I don't think that this will hold.
As soon as a Trusted Computer is enforced on the masses and keeps geeks from doing
geeky things (cheat on games, watch Startrek, listen to Linkin Park, read NY Times,
run Linux on XBOX), it will be cracked in no time.
The past shows that secure AND cheap chips do not exist. Google for the BSkyB
desaster in UK, if you're not convinced. Or read up this PDF to learn how hi-tech
security smartcards and chips are dissected and cracked in a home lab:
http://www.cl.cam.ac.uk/~mgk25/sc99-tamper-slid
How much do you want to pay for a Trusted mainboard? Some extra $1 US (cheap PIC)?
Some extra $10 US (estimated price of BSkyB smartcard)? Or do you want just the
"Trusted" stuff to _exceed_ the price of the whole mainboard and use a physically
tamper-hardened (yet cracked) device like IBM 4758?
See http://www.cl.cam.ac.uk/~rnc1/descrack/ibm4758.ht
As long as you're fighting against the geeks, you're on the loser side.
Marc
the USENIX Workshop on Hot Topics in Operating Systems. Looked to me like the "UNISEX Workshop on Hot Topics in Operating Systems." And I have to point out that anything "unisex" is not a hot topic....
My signature reflects my feelings about Trusted Computing. Because Trusted Computing is so easily abused by content producers who want strict control over media consumption, I feel it's potential for harm outweighs most of its benefits.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
"content producers who want strict control over media consumption"
It has been a LONG time since I've eaten a CD, or burned a book in my furnace. I'm not sure the word "consumption" for media-usage fits the best!
This is what the DMCA and DRM technologies do.
1. DMCA is a law, not a technology.
2. Your example of meat-grilling is not really equivalent. Grilling meat is generally legal, whereas copying someone else's work without permission is generally illegal.
But of course there is still an enormous flaw in the DMCA: sure, more than 90% of the time, when a someone wants to defeat a copy protection scheme, it is for the purpose of illegal copying. But there are times when copy protection blocks copying which would otherwise be completely legal, and quite useful.
That is the problem with the DMCA.
So a better analogy is:
It's as though there were a device in your car which prevents you from trying to drive much faster than the speed limit, and which is illegal to remove.
It's sort of understandable that some people might think this is a good idea, but on the whole it is insulting, and prevents legitimate high speed driving (e.g., driving on a private roads, manuevers to avoid a collision, etc.)
"Your... content... ?"
My content. I paid for it. That kind of content. Consider the ad campaign for selling DVD's "Own a Movie Today!"
"Oh, and you still have as much fair use as anyone did before the digital boom"
Not really. The real problem is the DMCA. If the DMCA were repealed, DRM would not be a problem.
Don't blame Durga. I voted for Centauri.
So they build their network apps, we build our network apps. Ours are more fun and now can't be spammed, DDOSed, or any of the other nasty things they try.
Not any scarier, just more polarized.
I naively thought that Microsoft's main operating system was Windows - you know, that thing that runs on 90-something percent of desktops worldwide?
Wasn't Bob basically Clippy the first?
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
" improving P2P security "
Wouldn't it be nice if there was a P2P application that had support for SSL, Proxy's and sets tunneling to prevent ISP's from blocking it?
well thats what the link is. It is still in beta and only available for windows so lets E-mail them about porting it. Or maybe one of you sharp coders is looking for a project. I only know perl so I'm out hehe
-- "of course thats just my opinion, I could be wrong." --Dennis Miller
I did RTFA and what this boils down to is what it says near the end: "Note that our threat model excludes compromise of the underlying tamper-resistant hardware...". Palladium has the same trouble.
Security through obscurity-and-a-bunch-of-hard-work-to-break-it. Basically, the first time anyone skilled figures out the algorithms for the hardware, they can help someone make an emulator.
Then, all you need is the key any "trusted" computer uses. So, you brute force crack your own computer's key by having it encrypt or sign some communique to some "trusted" server out there. Then, you intercept the communique. Since you know the algorithms, you try encrypting or signing the communique with different keys until you find a key that results in a match.
Once you have your key and your emulator, you can look at what any program on your computer is doing, change whatever the hell you want, and cause whatever "mischief" you want. Want a DRMed MP3 unDRMed so that everyone on the Internet can have a copy ? Go right ahead. You could probably make a program to automate the process. Want to change something a "trusted" program is sending to a server ? Go right ahead.
