A Critical Look at Trusted Computing

mod12 writes "After just attending a two-week summer program on the theoretical foundations of security (one of the speakers was from Microsoft research), I have been interested in trying to find out if the "trusted computing" initiative was still alive. I got my answer today in the New York Times from an article that was fortunately rather critical of the concept."

Microsoft . . .

As long as Microsoft is there, there is no trust.

Re:Microsoft . . .

[Mark+Ferguson]

I offered an alternative to M$ in charge of the "Trusted" email program. M$ != Trusted IMHO.

The anti-spam community is comeing together to create a white list of companies that abide by Best Practices.

The site is up, the zone files are up.

Re:Microsoft . . .

I guess there'd be antitrust?

It's full of hex!

[dagnabit]

I love the image at the top of the article showing the "sample of the code for a more secure version of Microsoft Windows" -- just some random binary file open in a hex editor.

Gotta love the NYT - their editors are on the ball!

Re:It's full of hex!

[I+Want+GNU!]

Didn't you hear? Microsoft is programming the DRM system with their patented HexCode (TM). While it may decrease productivity, programming in hex and binary turns a simple 7% profit into a 111% profit, making MicroStock more attractive to inventestors.

Re:It's full of hex!

[Soko]

I love the image at the top of the article showing the "sample of the code for a more secure version of Microsoft Windows" -- just some random binary file open in a hex editor.

Ummmm... I believe that's a Palladium key, not machine code. Since the best encryption keys are those that are truly randomly generated, not the pseudo-random numbers most software uses at present, you see a good key (if it is indeed random).

Gotta love the NYT - their editors are on the ball!

Apparently. (Well, this time anyway.)

Soko

Re:It's full of hex!

No, that's not a key. Have a look at the ASCII on the right, and note the hex character codes interspersed with nulls - it's UTF-16 formatted text. It's hard to make out, but near the end there's the text "Unexpected Type [%s]", so the code dump is probably from a compiled binary.

Re:It's full of hex!

[citking]

MicroSoft Headquarters, Slashdot Briefing Room

Guy #1: "Oh crap...quick, we need NDAs for everyone who has seen that code on Slashdot!"

Guy #2: "Greg, I wouldn't be so worried about Slashdot...we better get our moles at SCO on the ball to make sure they don't see that code we stole from them!"

Guy #1: "Oh, I guess you're right...."

Re:It's full of hex!

[Randolpho]

Ummmm... I believe that's a Palladium key, not machine code ... you see a good key (if it is indeed random). Um.... if it's a private key, then it's no longer good having been published...

Re:It's full of hex!

[frankthechicken]

I think you'll find they're actually trying to reverse engineer Linux, and unless I'm very much mistaken, that's a fragment taken from the 2.4.0 version.

Re:It's full of hex!

[shird]

Did you take a look at the text conversion (on the right)? It is a bunch of text in unicode format being displayed in the VS IDE. You can clearly make out some of the text.. ie "Description", "Unexpected Type" etc. Clearly not a 'key' of any kind or code, just a bunch of string resources probably in an EXE or DLL.

Re:It's full of hex!

[cperciva]

The text is the following (in unicode):

[%s] & Ed[%s] values for User Name TextBox event description. \00\00\00\0A Unexpected Type[%s] & Id[%s]

Looks like a dump from an executable file.

Re:It's full of hex!

[greening]

Not to be picky, but that's actually UltraEdit (http://www.ultraedit.com), not VS (well, I'm not sure about it being from any version other than 6 but, the there are many keys that are definately from UE). But it was immediately obvious that it was indeed most likely an EXE.

Re:It's full of hex!

Ha, it's ultra edit, opening up a UNICODE file... I think it might be a regedit script or something...

Yah, fuck that shit.

Re:It's full of hex!

[UserGoogol]

You can also see the text "User Name", so yeah, that sounds reasonable.

Re:It's full of hex!

[UserGoogol]

More like Unicode, and it doesn't look entirely random.

This is pretty much what it says, save for a the stuff at the end. Format is unicode.

[%s] & Bd[%s] values for User Name text OK description ... Unexpected type [%s]

What with all those [%s]s everywhere, it seems like it has some sort of a practical purpose, although it isn't "code" per se.

Re:It's full of hex!

[Malfourmed]

Everyone knows that hex sells.

Re:It's full of hex!

[pAnkRat]

> I think you'll find they're actually trying to reverse engineer Linux,
> and unless I'm very much mistaken, that's a fragment taken from the 2.4.0 version.

2.4.0 !
That's old stuff you lamer, I just pulled linux 8.1 from a warez site.

pAnkRat

Re:It's full of hex!

[%s] & Bd[%s] values for User Name text OK description ... Unexpected type [%s]

What with all those [%s]s everywhere, it seems like it has some sort of a practical purpose, although it isn't "code" per se.

These are Unicode text ressources, error messages in particular. The %s are substituted with real strings by the program.

Heh, unless they're using a specially checked version of sprintf, this is infact a pretty insecure way to implement i18n.

Re:It's full of hex!

[dagnabit]

Yeah, I looked at it more closely after posting and saw that... oh well. It's still funny that they're using it as an example of secure code...

Re:It's full of hex!

[poot_rootbeer]

Lots of hackers know how to read hex code!

If they REALLY want their code to be more secure, they should write it in duodecimal!

Re:It's full of hex!

not just "a hex editor"
That's ultraedit they are showing.
I love it :)

non DRM computers?

[I+Want+GNU!]

Does anyone know of companies planning on building processors without DRM? In a competitive marketplace there would not be DRM because consumers don't demand it and surely would prefer computers that aren't controlled by the market after the sale. But with only two major PC processor manufacturers having a duopoly over the market it isn't very competitive.

Re:non DRM computers?

[I+Want+GNU!]

I misspoke--I meant that they surely would prefer computers that aren't controlled by the manufacturers after the sale.

Re:non DRM computers?

[vegetablespork]

You'll be able to get a non-DRM'd computer. It'll be made illegal as a "circumvention device" in short order if it actually turns out to be useful for any sort of multimedia applications.

I recommend not tossing systems when you upgrade--pre-ban PCs should be worth a tidy sum soon.

Re:non DRM computers?

[I+Want+GNU!]

I don't know about computer hardware going up in value, but I'm hoping some company will start selling non DRM processors as soon as Intel and Microsoft pull out of the market. They might be as fast as Intel or AMD processors but I'm sure there would be a market for them.

And what about Macs? I haven't heard of any DRM plans for Mac computers.

Re:non DRM computers?

[vegetablespork]

I wouldn't put much faith in Apple. Sure, they're not a member of the TCPA, but they've demonstrated DRM tendencies with the iTunes music service, but if they need to lock future Macs down to maintain a gravy train of media revenue, that's precisely what they'll do.

Re:non DRM computers?

[jeffy124]

IBM. They already build them into some ThinkPad laptops under Win2k, and have a driver for their TCPA chip available for Linux somewhere on their website. There was a story on /. some months ago about that driver.

Re:non DRM computers?

[PetWolverine]

IBM makes the PPC 970. You always have the option of getting a Mac if you don't want to put up with MS's games.

Re:non DRM computers?

i think this is what you are talking about:
http://developers.slashdot.org/article.pl?sid=03/0 5/19/226213&mode=nested&tid=126

Re:non DRM computers?

[vegetablespork]

Change the second "but" in the second sentence to "and" to make it make sense. Sorry.

Re:non DRM computers?

[femto]

OpenCores is designing non DRM processors under BSD and GPL licenses. The processors are not yet being manufactured as standalone systems, but they have been used in a number of embedded products so far.

OpenCores isn't a company. The best comparison is probably an immature version of the Debian Project.

Re:non DRM computers?

[Delphiki]

I'm not so cynical about Apple. There's a big difference between the iTunes music store and what Microsoft and Disney want to happen. The iTunes music store lets you use those files on up to three computers and allows you to burn them as many times as you want and put them on your iPod, etc. Considering you can stream songs, listen to them as many times as you want on more than one computer, I see this as pretty reasonable. I imagine Apple had to really go to bat with the record companies to get that much too.

Apple is typically better to their customers, because they have to be. Microsoft has shown a lack of respect for their customers fairly consistently and get away with it because people don't see much alternative at the moment. Also, Apple's embracing the open source community, though perhaps not to the degree that some would like (though I think it's a good balance of open and closed source). Their ties to the open source community I would think make them more likely to refuse to implement TCPA.

The problem Apple is going to face though, is will Apple users be able to open TCPA encrypted documents? Apple, along with Linux, the BSD's, and any other non Microsoft platform need to oppose this so that Microsoft can't lock alternative platforms' users out of all documents created through Microsoft apps.

Re:non DRM computers?

[Chalst]

The entertainment industry is *not* going to succeed in making non-DRM PCs illegal. The size of the entertainment industry is miniscule compared to the size of the computer industry, and even if they have influence beyond their economic weight, they are really outclassed here. I recall a fun quote by an IBM lobbyist who called the RIAA "the pimple on the elephant's ass".

Re:non DRM computers?

[WCMI92]

"I don't know about computer hardware going up in value, but I'm hoping some company will start selling non DRM processors as soon as Intel and Microsoft pull out of the market. They might be as fast as Intel or AMD processors but I'm sure there would be a market for them."

What's wrong with current processors? I mean, do we REALLY need 3GHz machines? No, I've a couple that are below 1GHz and unless I wanted to play some insane game at high resolution, it's perfectly fine.

Besides, even if Digital Restrictions Management is in the processors, it likely can be ignored or disabled by the BIOS. For AMD or Intel to come out with a processor that REQUIRED DRM to operate would be to commit corporate suicide.

Look for crafty motherboard makers like Abit, etc (who cater to the geeks) to add DRM disabling as a feature just as they do with overclocking. Abit doesn't exactly care what Intel or AMD thinks of them, they care about what their CUSTOMERS want.

Which is why they make easily overclockable boards, the infamous (I had one) BP6 dual celeron board, etc.

There WILL be a market for a board that locks out DRM. If only among the tinfoil hat crowd, but given the OUTRAGE over the P3 serial number, I can't imagine there not being a lot of noise over DRM in the processor... At least enough to get the option to turn it off.

Re:non DRM computers?

[vegetablespork]

I appreciate that Apple has struck a compromise, but my view is that in doing so they've let the camel's nose under the tent. They have many Mac users (and Windows users, in the future) thinking "well, maybe this DRM stuff isn't as bad as those long-haired hippy nutcases have been saying."

Once the regime is established, it's like boiling a frog. In a generation or two, anything published will be wrapped in intrusive DRM, a la "Right to Read," and history will show to those who have paid the license fee and who are cleared that Apple helped it happen in 2003.

Your point with Apple and TCPA protected documents is also good--even if Apple doesn't want to help bring the dystopian future, they can be blackmailed into it. That is, if they'd like to be able to offer thier users the dominant office suite on the planet.

Re:non DRM computers?

[Delphiki]

Not everything is a slippery slope, and why is DRM in limited amounts bad? I don't care if someone wants offer movie rentals online that can only be watched once as long as I can still buy a copy that I can watch as many times as I want from someone else. Of course, I have a problem with some of the shadier DRM issues, but this isn't one of them.

People have been complaining incessently that the RIAA and MPAA need to update their business models to incorporate the internet. By opposing DRM in all it's forms though, you are preventing that from happening. Here's something that may be a startling fact to some people - companies don't like giving away their products for free. Creating a system of marketing digital media cheaply online will require a way of regulating the sharing of those files. You can't have it both ways, because if people can steal the media they will and if people steal the media the companies who produce that media are going to fight it.

Am I looking forward to Palladium? Certainly not. I am in favor of limited DRM though. Honestly, as long as it doesn't start limiting my rights to use and share documents which aren't protected by DRM or invading my privacy (neither of which necessarily follows from the definition of DRM), I don't really see it as a bad thing.

Re:non DRM computers?

[vegetablespork]

Your reply illustrates what I'm trying to say--that implementing "kind and gentle" DRM, Apple has provided the mindshare needed to help it get critical mass. Not everything is a slppery slope, but this is, unfortunately.

The only business model of members of the RIAA and MPAA absent DRM and control of the distribution channels is bankruptcy. I imagine they'll choose DRM.

Re:non DRM computers?

[Delphiki]

"Not everything is a slppery slope, but this is, unfortunately."

Back this up please, because despite a lot of ranting people having done on /., I'm not seeing it, unless you define DRM as the MPAA's, the RIAA's and Microsoft's optimal vision of DRM. Evaluating a whole idea based on only the most extreme possible cases limits progress, among other things.

Re:non DRM computers?

[vegetablespork]

In order for DRM to actually be effective in its stated goal of making copyright infringement by those who "license" media, the concessions that, for example, iTMS allows the "consumer" can't be allowed. It's a trivial matter for a rogue "consumer" to take advantage of the "analog hole," and then make "perfect digital copies" to distribute on peer to peer networks. This is straight party line, from Jack Valenti's mouth--THE ANALOG HOLE NEEDS TO BE CLOSED.

The only way to close the analog hole is encryption everywhere from the network to your eyeballs or your ears. (And ultimately, cameras and recording devices will have to refuse to record this media, to protect against those who use microphones and camcorders.)

The only hope of closing the analog hole is what any reasonable person would call intrusive DRM. QED.

Re:non DRM computers?

[bnenning]

Not everything is a slppery slope, but this is, unfortunately.

I disagree partially. I definitely see where you're coming from, and I don't think any amount of DRM is a good thing. But in the case of the iTunes music store, it's trivial to convert music you buy to an uncrippled format, and by all indications Apple doesn't mind. (In fact they provide one of the easiest ways to do it with iMovie). The purpose of Palladium is to have 100% effective DRM, which necessarily involves eliminating the rights of users. The iTMS "DRM" specifically does not try for 100% effectiveness; you can still (legally) get complete control of the music, it's just slightly inconvenient. In my view there's a clear distinction, but I understand if others disagree. It's vital to prevent "trusted"(*) computing from becoming widely accepted, and it may be wise to err on the side of caution.

* Whoever came up with the term "trusted computing" is brilliant in an evil Orwellian manner. My computer trusts me today. With Palladium, it won't.

Re:non DRM computers?

[Lord+Kano]

I recommend not tossing systems when you upgrade--pre-ban PCs should be worth a tidy sum soon.

I guess that "soon" is a subjective term, but I remember when Bill Clinton signed the "Assault Weapons Ban" of 1994, "high capacity magazines" skyrocketed in price. 13 round magazines for my .45 were selling for well over $120 when a 10 round magazine for the same gun sold for ~$25.

From experience I can say that, you raise a valid point.

LK

Re:non DRM computers?

[tshak]

Does anyone know of companies planning on building processors without DRM?

Most all of them. AFAIK you will still be able to install Linux on a "secure" Dell in the future. Also, when it comes to Windows, all of the DRM features can be disabled. The caveot? You can't access DRM media. For those of us who won't buy DRM'd media, it's Windows as usual.

Re:non DRM computers?

[bitspotter]

The hardware will not require DRM: the applications and digital media (movies, music, emails, documents, etc) will.

No active DRM processor? Sorry, no data. There won't be any reason for hardware makers to require the TPM to be active, and so no reason for them not to include it in whatever they crank out.

The critical question is whether system owners will be permitted to feed trusted keys of their own choosing to the system. If we're not limited to using the trusted hardware with software and media rubberstamped by the Powers That Be, then the "illegal" "DarkNets" will be possible, and so will things like trusted GNU/Linux, trusted peer to peer networks, etc...

Re:non DRM computers?

[Catbeller]

That "pimple" will make all the chip manufacturers comply with DRM, or face criminal charges. Arrogance in the face of the truly fanatical is costly.

Apple and IBM will comply, once the consumers shrug their collective shoulders. Americans are good at shrugging their shoulders. Just look at what happened in the last three months.

Re:non DRM computers?

[Anal+Surprise]

There's a reason for the outrage.

The "Oh, the consumer can switch it off" line is utter and complete fucking bullshit.

