Slashdot Mirror
Phoenix Sounds Death Knell for BIOS
Anonymous Coward writes "The sky will fall next.... Betanews is carrying a story about Phoenix ditching the trusty old BIOS and moving to 'Trusted Computing'... ya right... Time to stock up on those old motherboards boys!" A follow-up/analysis on this story.
Bios changes to "trustworthy computing" make me just as scared as when my wife and I went car shopping at Gan Chev Olds and they said "Trust Me. This is a great deal!". Boy did I ever get screwed on that "deal". *sigh*
Since when does it make sense to switch the onus for security to hardware?
Oh I knew it was time to buy a Mac! With Doom 3 being fully supported on Mac on launch, it's going to be hard for people to criticize Mac for a lack of games. As soon as Uncle Sam rubs his greedy hands together, to try and get all our secrets, it's time for a switch, IMHO. I'm developing my open source Doom 3 project on a Mac, so I'll be playing on one too. Maybe once Doom 3 is on Mac, the next generation of Id-engine-spinoffs will make for a slaughterhouse of new games for Mac, too!
Does Phoenix ABSOLUTELY have to use acronyms that already stand for something? I mean: CSS and d-NA? I know we are running out of acronyms but there should still be a few million letter combinations left.
Sunny
Be my Friend
Everything that has a beginning has an end. I see the end coming, I see the darkness spreading. I see death...
Although I can't see BIOS going too soon, remember how floppies took to get rid of (and we still haven't quite managed it!)
When anger rises, think of the consequences.
Confucius (551 BC - 479 BC)
Or buy a motherboard with a BIOS that doesn't come from Phoenix.
Last time I checked, Phoenix wasn't the only company on Earth that made motherboard BIOS setups.
I'm sure that something else will pop up.
Or, another idea.. write/call/visit Phoenix and tell them that you think their idea sucks. Give their 1-800 # a call. Vote with your wallet, as usual.
Time to move.
I prefer the "u" in honour as it seems to be missing these days.
considering how far along most O/S's have come. its about time that they can start from boot up and run it all.
How will LinuxBIOS fit into this? Will we be able to pop out a Phoenix BIOS and pop a LinuxBIOS into it?
If all goes according to plan, a new product the company dubs Core System Software (CSS) will serve as the foundation of PC architecture.
DeCSS anyone?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I thought I read a while back that Microsoft was buying Phoenix or something and that in the future a lot of newer BIOSes were going to be made by MS? Am I on crack or is this what's actually going to happen?
You're right, I wouldn't steal a car. But if it were possible, I sure as hell would download one!
Time to put on our trusty tin foil hats on our motherboards... wait...
Phoenix doesn't want to sell the traditional BIOS anymore? Well, they have competitors so I'll just be buying motherboards with a traditional BIOS. And if there is a large market of people who do the same, the motherboard manufacturers will not bother buying products from Phoenix to build their motherboards. Ain't capitalism grand?
I'm sure that if people don't want to buy motherboards with the new Pheonix BIOSes, then the very competitive motherboard market will be happy to produce boards with a different BIOS. So...., what is the problem?
Trusted computing using building blocks from Microsoft ? Does this scare you all like it scares me ?
UPS Sucks
ask a pc to trust me? no way!! Ill make a stand with my cash
;)
Id like to see all them following lawsuits that are comming!
English professor:
In English, for example, a double negative makes a positive. In other languages such as Russian, a double negative is still a negative. There are, however, no languages in which a double positive makes a negative.
Student in back of class: "Yea right"
And I don't think they'll be rising again after this shark-jumping stunt.
As part of the "trustworthy computing" model established by Microsoft, Phoenix d-NA will leverage support for Redmond's CryptoAPI (CAPI) to deliver intrinsic security on systems running Windows and .NET applications
Why do I find leveraging any single crypto or security solution from one single vendor for the entire system worthy of concern more than trust? Nevermind that it's Microsoft, with an examplary track record of security expertise and openness with standards.
Not for me, nosiree.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I for one welcome our new trusted computing BIOS overlords...
This is why I like Award BIOSes better than Phoenix BIOSes...
503 Sig Unavailable
The Signature could not be accessed. Please try again later or contact the administrator
Does anyone have a list of what motherboards use Phenoix BIOS? I'm going to put a compuer together soon, and i want to know which to avoid.
Browse at -1, because trolls are often the most creative part of
NO way I'd use trusted computing. I can barely trust my computer to save a text file properly, why would i trust it with anything important. (also, if BIOS is in demand then people will still make comps with them)
There is also OpenBIOS, an open source 'BIOS' based on OpenFirmware. OpenFirmware is the solution used on Sun, IBM and Apple based machines. OpenFirmware uses a forth interpreter and also presents the hardware as a device tree.
Jumpstart the tartan drive.
there are enought ignorant people with cash to buy into the bullshit, they will find out too late once their PC is 1/5th the price of a similar pc with a real BIOS that asks for your credit card number to fix your computer problem over the internet or something :S
When will this industry ever learn that there's no such thing as a magic bullet? Let's see, just off the top of my head, there was OOP, not to mention Extreme Programming, and now the apparent holy grail of security, "Trusted Computing".
Well, guess what, writing high quality software is hard. Writing high quality, secure software is *really* hard. And there's nothing that will change that.
..very fast that people don't want to buy pc's they can't run their own code on if they ever try that. though if they play it smart and make this worth something to the user it might catch on. but the horror scenarios.. well.. you really think that every manufacturer would jump into that when there's the easy way of selling the 'old' stuff what people want to buy? sure most people don't know what they stand for but they'd find out soon enough(when they can't install that ms office 3k from work, or play that copied game or install that crack, or view their divxes)!
world was created 5 seconds before this post as it is.
Sucks to be you
You know what? I think we all knew that things would move this direction eventually. I admit it's a little scary, but it could definitely be a step up. besides, as long as OSS is around, there will always be an option if the consumer companies turn bad.
So, this was bound to happen. Personally, I'm glad it's a company we're all familiar and happy with, as opposed to some upstart which could so easily mess everything up. I think we can trust Phoenix to at least make an honest effort at an excellent solution. We've all been using Phoenix stuff for how long? Let's give them a chance.
CCS and EFI are both trying to be more like an OS rather than just a BIOS. If you really dig into either of them they are just quite a mess.
Time for LinuxBIOS www.LinuxBIOS.org
Quidquid latine dictum sit altum viditur
I can hardly imagine whatever "trusted computing" consortium allowing Open Source operating systems to have the specs to their protocols [after all, "security through obscurity" seems to be the favored method of both microsoft and the anti-virus industry].
Without those specifications, the routers will reject packets from Linux and BSD computers (because they will be seen by the routers as being infected because they cannot give the expected response) and therefore only 'approved' (read: microsoft, and perhaps -perhaps- apple) operating systems will have access to the internet.
And now, with the access to the hardware cut off by "trusted computing"'s subsitution for the bios; open source operating systems won't even be able to write to the computer hardware itself.
(my ex-gf pointed out that someone can crack that the way the xbox was cracked, but that is not taking the DMCA into account, which would prevent any 'respectable' projects from being able to use any code generated illegally).
To top things off, the final piece of the puzzle may be the fact that europe is on the verge of adopting 'software patents', which gives Microsoft the foot in the door to sue anyone who designs a half-way decent GUI into obscurity...and this will be coming soon to a formerly free democratic republic near you.
In short, Open Source computing is a concept whose day has come and now has gone, and it's time to either get back to chasing 'warez' or give up on computers entirely.
Unless there's something I'm missing here. But after reading slashdot for the last three or four years, I really doubt that there is.
The B in BIOS stands for BASIC.
Browse at -1, because trolls are often the most creative part of
No... just time to get a Mac and forget all about Microsoft's DRM push
Looking forward for some Fenghuang gongsi from China supplying the old functionality with a new brand and thus give consumers and mb-manufactorers a choice.
When a hardware monopolist and a desktop-OS monopolist join forces to bend over the market a big window of opportunity opens for second source suppliers.
605413? Yes, it's a prime.
8 million from Dell or IBM or someone and the .05% of the enlightened users that realize the impact of this will be swept aside.
errr....umm...*whooosh* *whoosh* Is this thing on ?
"One of the great computing challenges of this decade is to bring all network-connected devices to common management standards and interfaces," said Martin Reynolds, vice president at Gartner. "Without such technology, device and network management becomes impossible."
People PAY Gartner for conclusions like that?
Good heavens Miss Sakamoto - you're beautiful!
Are there some more technical and less marketing informations somewhere ?
--
Go Debian!
WTF, then, is this?
Now don't even think about bypassing the BIOS's security measures... using the cmos clear jumper is now a violation of the DMCA.
Customers using Cisco's network admission control system can permit network access only to compliant and trusted endpoint devices (for example, PCs, servers, personal digital assistants) and restrict the access of non-compliant devices.
ISP's can install these new Cisco routers and you will be denied internet access unless you submit to Trusted Computing.
The routers are advertized as fighting "viruses", but they do not in fact scan for or block viruses. What they do is first check if you are running Trusted Computing. If not they deny you a connection. They can then be configured to verify that you are running specific software such as up to date anti-virus software.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
--- IDE chipset support/bugfixes
[*] Phoenix pseudo BIOS bugfix/support
By design, Phoenix's CSS transfers digital security, network management and disaster recovery away from the control of software to hardware,...
What happens when a bug is found in the hardware?
In software it can be hard to fix, in hardware it is even harder(no pun intended).
Death has been proven to be 99% fatal in lab rats.
Its really quite amazing in 2003 that x86 users will find need to have to putz around in the bios. Of course traditionally the firmware on a Macintosh has been nothing of any value to the end user. and not even configurable. With openfirmware the users *still* didn't have to futz with anything (although they could, which they shouldn't)
I suppose the best way to move away from the 'old' BIOS and ignore this nightmare of alleged 'Trusted computing' Is to find some way to develop and OF based 'BIOS' that will do what bios needs to do. So basically seamless replacement. So when the Vendors are ready to finally move on, all the groundwork is already there. no need to do as massive a retool.
..very fast that the majority of computer users are advertisement-informed drone, that they don't know horseshit from caviar, and that if Microsoft Windows runs on their PC, if they can do Word and Excel and if they can play Solitaire at the office a little, that's all they care (and want to know) about, even if it means having to buy their CDs legit again.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Please do not post FUD. I suggest reading the link in my sig to realise the real MS.
--
FreeNET user? Comfortable with the adverse selection?
/ Ultimately this may just lead to the existence of two separate nets, one running Windows and the other running other systems./ Good. Where do I sign up?
People pay Gartner for worse... managers and marketing people are always looking for pre-digested "facts" to allow them to make decisions without doing any real research. I used to work as a technical marketing manager, and dealt with Gartner (and other analysts) frequently. Their level of expertise is suspect, and they issue definitive statements with questionable data.
Remember their noises about "Total Cost of Ownership" a few years ago? I applied their methodology to a teakettle, and established that the TCO of said teakettle was well over $4,000.