I don't trust MS as far as I could throw Bill gates into a strong headwind. But that doesn't stop me from using windows - I just wrap everything up in PGP and firewalls and hope for the best. And that's the bad part - "hoping for the best." We need something that assures more than a wing and a prayer but also allows for the separation of identity and trust. And while that still may sound a bit like PGP, it ain't; I can't lock away an app in PGP and run it without also making it vulnerable to attack. That means everything else is vulnerable to attack, too.
Whenever we get stars in our eyes and dream of an "augmented future" with pocket computers that allow us to recall in an instant significant volumes of historical information, both personal and public, then we've got to realize something like Palladium has to happen first - because, I dunno about you, but I am not gonna carry around an "augmented brain" that any script kiddie with a bad attitude can even read, much less attack. In such an "augmented reality" a system attack has the possibility of being as much as physical attack as knocking someone down and stealing their wallet, or even delivering a blow to the head.
Now, granted, there's nothing protecting me from just such an attack right now. I could take a stroll down Sunset one night and get mugged and that would be that. But the way things are we are all living in the highest crime neighborhood and we have about as much to fear from the police as we have the (ahem) "bad guys." At the very least, we are going to have to come up with a "personal armored car" before any of the really cool stuff can move forward.
Now, I don't trust Palladium to be that armored car. But I also don't think you can get away with the anti-DRM arguments. Because, when it comes down to it, we are talking about a personal DRM system. I want to be able to lock away my thoughts - my data - from you. And I think most of you are likely to feel the same way. We all want our privacy, but then pretend it's not within the rights of corporations to whisper secrets in our ears - even when we ask it of them.
If you don't want to use DRM you shouldn't have to. But if I want to send you a "secret" - and you are willing to accept that secret - I should be able to. And if I want to know where that "secret" came from in case you tell it to someone else, what's to stop me from "coloring" it a bit? If you tell a slightly different story to every person you meet then you can be reasonably assured of knowing where the "leak" came from when that someone breaks your trust. Basically you are arguing that publishers don't have the right to tell you a secret - even when you ask them to - and expect you to keep that "secret."
Trite as it is, it comes down to "no one is forcing you to buy from Disney." And no one can reasonably expect Disney (any more than they could expect an individual - your neighbor, for example) to continue trusting you even after you have proven you would break their trust.
DRM is about being able to forge trustworthy electronic relationships. I do believe it should not sacrifice anonymity unless there is an absolute need for both parties to do so (and this absolutely does not include commerce exchanges unless it is for physical goods) but I also cannot see our technological future continuing to grow as it has without something better than we have now. And not just a little better, e
I just saw The Two Towers in the theatre last weekend. I'm pretty sure it's still showing.
http://yetanotherpoliticalrant.blogspot.com
i think trusted solaris is interesting
stop supporting microsoft with pirating their software!!!!!
"I just saw The Two Towers in the theatre last weekend. I'm pretty sure it's still showing."
Let me see, I can drive hundreds of miles to your theatre to see it, I can drive to any place where it is stored to break in and steal a copy (some other guy suggested stealing), or I can get a pirate DVD copy somewhere.
What is missing is the option to buy a copy from the movie studio. Sure, they will come out with it eventually, but every day they refuse to sell a DVD that people will give them good money for is a day that people will find other ways to access the content.
I guess they just don't really want the money.
Don't blame Durga. I voted for Centauri.
OK, So Let Me Get This Straight... When MS does it, it's Pure Evil (TM). When Stanford does it, it's Happy Fluffy Bunnies. I'm glad we're all clear on that.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Let me keep it short :
Palladium emulator + the cracked private key for my machine = sharable data
Send both to a friend. Send him whatever data you want. Through the miracle of trusted computing, you can trust that he can read the data.
"Businesses NEED the ability to control their data, not only from theft but from erroneous use."
Waving your hands, saying "ISO9000" and then saying somehow Palladium help all these "problems" (which you haven't mentioned, just implied) doesn't make any point.
Businesses need to control their data. What does "control" mean? Do you mean the data is an adaptation of a trade secret? Do you mean others want to keep it from being modified?
Okay, I'll be generous, I'll assume you "all those things".