Yes, you can turn off DRM. Yes, Zion can shut down the machines in the basement. What happens then? Applications that used to work stop, asking you politely to "Please enable DRM" and offering to tell you how. More polite dialog boxes pop up: "You need to be running DRM to use this application" or "This feature requires DRM support (where available)".

You're given the choice between owning your own computer and being owned. Think this is paranoid fantasy? Try turning off cookies and javascript on your average user's machine. They're be completely fucked, with a big cloud of "turn cookies on" sites that simply do not work. Compliance or Else: That is the promise of DRM.

Re:non DRM computers?

[Billly+Gates]

TCPA!= Palladium.

Palladium is truly evil and a tamperproof drm system from the ground up that is highly controlled.

TCPA is just an encryption card solderied onto the motherboard.

Very different.

You can turn off TCPA, but in palladium each component will have a scc chip that will handshake with each other component and the nexus chip soldiered on board. IF one component is not disablable then it won't work! This includes even the CPU and VIDEO CARDS!

More info is here

Re:non DRM computers?

[Chalst]

The law as it stands will not sustain criminal charges, and getting a law passed that makes DRM mandatory will be impossible precisely because of the absurd mismatch between the sizes of the industries.

Re:non DRM computers?

[Jeremi]

Back this up please, because despite a lot of ranting people having done on /., I'm not seeing it.

The key is customer lock-in. Once company X owns the only means to access your data, they have you by the balls and can get away with quite a bit, and there is little you can do about it because the cost of converting your data to another format is too high. The whole point of DRM is to ensure you can only access your data using the official tools that company X provides you with. At first they may have to play nice to get your data into the cage, but once you are dependent on them for everything, how long do you think it will be before the prices start ratcheting up and the abuses of power begin?

My feeling is, not long.

Re:non DRM computers?

[Delphiki]

Unless DRM is embedded thoroughly into the OS, like in Palladium then there will always be non-DRM players. Therefore if you want to play non-DRM content you can. Where does the lock in come from? I own a lot of CD's and a number of devices which play cds but I'm not locked into them (ie, I still have an iPod and a few MD players).

If they start raising the prices too high, just stop buying their stuff! And don't buy anything that you think they might try to charge you again for later (like through required software updates).

Re:non DRM computers?

[dave_f1m]

How can you say Abit cares about their CUSTOMERS, and mention the BP6 dual celeron in the same post!?

I had one of those. Flakey piece of shit. Abit put the wrong cap on it. When people start having problems, do they offer to fix it? NO. Do they even admit what they fscked up. NO. Do they say dual CPU support is 'experimental', so sod off. YES. F'n Abit. Never will I buy another Abit board.

- dave f.

Re:non DRM computers?

[Alsee]

why is DRM in limited amounts bad?

Because DRM is nothing but a logic puzzle. A puzzle that can be solved through pure thought. Have you ever seen those cryptoquotes printed in the newspaper? There are people who crack cryptoquotes for fun every week just by thinking about them. DRM is nothing but a complicated cryptoquote. DRM is an inherently flawed system of protection.

DRM itself isn't bad. DRM is inherently broken. What's the point of using DRM if it doesn't work? The real problem is that they are going to insane lengths to "fix" DRM. The DMCA is a law to protect DRM. It says you can go to federal prison for up to 10 years for "circumventing" the scrambling done by DRM. However anything a computer can descramble can also be descrabmled through pure thought. You can therefore go to prison for 10 years for the crime of sitting motionless and thinking certain thoughts. DRM is nothing but a logic puzzle, therefore any law to protect DRM has to create "thought crime".

The other half of how they are trying to "fix" DRM is to take away your ownership/control of your computer. If you actually have full ownership/control then you can watch how the DRM file gets opened and you can open it yourself bypassing the DRM.

When you hear Microsoft talk about how Trustworty Computing will "secure" the computer, they don't mean they are securing it FOR you against other people - they are talking about securing your computer AGAINST YOU. Lets use a car analogy. If someone says they are making your car "secure", what do you picture? You probably think about things like good door locks, right? But this sort of security means that the HOOD is secure against YOU looking under it. The glove compartment is secure against YOU opening it - you have to get permission from the manufacturer every time you want to get or put something in the glove compartment. They don't care if the door locks work.

And DRM STILL isn't going to work. The instant someone does manage to "peek under the hood" the DRM fails again. Every computer is going to come with a secret number inside a chip. If you can figure out the number then you can remove the DRM. It won't be easy to get the number, but it WILL be doable. And some people will do it. The Trustworthy Computing people want to make you "trust" everyone else running this system. But anyone who has knows their secret number has "god power" over the system and they can cheat you blind.

-

Re:non DRM computers?

[Alsee]

TCPA!= Palladium.
Palladium is truly evil and a tamperproof drm system from the ground up that is highly controlled.

I am aware of the difference between TCPA and Palladium. TCPA is just one hardware component where Palladium covers a variety of hardware components plus the software. But for most purposes they can in fact be lumped together. They must both be stopped for teh same reason. These systems are designed on the same foundation - that the owner of the machine is not permitted to know his own keys.

TCPA is just an encryption card solderied onto the motherboard.

TCPA is no ordinary encryption card. If it were an ordinary card then there would be absolutely nothing wrong with it. There have been plenty of ordinary encryption accellerator cards available for years. TCPA is designed to lock your keys away where you can't get them. TCPA says that your machine no longer belongs to you.

They are both "evil". Palladium is just a more complete package.

-

Re:non DRM computers?

[prairiedock]

Not everything is a slippery slope

A slope becomes slippery when you're on it and people are pushing you downhill with all their might.

"Limited" DRM will be an extremely transitional phase.

Re:non DRM computers?

[pmz]

It'll be made illegal as a "circumvention device" in short order if it actually turns out to be useful for any sort of multimedia applications.

Tell that to the secondary market for UNIX workstations. There are literally dozens of companies willing to sell used Sun workstations, for example, for well under $1,000. This isn't a bad deal for a workstation that is built like a tank (excluding Ultra 5 and 10, of course) and has a decent CPU, ECC memory, and SCSI disks.

I've also had decent luck with non-Sun-branded parts in Sun workstations, such as regular Seagate SCSI drives and SCSI-2 CD-RW drives.

The only catch is that the official Solaris right-to-use license for used hardware is approx. $100, and the optional media kit is also about $100 (potential total of $200). Still not so bad for official UNIX(R). Solaris 9 also comes with tools for CD burning, viewing MPEG files, StarOffice, and, recently, Netscape 7.

If Solaris isn't your cup of tea, Linux and the *BSDs also all run on UltraSPARC, so you can still feel Free, if you like.

Re:non DRM computers?

[Anonym0us+Cow+Herd]

Arrogance in the face of the truly fanatical is costly.

But once the fanatical awaken a sleeping giant, they may find themselves on the run, or worse.

Re:non DRM computers?

[jeffy124]

while you're at it, try spreading around this link as well. It's two papers about setting the record straight regarding the TCPA and Palladium, and includes a link to IBM's Linux driver for their TCPA chip.

(as for that guy posting under the name Alsee, who said you're just plain wrong, ignore him. if you look through his other recent posts under this article, you'll see he doesnt get it)

Re:non DRM computers?

[Alsee]

as for that guy posting under the name Alsee, who said you're just plain wrong, ignore him.

Either you don't know what you're talking about, or you are astroturfing. If you think I'm wrong then try giving a reason. You are the one who "doesnt get it" if you think saying ignore someone is a valid argument.

You will find that the sort of people who read slashdot tend to focus on facts more than the average public. And my facts are in the Trusted Computing Group's own design specification.

Page 261: Exporting the PRIVKEY from the TMP must not occur

It also has specifications for other keys and data that MUST NOT be exposed outside the TPM.

The fact is that the TCPA system is SPECIFICLY designed to deny the owner of the machine access to his own keys and data. Exactly the design specification needed for DRM.

-

Re:non DRM computers?

I've been running one of those mobo's for years. Love it!

Re:non DRM computers?

[Jeremi]

It's not the computer that gets locked away, it's the data. It won't matter how many CDs you own if only Microsoft Certified Secure CD-ROM drives can play them. At that point, your choice will be either (a) not buy anything, or (b) pay whatever price (in terms of both cash and compliance) that Microsoft wants you to pay.

Yes, it's only a problem for non-DRM content. But the long term goal is to make DRM ubiquitous, at which point there won't be very much non-DRM content.

Re:non DRM computers?

[complexmath]

Last time I checked there were no plans to incorporate support for DRM into Linux. This obviously doesn't make it any better for the rest of the world, but...

Re:non DRM computers?

[pentalive]

What Apple giveth
Apple can taketh away.

Re:non DRM computers?

[lionelhutz_esq]

im not quite sure i understand the discussion here. after all, tcpa or whatever it is called becomes only effective with longhorn. in other words, getting the banias (and watching two movies on the plane) wont cause you any problem as long as you dont get longhorn. the problem is that the vast majority of users dont care using m$. and as long as it is running on some 80% of all pcs, hollywood has a great trusted mass distributing platform for their content. on the other hand, they still have to cope with the problem of standalone dvd players. they cant release in the tcpa-dvd standard if no stand alone dvd player can read the media...

requires knowlegde about tcpa and the simpsons...

www.digitalforbruger.dk/Members/erla/The_Tale_of _t hree_districts

(dont know why there is a space in "three"; erase it and it should work)

Re:non DRM computers?

[jo42]

Start stocking up on hardware from eBay...

Markoff!!!!!!

[sixdotoh]

yeah, and check out who wrote the article.

for those of you who don't know, Markoff is the journalist who wrote several articles about kevin mitnick in which he "created the myth of kevin mitnick" (in kevin's words). many untrue allegations were presented as supposed facts.

but don't let that discourage you from reading the article.

Re:Markoff!!!!!!

[I+Want+GNU!]

Excuse me? Are you accusing the honorable New York Times of paying reporters who invent the 'facts' of their stories? That, sir, is absurd!

Re:Markoff!!!!!!

[Melibeus]

Is that the (in)famous Markoff Chaney?
It very well could be.

Weasel wording

[Atario]

"We think this is a huge innovation story," said Mario Juarez, Microsoft's group product manager for the company's security business unit. "This is just an extension of the way the current version of Windows has provided innovation for players up and down the broad landscape of computing."

And that "way" would be: to the highest bidder.

Re:Weasel wording

[letxa2000]

My favorite line in the article was:

• For example, Mr. Juarez, the Microsoft executive, said that if the company created a more secure side to its operating system software, customers might draw the conclusion that its current software is not as safe to use.

NO!! Y'think? :)

Re:Weasel wording

Mr. Juarez is secretly a software pirate. Juarez, Warez, don't you see?

Article Text (For those who don't want to reg.)

SAN FRANCISCO, June 29 -- Your next personal computer may well come with its own digital chaperon.

As PC makers prepare a new generation of desktop computers with built-in hardware controls to protect data and digital entertainment from illegal copying, the industry is also promising to keep information safe from tampering and help users avoid troublemakers in cyberspace.

Silicon Valley -- led by Microsoft and Intel -- calls the concept "trusted computing." The companies, joined by I.B.M., Hewlett-Packard, Advanced Micro Devices and others, argue that the new systems are necessary to protect entertainment content as well as safeguard corporate data and personal privacy against identity theft. Without such built-in controls, they say, Hollywood and the music business will refuse to make their products available online.

But by entwining PC software and data in an impenetrable layer of encryption, critics argue, the companies may be destroying the very openness that has been at the heart of computing in the three decades since the PC was introduced. There are simpler, less intrusive ways to prevent illicit file swapping over the Internet, they say, than girding software in so much armor that new types of programs from upstart companies may have trouble working with it.

"This will kill innovation," said Ross Anderson, a computer security expert at Cambridge University, who is organizing opposition to the industry plans. "They're doing this to increase customer lock-in. It will mean that fewer software businesses succeed and those who do succeed will be large companies."

Critics complain that the mainstream computer hardware and software designers, under pressure from Hollywood, are turning the PC into something that would resemble video game players, cable TV and cellphones, with manufacturers or service providers in control of which applications run on their systems.

In the new encrypted computing world, even the most mundane word-processing document or e-mail message would be accompanied by a software security guard controlling who can view it, where it can be sent and even when it will be erased. Also, the secure PC is specifically intended to protect digital movies and music from online piracy.

But while beneficial to the entertainment industry and corporate operations, the new systems will not necessarily be immune to computer viruses or unwanted spam e-mail messages, the two most severe irritants to PC users.

"Microsoft's use of the term `trusted computing' is a great piece of doublespeak," said Dan Sokol, a computer engineer based in San Jose, Calif., who was one of the original members of the Homebrew Computing Club, the pioneering PC group. "What they're really saying is, `We don't trust you, the user of this computer.' "

The advocates of trusted computing argue that the new technology is absolutely necessary to protect the privacy of users and to prevent the theft of valuable intellectual property, a reaction to the fact that making a perfect digital copy is almost as easy as clicking a mouse button.

"It's like having a little safe inside your computer," said Bob Meinschein, an Intel security architect. "On the corporate side the value is much clearer," he added, "but over time the consumer value of this technology will become clear as well" as more people shop and do other business transactions online.

Industry leaders also contend that none of this will stifle innovation. Instead, they say, it will help preserve and expand general-purpose computing in the Internet age.

"We think this is a huge innovation story," said Mario Juarez, Microsoft's group product manager for the company's security business unit. "This is just an extension of the way the current version of Windows has provided innovation for players up and down the broad landscape of computing."

The initiative is based on a new specification for personal computer hardware, first introduced in 2000 and backed by a group of companies called the Trusted Compu

Re:Article Text (For those who don't want to reg.)

[sixdotoh]

props for the nerd's good deed of the day

watch and learn, children

Re:Article Text (For those who don't want to reg.)

[cscx]

It hurts the article writer the 3 seconds to use the google toolbar:

http://www.nytimes.com/2003/06/30/technology/30SEC U.html?ex=1057636800&en=0c4ddabdb1c6bc72&ei=5062&p artner=GOOGLE

Re:Article Text (For those who don't want to reg.)

[Safety+Cap]

For those who don't want to reg.

I suggest that you use this bad boy; it works like a champ!

Re:Article Text (For those who don't want to reg.)

i almost registered once...but someone named q q was already registered with my email q@q.q ... i wonder what their password is?

Re:Article Text (For those who don't want to reg.)

[Yeti7226]

... the new systems are necessary to protect entertainment content as well as safeguard corporate data and personal privacy against identity theft. Without such built-in controls, they say, Hollywood and the music business will refuse to make their products available online.

That's funny, US music and movies already are available online. Often even before they are available off-line.

'Darknet' has a cool ring to it though, straight out of a Neil Stephenson novel.

Re:Article Text (For those who don't want to reg.)

I love the fact that we're discussing an article about security and DRM, and in this VERY THREAD someone commits a copyright violation by POSTING a copyrighted article from a site with a paying business model!

And you wonder why "industry" and "corporate america" care about DRM???? It's because copytheft is as simple as what you just did and you didn't even care.

huh?!?

[alitaa]

where are we getting to when M$ teaches about security?!?

Re:huh?!?

The not so funny thing is that Microsoft released
Trusted Xenix, which achieved a B1 TSEC rating...
which is the highest one awarded.

one thing the public never seems to get . . . lol

[sixdotoh]

But by entwining PC software and data in an impenetrable layer of encryption

COME ON! please, why do they make such claims?! or why do journalists make such claims? i think the establishment/private companies/whatever has been proved wrong on that issue over and over and OVER again. if there's someone who actually thinks their data is totally secure these days . . .

another point: this initiative could be very dangerous. buying OS's with this crap already on them, limiting what you can do . .. so, what, should we stock up on Win2000, XP, and Linux OS's along with our CD and DVD burners?

DRM may stop the morons, but soon enough, once a few "l33ts" circumvent it and it gets released into the wild, what's the point.

I want a M$ amusement park

(one of the speakers was from Microsoft research)

Really, what kind of music was coming from the Microsoft research speaker? :) Oh, you didn't mean that kind of speaker did you. Bummer. Nothing to see here then.