--Larry
Never attribute to malice that which is adequately explained by incompetence
My Xbox has a "Trusted Computing"-style BIOS and OS (the dashboard). That didn't stop me from modding it and being able to play videos/photos with Xbox Media Center, a kind of homebrew version of XP Media Center Edition for Xbox. Yes, I know the Xbox is a poor example because it's a homogeneous platform. But as long as there is demand for non-TCP motherboards, manufacturers will build boards without DRM. And as far as I'm concerned, the whole idea of TCP becoming mandatory by law is BS. Yes, the assbags in Washington could pass a bill like the DMCA for DRM-loving corps, but has the DMCA really stopped the spread of DeCSS or the Diebold memos?
Fine by me. Let the masses have their 'content' and the worms, viruses, and trojans to deal with, and have all of the non-MS users on their own net. Just think of the bandwidth savings, that in itself almost justifies having a separate net.
You are being MICROattacked, from various angles, in a SOFT manner.
ehn-tee
So what's wrong with the standard most of the rest of the computer world (IBM, Sun, Apple) uses - OpenFirmware? You'd think Linuxheads would want an x86 motherboard with OpenFirmware. . .
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
If our OS of choice can manage BIOS functions, and be made to boot on these beasts.. does it really matter in the practical sense?
Sure it kills projecs like FreeDOS, as far as new boards goes, but for 'regular' OS's like *BSD, Linux, etc.. it should not be a big deal ( until they turn on the trusted part and wont let anything boot that isnt 'approved' )
---- Booth was a patriot ----
So, does this mean that Mac becomes the preferred hardware platform for linux?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
If I properly understand documents which I can found about Trusted Computing I think that no one except certified TC/MS tehnicians can legaly change BIOS software if it is protected by DRM rules.
That may be an bigger problem if other BIOS vendors do the same thing.
After all maybe we are all forced to back to old Altair 800 days. Or to stay with current owned hardware and wait on market selfregulation (if no one buy an new HW/SW combination vendors must change rules if they want to survive). Or to buy an hardware which doesn't have TC/DRM/... features.
I think it would be much simpler for ISPs to simply charge us a tax that would be paid to software publishers as a compensation for piracy... Just like they want to do in Canada for P2P music sharing. How brilliant!
/sarcasm
You are more than the sum of what you consume. Desire is not an occupation.
"You bastards with your proprietary standards," said Martin Reynolds, vice president at Gartner, "you make I.T. a P.I.T.A."
Anyone who can convince companies to fork over large amounts of money to complain at them deserves large amounts of money.
The ______ Agenda
You know what? I am happy they are finally moving to a new (type of) BIOS. Why is it that we humans, who are supposed to be the smartest species on the planet, fail to comprehend basic necessities? Like CHANGE for example. Why do we resist change so much? Why does the smallest change to even the most simplistic thing always cause so much resistance, FUD? The BIOS (bless its soul) has outlived itself many times over. It is time for it to get a revamp. Everything else has, why not the BIOS? After all, although most people do not pay attention to the black screen with the white letters anymore, it is a crucial part of the computer system. It would be a mistake to categorize this as another *attempt* by MS to *take over the world*. I am glad they are changing it, because the BIOS is indeed an old technology, which it is not necessarily broken, but has long been due for a fix. If a tighter security, and faster boot, better performance and a whole other bunch of problems were solved with a new BIOS then we should not complain but welcome it.
The phaomnneil pweor of the hmuan mnid. Fcuknig amzanig eh!
If all goes according to plan, a new product the company dubs Core System Software (CSS) will serve as the foundation of PC architecture.
When will we have DeCSS?
..and I work at Microsoft. Crist, who thought this was a good idea?
OTOH, I would buy a 'pirated' MOBO, say an ASUS or something similar that had been 'broken' via firmware 'fix'. I wonder if a new cottage industry will arise from this colossal error...
I mean, all this encryption is great but how well tested and proven is it? I mean - software encryption has been busted, but when my hardware gets r00ted, I can't easily replace it..
How are you Gentlemen! ....
All your Motherboard are belong to us!
You are on the way to destruction.
You have no chance to survive make your time.
HA HA HA HA
"You lied to me! There is a Swansea!"
This is for corporate customers who want to control their users on private networks.
We need LESS in firmware, not more. A true operating system doesn't even need a BIOS or firmware. Not until the IBM PC came out was there ever much of a firmware capability other than to provide a means to load the chosen operating system. I remember so many times manually toggling in the bootstrap loader on the front panel of a DEC PDP-8 computer, and on IBM mainframes dialing in the IPL device on the front panel and pressing IPL (there was control firmware in the channels that carried out the I/O to do this, but that firmware ran even with the OS running). What more does firmware that runs the CPU instructions need to do but read in the bootstrap from the desired device and jump to it?
The ideal firmware will start your OS and get the f*** out of the way.
One risk that will exist with adding more to the BIOS/firmware is that it will be just that much more to break that can't be easily patched like an OS can. All technology is flawed, including all software. It's just a matter of degree and ... more importantly ... a matter of contingency planning.
Sure, most devices need some kind of firmware to run them. Disk drives are probably the best known example, as well as controller cards. I suspect there will eventually be DRM on sound cards and video cards to allow viewing encrypted media content (that would be passed along verbatim by the CPU) and that will surely be in firmware. But what else is really needed in the main system?
now we need to go OSS in diesel cars
And tell them BOYCOTT unless they change their plans, DRM is a bunch of Orewllian shit!
My old 486-sx is still thrustworthy. I use it daily. It is almost 10 years old now. If i were to buy a brand new state of the art computer now i'd probably survive 15 years or so. And really, don't you think anyone has figured out how to run Linux on TCPA by then? (we're speaking yr 2018)
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
We've seen this coming for years. We've been warning people for years. Do they listen?
They whinge and they complain and they sob and slobber - but do they have the guts to switch? No. They're wimpering cowards to the last.
I find this disgusting. Such an unabashed demonstration of weak human nature. And what does it matter?
Listen, and listen well: Bill Gates and Steve Ballmer can be as evil as they want, but WITHOUT YOU IDIOTS buying their products, without you peeing in your panties at the thought of abandoning your BELOVED WINDOWS, they wouldn''t stand a chance.
It truly is the World of the Weasel. And I'm sick of it.
(1) Microsoft makes Trusted Computing stuff.
(2) Nothing Microsoft makes is secure.
therefore
(3) Trusted Computing will be easily hackable so that it can be replaced with another BIOS.
Now, Microsoft will probably and try to make this illegal, just like they have tried to make mod chips illegal. Last time I checked, though, it was perfectly legal to hack your own PC or other hardware.
well... it's time to develop routers which can deny internet access to "trusted computers",
or just configuring these to do the inverse than publicited should be ok.
I'm a chainsmokin' alcoholic sociopath, so-ci-o-path
a proxy that would fool the cisco
a firewall that would fool the cisco
a software solution to fool the cisco
a worm to tunnel through the cisco equipment and set up a client that would radomly crash the equipment.
a general DOS attack just to annoy the users of the equipment.
This is just like any other security system. If it causes too many problems, such as false alarms, customer complaints, or just waking an IT person at an inopportune time, it will just be turned off.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
With Phoenix soon to be replacing its BIOS with DRM technology, one thing is clear:
Phoenix BIOS is dying.
Yow, there was actualy a /. interview of some guy at Pheonix a while back, and he clearly said that the TC stuff would be an option that motherboard makers could chose to implement or not.
autopr0n is like, down and stuff.
"figuring out" how to run linux on TCPA would turn it into a 'circumvention device' and therefore make it illegal.
And no, I don't anticipate the DMCA being repealed by then. If it has lasted this long, it is here to stay.
shut the fuck up Donny
...gonna grow some fucking balls and stand up to Microsoft, en masse?
How many times does Microsoft have to fuck them by telling them, "$product is the wave of the future, you must support it!" and then back out when it bombs, before they stop taking it in the tailpipe?
Without the hardware makers, Windows won't have a platform on which to run! When are they going to realize that they hold power over Microsoft, instead of just rolling over at Bill's command?
Realistically, how many of these have been sold to ISP's? ISP's are not in the business of denying access... They're all about the openness. If someone's Macintosh is attempting to connect to the network, who do you think they will blame if they are denied service? How much do you think you will lose in service calls?
No, this most definitely for corporate networks... Some point-haired boss will approve the acquisition of these machines after listening to a sales pitch that came with free sushi and a lucky winner getting a trip to the Bahamas. Suddenly, the mailserver, corporate IM server, and print servers won't work.
"Why aren't these working?" The PHB will ask.
"Because that router you bought refuses the connection, complaining about 'trusted computing. I'm turning it off now," says the dirty haired sysadmin.
"Turning off trusted computing? Aren't we using all Microsoft solutions?"
"No, that would be an extra 20k per year, plus switching costs, downtime, viruses, worms, etc."
"They have scanners for that. Besides, Microsoft has better sushi chefs."
"It's a bad idea."
"Switch it all or I'll replace you with someone who will."
"O.K."
The Dirty Haired Sysadmin will dutifly switch all of the servers over, and will subsequently be fired after the fifth worm attacks the network.
The ______ Agenda
...at least change the headline.
This story was posted an OSNews hours ago, with the same headline.
Not the first time this has happened.
Anyone awake in there?
-- Slashdot: When Public Access TV Says "No"
This really isn't that big a deal, for the most part linux overrides the bios anyway.
I got the impression they either paraphrased the press release, or it was written by the Phoenix PR department.
What sig??
I will use whatever crap hardware* that doesn't use this "trusted" computing stuff, I'll start my own crap ISP, I will build my own goddamn internet if I have to before I will touch this shit. But I think there will remain a demand and therefore supply of "untrusted computing". (Unless some whoring politicians get in the act and decide it is somehow in the public interest to have "trustworthy" computing.)
Okay, imagine for a moment a company builds a machine with all-singing, all-dancing, absolutely unbreakable DRM.
Who's going to buy it?
I bet one of the things that has driven the recent, massive increase in sales of PCs with CD writers has been the ability to copy music CDs. They sell blank CDs in supermarkets. People who otherwise barely use computers have copied CDs. There's fair use, and there's unfair use - regardless of your views on any of this, is it likely that the general public will want a machine which can't do this?
Then there's the filesharing. Love it or loathe it, it's here to stay. Will people buy a machine that can't do this?
Software. How many computers are running 'borrowed' software? Copies of Microsoft Office that aren't entirely legitimate (nudge nudge, wink wink)? If someone finds out that such-and-such a brand of PC can't run any of this stuff, will they want to buy it?
DVDs that haven't been released, on sale down the market. Recordings of television programmes downloaded from the internet. Warezed games. You name it, some part of the public wants it, not just some tiny group of nerds. In the West, I think we'll do just fine - enough people won't want 'trusted' computing to prevent it from being a runaway economic takeover.
Then there's the Far East. Remember DVD regioning? A big proportion of DVD players are now multiregion, thanks to the designers misunderstanding the markets in the East. China in particular - will they build PC components which can't run the communal copy of Windows, or the latest Red Flag Linux?