So what you're proposing is that all computers in the world must follow a encryption/decryption standard and authentication scheme that depends on a highly interconnected world to keep your secrets safe.
Its a dumb frigging way to do it.
No, it is. You're not well though out, and let me explain out why:
1) You can bet somebody else will have computers that honor the decryption signal, but little else. That is, your data is only safe from honest and dumb people.
2) It forces the "trust" out to the ends of the network instead of the middle where it belongs (because you never can trust all the clients)
3) You never can trust all the clients. Trust me, you just can't.
4) You're making *YOUR* data secrecy and integrity problem *MY* problem. But its not *MY* problem, its *YOUR* problem. Expecting me to modify my hardware to satisfy you is beyond dumb...
Ultimately, you're looking for a technical solution to what is a people problem, and typically, technical solutions are too clunky and expensive to actually work.
So give it up.
And no, you don't need Palladium to do ISO9000
Studies have shown CONCLUSIVELY that circumcised males have a lower disease rate than non-circumcized males. This is particularly striking in AIDS cases.
...and trust me on this... Hot chicks love to give oral sex to circumcised guys. They won't even touch an uncut cock.
It derives from old Jewish law (like keeping kosher) which indeed have their basis in health rather than god throwing lightening bolts.
Just because something is old doesn't make it wrong.
Besides,
So fellas, if you're not circumcised, you can count on hairy french chicks, and that's about it. Your loss.
Trusted means that your computer is going to behave in a predictable way, that it will just execute the damn program and not fuck with it.
Is that so horrible? If you can't stand the thought of running a program without screwing with it, then don't try to tell other people that that's what you're going to do.
All trusted computing means is that you tell other people that you'll run the software cleanly, and they can trust you to tell them the truth. If you can't stand this level of honesty then maybe you better take a good hard look at yourself.
"All trusted computing means is that you tell other people that you'll run the software cleanly"
You can't even define what "cleanly" means, fucktard.
Okay, sorry for the insult, it was uncalled for and I apologize.
I'm going to demonstrate why you're dead wrong.
I buy a CD today. I listen to it. Its cool, really good. I tell my girlfriend about it (my wife is pissed off, but what the hell). Anyway, I tell my girlfriend about it, and she says "cool, let me listen to it". So I put it in its case and hand it to her and say "hey, nice cans, here's the CD, don't scratch it, or I'll smack you in the ass".
And she puts it in her CD player and listens.
Now lets go to the digital age... My girlfriend wants to listen to my music in her car. No way... the RIAA says I have a license for personnal use on the downloaded equipment. No dice.
No problem, I want to listen to it in my car, after all, only total geeks listen to music on their computer.... damn. It won't let me copy it to CD because RIAA says I have no right to copy it to a CD.
So I listen to it on my PC in the basement. Can't share it with friends, and I can't listen to it in my car.
But hell, I was just being a thief and a pirate loaning it to my girlfriend.
Do you get now why this is a bad thing and why I originally called you a fucktard (even though I apologized later after I regretted saying it).
Are you getting it yet? Do you see why this is a bad thing? Not just because I can't listen to it in my car, but because I no longer have any control over the music I bought. I paid money for the damned thing, and now I can't even listen to it in my car.
But on the plus side, it will be a cash windfall for the RIAA, so I guess that kind of makes it all worthwhile, eh fucktard?
Oops, sorry again, it slipped out. I didn't mean it, fucktard.
I was circumcised when I was 10 because I had an infection in the tip of my penis. It was not AIDS, and it was extremely painful. I couldn't even pee because at one point the whole tip was clogged. The emergency doctor had to scrap some infectious material out with a sharp tool so I could pee then. I had surgery soon after (drugged to sleep). Recovery was very very painful also, and I had to eat awful tasting medication (that was the easiest part too).
The benefits outweigh the costs in my opinion. What's a little pain for a baby compared to the extra pain associated with disease. Also, no studies have in any way linked circumcision [sic?] in children to anything else later in life.
And that was severly off topic, but I couldn't let some BS go free.
http://www.cirp.org/library/general/laumann/ Your opinion is EXACTLY why we shouldn't mix religion with science.
http://www.infocirc.org/fourn.htm
Would you rather have THAT happen to you?