I WANT AN OOMPA LOOMPA!

who do you trust

[ecalkin]

we all deal with 'trusted computing' to some extent or other. in any computer system there is a person/persons/entity that is trusted. in the simplest form it is supervisor/admin/etc. as you design a network you describe who is trusted.

when you get a commercial digital certificate you are expressing trust.

in a well designed (large) system you would build in multiple trusts to act as a check and balance. sort of an auditing feature. novell is real big on this.

i find it interesting that the ms model of trust is pretty much putting all your eggs in what is mostly their basket. no auditing, no accountability, etc.

i suspect that we will see more distributed trust as companies and isps become more involved in this.

eric

Re:who do you trust

[Dylan+Zimmerman]

Exactly. Everyone has been saying "trusted computing" like it's entirely bad. Really, it could improve security A LOT for everything, not just Windows. I would think that all of the tinfoil hats would WANT TCPA approved motherboards because they have all sorts of nifty encryption and such implemented in hardware, thus making it harder for the government to steal their computer's brainwaves. I would certainly get a TCPA approved mobo if its other features were comparable to my current board. Quite frankly, I'm a bit paranoid, so I would like the extra security. As long as my OS didn't try to take control from me, that is.

Didn't IBM release a set of specs and the source for drivers for a TCPA chip a while ago? That should let Linux take full advantage of the cool hardware.

Re:who do you trust

[SiliconEntity]

we all deal with 'trusted computing' to some extent or other. in any computer system there is a person/persons/entity that is trusted. in the simplest form it is supervisor/admin/etc. as you design a network you describe who is trusted.

With Trusted Computing, it is the program which is trusted - to behave as it was coded to behave!

I remember when I was a kid, there was a book distributed by the John Birch Society (ultra right wingers): "You can Trust the Communists" A shocking title for the days of McCarthyism. But that wasn't the whole title; there was a continuation in fine print: "(To Be Communists)".

This is kind of how Trusted Computing works. You can trust a program - to be itself. If a local or remote system is running a given program, you can trust that the program will run as written. It may be buggy, it may be inefficient, but those are internal flaws. No one can impose their own rules on the program; no one can alter it, no one can peek into its memory. At most they can cut the program off and prevent it from running. But if it runs, it runs as written.

Re:who do you trust

[poot_rootbeer]

in any computer system there is a person/persons/entity that is trusted. in the simplest form it is supervisor/admin/etc.

On a single-user system (as is the case with most desktop computers), the trusted party is the user. I.e., you.

DRM declared the user explicitly untrustable, ignoring their desires in favor of some monolithic and inflexible organization that probably has no accountability to the user (Microsoft, RIAA, the government...)

Re:who do you trust

[Alsee]

While there are certainly some people opposed to TCPA who have no idea what they are talking about, some of the critic DO know exactly what they are talking about.

These systems are designed on the foundation that the owner of the machine is not permitted to know his own keys. You could get every claimed benefit and eliminate every rational objection to the system if they included a button to reveal your keys to you. The system would still be secure against malicious software because software can't press a physical button to get at the keys. Giving the owner of the machine access to his keys gives him control over his system. He can choose never to look at the keys and the system would work EXACTLY as it does currently. Or, if the owner of the machine doesn't like how things are working then he can look at his keys and take control to make his computer work like he wants it to work.

I would like the extra security. As long as my OS didn't try to take control from me, that is.

If you get control then the system would do what you want it to do rather than what they want it to do. They will never allow the change I described because the system is designed to take control away from you. Therefore you should be opposed to TCPA and NGSCB.

They talk about "security", but they have redefined the term. The normal and good meaning of the term is to protect the owner of the machine from outside attackers and malicious software. TCPA/NGSCB will NOT prevent a virus from wiping your harddrive. The new definition of "security" they are using means to secure the machine AGAINST it's owner and AGAINST software you want to run.

These systems seize control away from the owner of the machine. The only control you have is whether to turn over complete control to someone else, or to be locked out completely.

Here's an amusing quote from the PRO-TCPA FAQ:

What has the TCPA done to preserve privacy?
[] The system owner has ultimate control and permissions over private information and must "opt-in" to utilize the TCPA subsystem.

The operative phrase there is "MUST OPT-IN". You get two choices. Either you get locked out of the entire TCPA system or you "opt-in" and voluntarily waive any expectation of privacy.

Didn't IBM release a set of specs and the source for drivers for a TCPA chip a while ago?

Yeah, an amusing propaganda coup. The fact is that you are still denied access to your own keys and you are still denied any control over your machine any time someone says you "must opt-in" to the TCPA system.

That should let Linux take full advantage of the cool hardware.

The Linux community CANNOT make a compatible version of a Windows TCPA program on their own. It won't be able to read the data. The only way a Linux version of a program can be compatible with a non-linux version is if the original program author specifically makes compatible versions. It is the ultimate monopoly lockout.

The only "benefit" is that you can make a Linux program that locks-out the possibility for a compatible Windows version. [sarcasm] Woohoo! Yippee! [/sarcasm]

-

Re:who do you trust

[jeffy124]

ignore Alsee's post please. I've seen something like 4-5 posts of his that shows he doesnt get it.

yes, IBM released a TCPA driver for linux. http://www.research.ibm.com/gsal/tcpa/

There's also some other papers at that link which describe exactly what TCPA is and isn't. Among the isn'ts are DRM.

Re:who do you trust

[Alsee]

ignore Alsee's post please.

Why should anyone listen to your insructions to ignore me? You haven't shown I'm wrong.

yes, IBM released a TCPA driver for linux

Yes, they have. The fact is that most programs that use TCPA will be written for Windows and that it will be impossible for the Linux community to write a compatible program, the data will be unreadable. So what if you can write TCPA programs on Linux? If just means Linux users have to lose control of their machine to "opt in" to the TCPA system.

exactly what TCPA is and isn't. Among the isn'ts are DRM.

TCPA "isn't" DRM, true. But the design requirement that the owner may never get access to his own keys is specificlly there providing DRM support.

-

Re:who do you trust

[jeffy124]

TCPA "isn't" DRM, true

THERE! You said it!!

So much for your "TCPA was designed specifically for DRM" statements and drivel!

later pal

Re:who do you trust

[Alsee]

TCPA "isn't" DRM, true
THERE! You said it!!

LOL, you think that's some sort of victory? An electric blanket isn't heat, you can still use it as an unheated blanket. But the fact that it contains a plug and heating coils proves it was designed to produce heat.

So much for your "TCPA was designed specifically for DRM" statements and drivel!

TCPA was in fact designed with the specific intent of supporting DRM. The why_tcpa lists several other uses for TCPA, but absolutely none of those uses has anything to do with a design requirement forbidding people to ever see their own keys and data. The ONLY reason that requirement is in the specification is for DRM and related uses AGAINST the owner of the machine.

later pal

Ah, good. I hope that means I wont be seeing any more of you.

-

Re:who do you trust

[Dylan+Zimmerman]

Most of that only applies to the software that uses the TCPA chips. If you don't use a TCPA aware OS, then you shouldn't have to worry about it controlling everything. Sort of like now, really.

If, for instance, I have a TCPA approved x86 motherboard, I should be able to install Windows 2000 with no problem and Windows itself would just ignore the TCPA capabilities of the board. Now, if they aren't backwards compatible such that you can't use non-TCPA software, then I do oppose it, but as long as I can run whatever software on it that I want, then I'm still in control. I could always trash Windows for Linux or IE for Mozilla Firebird. The point of having the hardware would then become the apps that you specificaly get because they support TCPA stuff.

I can't imagine the boards not being backwards compatible, because that would REALLY torpedo sales. If a new TCPA enabled computer couldn't use old software that the company has paid good money for, then there is no way that the company is going to buy it. I actually know a company that uses a $15,000 per license piece of software on Windows 2000 machines. If TCPA didn't lock out older software, then they would upgrade in a heartbeat, but if it did, then they wouldn't upgrade even if they were paid to take the hardware.

Re:who do you trust

[Alsee]

TCPA boards are 100% "backwards compatible". They want to get the system up and running on virtually every computer on earth.

It starts out with music and movie sales that are easy to pass on if you don't like the system. Then it moves on to securing almost all online sales. Then various programs like business app start offering totally optional TCPA enhanced features. Then there's secure operating system updates, then secure patch downloads for all Microsoft products, then secure patch downloads for all programs. And DRM won't just secure music and video - ALL web content is copyrighted. Some websites ALREADY try to use javascript to encrypt ordinary HTML and ordinary text and to secure ordinary images. They are promoting it for secure E-mail. Then all sorts of programs start requiring TCPA for basic functionality. They have promoted this for securing GAMES.

That isn't wild speculation. That is their announced roadmap. They have specificly promoted TCPA for virtually everything I listed.

The point of having the hardware would then become the apps that you specificaly get because they support TCPA stuff.

Sure you can skip on buying TCPA music and movies. But what the hell do you do when everyone starts sending you e-mail can only be read with a "TCPA enhanced" system? What do you do when half of the internet is only accessible using TCPA? What do you do when on-line purchases all require TCPA securing? What do you do when critical security patches are only available securely through TCPA? What do you do when virtually all commercial software requires TCPA? When even GAMES require TCPA?

Once TCPA exists on the majority of computers people WILL start using it for all of them. In 1 to 3 years all new computers will come with this hardware. For the first 2 years after it comes out you'll only see the optional TCPA uses like music. For the next 2 years you start getting inconvienced if you avoid TCPA. After that the majority PC's have been replaced and they can start making TCPA mandatory for everything. Anyone not using it gets screwed.

Even if you run 100% Linux and other free software, you still get hit by web browsing, e-mail, and a 100% secure lockout against reverse enginering encrypted EXE's and a 100% lockout against interoperability, a 100% lockout against writing compatible software. And those are only the issues I've thought of. I'm sure there's more.

Now lets put on tinfoil hats and speculate a bit. Google has 1,350,000 hits for IPsec. IPsec stands for "Internet Protocol secure". Will IPsec be implemented through TCPA? Maybe, maybe not. But it IS an obvious and easy way to implement IPsec. Will IPsec go beyond specialized used to become the "standard" communication protocol? Maybe, maybe not. But once TCPA is on almost every computer it wouldn't be hard for Microsoft to make it the standard. I'm not saying this WILL happen, but it certainly is conceivable. There is a very plausible route where TCPA could devour the entire internet. TCPA IPsec is pure speculation, the rest of my post is actual TCPA roadmap.

-

Your papers, please...

[ScuzzyTerminator]

You can get there from here (no reg required)

Re:Two terms that don't work together

[alitaa]

yes, they do: Trusted Computing + Microsoft = windoze

pshaaahhh...

[libnatel]

its quite obvious its all lies!

Yeah...

And in 5 years all useful programs will require that we have the new hardware-level encryption installed, and in order to maintain compatibility with a new internet protocol that I'm sure is on the table now we have to all go out and buy new motherboards with the Trusted Computing chip installed.

Jobs' comment

[PetWolverine]

...that the hardware "doesn't make it more secure" is well-made. The extra chips for the Trusted Computing platform just contain extra instructions to execute--something that can be done exactly as well in software. The only difference with doing it in hardware is that it can't be updated, so that if a flaw is found, you're stuck with it.

Re:Jobs' comment

[YrWrstNtmr]

so that if a flaw is found, you're stuck with it.

Not if, but when.
And not necessarily a flaw, but also a workaround/hack.

Re:Jobs' comment

Actually, not true. Read the HP book. TPM's have more than just a few instructions - they have protected memory and execution space.

These things have been in the market for a year - IBM is shipping them in their laptops. Haven't read about a hack yet.

The meaning of trust

[dmeranda]

The word "trust" is pretty much the central idea in formal security. And ultimately is comes down to deciding if one person trusts another person. Of course when you mix in technologies, then that expands into trusting the system components. Do you trust the website is the correct one? Do you trust the CA registrar. Do you trust that the web browser isn't lying to you. Do you trust that your keyboard isn't recording all your keystrokes? Its all about trust, and no secure system can avoid the subject. And no formal security method can avoid it either.

So yes, trusted security is very much alive, or it had better be, or we won't have any security. But the big question is whom or what is being trusted? And the big media companies are trying their best to confuse the issue. It's just like their "secure media". Their concept of trust is that they, the media distributors, want to be able to trust your hardware to not trust you the consumer. They also want to also insure that other consumers will not trust you, or you could otherwise become your own media producer and distributor and compete with them. If DVD players only play content that is digitally signed by the cartel, then you are barred from competing because you can no longer produce your own content that other's hardware will trust. But on the other side I want to trust that my computer is not infected with a virus; I want to trust that my legally copied media is not corrupted by the media police. Trust is the just the tool.

Trusted computed could be a very good thing, but you absolutely must define what you mean by trust before you can begin any discussion or evaluation, or to say whether it it "bad" or "good". From a purely technical and formal perspective trusted computing is the next step forward. From a society's perspective the answer is not so easy.

Re:The meaning of trust

[Reziac]

Yes, I can presently trust that my browser is not lying to me. On a "trusted computing" platform, I will no longer have that trust, because I won't have the final say about what browser and how it's used.

Re:The meaning of trust

[SiliconEntity]

In this context, trusted computing means that your computer program can be trusted to operate according to its software code. That implies that the end user (or anyone else) cannot debug, alter or inspect the program while it is running. All he can do is exert the ultimate control: pull the plug, shut down the computer, stop the program. But if it is allowed to run, it can be trusted to run according to its code.

In practice this is achieved by having some secure hardware report a hash of the program's code as it is loaded into memory, and arranging that no other programs (or the user) can alter the program as it exists in that memory. Microsoft is augmenting the Intel memory management model to achieve this kind of protection.

It's not a matter of the program lying to you as the user. You can trust the program just as much as anyone else - to run according to its code. You no longer have the power to alter the program and to make it run differently. But you can still trust it to behave as it was coded to behave.

This means that trusted programs do have a certain immunity to viruses, in that if another program gets corrupted, it can't affect the trusted one. However trusted programs can still have bugs and so they will still be able to be subverted. All the "trusted" protection can achieve is to minimize the damage, so that one program which gets broken can't infect or alter others.

Re:The meaning of trust

[SiliconEntity]

Yes, I can presently trust that my browser is not lying to me. On a "trusted computing" platform, I will no longer have that trust, because I won't have the final say about what browser and how it's used.

You won't be able to alter or patch your browser without the remote server being able to find out that you have done so. Once your browser is loaded into memory and is running, you won't be able to debug it or alter or inspect its memory. Those are the limitations imposed by the trusted computing concept. None of this changes how or whether your browser may lie to you.

You will still have the final say about what browser to use and what you do with it. However since your browser can report its identity to a remote site in an un-spoofable way, it will increase the power of servers to decide which browsers to accept. Your only choice in some cases may be to refuse to visit certain sites, or else to use a specific browser that will honor some DRM rules, and which the site requires to be used for downloads.

Re:The meaning of trust

[Reziac]

That's exactly what I meant. With "trusted computing", *I* will no longer be in control. How will I know what the hell my browser does behind my back? A: I won't.

Lordy, imagine the fun with web pages that take advantage of the user's consequent inability to turn off a "trusted" feature. (Javascript, automatic software [trojan] installs, homepage hijacking...)

Whereas right now, I can do any horrible thing I want to my browser, because it's my own damned business; and it doesn't go off and do naughty updates behind my back, either.

Re:The meaning of trust

[Igmuth]

Well if it is uncorruptable so that it is immune to a virus, then it can't be patched or upgraded. If there is a method for patching there is (technically) a method for viruses to enter.

In other words: You can't have a door and guarentee only one person can enter said door.

(Ya I realize that wasn't exactly what you were saying...)

Re:The meaning of trust

[ebyrob]

In this context, trusted computing means that your computer program can be trusted to operate according to its software code.

Ya, that's the problem with software, always running according to some machine's code instead of following a user's intent.