Some horrific proportion of software in the world is pirated - if you love this situation or hate it, realise that the General Public wants CDs, games, films and software - and they want it cheaply. Trusted computing can't compete.
after reading all the pessamistic replys on this board i feel depressed, and i agree with those that feel that Microsoft & Phoenix is shooting their self in the foot on this, most servers run some flavour of Linux or BSD, and Microsoft only has a stranglehold on desktops and is starting to lose ground on the desktops little by little too, maybe in a few short years Microsoft will be the niche market on the desktop (like Apple & Linux is now) and Linux will have the Lion's share and Apple will have a bigger chunk than it does now (exact percentages would be speculation)...
:^)
i think Microsoft is just starting to panic and fight knowing they are just starting to go on that downhill slide so expect them to lash out with ideas that sound dominating and controling...
HappyTrails
Eliminating the competition's ability to communicate is the worse thing that can happen, and, dare I say, illegal?
I don't think this will fly very well. I bet you will be able to import PCs with a regular bios from certain regions of the world.
Phoenix is not alone in moving toward such changes. Chip giant Intel has pushed for a predecessor to BIOS it calls the Intel Platform Innovation Framework for EFI (Extensible Firmware Interface).
How does one push for a "predecessor" to something? Is that like back to the future? It makes me wonder about the rest of the article.
Apple's die-hard fans are not going to leave them because they can't play Britney Spears CDs, and the majority of smart users will switch to apple to avoid "trusted computing", so they should gain market share. Even if only 5% of users hate drm enough to switch to apple, that's enough for apple to maintain their user-base even if all their current customers left.
I'm still using win2k because I refuse to use any software with product activation (like winXP). I stopped upgrading my hardware a year ago (I usually replaced something every month or two), and I'm already planning to switch to a mac once I feel my XP1800+ is too outdated.
This trusted computing crap only clinches my decision. I am not willing to pay the extra $1000 for any features intrinsic to apple, but I am willing to pay it to avoid product activation and trusted computing.
This trusted computing BIOS approach really concerns me. It strikes me as the best strategy Microsoft has come up with for hurting Linux.
My 1.5 year old Toshiba laptop still can't suspend due to lack of support for ACPI support, even in RedHat 9.0 (maybe there's some experimental kernel that would help me, but then everything else that's supported in a stable kernel version, would end up breaking). I can just imagine the grief with the sweeping changes of the trusted computing architectures.
-d
Love many, trust a few, do harm to none.
Industry standard company ditching their flagship product; consumer demand for said product remains strong; product still selling.
I'll use my contacts, call some venture capitalists, and get the ball rolling.
OK. Not really. But you get the idea. Whenever something like this happens, too many people pessimisticly assume that nothing can be done about it. They remind me of C3PO--"we're all doomed.".
No. You're not doomed. Crisis. Opportunity. Mmmmm... Crisitunity.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
While it's gonna get ugly in the US, I don't suspect that China would use a BIOS with built-in spyware or DRM. China, along with the largest population, has both the manufacturing power to create motherboards sans M$-DRM.
.... that will end this quickly.
In fact, it would be very surprising to me that most of the EU coutnries would submit to this kind of US verndor lock-in. I would expect to see non-TCP motherboards available for a while.
And when parts of the internet are "closed off" by TCP "checking" routers, then all holy hell will break loose. Wait until our neighbors can't get to "playboy.com"
What's keeping a computer from booting up, posting, then instead of reading from ffff in memory, it goes straight to an OS on disk?
Bios's are almost identical, to the point that you can probably marginalize them into the driver category of most OS's these days. In a few years BIOS won't exist or if it does, it'll exist in some convoluted fashon or version of what it is today. I personally like the idea of having a bios on the hardware; something to tell me what's broken, give me error codes, etc. I see it as something that, due to being inexpensive will gain features such as full text error code outputs or if persay some obscure component on the motherboard died, instead of outputing moorse code it can give you a voice readout "Motherboard component 74x0x06 is dead. This is a fatal failure and the motherboard is dead, please return to manufacturer".
Either way, I don't think motherboard manufacturers will go ahead and start installing distribuited computing garble on their machines so that they can only be used by microsoft systems. It'll kill their market share in other markets such as server markets and it'll also make them susseptable to future abuse.
Candy-Coated Knowledge
To me, this is an infrastructure issue, kind of like building good roads and highways.
Good infrastructure makes everybody feel more secure in transporting things around.
Yeah, it's clearly something that should be of transparent design, although I personally believe that Microsoft/Phoenix do have the ability to design and ram through a standard that wouldn't be too bad for most parties, at least for a start. (i.e. compromise) (after all, take a look at where the pc started out)
Back to the road analogy, though, we can keep driving off-road or dune buggies, but in a few years, most people will wonder how we did without a more stable infrastructure, and *most* (but not all) people who talk about venturing outside it will be like the folks who buy SUV's but never leave the asphalt.
Machines take me by surprise with great frequency. -A. Turing
i remember annother time when this sort of bs overcame the computer world and we had an outspoken hero who came to our rescue and "forced" a bigger company to impliment flexibility that disolved into nothing. oh yeah..wasn't that also a "secure" solution?
Technology will default in society to its most rudimentary level:::stupid computers for stupid users:::
megan@Outcastpr.com
:)
Interestingly they outsource their PR.
Above is the address of Megan Kurtz who is their public relations person. Get mailing now
The situation isn't that bad. It would be if Microsoft's os were coming out with the new hardware, but it's not. There will be at least a year during which we'll have computers with the new hardware and no operating system using it. That provides a lot of time to figure out constructive solutions.
After this gets implemented, the next step will be to make
General Protection Level 0 "trusted". This is where kernels
currently run on the Intel architecture; with Apps running
at GPL3. The privledge separation is what keeps user-level
programs from taking over the kernel.
So you won't be able to run an OS at GPL0 unless it has been
signed, and the BIOS recognizes it as "trusted". You'll be left
with running at GPL1, perhaps. Which means that your freely downloaded and self-built kernel from kernel.org
will not only run much slower, but it will also be subject
to whatever else does get run at GPL0. Like a DRM
framework. Or any backdoor that someone "trusted"
wants to put into your system.
In a nutshell, there's little to nothing which can be done
about this. We are all either forced to accept this, or
accept one of those "hobbiest" solutions.
Perhaps the hobbiest solutions will take off and create their
own market space. But it will be a long uphill battle again.
However, unlike the "trusted" solution, you won't have the
power of production scales to keep prices cheap; at least,
not for a very long while, if ever.
And if a marketplace ever does look like it's going to take
off, gee, this alternative scheme becomes quite an easy
target to outlaw, under the banner that it mostly benefits
terriorists, pirates and child pornographers use it. What do
you have to hide, anyway?
So this is what the future holds in store for us. Get used to it.
Yet there is hope. First, for-warned is for-armed. And the
other ray of hope is that copy-protection has a longer history
of expensive failures, more so that Microsoft has with
security (hmm - ok, perhaps they are about equal there).
Good luck to all.
BTW, is the old 1981 IBM BIOS code in public domain yet?
p ?id=50185
The MASM source to a "generic" early PC BIOS has been on simtel.net for many years: http://www.simtel.net/pub/pd/50185.html
http://www.simtel.net/product.download.mirrors.ph
This whole initiative is about getting movies and music companies to write "Trusted Products".
Joe Sixpack will want a movie, or music to run on his PC, but won't be able to do it without using Microsofts & Phoenixes product.
Very scary if it gets momentum.
If Microsoft ever did that in a product I own, I will sue them for using my CPU resources that cost me money on my electric bill. And yes, it adds up. And I quote from Folding at Home...
"Roughly, a CPU uses about as much power as a 60 watt light bulb. Here's a report on computer power management from Lawrence Berkeley government labs, and there are other referencs on the web you can find. Although power supplies on most computers are rated at 250 watts, average usage is much lower. On average, a Pentium-type computer uses between 45-70 watts (I've read various different sources on this) while it is on. If the computer has no idle mode, it will use the same amount of energy whether it is running a program or not. If it is on idle, it will consume around 25 watts. So, the daily difference between off and running F@H is about 24x(45 to 70) = 1.1 to 1.7 kWh. At $0.14 per kWh ( from PG&E here in California), this works out to about $0.15 to $0.24 per day, or perhaps $6 a month. The difference between an idled computer and one running F@H would be closer to $4 a month - and if the computer was already being used 8 hours a day, it would be closer to $3 a month.
Now, just imagine everyone running all those shiny new PCs with the latest version of Windows. And you thought power distribution was a problem in the US now. Damn...
Life is not for the lazy.
How much does a motherboard vendor pay for each BIOS chip (or license to burn a BIOS chip)?
www.sjbaker.org
Just like Scotty used to say;
"The more complicated you make the plumbing, the easier it is to clog up the works."
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
And we are supposed to be denied Internet access if we use a router instead of a direct connection.
In order to connect through a router or gateway, that device will need to be "trusted". That device being "trusted" implies that it's software has been authorized to control it's user in the correct fashion. What is to stop them from making it a requirement of such authorization that this router also denies access to "non-trusted" PCs?
So last time i checked the bioses are flashable? what is to stop me from developing my own, XboX like flash/mod for motherboard? If it has benn done for xbox which has considerably smaller userbase, what is to stop people for dong it for mobos? Are the price and inconvenience are the only 2 obstacles?
Live for the present, learn from the past, and dream of the future!
I think most people here need a reality check:
l t. asp?url=/technet/security/news/NGSCB.asp
http://www.microsoft.com/technet/treeview/defau
"Q: Some people have claimed that running the Windows operating system with the nexus will enable Microsoft or other parties to detect and remotely delete unlicensed software from my PC. Is this true?
A: This is not true. NGSCB does not include mechanisms that delete or disable any content or file that currently runs on a PC. In fact, the NGSCB architecture is built on the premise that no policy will be imposed that is not approved by the user. Microsoft is firmly opposed to putting "policing functions" into nexus-aware PCs and does not intend to do so. A machine's owner, whether an individual or enterprise, has sole discretion to determine what programs run on the nexus-aware system. Programs that run under nexus-aware systems, just like programs that run under Windows, will do whatever they are allowed to do, based on the security settings on the user's machine. NGSCB not only respects existing user controls, it strengthens them.
As stated earlier, the function of the nexus, NCAs and related components is to make digitally signed statements about code identity and to protect secrets from other nexus-aware applications and regular Windows kernel- and user-mode spaces. Enhancements to the Windows operating system introduced as part of NGSCB do not have any features that make it easier for an application to detect or delete files."
Before jumping to conclusions based on popular rumors find the facts and wait for the product to be released.
90% of people I know run pirated winXP, pirated M$ office, and a bunch of other software (all pirated..) do you think they gonna buy a computer that forces them to buy software they get now for free (albeit illegally)??? Not to mention that the software they have installed in their computers cost sometimes more than the machine itself. Maybe that wil make them look with more attention to real free software, as long as there are apps that fill the gap of Photoshop, Dreamweaver, etc...
[N/T]. I'm too used to K5.
I forget what 8 was for.
Now this is a critcal point. When linux is loaded it handles alot of the BIOS functions itself. Ie 45 g hardrive hooked up to a computer with a bois that does not support it. Ie what the heck I will work anyway if I am slave and you boot linux. Linux on Xbox different bois core few modes to get a boot loader and a filesystem stuff but the core did not change much due to common x86 hardware and the linux core directly drives it.
Almost never use bois calls due to all the different hardware it runs on. Now the big thing would be a direct linux boot loader in place of the bois.