Big corporations can keep the crappy, empty, mind-numbingly tedious corporate MTV sludge they churn out, whilst we create our own free and open media. They're the ones who'll lose out when I don't buy their snake-oil...
charlie harvey's website
[Not really. The real problem is the DMCA. If the DMCA were repealed, DRM would not be a problem].Please do explain.
The DMCA makes it illegal to "crack" and bypass these copy protection schemes which make it difficult sometimes to even view material on DVD's which you have paid for.
"You do not own the content, you own the media it's on."
Then how come they advertise "own a movie today", instead of "own the disc the movie is recorded on"?
Don't blame Durga. I voted for Centauri.
"We're capitalists, however Speak for yerself."
Everyone is a capitalist and favors capitalism, as capitalism is nothing more than the system in which you make your (or "Yer") own decisions about your economic life.
The difference lies between free-market capitalists, and socialists (who believe that only government elites should be allowed to make economic decisions). The socialist leaders like Fidel Castro and Josef Stalin are among the most successful capitalists of all time: they used their decisions to become amazingly rich and powerful while outlawing anyone else doing the same.
"Do you see why this is a bad thing? Not just because I can't listen to it in my car"
You can listen to it in your car, but you will have to get a free copy of the song off Grokster or some other such place. This is just another example of how these DRM strategies encourage piracy and discourage sales.
Don't blame Durga. I voted for Centauri.
A secure VM implementation allows an untrusted system to be run on the same platform as trusted code. Just say I was running Windows with that new nasty little worm/trojan that does keyboard interception. I can have one instance of Windows for home-banking and another for Email. If the executable code for each instance was kept separate, the instance where I received it may be toasted but the one used for banking access would have no problem.
See my journal, I write things there
Could you explain what law in what country defines this as stealing? Speaking for myself I can assure you that becoz of their shitty marketing practices and inability to provide me with the product that is fully deliverable I am not going to wait and pay them big $$ anywayz so i might as well copy it. what are "they" losing in this picture and what am I stealing ? I already saw the movie twice, and paid for those times. I have photographic memory anyways so it doesnt actually matter for me... Oh wait! Am I stealing anywayz becoz of my memory ? Maybe I shouldnt advertize that publicly.
The problem is that the trusted layer *must* be small so that it can be completely verified. Applications can't be so easily verified and it would still be possible to compromise Outlook, for example to send unwanted EMail. All the signature does is to say that the software hasn't been modified, but we know that applications don't need bad code to misbehave, they only need the right kind of bad data. Once the code has been signed, it must be signed again verey time it is patched. A far from simple logistical problem.
OTOH, smaller code may be more easily verified - so a driver for a Smart Card reader could be protected, as could SSL. However a programmer can still make a mistake and allow the code to be compromised.
See my journal, I write things there
Worry about something that matters.
Nobody even worries about it except people with latent homosexual urges. Nobody cares except you.
What about the fact that DRM puts the power to enforce copyrights into corporation's hands, instead of the judicial system as it should be?
Since you're obviously a tard, nobody buys information from you anyway.
Tech Public Policy stuff
There is a lot more to fair use than being able to make personal copies. Making personal copies is one of the least justifiable means of exercising fair use. Fair use is so broad it can't even be defined. The law simply lists four criteria for courts to consider when assessing fair use.
Fair use can, for example, involve distributing video clips to analyze a debate. Fair use could involve making a program run on a different computer platform. Fair use could involve real-time resequencing of a movie to eliminate offensive imagery. Someone may exercise their fair-use rights by indexing a website for their search engine. Digital Rights Management doesn't permit any of these. As far as DRM is concerned, fair use only fits into a narrowly proscribed range of activity.
*sigh*
I have read every single comment to this story, which is talking about how these systems supposedly cannot be called "trusted systems."
Everyone here is wrong.
You would know that, if you knew were the term "trusted system" originates from. It has been used in US DoD for much longer, than the whole recent "DRM" hype has been around.
A "trusted system" is a system, which can break the security policy. No more, no less.
I'm really surprised that no one here knows what one is talking about. Well, maybe not that surprised, however quite annoyed, to say the very least.
This whole "DRM" buzzword hype has been around for quite some time already, and still it causes so much misunderstanding.
We just cannot effectively fight against anything, which we don't even understand. We have to always remember that, if we are ever going to change anything.Karma: Positive (probably because of superiour intellect)