Re:The meaning of trust

[Alsee]

This means that trusted programs do have a certain immunity to viruses

That's a rather peculiar use of the word "immunity". A virus is perfectly capable of WIPING OUT any and all trusted programs and data.

can't affect the trusted one

I'd certainly say deleting it qualifies as affecting it.

-

Re:The meaning of trust

[Alsee]

can report its identity to a remote site in an un-spoofable way

Wrong. Every computer will come with a valid private key embedded in a chip. Anyone who physically digs one of these keys out of a chip gets "god level" access and can spoof everything.

Diging these keys out wont be easy, but it can be done in a well equipped college lab.

-

trusted computing?

[jeffy124]

definition depends on who you ask.

it originally meant protecting user keys via a secured tcpa chip (not drm). then microsoft started their trustworthy campaign and included palladium's announcement and that somehow changed the definition to include drm. so please, keep that in mind. palladium and tcpa are not the same thing.

Re:trusted computing?

[Billly+Gates]

Amen brother.

Go read this.

In TCPA only the single TCPA chip and the bios encrypts data. Micosoft's answer looks like a nightmare of encryption chips doing PKI with the nexus chip and integrated cpu, bios, video card, hard drive, dvd, nic, etc. Yep thats right all the pheripherals will have scc encryption chips using a secure channel over the bus. Bill Gates called them bouncers and is designed to be tamperproof. If you crack one key the other component will reencrypt the data and may report it to Microsoft!

ITS CRAZY!

Its like a bunch of cable boxes all working together in sync. Scary as hell and Linux will die. Why? How will each component that only accepts encrypted data communicate? If just one vendor decides not to have a shutoff setting or puts it in software via proprietary Windows drivers, then it wont work! If its your video card you can't see anything if its your hard drive then Linux can't boot.

TCPA on the other hand is just a solderied on encryption chip.

Re:trusted computing?

[Alsee]

TCPA on the other hand is just a solderied on encryption chip.

You made exact same comment on another post and I explained why it is wrong here.

-

Re:trusted computing?

[Alsee]

[TCPA] originally meant protecting user keys via a secured tcpa chip (not drm).

Wrong. The TCPA specification DEMANDS that the keys be secured AGAINST the owner of the chip. The spec documents say these keys may never be exported. The only reason to deny the owner of the chip access to HIS OWN KEYS is for things like DRM.

If TCPA were in fact designed to keep your keys secure against malicious software then they could simply include a physical button that needs to be pressed in order to get at the keys. Malicious software is incapable of pressing a physical button therefore the keys are perfectly safe.

There is a rather famous pro-TCPA document from IBM, why_tcpa.pdf. I encourage everyone to read this peice of PROPAGANDA with my proposed button in mind. He does not give a single justification for denying the legitimate owner of the machine access to his own keys. That is the single objectionable aspect of the system, and it is the foundation of the current design. His defense of TCPA is at best flawed, and at worst it is dishonest.

-

Re:trusted computing?

[jeffy124]

i prefer this link instead. it has that same why_tcpa paper, and a "tcpa misinformation rebuttal" paper that is very good as well.

you seem to think that tcpa == drm. it aint. microsoft's interpretation of the tcpa == drm, but not the real world's interpretation. you'll see that in the misinformation paper.

Re:trusted computing?

[Alsee]

i prefer this link instead. it has that same why_tcpa paper, and a "tcpa misinformation rebuttal" paper that is very good as well.

I actually had a breif e-mail exchange with the author of those papers. When I pointed out my argument to the author his response was self-contadictory. He raised an additional defense of securing a computer against theives, but his rebuttal SPECIFICLY argues that the system is not intended to be secure against physical access. It was part of his "evidence" that TCPA was not designed for DRM. Even if you accept the argument of securing the computer against theives, my argument for including a button to reveal the keys is not defeated. You just need to modify it to require the owner to provide a PIN or password to reveal the keys. This PIN could be entered during the TAKE_OWNERSHIP command.

The rebuttal is nothing but a strawman argument. The fact that SOME criticisms of TCPA are flawed does not mean that other critisisms are flawed. The rebuttal does not address my critisism. My critisism of TCPA is valid.

you seem to think that tcpa == drm.

No it isn't "equal", but it was in fact specificly designed to support DRM. I have shown that the why_tcpa is either flawed or intentionally deceptive. If TCPA was in fact intended to be for the benefit of the owner there is no justification for a design specification PROHIBITING the owner from accessing his own data. A simple button or switch to enable/disable access maintains 100% of the benefits quoted in the justification for TCPA. Add in a requirement for a PIN number if you want it secure against theives.

-

Finally, the mistake that ruins M$

[Neuroelectronic]

Creating an even more closed system will cut off the hand that feeds microsoft. There will be no more small developers in windows, which means MS will have no one to rip fresh ideas from! They seem to forget where they came from. Thank god they finnally will paint themselves into a corner.

Re:Finally, the mistake that ruins M$

[WCMI92]

When this crap comes out I already KNOW what I'll do...

I'll go with the PS2 or the Xbox for gaming and go purely Linux on my server and desktops. The only reason why I have Doze is for games... But with PC games getting increasingly dumbed down, etc, I may as well get a console (haven't had one since the Genesis, and before that the Atari 2600).

Or, alternately, I may look to purchasing an Apple. I'd prefer to HAVE an Apple, as I love the idea of a truly consumer friendly Unix OS (though Linux is improving in leaps and bounds), but their hardware, being that they are themselves a monopoly in their market, is twice as expensive as common x86 systems...

The question is, how LONG before OS's without Digital Restrictions Management become DMCA violations?

And, how does one reconcile OSS or the GPL in particular with DRM? It wouldn't seem POSSIBLE to put a "secret" DRM layer into any GNU licensed OS without providing source on what the DRM is.

THAT is the real reason why Microsoft is prepared to push Palladium. Palladium makes the xAA's orgasm, and furthers MS's desktop monopoly.

Re:Finally, the mistake that ruins M$

[sixdotoh]

ummmmm, no? you wish, apparantly. read into the article a little more, buddy. if MS knows one thing, its marketing. hello: its the most popular operating system in the world. how do you think it got that way. you don't seem to think because its a great OS, so let's stick with marketing . . . they know what's good for 'em

Re:Finally, the mistake that ruins M$

[FunWithHeadlines]

"its the most popular operating system in the world. how do you think it got that way"

According to the courts, in a way similar to how the Mafia takes over a territory: it makes threats, cuts off suppliers, and squeezes out competitors in an illegal manner all while trying to paint a friendly public face to counteract the rough dealings going on in the back.

But I will grant you that they are very good at that public face (read: marketing). Many people simply cannot believe that the company does anything wrong (despite the facts in the courtroom), and that it actually innovates. Now that's marketing!

Re:Finally, the mistake that ruins M$

[oscast]

"I'd prefer to HAVE an Apple, as I love the idea of a truly consumer friendly Unix OS (though Linux is improving in leaps and bounds), but their hardware, being that they are themselves a monopoly in their market, is twice as expensive as common x86 systems..." You obviously haven't priced Mac in a LONG time. All of Apple's hardware is either only slightly more expensive (in the $100 range) at the same price or slightly less expensive. In some occations, the hardware is significantly less expensive as seen with the new G5s. When comparing prices, its important to compare hardware as close as possible, while also figuring in software bundles as well.

Re:Finally, the mistake that ruins M$

[The+Master+Control+P]

"how LONG before OS's without Digital Restrictions Management become DMCA violations?"

Congress debated passing the SSSCA, which would have made it illegal. (As was pointed out in another story, any successful attempt to outlaw OSS would result in thousands of OSS developers/users permanently bent on obliterating corporate networks)

Re:Finally, the mistake that ruins M$

[pmz]

There will be no more small developers in windows, which means MS will have no one to rip fresh ideas from!

Also, it seems MS' bread-n-butter is those small MCSE outfits that sell "solutions" to local marks--er, other small businesses. How will these outfits deal with both those businesses who haven't upgraded since 1996 and those who demand the latest and greatest? TCPA means that the recently upgraded business just might not be able to talk to the 1996-vintage one. Should the 1996-vintage one be required to pay thousands of dollars in upgrades, when all they need is a spreadsheet for payroll, for example?

Re:Finally, the mistake that ruins M$

[Neuroelectronic]

i guess you don't know alot about MS's history, IE DrDoss, Xerox's windows, The Taskbar, etc. MS didn't have a much marketing at all that i've noticed until Windows 95

Self destruct

[berkeleyjunk]

On a related note Microsoft/IBM/HP announced plans to activate the self destruct feature in the older computers/software without DRM.

"Trusted computing", baloney

[Animats]

This crap is all about DRM. It's not about real protection hardware, like support for rings or virtual machines or capabilities or channelized I/O or secure interprocess communication.

If the Wintel crowd were serious about security, they'd push for a hardware architecture that supports secure microkernels really well and put a very partitioned OS on top of it. But no; it's all about boot-time lock in.

Re:"Trusted computing", baloney

i hate to interrupt that rant, but perhaps you should read this: http://www.research.ibm.com/gsal/tcpa/, starting with the "Misinformatiom Rebuttal" link on that page.

Re:"Trusted computing", baloney

[Animats]

Where they say:

• The TCPA chip itself has three main groups of functions:
  • public key functions
  • trusted boot functions
  • initialization and management functions

That's stuff you need to support DRM and crypto. None of the real security features I listed are in there. It won't prevent your Windows machine from being taken over by every worm and virus that comes along. It might prevent some attacks that steal your credit card number, but that's about it. Even that protection would probably work only if you'd signed up for Microsoft Passport or something similar.

Re:"Trusted computing", baloney

[Wesley+Felter]

If the Wintel crowd were serious about security, they'd push for a hardware architecture that supports secure microkernels really well and put a very partitioned OS on top of it.

What do you think the Palladium nexus is?

Positive sides

[DreadSpoon]

I just wish people would remember all the _good_ parts of trusted computing. So far as the TCPA goes, DRM isn't even a part of it. It's just a standard hardware interface for encryption and key storage. Whether that's used to sign OS's, implement DRM, or simply secure Apache, is up to the OS. Yes, it _can_ be used for all that. But hell, a BIOS _now_ can be set to only boot an OS with a certain fingerprint - how the technology is used is independent from the technology itself. TCPA is a (possibly) good thing. Palladium/DRM, that's the real evil (from the consumer and OSS viewpoints, anyways).

Re:Positive sides

[SiliconEntity]

TCPA is a (possibly) good thing. Palladium/DRM, that's the real evil (from the consumer and OSS viewpoints, anyways).

No, that's totally mistaken. TCPA (recently renamed TCG) is essentially identical to Palladium/NGSCB in its basic security goals. TCPA provides for exactly the same kind of features, including the "secure attestation" which is the core requirement for DRM.

This is the feature whereby the TCPA chip (called the TPM) computes a cryptographic hash of the software that loads, and then reports this hash to a remote server. The server can use this to decide if you have loaded software that it will trust, and decide on that basis whether to download content to you. This is precisely how DRM is implemented and facilitated by trusted computing designs, and it is fully documented in the TCPA spec.

The idea that TCPA=good and Palladium=bad is a myth. The systems are fundamentally the same, and they are becoming closer, in that TCPA V2 is probably going to basically be Palladium.

Re:Positive sides

[HiThere]

It's hard to remember the _good_ parts of "trusted computing" when I haven't ever heard any.

Unless you consider it identical so signing code modules. There are reasons for that. But that's not what the articles are talking about.

Re:Positive sides

[firewrought]

I just wish people would remember all the _good_ parts of trusted computing.

TCPA is going to be bad for more reasons than just Palladium... it's going to be a major headache for IT departments trying to cope with software that is actively unfriendly. Why? It's about visibility. When an IT department needs to replace a legacy app, write bridge code to shuffle data b/t two different software systems, or make revisions to a relic in-house app, the amount of visibility will determine how quickly and cheaply the change can be accomplished.

Visible things include: good documentation, available source code, standard protocals, open data formats, strongly defined interfaces, generous/lax security, unencrypted traffic, non-regulated/classified data, informative error messages, enthusiastic vendor support, open bug databases, and software-oriented community forums (yay Google Groups!).

Invisible things include: missing/shoddy/incomplete documentation, overly-flexible products, binary network protocals and file formats, marketing-centric websites [heh... just try to find technical info about Crystal Reports], "friendly" error messages, abandoned development platforms, and (getting to the point)... stuff that's too locked down.

DRM and trusted computing will add yet another layer of flaky security that prevents casual intrustion while seriously hendering IT. Businesses will be tantalized by the idea that they can precisely control how a memo get distributed, archived, and destroyed. They will be oohed and ahhed that they can enforce their "email retention policies" through the use of TCPA. But this will come with some heavy costs... of which visibility is one of the major ones. I can see it now:

• Client: "Here's that email you needed to hook up system A to system B, but I can't send it to you. It says it's protected. I tried taking a screenshot, but it came out all black. I can't seem to print it out either. We could probably call Ginger and find out who could give the authorization to transfer this, but she's not here today. How about I just read it to you over the phone?" [Stupid DRMish Feature]
• Product Expert: "Oh yeah... to import text records into RiskModeller3000, you have to create an executable and pay the vendor a wad of cash to sign it. Only then will RiskModeller be willing to execute your binary and munch in the text it produces." [Stupid Licensing Scheme]
• Packaging Expert: "To transfer this program from our testing environment to the produciton environment, you'll need to recompile the binary and sign it with this 'production certificate'... hope your build environment hasn't shifted around much or you'll blow the integrity of all that 'final release testing' your clients just spent four weeks on." [Stupid Security Requirement]

Visibility affects the agility of business and the cost of IT. It's not just an abstract good... it provides lubrication for business IT and reduces real cost. A company with a lot of visibility will be more agile and flexible than one without it. And, in the final analysis, a society with visibility will generate more wealth than one that gets too tangled up in an artifical form of security. TMCA is basically bad, because--while it could have good uses--it will ultimately reduce visibility and harm society.

It's not just about pirating MP3's... it's about the creation of real wealth and new technologies.

Re:Positive sides

[cyberformer]

TCPA does have some good applications, in areas such as authentication. It also has great potential for abuse in DRM and vendor lock-in. Which will be used depends on how it is implemented.

Palladium/NGSCB is the same, except that it has even more potential for abuse without any more potential benefits. I really can't see anything good that Palladium offers over and above regular TCPA. It does, however, have a lot of extra downside. In particular, it's designed to plug the "analog hole": Programs can refuse to run if there is a non-DRM-crippled loudspeaker or monitor connected.

Re:Positive sides

[Melibeus]

And why is the 'analog hole' a problem that they would want to address? I can still play my cd through and damn pair of speakers I want or a dvd into any TV (nearly) that I choose, or into any VCR, tape deck, sound card, minidisk, sampler...

Sure, I don't get a digital copy, just an analog one with the difficulty of generation loss. I can live with that, millions think the lossy (and lousy) mp3 compression is fine.

I can't see any point in trying to block that mode of copying unless you make a technology that never converts information into analog form. But, that would be about as useful as tits on a bull.

Re:Positive sides

[Rich0]

I will be more than happy to trust any TCPA circuitry in my PC IF the PC comes with a piece of paper documenting the value of every digital key stored within it and any corresponding private keys which are not within it.

After all, it is my PC - it shouldn't hurt for me to know how to hack it, right, since this security is all about protecting me there is no need to protect me from myself, right?

I don't trust TCPA any more than I trust an X-Box. The machine is designed to be loyal to the consortium that designed the system, not the owner. If you want me to trust the machine, it should obey ANY command I give it. There should not be some part in the heart of the machine whose job is to tattle tale on what I might have done outside the scope of the warranty...

Re:Positive sides

[Alsee]

So far as the TCPA goes, DRM isn't even a part of it. It's just a standard hardware interface for encryption and key storage.

It's not ordinary key storage. The TCPA spec requires that the owner of the machine may never be permitted access to his own keys. This key storage is designed to be secure AGAINST the owner.

The only reason to deny the owner of the machine access to his keys is for DRM and similar purposes. Therefore TCPA is specificly designed for DRM.