Now lets look at it most case linux will override the bois 32bit disk access turned off at bois but if you turn it on in linux and the hardware supports the mode it works. The big things are processor setting are ram setting. Other than that direct drive software override all of it. Now lets take Windows it does not override the bios by default so the only thing to be majorly effected will be Windows not Linux. Just create one bootloader and Linux will be backup.
So, what you are basically saying is that Linux's exile to the server-room ghetto will be cemented, and that is a good thing? Fuck the home users who happen to compromise *most of the internet*?
Frankly, I'd rather see Linux made totally illegal than to have it be given over to the elitest "priests of syrinx" or their spiritual ilk.
If we do not act now, the Englobulators will end private ownership of computers, and end free private, tribal, business, and public use of our Net. Please go to
http://www.nyfairuse.org/action/palladium
and tell Phoenix, and the other BIOS vendors, that you will never buy any computer with a Palladiated BIOS.
NYFU will have a meeting within ten days to organize actions against Palladium. To join the fairuse-talk mailing list go to
http://www.nyfairuse.org/cgi-bin/nyfu/contactus
and ask to join. If you want to volunteer to help stop Palladium, say so in your message. The fight is now, and we are going to have to fight hard, if we hope to win. That means organization, and the more volunteers, the better.
Jay Sulzberger
Member of NYFU
are you a pedophile?
I dunno; maybe because they are legally obligated to look after their shareholders' bottom line--even if it means pushing through draconian legislation (eg: the DMCA, the crap that the RIAA and MPAA are always trying to push through) which is detrimental to indivual's rights to liberty and the persuit of happiness?
"By design, Phoenix's CSS transfers digital security, network management and disaster recovery away from the control of software to hardware, truly differentiating itself from legacy BIOS. "
What this means is that Phoenix is stripping your ability to control your system from you and putting that ability in the hands of Pheonix and M$.
This will lead to M$ approved/signed versions of Linux, but only after bloody battles in court.
*IF* we're lucky that is. Hidden somewhere in some Homeland Security BULLSHIT, will be a clause that outlaws non M$ operating systems. It may take a year or three but you watch and see.
Dubya love$ BIG biz too much to pass up such an oportunity. Not to mention he masturbates constantly to his picture of "Big Brother" as he reads Poindexters TIA operations manual.
Billy boy (and his bitch, Darl) will slip Dubya the weenie in the oral office plus a few cool $$ into a swiss bank account and next thing you know we all wake up in a doubleplus good world.
Remember, it's for HOMELAND SECURITY..
1. What is TC - this `trusted computing' business? The Trusted Computing Group (TCG) is an alliance of Microsoft, Intel, IBM, HP and AMD which promotes a standard for a `more secure' PC. Their definition of `security' is controversial; machines built according to their specification will be more trustworthy from the point of view of software vendors and the content industry, but will be less trustworthy from the point of view of their owners. In effect, the TCG specification will transfer the ultimate control of your PC from you to whoever wrote the software it happens to be running. (Yes, even more so than at present.) The TCG project is known by a number of names. `Trusted computing' was the original one, and is still used by IBM, while Microsoft calls it `trustworthy computing' and the Free Software Foundation calls it `treacherous computing'. Hereafter I'll just call it TC, which you can pronounce according to taste. Other names you may see include TCPA (TCG's name before it incorporated), Palladium (the old Microsoft name for the version due to ship in 2004) and NGSCB (the new Microsoft name). Intel has just started calling it `safer computing'. Many observers believe that this confusion is deliberate - the promoters want to deflect attention from what TC actually does. 2. What does TC do, in ordinary English? TC provides a computing platform on which you can't tamper with the application software, and where these applications can communicate securely with their authors and with each other. The original motivation was digital rights management (DRM): Disney will be able to sell you DVDs that will decrypt and run on a TC platform, but which you won't be able to copy. The music industry will be able to sell you music downloads that you won't be able to swap. They will be able to sell you CDs that you'll only be able to play three times, or only on your birthday. All sorts of new marketing possibilities will open up. TC will also make it much harder for you to run unlicensed software. In the first version of TC, pirate software could be detected and deleted remotely. Since then, Microsoft has sometimes denied that it intended TC to do this, but at WEIS 2003 a senior Microsoft manager refused to deny that fighting piracy was a goal: `Helping people to run stolen software just isn't our aim in life', he said. The mechanisms now proposed are more subtle, though. TC will protect application software registration mechanisms, so that unlicensed software will be locked out of the new ecology. Furthermore, TC apps will work better with other TC apps, so people will get less value from old non-TC apps (including pirate apps). Also, some TC apps may reject data from old apps whose serial numbers have been blacklisted. If Microsoft believes that your copy of Office is a pirate copy, and your local government moves to TC, then the documents you file with them may be unreadable. TC will also make it easier for people to rent software rather than buy it; and if you stop paying the rent, then not only does the software stop working but so may the files it created. So if you stop paying for upgrades to Media Player, you may lose access to all the songs you bought using it. For years, Bill Gates has dreamed of finding a way to make the Chinese pay for software: TC looks like being the answer to his prayer. There are many other possibilities. Governments will be able to arrange things so that all Word documents created on civil servants' PCs are `born classified' and can't be leaked electronically to journalists. Auction sites might insist that you use trusted proxy software for bidding, so that you can't bid tactically at the auction. Cheating at computer games could be made more difficult. There are some gotchas too. For example, TC can support remote censorship. In its simplest form, applications may be designed to delete pirated music under remote control. For example, if a protected song is extracted from a hacked TC platform and made available on the web as an MP3 file, then TC-compliant media player software may detect it
Windows Longhorn...Big Brother is Coming. (MUST READ)
BIG BROTHER IS COMING!!! Mail this to everyone in your address book! We need to stop the problem before it's too late to go back.
Windows Longhorn, the new OS in development by Microsoft, is going to include TC technology, and it's not a good thing. Simple processes that allowed you to modify your computer will be stripped away, and all control is going to be taken from the user and given to the government (or whatever other company can get their greasy hands on it).
---
1. What is TC - this `trusted computing' business?
The Trusted Computing Group (TCG) is an alliance of Microsoft, Intel, IBM, HP and AMD which promotes a standard for a `more secure' PC. Their definition of `security' is controversial; machines built according to their specification will be more trustworthy from the point of view of software vendors and the content industry, but will be less trustworthy from the point of view of their owners. In effect, the TCG specification will transfer the ultimate control of your PC from you to whoever wrote the software it happens to be running. (Yes, even more so than at present.)
The TCG project is known by a number of names. `Trusted computing' was the original one, and is still used by IBM, while Microsoft calls it `trustworthy computing' and the Free Software Foundation calls it `treacherous computing'. Hereafter I'll just call it TC, which you can pronounce according to taste. Other names you may see include TCPA (TCG's name before it incorporated), Palladium (the old Microsoft name for the version due to ship in 2004) and NGSCB (the new Microsoft name). Intel has just started calling it `safer computing'. Many observers believe that this confusion is deliberate - the promoters want to deflect attention from what TC actually does.
2. What does TC do, in ordinary English?
TC provides a computing platform on which you can't tamper with the application software, and where these applications can communicate securely with their authors and with each other. The original motivation was digital rights management (DRM): Disney will be able to sell you DVDs that will decrypt and run on a TC platform, but which you won't be able to copy. The music industry will be able to sell you music downloads that you won't be able to swap. They will be able to sell you CDs that you'll only be able to play three times, or only on your birthday. All sorts of new marketing possibilities will open up.
TC will also make it much harder for you to run unlicensed software. In the first version of TC, pirate software could be detected and deleted remotely. Since then, Microsoft has sometimes denied that it intended TC to do this, but at WEIS 2003 a senior Microsoft manager refused to deny that fighting piracy was a goal: `Helping people to run stolen software just isn't our aim in life', he said. The mechanisms now proposed are more subtle, though. TC will protect application software registration mechanisms, so that unlicensed software will be locked out of the new ecology. Furthermore, TC apps will work better with other TC apps, so people will get less value from old non-TC apps (including pirate apps). Also, some TC apps may reject data from old apps whose serial numbers have been blacklisted. If Microsoft believes that your copy of Office is a pirate copy, and your local government moves to TC, then the documents you file with them may be unreadable. TC will also make it easier for people to rent software rather than buy it; and if you stop paying the rent, then not only does the software stop working but so may the files it created. So if you stop paying for upgrades to Media Player, you may lose access to all the songs you bought using it.
For years, Bill Gates has dreamed of finding a way to make the Chinese pay for software: TC looks like being the answer to his prayer.
There are many other possibilities. Governments will be able to arrange things so that all Word documents created on civil servants' PCs are
All the spec is going to do is something computer people have wanted for years- to ditch the old archaic BIOS. Im quite positive mobo companies arent going to design themselves out of customers, but that doesnt stop the paranoid schizos from posting their wild conspiracy theories.
Just like all these issues that Slashdotters get their panties in a bunch over, once it arrives they will realize it isnt the start of armageddon, nobody is tatooing 666 on their forhead, and they can begin searching for the next 'conspiracy'
Manipulate the moderator system! Mod someone as "overrated" today.
... I wonder why people become hysteric about things like these. It suppose that geeks see SCIFI shows and movies no? And what we can see in there? People hacking their putters, robots, ships... even the grandma's hair style! If we have near of 8 years with modded consoles, then why stop us to mod our PCS? Juts look all the patches/serials and cracks for Windows XP. And it supposed windows XP will stop piracy and blablabla.
Montherboard manufacturers will made mod chips for sure or someone will made a mod chip or a crack for grant all files you want to download.
Trust -- Devices serving as network endpoints can be integrated into to an easy to implement "trustworthy computing" model that leverages secure, digitally signed core system software.
I'm worried when even the technology-pushers put "trustworthy computing" in quotes.
My god...
I think that once CSS really starts to be implemented, the LinuxBIOS people are going to get tons of people helping with that project, or they're really going to start improving it like crazy.
Then we're going to have M$/SCO vs Linux and M$/Phoenix vs LinuxBIOS.
Anyone else see a pattern here?
what happens when nobody (I MEAN NOBODY!) buys these things. i know i will never buy one! so what will my choices be in the near furure? Do we have a GPL BIOS routine that can be implemented?
The IBM BIOS source code has been public since 1981 (don't know if it still is). It was prohibited from being used in one's own BIOS, though - that's why Compaq had Phoenix make the BIOS. What I want to know is if the copyright on the old BIOS has expired or IBM has released it so that anyone can use it. If so, I think it's time for a SourceForge project, branching IBM BIOS v1.0, LinuxBios, and Bochs BIOS into a new BIOS.
All data is speech. All speech is Free.
An appealing alternative would be an OpenFirmware implementation for x86. Seriously, don't you LIKE the idea of your machine starting into a native 32-bit (64 soon) environment? Your hardware being able to pass a concrete and well-defined device list to the kernel? Native filesystem support for your booting, so you don't have to use an interim loader like GRUB? Finally shedding the STUPID BACKWARDS 1980s IRQ/resource management system we STILL use for no good reason?
I'll bet Apple will stick with OF on PPC for a long time, and implement hardware DRM as a separate feature.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
In case you didn't know, I said LinuxBios AND Bochs BIOS because a branch of both was once made that worked MUCH better. It was because LinuxBios was designed for real hardware, while Bochs BIOS was designed for maximum compatibility with software, but fake hardware.
Supply and Demand... There will be no demand for trusted
computing. and the Asian market will do well.
Hopefully an open standard will evelve and we will use the "Open Bios"
This is a smart move by Microsoft that will wind up screwing Phoenix. Once Microsoft invents the soft-bios industry, it will produce its own firmware (give it 3 years) and SCREW PHOENIX like it screws every other company that ever had the honor of being a Microsoft "partner."
This slip has done them in.
Now I must swipe their time machine and use it to send a robot - a 'terminator', if you will - into the past to prevent EFI from going live!
But shit! What if Intel has already realized this and has sent a second robot to prevent me from completing my mission!
Chip giant Intel has pushed for a predecessor to BIOS it calls the Intel Platform Innovation Framework for EFI (Extensible Firmware Interface).
But I don't think that word means what they think it means.
monoculture ?
First of all, no one is going to replace and update the entire infrastructure to support "trusted computing" Your talking about replace millions of terminal servers, million of dslams, millions of routers and millions of switches on the BACKOFFICE side before you even see the consumer side take off.
Were talking that we don't even have any devices yet that support this. THere is NO way it will be illegal or constituted illegal to use a PC that ISN'T "trusted computing" aware because it is up to the consumer to buy what he/she wants to buy or the government to mandate it. Corporations can't and shouldn't mandate this and i would be first in line to sue microsoft to seperate trusted computing from a consumer os because it grants rights over and beyond common law and our constituional rights to corporations who don't have civil authority.
If the government gives authority to coporations like this above and beyond what it has today i will be first in line to join a revolution as it isn't worth living in a country where control is passed to those who not only control our payroll, salary, health insurance and our living needs as well as our consumer needs (which is almost where we are heading)
Is capitalism going to far?
Unless trusted computing carries a significant price discount to regular computing it just won't matter. Remember the original macintosh vs the original PC. There was no way you could look at the Mac and not realize it was better. True 16 bit architecture, Hires bitmap graphics, built in apps, and a pleasant package. Why didn't business buy it ? PRICE !!! It cost a few hundred bucks more.
If trusted computing hardware modules raise the price of a $450 to as little as $500 they will price themselves out of the marked. What is the cost differential going to be on a $200 system ? Then theres the people putting together terminal replacements for about $150.
So either Trusted computing is done very cheaply in which case youre going to get a performance hit (some other system will have to be coopted to do the work) or you will have an additional hardware subsystem to do very rapid crypto functions.
Joe Sixpack may not be the smartest guy in the world but he does a good job of holding onto his buck. (look he buys bud)
IBM, Compaq and Sun are also onboard with Trusted Computing, and IBM has made Linux driver for TCPA chip. I therefor don't think TC means Microsoft only, but it might mean running flavors of Linux we don't like, or perhaps not being able to run a *BSD without a corporate backer.
Don't be silly, copyright never expires. That only used to happen before drugs and the terrorists started to threaten the American way of life. Now our corporations can be safe in the assurance that their copyrights will never expire. Ever. Hurray for this wonderful incentive to innovate! Before perpetual copyrights there was a complete lack of intellectual property because people were afraid their copyright eventually would expire. Now thanks to Sonny Bono and Disney, we can be safe in the knowledge that this will never ever ever happen again. Thanks Sonny!
If it works, why break it?
This is one of the major problems with the computer industry. People find the need to change things that work well, either for profit or (often) just because they think it's too old and hey, excitement is good. Change for the sake of change is A BAD THING.
I'd rather have a very inexpensive, very old component that just did its work and was done than a new buggy one.
It would make sense for Phoenix and/or other BIOS manufacturers to build in this Trusted BIOS rubbish in such a way it can be turned off if required.
From what I hear, next-gen Windows may require (enabled) Trusted BIOS, so it simply wouldn't work if the Trusted BIOS was disabled. However, Linux and other OS would probably not work with the Trusted BIOS, so it would want it either to not be implemented or to be able to be disabled.
Content vendors may require either Windows or the Trusted BIOS, so it may be that Linux simply can't play content provided by these vendors. So be it - if you want to use e.g. Linux, then you can't use this content. Either live with it, or wait till someone puts a workaround in place to "fool" the content vendor...
If you were Phoenix' CxO, and you'd heard all about this Linux thing, and how its market share had overtaken Apple's and was continuing to gain support, and that many companies were actively considering migrating off Windows for both their server and desktop machines and may conceivably start to do so in the next 2-3 years, do you think you'd implement the Trusted BIOS in such a way that it couldn't be disabled? It wouldn't make any sense - if Phoenix does this, they *may* miss out on the "next big thing" (even if you think desktop Linux isn't going to happen, you have to concede that Microsoft's hold on the market over the next few years could start to drop off).
There's no reason why Phoenix would implement the Trusted BIOS in such a way that it couldn't be turned off, unless Microsoft pays Phoenix a big slab of money and/or acquires a significant influence in Phoenix at the board level. They couldn't do this for every BIOS vendor in the world, particularly since Linux looks like gaining lots of seats in government departments around the world and those seats will be a very compelling market for a BIOS vendor that doesn't force Trusted BIOS down their users throats.
Cascading Style Sheets,
Content Scrambling System,
and now this!
Is it REALLY that hard to think of a name that DOESN'T abbreviate to CSS?
I've written a blog about this already, but it's my contention that secure personal computers and workstations that connect to hybrid secure networks will revolutionize the world as much as the industrial revolution and the first couple of waves of the computer revolution.
My analogy is the automobile industry.
It started a hundred years ago with the combustible engine, moved to assembly lines, then highly stable machines that rarely need maintenance. When I was growing up, it was extremely common for anyone from 8 to 80 years old to open up the hood of a car and tinker and or actually fix things inside of it. Owning car manuals was common and understanding how to change your own spark plugs and oil was a must.
Today, hardly anyone knows what's going on inside their cars and even if they do, they're still far more likely to take 10 minutes at a Jiffy Lube to have all the routine maintenance taken care of for $30. Sure, you can still get your car manual and do some things on your own, but with embedded computer systems handling much of the fine-tuning of your engine, it's unlikely that the average joe (or jane) could fix anything seriously wrong.
So now we have a computer and network arena where it's common to open up your own PC, build your own network, manage your own servers, and more.
It may take a few years, but eventually this technology will all come wrapped up in your home and the items connecting together will all have security built in at the very lowest circuitry levels.
Everyone reading this post will cry foul and urge a revolt, but in 10 or 20 years our kids aren't going to see what we see. They will see a monitor and maybe a keyboard, no wires, no network. They won't know what an "Internet" is because it will just be _there_. Much like we don't think about telephone lines anymore. We just use the phone, we don't care about the routing and switching. Our kids will just use the tools that are provided by the manufacturing world.
The next revolution is embedded security. It will make all of our lives better and for some of us who want to hide or break the law, well, it's not going to make your life better and I'm sorry.
Of course there's always the big brother problem with this scenario and we will very likely suffer many terrible abuses of this type of system. I see no way to avoid it though. People will always choose comfort and convenience over conspiracy theories.
Buck up friends. DRM is coming and it will change our world in many great and terrible ways.
http://chicagodave.wordpress.com
So what?
As far as I understand this TCPA stuff there will have to be some trusted, independantly verifiable ID on the software. We'll put that thing on our Linux Kernels and be done with it.
Or this is really a vendor lock-in or a "pay-bazillions-for-a-certificate-feature"? Which would mean apart from Wintel all the rest will be happy to carry on rolling truly turing complete machines that don't have this restriction crap on them. Namely AMD, IBM, Motorola, Sun, VIA/Epia and whatnot of some taiwanese second row budget CPU builders.
If I where anyone of the latter I would actually *beg* for someone to come up with this in order for me to gain an advantage by not implementing this.
And you bet there will be Bioses popping up left right and center, ready to be stuck onto these Boards if Phoenix should get pissy with us customers.
We suffer more in our imagination than in reality. - Seneca
cough ...
The real issue here is what code the paladium based machines will be allowed to run. Clearly M$ will not want the opensource software (like openoffice) to run. Viruses of course are fine... viruses do not compete with M$ but openoffice does.
The way opensource software can be restricted is through a costly certification process. Only those programmers M$ likes and only those applications M$ likes will be certified. Everyone else will face one roadblock after another. Some of these road blocks will be subtle but they will still be there.
I anticipate that it will cost several $1000 bux for a professional programmer to gain the coveted certification. Furthermore programmers will be forced to use only compliers and interpreters that M$ deems acceptable. This may spell the end of compilers like Borland C++ professional builder.
The implementation of controls like this are far more draconian than most people realise. Somehow we have to nip this in the bud.
The reason I say this is because if a program has ring zero access then it can do anything it wants to with the hardware. Operating Systems cannot monitor ring zero code. In fact operating systems in general cannot monitor applications code.... they in fact branch into it and it takes over and the cpu runs the instuctions in the application's code segments until something intervenes... like a timer interupt for instance.
What this means is that we might have a CD and it might have the smarts to recognize that someone popped in some protected music. The operating system can be advised and accordingly the operating system may decide a certain application shall not be loaded or it may decide that a certain device driver will report a read failure to said application. Even if there is a digital certification scheme of some sort, we are still left with the fact that any device driver will at some time place the protected material into memory in a fully decoded state. Any ring 0 program can sniff it at this point. Thus digital rights managment on a machine that can be programmed is impossible. Any programmer familiar with a debugger should be able to realise this.
If it is possible for a programmer to write an alternate device driver and load it into the operating system then the protection goes away completely. For this reason, in order to make DRM work, Microsoft has to prevent programmers from writing device drivers. If they can do this they can prevent programmers from writing other code as well. Clearly this is what it is all about.
Note that the PC became popular because it was so promiscous and would run any code people loaded into it. When it loses this feature it will also lose its popularity. Nevertheless I do expect Microsoft to try this because they will make a bundle on taxing programmers for the right to write code.
I'm still suffering from this utter nightmare of Pentium III id codes that just made using the internet a living hell. No really, you remember when the sky fell back when they were announced?
/sarcasm
Also I'm upset because it's impossible to get around the DVD regions and watch discs from other countries. Asia fears the DMCA so much that it's impossible to find a player that does not submit to the region codes.
ok
Seriously, this isn't going to work. Taiwan will have cloned BIOSes out faster than you can say "Overclocking is popular!" and warez groups will have the can only run on trusted hardware feature of the next windows cracked faster than you can say "Product Activation".
Give it 8 months. Even if there isn't an outcry that gets it reversed or ignorable like the P3 chip codes, I'm betting some major MB manufacturer *coughABITcough* will have something like, dual bios, trusted/untrusted with a toggle between them.
As for network routers killing "untrusted" clients, how do businesses expect to keep their linux servers on the network? Yeah, I think either we'll be seeing other OSes support it, or it'll be turned off more often than on. Also what about network-aware appliances like attatched storage, printers etc? I doubt it'll be that easy to convince businesses to just toss them as incompatible. They probably will just patch their existing windows desktops and stay on 2000, xp, or 2003 or whatever doesn't have this nuisance. I know tons of places that still refuse to move up from 2000 to XP.