-

Re:Positive sides

[jeffy124]

would you just shut your trap? I've counted at least four (yes, 4) posts of yours (yes, you, Alsee) that gets it completely wrong.

you even cited an IBM paper arguing in favor of TCPA, and that paper includes a section on "What TCPA is not", specifically arguing that TCPA is a lousy choice upon which a developer could build DRM.

Re:Positive sides

[Alsee]

would you just shut your trap? I've counted at least four (yes, 4) posts of yours (yes, you, Alsee) that gets it completely wrong.

I will "shut my trap" the instant you actually show I'm wrong. Untill you provide that evidence you're either astroturfing or full of hot air.

-

Knockin' at your back door...

[poptones]

I say "bring it on." the sooner MS makes this their "product focus" the sooner every foreign government in the world drops Windows from its desktops like an anthrax sandwich.

Does anyone believe for a minute the US will allow Microsoft to ship, worldwide, a truly secure "solution?" Of course not - even in the (very) unlikely event MS actually ships a Pall-Windows without cryptographic backdoors no one will believe it. All those foreign countries are gonna have to choose between adopting linux or being Bill's bitch, and they're gonna have to get motherboards and CPU chips from somewhere. And once they're running linux the only remaining half of the "wintel" brand has lost its grip on the market. If AMD and intel won't ship pal-free chips you can be sure there are other semiconductor companies just chomping at the bit to take their places. And in the meantime we just might make networked computing a bit more secure.

Re:Knockin' at your back door...

[wfbush]

even in the (very) unlikely event MS actually ships a Pall-Windows without cryptographic backdoors no one will believe it. All those foreign countries are gonna have to choose between adopting linux or being Bill's bitch, and they're gonna have to get motherboards and CPU chips from somewhere.

Exactly: who's going to trust Microsoft (or fill in other large company's name) not to build in a backdoor. The only way they can be trusted is (now where have I heard this before?) if their source code is open for review.

Re:Knockin' at your back door...

[Hatta]

But how do you know the code you're looking at is the code you're running?

Re:Knockin' at your back door...

[James_Duncan8181]

Because it was you that compiled it???(!)

Re:Knockin' at your back door...

[theTerribleRobbo]

And Linux then becomes labelled as the "Terrorist's OS".

I hope Dubya isn't reading this.

(Read? He can read?)

"Industry leaders"

[ScuzzyTerminator]

Industry leaders also contend that none of this will stifle innovation.

What the Industry Leaders mean is that the Industry Leaders will not be stifled. The rest of the industry should just not worry their little heads. It will all be done for us by those who know best.

The Audacity!!

"For example, Mr. Juarez, the Microsoft executive, said that if the company created a more secure side to its operating system software, customers might draw the conclusion that its current software is not as safe to use."

Someone please tell me. Does this qualify as ironic? Or just plain frigin unbelievable..

Forgive me, English may be my first language but I never do things right the first time..

Re:The Audacity!!

[stratjakt]

Mr Juarez?

As in hot 0-day Juarez?

Thats ironic.

Re:The Audacity!!

It's not Uarez. It's J-uarez. That J makes it more like Xhwar-eys.

I see a Lindows parallel here

[diabolus_in_america]

The biggest argument made against Lindows was that people who bought the system would be turned off once they got it home and realized it wouldn't let them do what they expected. In this case, running MS Office, games, etc. As a result, Lindows has since abandoned much of their early claims about MS-compatibility.

What happens when a someone gets one of these new Trusted systems home and realizes that they can't use it as expected? What happens when it doesn't let them them burn audio CD's or play previous burned songs on CD-R/W's? What happens when they have trouble just opening word processing or spreadsheet files, because they are not considered "trusted"? Even email could become a problem.

I see this whole "Trusted" initiative by Microsoft as a potential boon to open source software developers and even "white box" computer manufacturers.

Word will get out: "Don't buy any of the new Hewlett-Packards with that new Windows. They just don't work!" Microsoft has already turned many corporations against them with the new License 6.0 scheme. "Trusted" computing could turn many home users against Microsoft and all of the hardware manufacturers who have thrown their lot in with them.

Re:I see a Lindows parallel here

I think you misunderstand. Word will get out: "Hey with this new HP and this new Windows, I can go to TV.TV and download all my favorite TV programs for only $1 each! Yuck yuck, those Simpsons sure are funny."

Poindexter: "But you can't share those programs with your friends".

"Whatever. It's illegal anyway."

Re:I see a Lindows parallel here

[Reziac]

And that's what it's going to take -- a backlash at the level of Corporate Suit, and to a lesser extent Joe User (who has far less financial clout). When the CEO of some major corp discovers that he can't do what he's *used to doing* with email due to DRM enforced by the machine, there will be very loud hell to pay.

Unfortunately, that's liable to come too late for most of the market, especially for the tiny fraction comprised of us geeks. Once DRM-in-hardware gets entrenched and Average Joe gets used to it, it'll be damned hard to displace. :(

This is what they call Progress?

[UltraSkuzzi]

Large corporations have historically always got what they wanted, unless of course the government had steped in. I'm no longer so concerned if this technology will be implemented. I am now concerned about HOW the computing community will deal with it. Gates already said he doesn't plan on deploying trusted computing technologies immediately. Why wouldn't he want to deploy this technology that can supposedly stop all forms of piracy? People will not buy computers that do not do what they ask. MS will wait until their TC enabled OS is prevailent on most PCs, and then send a signal from Redmond enabling it. There will be no way out. People will have to learn to live with it. After all they paid hundreds of dollars for their PC, right? You can't stop progress, but you can try. UltraSkuzzi The inherent vice of capitalism is the unequal sharing of the blessings. The inherent blessing of socialism is the equal sharing of misery. -- Winston Churchill

Re:This is what they call Progress?

and then send a signal from Redmond enabling it

Just think about the tremendous consumer backlash that would cause. It will definitely call everyone's attention to it, including politicians themselves. Heck even their own kids will complain about it. Obviously, that's not how it will happen. And knowing MS, they'll probably find a way to screw it up anyway, and end up disabling the entire OS in the process.

Re:This is what they call Progress?

[dmeranda]

The inherent vice of capitalism is the unequal sharing of the blessings.

I don't care about the unequal sharing of the blessings, that is after all what motivates people to do wonderful things, paid or not. It is the unequal sharing of opportunity that is the problem.

And things like DRM, outrageous copyrights, software patents, and illegal "Redmond" monopolies are fundamentally about eliminating opportunity or unfairly sharing opportunity; preventing people from doing wonderful things even though they have the motivation and possibly even the means. Those are not capitalistic ideas; they are the cancer that is trying to bring the downfall of capitalism.

Uh huh..

And what do you do when the DRM is embedded in the CPU..

Re:Uh huh..

We break it on an old Athlon or Pentium IV and release the cracked/decrypted version on Freenet.

The system used will always be breakable unless they can find a way to rid us of non-compliant technology, and the technology in my house will always be non-compliant.

Re:Uh huh..

or we wait for the article on tomshardware that tells you how to take a push pin and punch it through your cpu at a precise cordinate, disabling cpu trusted computing

Re:Uh huh..

So your going to break a 2048 bit RSA encryption with your outdated hardware in how many millenia?

Imagine every file stored, every transmision in or out of your machine encrypted with military grade encryption. With remote entities controlling the keys that were specifically generated for your machine.

You cant hack the keys out. Change a single byte of the bios and all the keys disapear. If the bios doesn't pass muster the OS will still load but the TCPA will refuse to release the keys. Tamper with the hardware and the TCPA could wipe out the keys willy nilly. At that point say goodbye to your pron, mp3's, etc.. Unless of course your other machine is succesfull at cracking encryption tighter than what was used to protect the nukes only a coupla years ago.

Each and every machine could have its own private key stored only in the tcp hardware and that britany spears mp3 you bought for $10 from RIAA_LOVESUR_MONEY.COM comes downloaded pre-encrypted specifically for your machine.

trying to fake out the site wont work. Its using the TCPA to determine if you are really running unmodified bios,unmodified windows, etc.. It can do that because that is what TCPA is for.

Read that last sentence again.. Mufasa!!

Try buying it with a non-tcpa enabled box and you'll get a "sorry charlie, this site best viewed with a TCPA enabled machine - for your protection".. They can do it because 95% percent of the sheep that actually pay for stuff instead of riping it will do exactly that. They will already have TCPA compliant hardware (you can turn it off, but it WILL be there), compliant OS (What percentage of users use Windows??), and Software (Remote verification of Software platform and encryption locking of a file to a specific platform AND a Specific Software Player).

Yes you can turn off tcpa at any time, but once enough people have it, theres nothing to stop bussinesses from requireing it to do anything with them.

We're fucked.

Re:Uh huh..

Sorry guys and gals. But how do you upgrade your hardware? if the data is encrypted for your computer with a unique key tied to the CPU what do you have to do to upgrade your CPU????

Will changing the CPU in your PC mean you are forced into buying all the movies/music again????

An dwhat happens if the PCs CPU dies??? is all your data is gone??

I must be missing something.......

I would have thought this type of thing would be a marketing flop....

Plase inform me?

RSC

Re:Uh huh..

[caluml]

So your[sic] going to break a 2048 bit RSA encryption with your outdated hardware in how many millenia?

You never know - it might be the very first key combo you try. That's what random means.

Re:Uh huh..

[Alsee]

An dwhat happens if the PCs CPU dies??? is all your data is gone??

Yep. One chip dies and all your data is DEAD.

In the first generation it's actually a sperate TPM chip you have to worry about. Later versions will roll this chip into the CPU.

Will changing the CPU in your PC mean you are forced into buying all the movies/music again????

That depends. *IF* the people you bought it from feel like it, and you ask very nicely, they *might* provide you a way to move the files to a new machine. And if they don't want to, or they simply don't bother enabling it, then you're screwed. All your data is gone with the old machine when you upgrade.

-

Re:Uh huh..

[Alsee]

You never know - it might be the very first key combo you try.

I'll give you a million dollars if you find the one special grain of sand. So run out to your local beach and start looking, it might be the first grain of sand you check!

P.S.
It is hidden somewhere on one of the planets in the universe. Or maybe it's on a moon. Or it could be floating in the vacuum of space.

P.P.S.
Finding a 2048 bit key would be almost infinitely harder than finding a grain of sand somewhere in the universe.

-

Re:Uh huh..

factoring a 2048 bit key would be almost infinitely easier than finding a grain of sand somewhere in the universe. (but still pretty hard)

symmetric vs asymmetric nit.

Re:Uh huh..

So your going to break a 2048 bit RSA encryption with your outdated hardware in how many millenia?

-they must be capable of doing it.
-your computer must be capable of undoing it.
-someone must be capable of manufacturing computers.

And you'd start by cracking RSA?

Re:Uh huh..

[Alsee]

factoring a 2048 bit key would be almost infinitely easier than finding a grain of sand somewhere in the universe. (but still pretty hard)

True, true. But the person I was replying to was proposing a random search, lol.

-

Re:Uh huh..

[caluml]

Regardless of the number of Universes, Worlds, and Beaches, it still might be the first grain of sand I pick up.

Re:Uh huh..

So your going to break a 2048 bit RSA encryption with your outdated hardware in how many millenia?

No-one said it was going to be brute forced. Perhaps someone will hack company X and grab the appropriate private key - you only need to decrypt something once to save it in an unencrypted format, so them changing their key wont stop it. Perhaps a flaw in the underlying assumptions will be found. Perhaps someone (probably not in the US) will build hardware to examine what the chips are doing and extract the decryption key that way. Your own computer *MUST* be able to decrypt the data, or you can't use it, correct?

Yes you can turn off tcpa at any time, but once enough people have it, theres nothing to stop bussinesses from requireing it to do anything with them.

Your assumption that non-tech-capable users will just roll over and take this is flawed. Average Joe might decide to buy a TCPA enabled machine, but he will raise a mighty stink when his unique copy of the superbowl (that he paid for) is lost due to some kid fucking with his machine. As soon as a company says "Sorry, you're out of luck", Joe says "Sorry, you're out of business". Not only will he stop dealing with that company, he'll spread the word to his friends. He may even search the web for those few businesses that are rejecting the idea of controlled content.

In fact, getting into the business of non-encrypted media might just be an excellent business plan if TCPA is going to be a reality.

Re:Uh huh..

Will changing the CPU in your PC mean you are forced into buying all the movies/music again????

You won't have to buy all your movies and music again, some of them will no longer be available at all. Disney does this intentionally, other studios do it accidentally when rights are tied up in bankruptcy proceedings or other lawsuits.

Trusted computing for the home?

[thepacketmaster]

I believe "Reliable and Secure" computing is what people want for home computers. The term "Trusted" computing is usually saved for military computers, etc, that are following the Rainbow books' criteria. Also for systems trying to get a Common Criteria rating. "Trusted" computing includes two-man controls, the kind that prevent one person from launching a bunch of nuclear missiles. The NYtimes version of trusted computing means computers that the RIAA and MPAA can trust not to let you download their stuff. It might even include letting the RIAA and MPAA destroy your computer if you do (based on what some senators want to pass as law)

That's the problem with random numbers...

[cscx]

You can never really be sure...

Re:That's the problem with random numbers...

[pyrrho]

hmmmm, looks like random.

ehhh, smells like random...

taste like random?

yyhhh, tastes like random.

must be random

Another way to force upgrades on us

[thelandp]

Even though computer PC hardware has been sufficient for most applications (other than games / video editing etc) for quite a few years now, Microsoft and Intel have been constantly trying to justify more upgrades of both hardware and software to the user. Now along comes this:

Beyond changing the appearance and control of Windows, the system will also require a new generation of computer hardware, not only replacing the computer logic board but also peripherals like mice, keyboards and video cards

Like most new Windows features, I don't see anything in this that the consumer actually wants, I think it is just a way to force yet another upgrade on us.

Re:Another way to force upgrades on us

A new breed of secure hardware would be a good thing, If only I could trust them to do it right.

I'm very much afraid that "secure hardware" might translate to "anti-open source" inside Microsoft meeting rooms.

Re:Another way to force upgrades on us

[WCMI92]

"Like most new Windows features, I don't see anything in this that the consumer actually wants, I think it is just a way to force yet another upgrade on us."

And the public will eventually figure this out. Indeed, I think they have already. Windows XP wasn't exactly the huge boost in sales, or cause for "upgrades" that earlier `Doze releases were.

Although I have to say I like XP, and think it is a better `Doze in that it gives you the compatability of 9X with the stability of 2K (well, most of it anyway).

I don't think Windows is a bad desktop OS. I think it's a great one. But Microsoft has yet to display ANY serious understanding of security, which is why I don't much like Windows as a server OS, at least, without a LOT of work to lock it down.

Indeed, they DO show some clue in how they did 2K3 Server, which differs from 2K Server in only two ways:

1. XP GUI. Yay. The thing I HATE about XP....
2. By default, services are TURNED OFF, access is DENIED, and the admin has to GRANT it.

Which is a step in the right direction.

Microsoft has simply gotten bitten by the bug of control... They keep SAYING that they own your software. Now they want to ACTUALLY accomplish this.

Will it work? Only if the average person is TRULY as stupid and ignorant as the most cynical and pessimistic would believe.

Re:Another way to force upgrades on us

[Reziac]

And every time they want to force another upgrade cycle, all it would take is a teeny little forced OS update (what, you think "trusted computing" would let you turn that off for "trusted OSs"??) that would render the old system (hardware and software) incompatible. Office suddenly stops working? Ooops, you missed your regular upgrade again, didn't you!!

Re:Another way to force upgrades on us

[hbo]

I think Microsoft may be hoping that consumers will see a benefit. How's this for a scenario: the entertainment industry really, really wants you to use DRM. They like the idea that your speakers, video card and monitor can participate in Palladium based DRM. Bill Gates tells them "Guys, consumers just aren't buying this shit. we're going to have to dump it." In response, the music industry, all the heavy hitters, make their entire libraries available to Palladium based media platforms for 25 cents a track. In other words, for a reasonable price. They also allow limited copying between PCs and unlimited CD burning, just as they have already done with iTunes. The business justifications are:

1. Strong DRM means less piracy, hence greater retained profit.
2. They actually get it now that the volume increases would mean that their take would skyrocket, even at the lower price.