Also, if only "trusted" software runs, I'm curious how students will do programming assignments on their computers at college. Do they just stand in line for the woefully inadequate lab resources? Do they get "special for academic use only" versions of windows and MSVC that allows them to execute their own code? What does it mean for professional developers, no development station can ever be on the network because it can't be trusted? That's going to make for some intersting development and testing work.
Introducing the new Occam Fusion! Now with sqrt(-1) fewer blades!
Time to stock up on those old motherboards boys!
In the future, if x86 mobo's are DRM'ed to hell and back, just buy a decent computer with OpenFirmware.
Apple, Sun, etc.
After 20 years playing with computers, at home, the only "new" x86 machines are those I find thrown out on the streets. Apple and Sun gear is great and if Sun gives the 64bit AMD stuff OpenFirmware the picture will be complete.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
I would much prefer the pimp/ho or pimp/bitch drive nomenclature standard over the primary/secondary lamenclature.
How could something with pluto in the name hold so much evil, it can't it's impossible. I refuse to believe it.
The outcome has already been predetermined, nobody wins because of the lack of insight on behalf of the aggressor. Overconfident foolery where pride kills my better.
Good thing I have nothing to fight over.
Yeah, and happy Fu**ing thanksgiving to all of them too.
If this is what Phoenix has decided I say good riddance to Them. I buy (through companies I work for) around 15 pc a year, and influence a lot more decisions. I will go to great lenghts and pay quite a bit more money to get anything other than any "trusted computing" that works. But that side of the story is just a minor one. If MS, Adobe and the rest of big companies really think they will gain anything by really restricting users, they are as delusional as the RIAA and the rest of the retarded population (no offence to retarded people). I am a paying licensee of Discreets 3dstudio max and Macromedias MX products. But without pirate copies I would never had been a customer. If they dont realize that 75% of the people out there use pirated copies to keep up their market share, too bad for them. Now Phoenix shooting themselves in the head and at the same time helping all proprietary SW companies do the same is just a dream come true. And so, I welcome our new BIOS overlords (note to you: I will support you).
-TN
Its weird, it seems like the more the open source business accellerates, the more The proprietary business try to jump over each other into the abyss. First SCO is going totally bonkers, and now Phoenix doing this, dragging the rest along (and accellerating OS advance). It seems like if you still have a chance you should try to adapt instead of charging into certain death.
-TN
Here are some forces working against success of a transition to trusted computing the open source community should think about and could leverage to their advantage:
There is a huge installed base of non trusted machines. As soon as you start penalizing machines for being untrusted on the net there will be a lot of unhappy users that may balk at being forced to buy an all new hardware/software setup to gain entry. Instead the net may engage in the self repairing behavior its known for and just route around the trusted parts of the net. One way I can see getting around this is to sell a trusted hardware/OS for a number of years so the platforms is pervasive before trying to kill untrusted platforms.
Its doubtful China or many other country outside the U.S. is going to buy into a system as intrusive and big brotherish as this is, especially when dictated from the U.S. which no one trusts any more. Asia may manufacture trusted hardware to sell to the U.S. but I'm skeptical they they will use it themselves unless places like China develop their own mutation which they control and can use to control their citizens. Asia seems to be moving to Linux and working to develop their own processors to gaurd against being subjected to heavy handed dictates, like this, from Microsoft, Intel and the NSA. If the U.S. gets the EU's backing in this they might have some chance of success. If the U.S. presses ahead alone they might well manage to destroy their market dominance in computing to be replaced by Asia or Europe.
There is a huge pool of legacy software that people are going to insist keep running. Either TCP machines are going to run untrusted software or its unlikely people are going to accept it or want to buy it. Until TCP platforms have a compelling body of trusted software they wont succeeed. Maybe they can sandbox untrusted software but it seems like untrusted software goes against the grain of everything trusted computing is.
There are still a bunch of powerful hardware vendors including Apple, IBM, HP, Dell and SUN that are backing Unix/Linux to one extent or another that are unlikely to subscribe to a hardware lock in that would kill them. As long as we can switch to PowerPC and keep on trucking who really cares, especially now that PowerPC is close to parity with Intel.
Despite all the doom and gloom I think this could be a boon to Open Source. Microsoft has never really attempted a transition this disruptive to backward compatibility. If people are faced with a transition that destroys legacy software and hardware and appears excessibely intrusive and monopolistic, a lot of countries, companies, developers and consumers may take this opportunity to really opt out of Wintel's hegemony.
There is one real danger though. The U.S. government along with some kind of coalition of the willing could try to pass laws and trade restrictions to make Trusted Computing happen in the name of the "Never Ending War on Terrorism". I would have never believed this to be possible a couple years ago but at this point, especially if we get another four years of Bush and Ashcroft it seems extremely plausible. In this scenario it would be illegal to build or import hardware in coalition countries that did not conform to trusted computing standards and after some transition period it would be illegal to hook non trusted platforms to the Internet. This would almost inevitably lead to a fracturing of the Internet in to at least two disconnected pieces, one free and one not free. Would it be possible to create a clandestine, free, wireless network in the U.S. if the government outlawed a free Internet. How could we cr
@de_machina
These routers have nothing to do with the up and coming trusted computing hardware, but work with existing software and hardware. From the link you supplied:
In its initial phase, Cisco's Network Admission Control technology will enable Cisco routers to enforce access privileges when an endpoint device attempts to connect to a network. So devices without up-to-date patches or AV signature definition files can be denied network access, placed in a quarantined area, or given restricted access to computing resources.
Software called Cisco Trust Agent runs on endpoint devices to determine their security state and communicates this information to the connected Cisco network where access control decisions are made and enforced. The system will initially support only devices running Microsoft Windows NT, XP and 2000.
First of all, note that access restrictions are optional. It's highly doubtful that ISPs are the target market for these devices. Instead picture a worm outbreak on a university campus, something which has occured numerous times over the last little while, and which administrators have been all but powerless to stop. By using one of these routers, a machine that is not up to date could immidiately be given resticted access to the network, and be automatically redirectly to a location where they can download the necessary patches. Once their machine is patched, they will automatically be granted access back to the network. This is a fairly common occurance, only right now it is being done manually by support staff, and is costing these institutions far more.
In addition, currently only windows systems can run the trust agent software. I can't believe that cisco would have a default setting that denies all devices that are not running the software, hell, that would mean you couldn't even attach a printer to the network. Instead, it's probably intelligent enough to identify the operating system the newly attached machine is running, and if its not windows, grant it normal network access.
Cisco devices are typically extremely flexible in their configuration. If one of these devices denys your Linux box access to the network, don't yell at Cisco for building the router, yell at the idiot who configured it.
Ask my ISP, Cox, if Cox supports any operating system other than Microsoft Windows. The answer is "no."
Now imagine the connection to my ISP needing to be "authenticated" or "verified" by Trusted Computing hardware. Fight it, or even question it, and you will be asked: "What do you have to hide? If you're not doing anything illegal, you won't notice any difference." That is what they'll say then because it's what they tell me right now.
Then imagine that when Trusted Computing becomes the standard I own a real computer, which allows me to control what the hardware is allowed to do to my computer. Imagine I disable it, or cripple it.
Unfortunately, Trusted Computing will be designed in such a way that the system will report that it has been disabled, or crippled. I will not be able to connect to my ISP, because a "handshake" is part of the connection process.
Now imagine that I will not be able to connect to my ISP, and their response will be, "we're sorry, we don't support Linux", which is their exact response now.
Extortion, pure and simple. Microsoft wants the money, and it has the market power and cash reserves to ensure that it gets it. Microsoft was a little late to the Internet party, but it has no intention of being left behind. The company simply has too much of the market to give up its attempts to "earn" a nickel every time someone connects to the internet.
Slashdot is my Mercer Box.
They don't come with a BIOS from Phoenix.
If we had some fish, we could have fish and chips, if we had some chips.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
Well, great.
The IBM-AT BIOS source code is indeed printed in the technical reference manual.
However, the IBM-AT BIOS chip plugs into a 286 motherboard with a 6 MHz clock speed. No 'chipset' at all. Big bunches of TTL chips. Only an ISA buss for expansion. The Hard Drive controller is an ISA card that plugs in.
You might as well just start from scratch.
You've never seen anything cracked as fast as this thing will go down. With the Xbox, there was nothing but fun at stake, and you saw what happened. This DRM thing will be a holy war. Academics, spammers, hats of all colors will have a stake in seeing it die, and prestige if they're the one to do it. I'm worried, but I do not despair.
I was immensely disappointed to see the Athlon64 systems booting with an old-style bios, running the cpu in 16bit mode or whatever it uses..
x86 firmware is the WORST in the industry, its incredibly inflexible and kludgy... It`s about the only firmware that can`t natively netboot (no, booting seperate drivers from the nic rom dont count) or support a remote serial console, look at SGI`s firmware, it has an easy to use gui, including options to boot, install an os from cd/tape/network, run diagnostics or drop to a textmode console where you have a little more flexibility, and you get the text console by default if your using a device without graphics support, such as a serial console...
DEC SRM is also very flexible, tho harder to use than SGI`s, SUN`s firmware is also very powerfull.
These firmwares also provide usefull functions to the os, modern OS`s dont touch the x86 bios much anymore, using it as little more than a dumb bootstrapper, which is about all it is.
The ability to control the firmware remotely from a serial console is VERY usefull, it`s possible to install an os onto a machine thats halfway around the world, you can diagnose why the os won`t boot if theres a problem, and personally has saved me a LOT of time and gas-money not having to drive to the facility where i have machines hosted. I understand some server-class x86 machines have hacks to allow remote control like this, but it`s far from standard and often very costly and puts the price up in the same range as risc hardware, which has these features by default.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I wonder if the "trusted" version of Windows will be running programs for third parties, for whom Microsoft has sold their users CPU cycles ?
If so, watch laptop users skip the upgrade. All distributed computing clients I've used (d.net, seti, folding, and 17) peg the CPU at 100%, and pegging the CPU at 100% reduces effective battery capacity.
LinuxBIOS won't work if the chipset checks to make sure the BIOS is signed by the chipset maker.
Maybe your ability to be sarcastic is somewhat due to the fact that Intel backed down and switched the default to Off.
This to me makes a good point for shunning Phoenix
Help fight continental drift.
Buy a chinese motherboard, with a Dragon processor.
Well, yes, of course, this makes sense. Given the rate at which all companies are 100% compliant with their licensing for the software that runs on their machines, I'm sure that they will just run right out to support the trusted computing initiative.
Sorry, but I have worked at way too many companies all sharing the same installation of Windows/Office/etc to believe that they are going to increase their IT budget 10-fold to support DRM. BSA or no.
Let Phoenix go ahead and introduce DRM into the BIOS. There are plenty of other BIOS manufactures that will be more than happy to step up in their place. OpenBIOS, anyone?
Ryosen
One man's "Troll, +1" is another man's "Insightful, +1".
Eliminating the competition's ability to communicate is ... dare I say, illegal?
The major ISPs are private[1] companies; access to their private property is not as subject to the First Amendment limits on the power of the federal and state governments. "Freedom of speech" does not extend to freedom of the most efficient mode of speech. For instance, the Supreme Court has ruled that the First Amendment to the U.S. Constitution does not imply a right to broadcast, even when taken with the Ninth Amendment. You are still free to meet people face-to-face and speak to them ("freedom of speech") or to print words on dead trees ("or of the press").
Antitrust? Not in the Bush administration.
[1] "Private" here does not exclude corporations with publicly traded stock but rather refers to an organization not directly affiliated with a government.
Mail? Put "slashdot" in the subject to pass the spam filters.
Someone who can should use the courts to block this move, at least temporary, as an attempt of restraint of trade and monopoly practices, which is obviously the long term attempt. Any savings in time should be used to build an open-source, colloborative based bios unencumbered by excessive corporate wishful thinking.
Basically all mobo manufacturers will implement this stuff (Longhorn Certified!) and part of the specs will specify that it is mandatory.
Not yet. I've read Palladium white papers, and Microsoft has emphasized therein that the Palladium spec requires that the BIOS let the owner of a machine turn motherboard Palladium support on and off through the BIOS configuration menus.
"If there's a market, there will be people to cater to it."
If that's true? Then why are a lot of geeks dateless?
more frightening than this rant is the simple explanation that we are lemmings following the leader who is running from the pack. firearms have never helped much, except in real wars between armed societies. you are really talking about culture wars. wanna win? think the cia is capable of watching everybody? think W could lead a coup? instead of insulting joe six pack, teach him what made this country great. here's a clue: it wasn't a gun. it was a pen. give joe six pack the federalist papers not an nra brochure, because if you need a gun, it's too late.
i've met your enemy, and he is joe six pack. so don't worry!
I moved to Linux to get away from paying for software (for the most part). Now, if I was to buy one of these motherboards, assuming that Linux could still be used, now I'm going to finally have to pay a little licensing fee to Microsoft, through the motherboard manufacturer, which will make things more expensive. This is absolute crap!
I wrote this letter to Phoenix's PR department:
. shtml ?tid=126
Dear Megan Kurtz,
I am writing this email to convey my peers, coworkers and own opinion
about Phoenix Technologies move towards the "Trustworthy Computing"
initiative.
As we move towards a new age in computing, security is becoming an ever
more prominent factor. Managers and business owners demand security of
sensitive data. Users too, like to believe their information is safe
and that all channels of communication are secured.
Microsoft's newest technology is the socalled "Trustworthy Computing"
initiative and it has, on one side, many people scuttling to support it,
and on the other, people who have legitimiate worries and are
apprehensive of the implications.
Trustworthy Computing, as the company you represent knows, is based
largely on the hardware model of computers in combination with software
as oppose to the tried software-exclusive model. Soon Microsoft will
have even more power and control over what is and isn't used on a
computer. This is not limited to the GNU Linux operating system or Open
Source but other software systems as well.
Clearly this would concern many of the decision making "techies" and
those with buying power in the community. Does a company found with
making slews of anti-competitive actions in the past not concern anyone
who enjoys the freedom which computers currently have?
As you can see from the website Slashdot (http://www.slashdot.org), the
definitive news source for computer enthusiasts of all angles, hundreds
of thousands of people are angered by Phoenix's latest move. Please see
the latest response at:
http://slashdot.org/articles/03/11/28/195207
Knowing that AMI is now a moot company and that Award has merged with
your client, surely one might think that there are little alternatives
for us to use. Circumstance can change that fast however. Open
Firmware is one such project that could "get big" overnight. Many tech
enthusiants love UNIX and moving to an Apple or Sun would not be a far
cry from reality the more "Trusthworthy Computing" infests society.
I'd like to leave you with some numbers. Slashdot has, on a given day,
around five hundred thousand to one million viewers. Many, I repeat
MANY, of these are in powerful positions that decide which hardware to
buy in their organizations. Therefore I ask that for best interest of
your client you express to them that the community at large is not
satisfied with their move to use and produce "Trustworthy Computing"
enabled hardware.
With regards,
me
"This one really works."
DiVX
Edsel
Sega Saturn
Nintendo Virtual Boy
Amiga CDTV
The European Hockey League
Supertrain
New Coke
DeLorean
Elcaset
IBM 7030
Apple Lisa
IBM PCjr
Cold fusion
Millennium Dome
Waterworld
Microsoft Bob
McPizza
Iridium
Intel implemented a serial# in CPUs for a short time, but the backlash was great. They don't do it anymore.
Phoenix will try this, but there will be a great backlash once again. They will stop. If they don't, they leave the door open to the competition (ie. openbios).
Slightly OT, but I think the same thing will happen with RFID tags. Someone will sell a device which detects RFID's, everyone will notice how many of them are everywhere, and a backlash will ensue. RFID's will be history.
And I know tons of places that just upgraded to 2000. A huge corporate network of Pentium IIs and Pentium IIIs is not going to XP (for obvious reasons) until every single computer is upgraded. And how eager will management be to buy new Windows licenses after replacing millions in hardware......?
Together, we will drive the rats from the tundra.
There exists a problem with websites that have broken browser version checkers, where they will lock out Win3.1x systems even if the browser version is "correct". Way back when, a denizen of the Win3.1x/DOS newsgroup wrote a TSR utility that spoofed such servers into believing said systems were running Win9*.
How long do you think it'll be before Trusted Computing internet lockouts, and TC-spoofs, are engaged in a running battle for control of internet access??
(Yes, I read the Cisco article last week. Damned scary choke point they've created. Especially since Cisco routers reportedly handle 90% of the net.)
~REZ~ #43301. Who'd fake being me anyway?
The website for Asus say that their latest boards have AMI BIOSs on them.
Another show on whether the market is driven by the customers or the manufacturers.
I remember back when Mr. Gates had to check how strong his influence on the hardware market is for the first time, and he came up with the windos keys.
For a while, you could buy both kinds of keyboars - with, or without them. But almost all manufacturers quickly went with just one kind (cheaper, of course). I made it a point of explicitly buying those without. Not so much because I hate windos (I do), but because those additional keys made typing more difficult for me, as other keys became smaller than I was used to.
The same will almost certainly happen with the motherboards. For a while, there will be both, then manufacturers cut costs and go with just one kind.
It's our job as customers to make sure it's the one we like. The problem being that the voice of the customers may or may not count.
Assorted stuff I do sometimes: Lemuria.org
...this is Bush's fault.
CSS? Didn't somebody try that one already with DVD's? And wasn't it destroyed by some Swedish kid? Just an interesting point about the past repeating itself. But in all seriousness, does this mean that we could perhaps buy hardware-software? Like an antivirus board? Or an OS chip? Those would probably be harder to pirate. And for the average Joe, harder to install/upgrade. Hello IT community watching out for its own. I have thought that BIOS should be upgraded for a while. There are quite a few things that haven't changed much since the early days of those boxes we all love so much. The next thing I want to see go is that pesky 2 device IDE limit thing, which I hope will dissapear with SATA. Dislaimer: It's after 2am on a Friday night, and thoughts aren't very coherent for obvious reasions if you are a working college student like myself.
Nullum magnum ingenium sine mixtura dementia (There is no great genius without a mixture of madness) - Aristotle
Would this not be a great time to introduce an Open Source Bios and Mobo? I think there should be a big enough market for this, granted MS stuff prolly wont run on it but at least you can get the other Non-MS OS's on the system.
Frankly I use both MS and Linux, untill now. I'm tired of this crap. Let them trust themselves FIRST!
This SIG pulled due to lack of funding. (This damn war is costing too much!)
CSS = Content Scrambling System
CSS = Content Style Sheet
CSS = Core System Software
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
With IBM's awesome new PowerPC chip, the whole MacOS X push, the way Apple is really making it's way back into mainstream, and now this push to make x86 even less nerd friendly... is the next big computer movement heading toward Apple?? I think it may be really possible to see a few years down the road, IBM back on top.. thanks to Microsoft....
"Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
I'm pro-gun, but you are in error. Existing "assault rifles" are still in the hands of many citizens - legally. In addition, most of what what makes a rifle an "assault rifle" are the sights and magazine capacity.
The key phrase here is magazine capacity. You may own an assault rifle legally having been grandfathered but you may not legally use that forty round magazine that came with it. Without the extra magazine capacity an assault rifle is pretty much ordinary otherwise.
So the law effectively neuters the citizen by limiting the amount of firepower any individual can bring to bear by limiting availability as an interim solution.
It is noteworthy that the so called assault rifle ban essentially bans the tough looking weapons as much as weapons easily convertible to increased rates of fire etc., which is a psychological ploy.
Also interesting to note is that legal body armor is going the way of the dodo bird as well. Except for police forces and the military for which it is mandatory for those who may find themselves in harms way. It will not be much longer before body armor is strictly vebotten for citizens and that is strictly a personal protection issue. Citizens shall not be allowed to protect themselves from the onslaught and projection of government force let alone possess the meaningful instruments of self defense.
Given what the citizen soldier would be up against in any attempt to restore the republic, or even protect what remains should the need arise, the citizen would find himself essentially unarmed in comparison.
The citizen soldier should at least procure weapons of such caliber as to interoperate with what the federal and local enforcement units are using so ammunition could be obtained and exploited from the bodies of the dead and dying. Currently that is 5.56 and 7.62mm as previously mentioned for rifle rounds, 12 guage for shotgun and 9mm, 10mm, 40 and 45 caliber for pistol.
While the citizen cannot own much in the way of firepower (or even personal protection) up front there is alot of firepower (and personal protection) to be had once removed from the original owner. If Americans are anything they are at least inventive.
One thing for sure is that any insurrection would be difficult to differentiate from mass suicide. Disruption in the flow of fuel, food and medicine and the resulting infighting would claim the lives of most and if the full force and capability of the police and propoganda state as it exists today were brought to bear against a rebellious population there would be little hope for that population.
The question then becomes whether or not those who would unleash the collective power of the states upon its people in an attempt to maintain the status quo for their own power and profit would have anything left worth ruling over should half the population be dead with the resources of infrastructure in shambles. Many would guage the effects of mass depopulation at closer to eighty percent as a result of failing infrastructure alone. At this point North America could not defend itself from foreign invasion and occupation in the aftermath and probably couldn't sustain a resistance to external attack during a period of internal revolt. It is therefore important that the government not create a flashpoint that would cause an uprising for the dynamic today is rather fragile with resources to integrated and codependent than to exist independently. From a government perspective it is important to nickel and dime the rights and liberty of the citizenry then to risk any bold move, leastwise not until the time is right and the model can be switched from a psuedo Republic to an Empire with an elite Neo-Con ruling class at the top and quit hiding the fact.
Given the threat that the Neo-Cons in power represents to the world today, one should well expect that external pressures could precipitate an event with domino effects causing a mass American depopulation. Once the world figures out that America poses the gre
I thought Palladium could be disabled anyway. If I recall correctly, Microsoft made this a big point when they first introduced it--users can disable the system if they want, and still use their computers as before.