So the consumer sees a better selection, more professionally presented (I know, or hyped to death), a better price (than CDs) and restrictions that don't really hurt, much. I should explain this last point by saying that it is clear to me that people don't share files on Kaaza out of altruism, but because they want the music themselves. So if you give them the music, they won't be too upset that they can't share it.

Now, I think that points others have raised here about foreign governments objecting to encryption technologies they don't hold the keys for are very pertinent. I'm not predicting Microsoft will succeed with this. But I'm guessing they may have some fond hopes along these lines.

You know, this is irritating...

The National Security Agency's "security-enhanced" Linux is an attempt to make Linux into a "trusted" computing platform, but that has NOTHING to do with DRM and other MPAA- and RIAA-borne stupidity.

Security researchers are putting a lot of effort into defining trust relationships and developing guidelines for applying the term "trusted" to software. Has the software design been verified? How about the code? Who verified the design and audited the code? Have there been security problems in the past? Is the concept fundamentally compatible with security?

Then along come the MPAA and RIAA, and they convince Microsoft (among others) to start talking about a totally fucking DIFFERENT definition of "trusted". Whereas the OLD definition of "trusted" involved concepts like integrity, secrecy, reliability, and auditability, the NEW meaning of "trusted" is essentially "crippled".

As somebody who studies security for a living, it irritates me to see the two concepts confused. Microsoft's DRM-enabled operating systems will NOT include the features I've outlined above, and a highly "trusted" operating system could very well include software that allows you to "rip, mix, and burn" just as people are accustomed to doing today.

Really, just who is "trusting" the DRM operating systems? Not the users-- I imagine there will be just as many viruses and exploits and bugs as before. Not software developers-- Microsoft hasn't really announced any plans to do things like, say, encrypt the swap space or integrate stack protection into their linkers, loaders, and compilers.

In fact, the only people who are really trusting the DRM operating systems are the content industry associations. Which makes sense, as Microsoft and company are essentially doing the whole "trusted computing" thing at the behest of the MPAA's congressional whore.

Please, folks, let's call a spade a spade: the DRM-enabled operating systems are NOT "trusted". They're "content-industry-friendly". They're "crippled". They're a lot of things, but they're not "trusted".

Let's start asking for some precision of language, here.

Re:You know, this is irritating...

[Reziac]

Others have pointed out that, frex, since Outlook would be a "trusted application", it would follow that any code executed by Outlook, including viruses, would necessarily be "trusted" as well.

And what about viruses or trojans that spoof the system? if the "trusted BIOS" gets cracked, which I think is inevitable, how long before we see viruses that attack the system at that level, and thereby gain access to everything else? And if they alter BIOS code, they might be impossible to remove short of reflashing with a "trusted" BIOS. Essentially CIH for Trusted Platforms.

Glah. I think I'll go flash my brain.

Re:You know, this is irritating...

[pod]

Really, just who is "trusting" the DRM operating systems? Not the users-- I imagine there will be just as many viruses and exploits and bugs as before.

The cynic (realist) in me says this is a large part of the reason DRM will not be rolled out full blast from the start.

The obvious is that MS wants users to slowly get used to the idea of having less control and real features available, in exchange for chrome essentially, and promises of security.

Which brings up the second reason. When the inevitable happens (viruses more destructive than ever, security holes, etc) MS will be able to say they're not done yet, just wait for the next update which will be more secure. Hey, they could even blame the users for not wanting more DRM, err, secure software.

Re:You know, this is irritating...

> Others have pointed out that, frex, since Outlook would be a "trusted application", it would follow that any code executed by Outlook, including viruses, would necessarily be "trusted" as well.

And based on how fucking hard it is to remove that abortion from XP (not "hide its icon", I want the fucking executable the fuck off the hard drive, Gates, because it's my box, not yours!), never mind 2k3 or whatever's coming down the pipe, holy fuck, it'll be harder to get rid of Express Outbreak than it will be to brute-force the TCPA uber-uber-key.

(Oh, and the backdoor that overrides the uber-uber-key and allows RIAA to wipe your drive is 53N4T-0RH4T-CH1505-4M4B1N-L4D3N-IN4P1-65U1T. Figured I'd save you geeks a few quadrillion times the age of the universe by leaking the key here.)

Mitnick!!!!

[fm6]

And of course everything Mitnick says about Markoff is true. Everybody knows Mitnick is an innocent victim! But despite his innocence, he bears no malice to any of his accusers!

Re:Mitnick!!!!

[Concerned+Onlooker]

Just for the record, I saw Mitnick speak and he never claimed to be innocent. In fact, he said he deserved to be punished for what he did, just that the punishment in no way fit the crime.

This won't play very well overseas

[Go+Aptran]

I'm very amused by how a file system that's a colaboration of the US Government, Microsoft, and American corporations could possibly be considered a beneficial thing.

This will only increase the speed at which foreign governments adopt open source software and (eventually) hardware.

I'm SO GLAD I own a Mac.

Re:This won't play very well overseas

[ebf]

Me too!

Re:This won't play very well overseas

[Technician]

Maybe Microsoft doesn't mind. There was some big stink about overseas piracy anyway. This should fix the piracy problem.

Re:This won't play very well overseas

[Anonymous+Brave+Guy]

You do realise that Europe alone has a technology market much bigger than the US, right?

Trusting Trusted Computing

[somethinghollow]

"...one of the speakers was from Microsoft research..."

I trust Microsoft R&D to come up with good security concepts, but I don't trust Microsoft to implement the good security concepts without having giant security holes in them. Then they can make programs that monitor/protect the security holes in the other security programs, and they will have holes, too. This would be an infinite recursion, BTW.

I can see the ad now:
Security programs with security problems. Only from Microsoft.

ROFL at the Microsoft guy

[FunWithHeadlines]

I laughed hard at this paragraph that I see others have noticed as well:

"We think this is a huge innovation story," said Mario Juarez, Microsoft's group product manager for the company's security business unit. "This is just an extension of the way the current version of Windows has provided innovation for players up and down the broad landscape of computing."

Well! If this is more of that same innovation Windows is known for, we know just how worthless to the end consumer this will be! Thanks for the warning, Mr. Microsoft group product manager. It's not often a spokesperson for a product gives a clear warning to steer clear of his own product like this. We should be grateful for these moments of truth when they arise...

Re:one thing the public never seems to get . . . l

i think both you and the article's author need to read the following: http://www.research.ibm.com/gsal/tcpa/. Especially the second link on that page. Basically, it dispells out the myth that "Trusted Computing" == "DRM" and confirms that Microsoft has twisted the correct definition of the phrase "trusted computing." That page also provides links to a current Linux driver for IBM's TCPA chip, so that the chip may be used within Linux applications.

What's in It for Me??

[malia8888]

There is nothing in trusted computing to benefit the consumer. I am hoping the word will get out to the average consumer in time for them to rebel by keeping their $$$'s to themselves.

The very things that computer users want to be protected from--viruses and the tons of spam messages--are not addressed with these "improvements".

As eloquently outlined in the Times article: the new encrypted computing world, even the most mundane word-processing document or e-mail message would be accompanied by a software security guard controlling who can view it, where it can be sent and even when it will be erased. Also, the secure PC is specifically intended to protect digital movies and music from online piracy. But while beneficial to the entertainment industry and corporate operations, the new systems will not necessarily be immune to computer viruses or unwanted spam e-mail messages, the two most severe irritants to PC users. "Microsoft's use of the term `trusted computing' is a great piece of doublespeak," said Dan Sokol, a computer engineer based in San Jose, Calif., who was one of the original members of the Homebrew Computing Club, the pioneering PC group. "What they're really saying is, `We don't trust you, the user of this computer.' "

In "trusted computing" the public gets no security; the FAT entertainment industry gets fatter; and the common man is unduly scrutinized.

Let's hope our everyday "Joe Consumer" rebels. If Intel comes out with a chip with this trusted-Big-Brother component, I hope the American consumer leaves it rotting on the shelves.

Money talks, b.s. walks. If the public refuses to buy this garbage which is hyped to protect them, perhaps the companies will look at this trusted computing issue again and drop it in the trash can it belongs.

OSS and DRM and MS Hardware

[fermion]

No one seriously believes that MS can create a secure OS. What can happen is that MS, along with laws that will make circumvention activities illegal, will create enough a of a facade of security that people will trade certain current freedoms for safety and convenience. It always happens. People want convenience and simplicity.

OTOH it looks like this stuff will only effect Intel and MS products. Personally, I have always used Apple products myself. It has protected me from MS viral licenses. It has protected me from Intel's occasional desire to track all users. It is now protecting me from silly DRM schemes that do nothing but protect antique business models. Apple has done more for security by allowing the user to turn off HTML in mail.app that MS could possibly hope to do in a decade.

The same could be said for GNU/Linux and other non-MS users. For these users there are only three concerns. First, laws could be passed to require certain attributes in entire classes of software. For example, as the article suggests, all email and music might have to be signed with a CPU generated hash. Of course all advanced users know that such technology could be circumvented, and, even with laws against circumvention, such actions will routinely occur.

Second, the makers of Intel clone chips might, and probably will, succumb to pressure and include security features. This would be bad because right now OSS is very tied to Intel class chips. The solution to this is to build open hardware platforms around non-Intel class chips, and create OSS projects that run on such platforms. Intel may be a slave to MS, but AMD and others might be more scared of lost sales due to OSS moving to Motorola and IBM chipsets. In five years if OSS is still tied to the Intel instruction set, and Intel is only making chips that spy on the user, there will be no one to blame.

The third issue comes from a quote in the article
the system will also require a new generation of computer hardware, not only replacing the computer logic board but also peripherals like mice, keyboards and video cards
from this we can infer that MS intends to push DRM to all hardware connected to the CPU, which, of course, is the logical course of action. The issue is as above. OSS runs mostly on what is essentially MS hardware. If all MS hardware requires software that is cryptographically signed and externally validated, probably by MS related service, one wonders if OSS will exist. If OSS does exist, one wonders if it would have any purpose the user was still ultimately tied to MS licenses and security schemes.

This has always been the danger of the single environment ecosystem. The OSS people seem to forget how inherently dependent on MS whims they are. One wonders if some diversification might be in order.

Re:OSS and DRM and MS Hardware

[WCMI92]

VERY brilliant points...

Ok, if we dump the x86 hardware, what do we use?

I know that Linux could be easily modified to run on something like IBM's PPC 970 chip, but will we be able to buy motherboards, hard drives, keyboards, sound cards, etc that will work with it?

I have my doubts as to whether MS will be able to succeed in this effort... IF they do, it will have to be an incrimental thing. Suddenly having your OS refuse to let you install other software, and your hardware like the mouse refusing to talk to your PC unless it has it's DRM key from Redmond would cause Redmond to be BURNED TO THE GROUND by an outraged public....

Most likely, it will be able to be disabled at first. But then content won't be available... So you turn it on... And at first it's not really annoying... Then it gets more annoying... SLOWLY.

Microsoft knows how to make incrimental changes, and to use the "escalator". THAT is the danger.

Re:OSS and DRM and MS Hardware

[vegetablespork]

Exactly. Even the record industry isn't stupid enough to think people are going to rush out and buy locked down "digital toasters" later this week. "Consumers" will have to be "eased into" the "transition." And for those who hold out, a descendant of the SSSCA/CBDTPA will make all that old hardware illegal.

Re:OSS and DRM and MS Hardware

you know, its really really REALLY sad how true that statement is... i can completely see the future where my current pc will be considered illegal... ah well, live it up while you can! :)

Re:OSS and DRM and MS Hardware

[ebyrob]

A quick hop over to the Debian site makes it seem that "Linux" runs on Alpha, ARM, HP PA-RISC, x86, IA-64, Motorola 680x0, MIPS, MIPS(DEC), PowerPC, IBM S/390, and SPARC. Hardly seems like OSS is "married" to Intel.

In fact, the Linux, BSD, and other modern OSS Unix flavors are tied to hardware about as little as any software ever written. The only necessary requirements are the GNU tools like gcc, glibc, and friends. So as long as developers are around to port code to new and interesting hardware platforms OSS will run on them. So, until someone starts throwing programmers in jail or shooting them for working on the gcc and other FSF tools, I think we can rest assured OSS will be an available alternative.

Now, will OSS be able to interoperate with newer Microsoft offerings? That is another question entirely.

actually

I believe this is the link you're looking for, not open cores.

Re:actually

No, I prefer the original link. The difference? The original link is based on a concrete example. Not inuendo from an alleged developer.

Your rebuttal also missed the mark. The original wasn't talking about embeded systems software, but embedded systems hardware. Comparing the two is like calling someone who wrote an email client an integrated circuit designer.

Don't by any chance work for an embedded operating system/compiler company do you?

It's simple...

[Sebby]

The words 'Microsoft' and 'trust' do NOT go together, UNLESS 'anti' is in there somewhere too...

This is actually a shift in product... and not...

[SmurfButcher+Bob]

...what you think.

Face it, the software market is pretty much saturated from their perspective, and there isn't much room for growth on the desktop compared with previous years.

What MS discovered, about two years ago, was that they could sell a completely different product. What MS discovered was Radio.

Radio doesn't make money by playing songs. Radio makes money by selling its listeners. Now, take a re-think of the Trusted Platform from that perspective, and what it's purpose will be completely obvious.

Fragility

[deanpole]

Computers with TCM/Palladium/WNGSCB/handcuffware will be fragile. Many more disk sectors will be essential for booting. A greater percentage of memory errors will cause exceptions. Maybe you thought SMP hardware showed a lot of race conditions? You will surely see them now. Call it disasterous reputation maintenance (DRM).

Re:Fragility

[TCM]

What? My computers are not frag"$%!NO CARRIER

Web links to TCPA and Microsoft NGSCB (Palladium)

[NearlyHeadless]

In case you're actually interested in reading what the technologies are about, instead of just FUD. Here is The TCPA and Microsoft's Next-Generation Secure Computing Base (which is what came from the Palladium Project).

Will you all stop your bitching already!?!?!?!?

[l0ungeb0y]

This is the best news I have heard since 1996.

I can not wait for Anal-intrusive DRM to be included on every windows OS and Intel PC processor on the market.

In fact, I wish it was here right now.

I am salivating at the prospect of LAN wide system lock outs, Entire OS installtions destroyed because of stolen/forged Serial Numbers, the inability for a persson to have 2 copies of an app their my own equiptment, the deletion of personal files and monitoring of internet usage.

In fact, I hope they use and abuse back door facilities so that the entire machine is effectively a trojan and fast becomes the fabled crackers valhalla.

Huzzzzahhh Microsoft!!!
When you kill your competition and get cocked sucked by the gov't it's just natural to become your own worst enemy.

So, do release your DRM post-haste and help usher in a much needed paradigm shift from Windows to OS X/Linux.

Anyone else remember the movie "Tommy" where they started the camp then gagged, bound, abused their followers and by doing so incited a revolt?

"We're not gonna take it!"

I believe that's what's about to happen here, and personally I can only pray that it does. Every time I read about DRM from Microsoft, a layer of cynicism fades away as I see a glimmer of hope

So you'd all be better off protesting and just sit there quietly with a smile while MS cocks it's BFG and aims squarely at it's foot :)

Re:Will you all stop your bitching already!?!?!?!?

[swordgeek]

This is the problem with a monopoly. Microsoft says "Today you're going to bend over the table," and the people think they're helpless to resist. Unfortunately, they're too lazy to find out how to walk away.

Microsoft will have a hard time screwing up their own model so badly that they actually drop below 90% market share--I'm not sure they could do it if they tried.

The secret is to move one step at a time. We already accept things that would have been unthinkable a few years ago.

Will China step in to save the day?

[Graabein]

Didn't I read right here on /. that the Chinese have started to develop and test their own CPU? Yup: The Dragon Chip. They've already got Linux booting on it.

With most of the world's electronics manufacturing business in China anyway, I guess this means we'll all be running Linux on Chinese developed and manufactured hardware in a few years, while Microsoft, Intel and AMD all sit around in the wreckage of their once profitable empires wondering what went wrong.

Here's a hint guys: You forgot what made the PC platform great in the first place: Freedom.

Call it freedom to innovate, freedom to fsck up a computer beyond repair, freedom to write a virus or freedom to swap files. Whatever. But try taking our freedom away and you will face the consequences.

Now that would be a deliciuos irony, wouldn't it. America and the West taking away the freedom of all computer users, and the Chinese coming to the rescue and restoring our freedom.

Re:Will China step in to save the day?

[zalle]

I wouldn't be so sure that the Dragon Chip is going to offer any freedom; if the Chinese government has a say, it most certainly will do only Party-approved things.

Re:Will China step in to save the day?

[pmz]

America and the West taking away the freedom of all computer users, and the Chinese coming to the rescue and restoring our freedom.

Isn't it ironic?

so they don't know why i'd want it either

[clart]

Bob Meinschein, an Intel security architect. "On the corporate side the value is much clearer," he added, "but over time the consumer value of this technology will become clear as well"

Re:one thing the public never seems to get . . . l

[earthforce_1]

True, and - once one person has managed to crack it, Palladium becomes a double edged sword that now swings in favour of the pirates, who can use it to create an untraceable distribution network.

We need more PR like this.

[Lord_Dweomer]

While this may have been a genuine 'article', it is also possible it was a PR piece. Where someone gets a writer to write about a piece with a certain slant....that is PR. We need more of this. The NY Times article BLASTED DRM. Now we just need one of these for frivalous patents.....and for the **AA's and for all the other things slashdotters bitch about.

I suspect however that it will become increasingly more common for these types of things to surface as journalists and reporters LOVE to take the side of the consumer and go after the "greedy corporations". It makes them look very good in the eyes of the people, who they are trying to gain popularity with. It will only snowball from here my friends, it's just a matter of time till things work themselves out.

Re:Web links to TCPA and Microsoft NGSCB (Palladiu

auto-translator:

Check the links if you're interested in reading the industry party line.

The Palladium project was renamed the "Next-Generation Secure Computing Base" in an attempt to shake off the stench the name Palladium took on hours after MS floated it.

~~~

Doublethink

[TitanBL]

"The company is dealing with both technical and marketing challenges presented by the new software security system. For example, Mr. Juarez, the Microsoft executive, said that if the company created a more secure side to its operating system software, customers might draw the conclusion that its current software is not as safe to use. "

he went on to explain:

"What I mean is that we cannot have our customers using deductive reasoning to come to an obvious conclusion which might jeopardize our market share (control). Could you imagine the implications? We would rather them just trust us - and relax - big broth.. uhhh... I mean Microsoft has it all taken care of"

Re:Doublethink

[Kenard]

Trusted computing meens Big Brother is no longer watching, He knows you can't do shit.

Re:Doublethink

[Nynaeve]

I think you've hit the nail on the head!

They completely circumvent the whole "1984" discussion because it's totally unnecessary to monitor what someone is doing if you've already restricted what they can do.

impenetrable encryption

[sacrilicious]

>But by entwining PC software and data in an impenetrable layer of encryption

COME ON! please, why do they make such claims?!

My understanding is that if the chosen key is sufficiently large, like 2048 bits, then the encryption really is impenetrable, i.e. not breakable even by brute force given even the computing power years from now. Example: the xbox, a device with a 2048-bit key, has not been compromised, and a large scale distributed attack was dismissed even by those who dislike Microsoft as a pointless exercise. Doesn't mean that someone can't spill the key on purpose, but if that's what we mean by "not impenetrable" then I just want to be sure it's understood that we're not just talking about technological approaches.

Re:impenetrable encryption

My understanding is that if the chosen key is sufficiently large, like 2048 bits, then the encryption really is impenetrable...

Then, quite simply, you don't understand.

Your X-Box example is just about perfect though. IIRC was out for several weeks before it was hacked. The fact that the key hasn't been brute forced did not prevent people from making some delightful little Linux boxes out of the things.

It's much like protecting your house with a steel door, and a nearly unpickable lock. It's a great start, but until you seal up the rest of it, "prison style," there will always be those circumvent it.

Re:impenetrable encryption

[CurlyG]

Well, someone spilling the key on purpose is one possibility, but the other, more likely IHMO, is that someone spills it by accident.

After all, it seems to me that if every piece of equipment that can play media has to have DRM, odds are that *someone* will screw up somewhere and leave the backdoor wide open...

Re:impenetrable encryption

[sacrilicious]

Then, quite simply, you don't understand. Your X-Box example is just about perfect though. IIRC was out for several weeks before it was hacked. The fact that the key hasn't been brute forced did not prevent people from making some delightful little Linux boxes out of the things.

It sounds to me like I do understand: the xbox was hacked via mod chips, so the sense in which its encryption has been shown to be compromisible is via a means other than cryptographic attacks. I'm not trying to claim that the xbox or other similar things can't be repurposed via hardware mods. My point is that the encryption involved is not the weak link. In other words, if I encrypted my credit card number with a 2048 bit key, posted it to the internet, and waited for someone to crack it, I'd still be waiting five years from now. To me, that qualifies as a perfectly sufficient answer when someone asks (as the parent post did) how on earth people can go about making claims of impenetrable encryption.

Re:impenetrable encryption

[Alsee]

My understanding is that if the chosen key is sufficiently large, like 2048 bits, then the encryption really is impenetrable

You're right that 2048 bits is impossible to brute force and that we currently have no adaquate shortcuts, but the system is inherently flawed in a different way. The way they use it for the XBOX only Microsoft has the private key. There is no way to get the key from an XBOX. However for this system a private key must be present in each computer. If you get this private key you can beat the system. It's not easy, but it is entirely doable to physically rip this key out of a chip. The only drawback is that each key you rip out like this is really only good for one person. If you give the key to multiple people they will spot it and revoke that key.

-

A bit worse...

"For AMD or Intel to come out with a processor that REQUIRED DRM to operate would be to commit corporate suicide."

They're not going to require DRM in the processor, and they don't have to. They just have to include it. After that, all of the major media/software companies can require that the computer be operating in DRM mode in order to view their media. Microsoft (and probably other OS makers) will set it as the default. Users will leave it on for convenience.

You won't have to turn it on. But you'll be an outsider, crytographically outcast from the communications of the vast majority. You'll even be able to view media, if you're willing to risk the felony conviction. You'll even be able to release works of your indie band outside the DRM system, but if the system works at all, your band will be unheard by those within the system (because otherwise you could just distribute a cracked major-label release within the DRM system and have it masquerade as a non-encrypted work).

Re:A bit worse...

[cshark]

I'm probably preaching to the quire here,
but I've been against this technology for years.

And I would be willing to bet that someone will crach this technology with a software fix two weeks (or less) after it comes out.

This whole scheme reminds me of those hardware locks people used to include with software programs. We all know how well that worked out.

But how does this affect the linux world?
I know Linus recently said it was okay to use drm in Linux, but will people actually use it?

I'm thinking that if customers violently reject this kind of DRM technology like they have in the past, it could be just the opening we need to make Linux the leading desktop OS.

Just a thought.

Dear consumer:

[Travoltus]

All your trust are belong to us!

- MicroSoft

www.trustedbsd.org

If I tell you more, you'd have to kill me!

More news.....

[Geek+of+Tech]

And in other news Microsoft chairman Bill Gates announced at a press conference 20 minutes into the future that the Microsoft "Smart Watch" will also incorperate DRM. As briefly covered by his Billness, the Smart Watch will scan the retina of everyone who attempts to read the time. Anyone whose retina pattern is not in watch memory will have 2,000,000 volts sent through their bodies.

On a comment regarding this issue, Mr. Gates assured us "It is vital to the health of the entire global industry that we guard consumer privacy and trade secrets. Anyone passing on the street could pick up an enormous ammount of information from someone who is wearing a watch that isn't secure."

Dark Lord Bill further went on to say "... It is imperative that we guard all avenues from this impending danger... of someone stealing the 'time of day'. Terrorrist use the time of day constantly... (futher ramblings too lengthy to be posted here)"

We recieved a brief demonstration, when a CNN corrospondent accidently glanced toward the watch worn by Mr. Gates. Within a brief second, the corrospondent burst into flames, and unfortunatly died.

In other news Mr. Bill Gates is sueing the family of a man who tried to steal the "time of day"...

Yes, we do

[tkrotchko]

"I mean, do we REALLY need 3GHz machines? "

Yes. To do any sorts of useful video editing, you need fast machines; in fact, I'd argue that 3ghz is the minimum you need.

Computer speed has historically been turned into new, useful applications; applications that can't even be considered until computers are fast enough.

Consider MP3; it could have been implemented 20 years before it became big; the theory of lossy compression was understood by researchers, but it wasn't terribly practical until faster computers appeared.

And this is on down the line... think about as I mentioned before... video editing, real-time video effects in games, speech recognition, pattern recognition; each needs more and faster processor power.

I'll grant you, if you want to do email and browse the web, then you're in luck: a 450mhz PII will suit you nicely, and a wonderful machine can be purchased for under $200 for that purpose. But that's pretty myopic; people want faster computers not to read email faster, but because they want to run new applications that are only possible with faster computers.

So I'd argue there is a significant problem if the world's CPU and chipmakers will only produce "trusted" versions of their product.

Re:Yes, we do

I mean, do we REALLY need to do any sorts of video editing?

Re:Yes, we do

[danila]

Ultimately we do. The Moore Law is essential to the development of strong AI and uploading, to genetics and proteinomics, to nanotechnologies and future science in general. And that means that ever faster processors are absolutely necessary if we want human immortality and other posthuman powers.

To think that faster computers are something optional is to make a very serious mistake.

P.S. To make faster computers practical for scientific research and technological development we need to drive prices down with a mass consumer market for CPUs.

Two Seperate Windows Partitions?

[veg_all]

I was not familiar with this aspect of the scheme. Maybe I'm not the only one who will finally say, "one is already one too many..."

-posting from my W2K partition, not long for this world (goodbye, q3 framerates [sniff])......

Amen

"Here's a hint guys: You forgot what made the PC platform great in the first place: Freedom."

You're right.

I was there for the beginnings of the PC. We built them and bought them, even when they couldn't do much because we believed in the dream of freedom and computing and saying "fuck you" to big companies with their vision of how we should use their computers.

Now 2 generations later, we seemed bound and determined to give it all away, just so we can watch "Star Wars" on our PC. And pay every time. And throw people into jail if they refuse.

Its very upsetting to those of use who started the revolution.

Re:Web links to TCPA and Microsoft NGSCB (Palladiu

[TitanBL]

PressPass: What function will the advisory board serve?

The goal is to learn from each other....

...Microsoft has long realized that to achieve needed systemic change, it's important to involve academia early on.

BUT, we also view this board as a two-way education channel. Ultimately, we'd like to see academia work with the industry to inculcate more security concepts into a technical education, because it's not just a technology problem or a computer science problem. ***It's a social problem***. If we at Microsoft work with academia to make sure they have the resources, time and information to infuse Trustworthy Computing concepts into education, the result will be graduates who are much more adept at understanding a secure computing environment.

I'm already experiencing it

[rossz]

I work at a pure Windows shop. I don't like it, but it's the only work available. They have very strict "policies" on their computer network. Most people are not allowed to install or uninstall any software. Most people can't even make changes to their task bar. All internet connections must go through their rather strict proxy (kernel.org is considered inappropriate!). Most internet ports are blocked (21, 22, 23, 6667, and 7000 are definately blocked). Not that it has stopped me. I figured out how to bypass the proxy my first day there.

This is what trusted computing will be like. But instead of your employer limiting you at work, it will be Microsoft limiting you at home. "Where the fuck do you think you're going!?"

Re:I'm already experiencing it

[SiliconEntity]

This is what trusted computing will be like. But instead of your employer limiting you at work, it will be Microsoft limiting you at home. "Where the fuck do you think you're going!?"

No, that's not correct. Doing this would reduce the sales of Microsoft software, and Microsoft's goal is to sell more software rather than less.

Instead, trusted computing will add new capabilities to your system, while still letting you do everything you can do today.

These new capabilities will allow "trusted" applications to report their identity unspoofably to remote servers. The servers can then refuse to supply content to users who aren't running software which will enforce DRM rules.

So you will still be able to do what you can today; but maybe everybody else will be able to do a lot more, downloading legal content under DRM restrictions. It's not so much that Trusted Computing will restrict what you can do; it's that it opens up new possibilities, but only under rules that are effectively enforced.

Re:I'm already experiencing it

[rossz]

No, that's not correct. Doing this would reduce the sales of Microsoft software, and Microsoft's goal is to sell more software rather than less.

Microsoft products will automatically be "trusted", so people will go with the safe bet and buy only Microsoft. Thus, more Microsoft sales and a whole lot fewer choices.

Re:I'm already experiencing it

[spitzak]

Pretty correct, however it is interesting that Palladium will probably prevent your company from doing some stuff that it is doing right now.

Almost certainly it will be impossible to stop "upgrades" from happening automatically. Microsoft may make it impossible to stop a user from installing the upgrade to Word, for instance (thus forcing the rest of the company to upgrade). It may automatically download and turn on/off advertising.

In some ways the things your company is doing are the types of freedom that Microsoft is trying to prevent. The computers belong to your company and they now have some freedom to restrict them to being used the way they want.

If your company had a garage sale and you bought one of their computers, right now you can take it home, take out some screws, plug in a CD, and install your own copy of Windows (or Linux). Under Palladium the equivalent is impossible, it is as though that machine belongs to your company forever.

Re:I'm already experiencing it

[The+Bungi]

Yes, let's extrapolate stupid company policies designed to keep stupid users from hurting themselves into what the world of computing will look like in a few years.

Your rant is understandable to a certain extent - I've had to get around proxy restrictions on some client sites to read my corporate email. But that's how it is. Their network, their pipe, their computers, their money, their rules. Work at home or go into landscaping if you don't like that sort of thing. Further, your post implies that, since this is a "pure Windows shop" your company's policies are somehow dictated by the evil Microsoft borg. Tell you what - get the password for the domain administrator or your own box's and override the policy settings. What? You don't have the password? Well, I'm sure there's a reason for that.

Just don't whine and make assumptions about how "this is teh sux and it gets worse and it's all m$ fault". Thanks.

Show me the money!!!!!!!

[rippie78]

Microsoft is committed to "working with the government and the entire industry to build a more secure computing infrastructure here and around the world," Bill Gates, Microsoft's chairman, told a technology conference in Washington on Wednesday.

Read as "We are willing to let the MPAA and RIAA throught their weight (money) around with the government (elected) and media. Meanwhile we lurk around with the government (NSA, FBI ect)to get them onside and provide the backdoor key."

Re:Show me the money!!!!!!!

> "We are willing to let the MPAA and RIAA throught their weight (money) around with the government (elected) and media. Meanwhile we lurk around with the government (NSA, FBI ect)to get them onside and provide the backdoor key."

You mean this one?

53N4T-0RH4T-CH1505-4M4B1N-L4D3N-1N4P1-65U1T

In Soviet Union Russia.....

[Billly+Gates]

...your computer protects itself from YOU!

Oh shit wait a minute.

Sperm Banks...

[executebusiness.com]

Dear users, your sperm was stolen by the Al Qaeda. You are now the proud father of several terrorists. Have a nice day!

Re:one thing the public never seems to get . . . l

[SiliconEntity]

once one person has managed to crack it, Palladium becomes a double edged sword that now swings in favour of the pirates, who can use it to create an untraceable distribution network.

You don't need to "crack it". Trusted Computing has as its design goal exactly this sort of functionality: allowing networks of computers to trust that all the systems will behave in a predictable way. No one seems to understand that Microsoft wants this kind of functionality. DRM is only part of the picture. TC allows for far more than DRM. It assists any application which involves a network that would benefit if the programs knew what was running on the other end.

Microsoft has surely known all along that TC would allow for this kind of thing. Of course they probably neglected to mention it to the RIAA. But the genius of Palladium is that by allowing programs to prove that they will behave in a certain way, it solves the DRM problem at one stroke whle at the same time allowing for an infinite variety of new applications.

Re:non DRM computers? Macs!

[Billly+Gates]

Buy a Mac.

Yes they have both a software and hardware monopoly, but at least they are nicer in regards to DRM. After all Intel/Microsoft are in bed together so its which dictator do you want?

All I know is Apple's DRM Itunes store will let you play the files on up to 3 macs and you can keep the files playable on newer macs that you can choose!

Why should you suffer because Bill wants people to run his software and be the gatekeeper and eliminate competition because he has the keys to your computer? Why should you use a slower system?

F*ck them. Its your computer and if a mac is expensive you can buy a cheaper Imac when the time comes. Yes they are slower then regular pc's when they come out but they have to be much faster then your now ageing system( 3 years down the road ). Linux and soon FreeBSD is also their if you decide you can not stand MacOSX. You can always dual boot like Windows.

MacOSX looks kind of confusing from a life long Windows user? I like the StartMenu or K in Kde but I am sure I can learn and adapt.

Not to mention the risc G5 processors are really cool! I would love to learn assembly on them rather then the nasty 25 year old 8086 assembly that is in a pc. Itanium is even worse and no one besides Intel really understands it yet.

If Billy wont let me play on my own systems then I will not buy them. You should do the same. A bonus is Apple hardware is high quality and lasts much longer then PC equilivants. Its expensive yes but you get what you pay for.

The problem with this stuff

[shibashaba]

The idea of encrypting everything is just stupid, it makes it all the easier to crack it. Just knowing the text the programs display will probably just be enough to keep running random keys until you've decrypted that part and then you've got it

Microsoft: innovators of Closed Source

[Basehart]

"This will kill innovation," said Ross Anderson, a computer security expert at Cambridge University....

But that's what Microsoft is all about right, killing innovation. The last thing any monopolist wants is a bunch of innovators running around innovating.

Talk about Orwellian

[ebyrob]

From the article:

Bill Gates, Microsoft's chairman, told a technology conference in Washington on Wednesday. "This technology can make our country more secure and prevent the nightmare vision of George Orwell at the same time."

Yes Bill that's right. You can usher in the technology that may bring about Orwell's vision and at the same time help it slide through by simply claiming the exact opposite from the other side of your mouth.

Dyuh... It's somehow related to the truth, perhaps that means I should believe it.

Who can you trust?

[smokeslikeapoet]

A few months back I read an article that documented how Windows Media Player submitted information to a Microsoft server whenever a DVD was played. How will be able to detect or stop this once "trusted computing" is a reality? I don't trust anyone until they've earned it, and I certainly don't trust anyone that doesn't have my best interests at heart. Ronald Reagan once said, "Trust but verify." With Microsoft's "trusted computing" verification will be impossible.

Murphy's Law

[CrazyWingman]

The device includes secret digital keys -- large binary numbers -- that cannot easily be altered.

Easily? They would probably say that Windoze is an OS that could not easily be replicated as well.
I don't know about the rest of you, but I know quite a few people who will poor their lives into doing something that someone else says "cannot be done easily." (...and will almost definitely succeed)
(begin M$-Rant)
Also, I believe Microsoft falls under Murphy's Law, "If there is any way to do it wrong, he [Bill] will find it."
(end M$-Rant)

Trusted computing from Microsoft?

[node+3]

I don't trust Microsoft as it is. Their "Trusted Computing" initiative makes me trust them even less.

Sayonara, Internet!

[some+old+guy]

In case you've missed the forest for the trees, this isn't just about running DRM-protected apps/content on the little boxes on our desks and laps.

Now that Big Biz has swallowed web-based networking and software management, it only follows that in the future ISP's will be required to enforce DRM by not allowing noncompliant connections. Read: our way or no way, Skippy!

End result? Microslut, through the magic of DRM, finally has everyone by the short hairs.

When it reaches that point, what good will OSS do anyone, except maybe having a low-cost species of the same freedom-choking anaconda?

Funny, I can envision a world where completely unfettered exchange of ideas devolves back to the one medium that isn't software-dependent: print.

At least until Gates et al decide DRM 1984 isn't enough and implement Fahrenheit 4.51

Re:Sayonara, Internet!

[Zekat]

Not necessarily... it's possible to side-step this (e.g. freenet, uucp, bbs, wireless mesh) and create something "under the [corporate/govt] radar" so to speak. The results would not necessarily be pretty, but it worked a number of years ago--think "golden age of internet" era.

necessary addendum to Gate's comment

[freedog]

Bill Gates, Microsoft's chairman, told a technology conference in Washington on Wednesday. "This technology can make our country more secure and prevent the nightmare vision of George Orwell at the same time."

"errr...that is, if consumers and companies completely rebel against it and everything it stands for."

I can't believe he had the audacity to claim that he was somehow fighting the good fight against big, evil, faceless bureaucracies. Yeah, you're in it for the little guy Bill, sure. Sweet Jesus and may God help us if people like Gates can play themselves off as such.

Or maybe his logic something like this: "You see, it shouldn't be governments alone that create a totalitarian existence, no no no, that would be much too inefficient. It should be totalitarian governments that are controlled in the background by large, totalitarian companies and their respective associations - like the BSA and RIAA. Stupid Orwell was so random - he had it all wrong!"

Re:necessary addendum to Gate's comment

[ebyrob]

hmm... Good point. I'd only doublethunk. With the help of your triplethought I now realize that Bill *was* telling the truth. By pushing Palladium he's insuring Orwell's future won't happen because people will rebel and overthrow the premise behind Palladium.

"Wait... what if I quadruplethink?" *oof* thud, "My head hurts."

not how it works

the big brother parts are optional. what they will see is the next (insert RIAA crap) music that they can finally download only being playable on a "trusted" computer, (and then go to apples music store). and the next matrix trailer being only playable on a trusted computer. and blockbuster offering download rentals, but only if your computer is trusted. MS is smart enough to see this, so theyll make it really non intrusive while hyping its "security" untill they get a big enough installed base. then theyll start boiling the frog.(1) you can re read the above replacing "trusted" with "thiers, not yours" and see how it makes sense.

our only hope against them is free software like mozilla and openoffice.org because with these, the dependence on windows is lessend and people know theres a way out before MS becomes a problem. people look to us about computers. tell them about this, and give them free software.

(1) you can boil a frog alive (at least in the saying) by putting it live in a pot of water and turning up the heat a little at a time so the frog doesnt realize whats going on until its too late. MS plans to do that to us. theyll slowly make it harder and harder to NOT play thier palladium game. sure youll have a choice to not run it, like you have a "choice" to not run windows now. hope your work doesnt require NTLM authentication...

OT - Sig

[$rtbl_this]

About 90% of my foes list is comprised of people who used "M$" in a sentence.

You're on my foes list and I don't think I've ever used 'M$' in a sentence (until now). I mostly make my living working with MS products and have done for many years. While I am fairly critical of MS at times I try to be even-handed and realistic about it, as they've made me a nice living. I even work for the world's largest distributor of MS products.

Your presence on my foes list is nothing to do with anti-MS zealotry. I just think you're a cunt.

Re:OT - Sig

[cscx]

At least you're honest.

Video editing at 3GHz

[0123456]

"To do any sorts of useful video editing, you need fast machines; in fact, I'd argue that 3ghz is the minimum you need"

ROTFL. I've edited half-hour DV projects on a PII-350, and a DV feature on a PIII-550. There are things you need 3GHz CPUs for, but standard def video editing is not one of them... faster CPU is nice to have for faster rendering, but far from essential.

Re:Video editing at 3GHz

[tkrotchko]

I'm thinking of video editing where you need to change the exposure. That takes serious processor power.

Just cutting and pasting video, you're right. But when you get more processor power, there are a lot more things you can do (special effects, blending, convert to and from various formats).

My point isn't really about video editing as such; the point is that we aren't "done" in the CPU department.

Not quite

[autechre]

Unlike Zion and their machines, I don't need DRM-enabled services and applications to live. None of the artists that I really like have ever tried to implement copy prevention on their CDs, and it's unlikely that they'll use DRM either, because they actually want people to hear their music above all else. I've already used Linux at home for over 3 years now. There will always be a choice. You may be "shut out" from some services, but maybe that will inspire you to seek an alternative service that values your business a bit more. The type of people who disdain going to malls, hate most of the radio stations on the dial, think most news outlets are useless, etc. will get along much the same as they have been.

That said, I think that DRM is fine in some cases. Something like DRM might have made Phantasy Star Online a far more stable game, instead of the mass of annoying and ineffective anti-cheating features that cause your saved game with hundreds of hours to get corrupted at the drop of a hat. I don't care if it's put into game consoles, which are basically black boxes anyway.

The movies, music, and many of the programs that I like and use will probably never be big enough that they can be opressive. That's fine with me. The vast majority of people choose to fit the consumer mold, choose a commercial lifestyle, and they will get what the big companies want them to get, which is what they're getting now anyway. It's basically an illusion that you're doing what you want by illegally downloading that Brittany song. Who do you think made you like it in the first place?

Re:one thing the public never seems to get . . . l

[pmz]

so, what, should we stock up on Win2000, XP, and Linux OS's along with our CD and DVD burners?

Yes. Keeping a working late-90's or early-2000's vintage computer around the house is a very good idea. The late-90's was the era of the forever "fast enough" CPU. For example, at home, I have yet to own a computer faster than 300MHz. Mozilla launches considerably faster than the modem will dial-in, so this is a good threshold of usefulness for me.

Required reading for TCPA issues

[AnalogDiehard]

The TCPA FAQ page, independent and unbiased of Wintel conglomerations and their media bedfellows.

The Logic in it's very nature is InSecure

[SAJChurchey]

The end users and administrators have less control over what's on the PC. What files are on the HD, and what code is executed is not at all under control? It's the original owner's call on what runs on your computer. This can include a hacker's malicious code, hidden on your system. It would suck if you were unable to delete b/c u didn't have your own permissions on your own damn computer. It is not more secure. There will always be work arounds and there will always be hackers tampering w/ the hardware and the chipsets. It only give more people control over your PC and takes it away from you.

Welcome to....

[SwedishChef]

the "You're Not Trusted Computing" initiative.

It's a fair use...

...for educational purposes.

C'mon, educate yourself a little about your rights before you so slovenly give them up.

Re:Copytheft

[wkjel]

Are you sure its theft? I often see the following tag on sites that republish articles from major news sites.

(In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.)

All your computers...

[Thuktun]

Now that would be a deliciuos irony, wouldn't it. America and the West taking away the freedom of all computer users, and the Chinese coming to the rescue and restoring our freedom.

Well, I was going to make a joke using Chinese characters, but the Post Comment interface apparently won't allow Unicode characters to be pasted in and the post display code seems to strip out the characters when inserted as HTML entities.

所有你的计算&# 26426;是属于我们

Put this in an HTML document, view the characters, translate them at Babelfish to see what I was trying to do.

Sheesh.

Re:All your computers...

[Nynaeve]

LOL...BTW, to get the joke:
1) Open this link in a new window.
2) Cut and paste the following unicode string into the "Translate a block of text" area

所 有 你 的 计 算 机 是 属 于 我 们

3) Select "Chinese to English"
4) Click Translate
5) Click Translate

Result: "All your computer is belongs us"

Absolutely agree!

[spitzak]

The idea that this has *anything* to do with what most people call "computer security" is rubbish.

To counter your point, modern versions of Widows do use the CPU protections to stop programs from doing anything they want. They cannot randomly jump into the kernel or change it.

However this reinforces your point:

1. The CPU protections are hardware protections that stop "bad" programs (outside the kernel) from messing with "good" ones (inside the kernel).

2. This hardware protection is absolutley bulletproof, far more reliable than the more complex Palladium. As far as I know there are no viruses that rely on a bug in the microcode to turn off the CPU's hardware protection state.

3. It is obvious that despite this demonstratably perfect hardware protection, Windows system (and Linux ones) are not immune to viruses.

The reason it fails is that such hardware protection does not stop bugs. Every single virus and attack relies on telling some software that somebody "trusted" to do something that it was not expected to do. The fact that the software is "trusted by Palladium" and by 1024-bit one-way encryption does ZERO to make it less likely that it will do something unexpected.

In fact Palladium may make it worse, by encouraging far more stuff to be "trusted" (just like one security problem is that there is too much in the kernel). Claiming Palladium is a "micro" kernel is rubbish, as the current CPU hardware protection is probably a few hundred transistors in a tiny dot buried inside the processor chip and is more micro than anything Microsoft is dreaming up, and it is already proven that it does squat for protecting your machine.

The other bad effect of Palladium is it may make it impossible to fix the problems, especially if it prevents unsigned filters from being installed between the network and executables.

Palladium is 100% designed for DRM and that is 100% of it's purpose. Well on current machines a virus writer can probalby get Outlook to do all kinds of nasty things, but most involve email, they cannot get it to decrypt and play a DVD. Right now you can play a DVD by running another program. Palladium will not allow that program to run, so the only possible way to play a DVD would be the equivalent of fooling Outlook into doing it, and Microsoft and the RIAA knows that is impossible.

Some Palladium defenders keep pointing out that the chip will provide hardware encryption calculations. The problem is that it has to so that trusted stuff can be decrypted without anybody being able to access the secret decryption key. So it is trivial to add a little extra access to that hardware that is already there. Considering this is the same industry that thinks it is a good idea to have the actual waveforms produced by modems and speakers be generated in realtime by the processor rather than add a $5 chip to the machine to do it, any suggestion that they are adding this expensive chip for any benevolent reason should be dismissed immediately.

Nuh Uh!

[some+old+guy]

Without a DRM-compliant public key, you won't even be able to log on to your ISP. No Usenet, no BBS, no telnet, no nuthin'.

Home Taping is Killing Music

[mr_e_cat]

Of course people will just be able to record the analog output anyway. Then the RIAA can bring back the pointless "home taping is killing music" campaign from the '80s. In those days every kid on the block had 10's to 100's of home taped albums.

The RIAA really should just face the fact that there is nothing they can do. Most people wouldn't have paid for the music they download for free. Those who pirate music are usually high school/college students who have time and no money. Most people who work hard can't be bothered to go to the hassle of pirating music when they can buy it.

No trusted hardware without trusted software

[Diomidis+Spinellis]

In my recent column in the Communications of the ACM (Inside risks: Reflections on trusting trust revisited 46(6):112, June 2003) I describe two parallels: twenty years ago Ken Thompson showed us that one cannot trust an application's security policy by examining its source code if the platform's compiler (and presumably also its execution environment) were not trusted. The recent 007 Xbox attack demonstrated that one cannot trust a platform's security policy if the applications running on it cannot be trusted. (The Xbox is a specialized trusted computing platform.) The moral of the Xbox attack is that implementing on a trusted computing platform, a robust DRM, or mandatory access control, or an even more sinister security policy involving outright censorship will not be easy. It is not enough to certify the hardware and have a secure operating system; even a single carelessly written but certified application can be enough to undermine a system's security policy. As an example, a media player could be tricked into saving encrypted content in an unprotected format by exploiting a buffer overflow in its (unrelated) GUI customization (skin) code.

Diomidis Spinellis
Code Reading: The Open Source Perspective
#include "/dev/tty"

case-by-case?

[SHEENmaster]

I use konqueror, as a habit from when Mozilla wasn't submiting forms in Sid. By my current configurations it lets me decide which sites can use cookies. If I don't allow cookies, they don't go through.

What we need is a system where I could allow DRM for foo to use DRM, but keep it away from bar.

I'm sure that something like this could be implemented in bochs or wine. Maybe one of those PConPCI cards that Sun is offering would do the trick.