BIOS provides basic services (hence the B and S parts). So when your computer starts up, the BIOS or firmware or whatever you like to call it is the first thing to get executed. It sets up basic input output services (hence the IO part) so that the OS can be loaded. Modren OSes then proceed to load all their own drivers and unload/ignore all BIOS services. Windows does not use BIOS interupts to access disks, it loads it own drivers.
If I as a developer could allocate a perfectly safe and secure trusted section on my computer, then, I would have an ideal place to stash MP3's recorded via hi fidelity analog means.
If I as a developer can have a truly secure and safe connection between multiple machines, then, I could trade those files and never be caught!
This is my sig.
The poor guy has probably heard those jokes as many times as I have heard stupid comments about Treasure Island, so my heart goes out to him, but still. Phoenix picked somebody named "Mr. Kurtz" to install a BIOS that benefits Microsoft before all? Is everybody sure this is not a parody?
(For those of you have given up on reading anything but Slashdot, this is the book that Apolocalypse Now was based on. Read the book, watch the film, the the Buffy episode that made fun of it)
I shouldn't have to be hacker* to be able to install an OS.
(*using hacker in the traditional sense.)
Phoenix is not the only BIOS company, there's also AMI at least (and of course HP and IBM roll their own BIOSs). Does anyone know whether any of the other generic BIOS companies will continue to produce BIOSes that don't have this Microsoft-specified stuff in them? Is there any real evidence one way or the other out there?
68656C70206D65206261746D616E2100
And we are supposed to be denied Internet access if we use a router instead of a direct connection.
If your router is not compliant then their router does not accept the connection.
Given cisco perfect security record i am sure that no workarounds will exist. Simple examples would be:
a proxy that would fool the cisco
Won't work...
a firewall that would fool the cisco
Won't work...
a software solution to fool the cisco
Won't work...
a worm to tunnel through the cisco equipment and set up a client that would radomly crash the equipment.
That will work, but that can happen whether you run Trusted Computing or not.
a general DOS attack just to annoy the users of the equipment.
That will work too, but again, it has nothing to do with Trusted Computing.
The reason the attacks you mentioned won't work is that Trusted Computing is based on the TCPA chips and they have secure asymetric encryption. Every chip has a unique key and those keys can be authenticated. The key never leaves the chip. Without an authentic key you can't "fool" anyone.
The only attack that can beat the system is a rather sophiticated hardware attack. You either need to rip a chip open and scan the key out with rather powerful microscope, or you need to hijack physical control of the live signals on the motherboard of an active and complaint Trusted machine.
Digging out a geuine key lets you completely fake the system. Hijacking the motherboard of a compliant computer allows you to subvert it.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
The desktop is a "niche market"? While this is delightfully snobby, it's completely disingenuous.
Dude, people on this board are only talking about the "niche" desktop market - DUH - DRM isn't even an issue for any other market. And believe me, Apple will join right in if they think they can get away with it.
And you forgot Fujitsu.
Realistically, how many of these have been sold to ISP's?
None yet. But Cisco has isued a press release and they will go on sale.
ISP's are not in the business of denying access
ISP's will not be installing them immediately. First the Trusted PC's need to hit the market. ISP's won't start using them untill a signifigant percentage of the public has replaced their old PC's. The vast majority of people will have no clue about the issue and don't care. Trusted Computing will phase in gently. It will slowly and steadily become more difficult not to submit. ISP's using these routers is just the nail in the coffin - game over. At that point the people who *do* know and *do* care have no choice, submit or be denied internet access.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
These routers have nothing to do with the up and coming trusted computing hardware
Yes they do. You described how such a system should work. Unfortunately you are not describing the Cisco system.
From their press release:
Customers using network admission control systems can allow network access only to compliant and trusted endpoint devices
And check the C-Net story:
However, the technology won't work unless security software can tell the Trusted Agent application the current state of security on the computer or mobile device.
"This important problem can't be addressed individually," said John Thompson, CEO of Symantec. "Collaboration is a must."
The technology might also spur sales of PCs and devices that use trusted-computing hardware--controversial technology that uses encryption, special memory and security software to lock away secrets on a PC from prying eyes. Adding further protections to the system that attests to the security of a computer owned by a company is a reasonable use of the system, said Bob Gleichauf, chief technology officer for the Network Admission Control program at Cisco.
"We need a trust boundary between the network and these devices, and the system needs hardware and software to do that," he said.
A Trusted Agent isn't Trusted unless it is running on Trusted hardware. Without Trusted Computing then a virus infected PC could mimic a Trusted Agent and claim it is running the latest anti-viral software. This is the remote attestation feature of Trusted Computing. The C-Net artical mentions this attestation as well:
Cisco's Network Admission Control program would enable companies to install on every PC and mobile device a client, called the Cisco Trust Agent, which could attest to certain levels of security
"Attest" is a rather obscure word. You are NOT going to be seeing it used anywhere execpt in refference to Trusted Computing.
Also note that these routers can be configured to check for any software, not just anti-virus software. They can require you to run software that enforces their Terms Of Service, such as bandwidth usage. It is promoted as fighting Viruses. It WILL be promotes to fight spam.
These routers grant the ISP control over the end user's PC. What ISP's isn't going to have any number of motivations to control end user's PC's?
These routers can be configured to grant access to Mac and Linux boxen, but they first must be Trusted Computing compliant Mac and Linux boxen.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
How long do you think it'll be before ... TC-spoofs
The Trusted Computing system is no ordinary system. You CANNOT spoof it unless you have a genuine TPM key, and those keys NEVER leave the Trusted chip. The only way to get at one of those keys it to rip the chip open and dig it out with a high power microscope. Every chip has a unique key. If more than one computer tries to use the same key they will detect it and revoke that key. So cracking one chip can only free a single computer.
If you don't understand why it isn't spoofable feel free to ask for more explanation, but trust me, I'm a programmer and I've read the technical specification. They would not be spending huge sums of money to redesign the very hardware of computers if it was just going to be another DRM system hacked within 48 hours of release. Ordinary DRM is software based and very defeatable. This is hardware based and it's one nasty mother.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Dear Ms. Kurtz,
As I am not interested in other people running my computer, will you be providing a non-crippled product for the low level hardware control presently provided by your BIOS? I find your CSS product to be unacceptable. In point of fact I find trusted computing in general to be unacceptable, and I will if I can possibly manage it avoid purchasing "Trusted Computing" systems and will so advise my clients, friends, and family.
D. Dimas
you can't compute anymore. If you can only afford around $500, you have to either go with Microsoft trusted computers or go without.
I would love to have a mac...but I can't see paying for the cheapest one that's STILL 300 over the one I just built from scratch...AND it being much more powerfull.
Sure, the Mac is great and I'd love to have one, I just can't afford one. So your solution to just get a Mac isn't for everyone I'm afraid.
But maybe if everyone DID go with Mac, it would drive down the prices. So everyone...go out and get a Mac, and when they come down in price I'll jump on the bandwagon also!
"Music is everybody's possession. It's only publishers who think that people own it." - John Lennon.
VMWARE and others are making a great product for people who are forced to use desktop products that run on Windows but like to have server OS underneath. With computers getting more powerful, I can easily imagine Windows becoming just another process running in your computer. It's this way on my desktop box already.
Even today that means that you can circumvent DRM. You don't even to have to write something like QTFairUse - just run your DRM-protected audio player in a virtual machine and capture the digital audio bitstream in the server OS. Of course, DMCA might make virtualization illegal. :-)
The interesting question is how many systems will run in a virtualized environment - it could get interesting if some companies decide to run all desktops in virtualization because to make managing them easier.
I have been waiting for the moment of truth for DRM computing - and it appears to be happening! See, if there ever was an opportunity for Linux and every other OS that has been crushed by Microsoft it is materializing now:
* DRM restricts user freedom and will baloon TCO for windows based computers. TCO will increase due to having to add layers of complexity to support, development and ultimately, downtime due to problems that can't be fixed easily by the end user (you really don't have rights. and I can't give them to you). This is not a trivial upgrade.
* The only real control the user will have is over the power chord and what plugs into the system. Because the system doesn't trust the user.
* Finally, the market is primed. It's been almost 10 years since Chicago (windows 95) which really is where MS was able to parlait their Visual Basic, Office and Windows products into the current monopoly on the desktop. Most business people and end users alike complain about having to buy increasingly expensive computers to run Word, Excel, Outlook and IE. They don't see a value change at all. They don't see improved features. They do see having to buy something they already have again.
In other words, this is the year for open source to go on the offensive:
* Linux can own the data center. It makees a better file, messaging, web and database server that Windows.
* OpenOffice is good enough.
* Gnome and KDE are good enoug.
* Linux security delivers on much of what DRM is built to deliver. The difference: Linux (and other open source oses) can be trusted, so we don't need hardware's help. Windows on the other hand...
-- $G
The Evils of Hardware Digital Rights Management and Trustworthy Computing
Personal computers are amazing devices which have enhanced the productivity, the creativity, and even the cultural fabric of people the world over. One of the key strengths of personal computing technologies is that they allow users a fundamental degree of freedom to modify, upgrade, and operate their computers in any way they see fit. This affords users the power of choice when deciding which hardware peripheral, which operating system, and which program they wish to use on their computer. This choice and openness has helped foster innovation and creativity which has resulted in the Internet and the Internet culture that we enjoy today.
Sadly, there are short sighted persons in some large corporations in conjunction with certain government officials who wish to destroy the freedoms we currently enjoy. They wish to seize control of our personal computers and cripple them in order to create what they call a more "trustworthy" networked environment. They call this blatant trampling of consumer fair rights "Trustworthy Computing". There is nothing trustworthy about it.
Essentially they want to place controls in the hardware of your computer that will tell you which software you can and cannot run on it. Software you wish to run has to be "digitally signed and authenticated" by large media and software companies before you can use it on your computer. Want to make a backup copy of a song or a program on one of these new modified computers? Good luck. Digital Rights Management (DRM) will be built into these computers, restricting your ability to use and copy files as Hollywood executives see fit. Yes in essence you will no longer be the sole operator of your computer, you will in fact, have to seek electronic permission to run programs on it.
Phoenix Technologies, one of the largest makers of BIOS components for PC's (the BIOS is the basic ROM that controls your PC on a fundamental level) has announced their plans to launch their DRM enabled trustworthy computing BIOS. Customers who purchase computers with a Phoenix BIOS will be very limited when it comes to making certain choices on how they wish to operate their computer.
Video game consoles like the X-Box already work like this. The X-Box will only run software that is digitally signed by Microsoft using an encrypted key. If you try to run an application on your X-Box that isn't digitally signed, it simply will not work. Microsoft does this in the console market to attempt to prevent piracy and to prevent people from purchasing an X-Box and using it as an inexpensive x86 computer. The X-Box is in reality a modified Pentium III computer, and theoretically can run normal x86 applications that run on the Pentium computer in your home. In fact, those who have cracked the encrypted copy protection on the X-Box have managed to get Linux running on the system.
Microsoft and Phoenix want to cripple your personal computer so it acts more like the X-Box. Microsoft is calling this "Trustworthy Computing" initiative project Palladium. Salon.com as an excellent quote in an article they wrote regarding the motivations behind this initiative: "Perhaps, if we'll trust computers with our lives, we'll also trust them with our credit cards. And maybe, even more important, Hollywood will trust them with its movies. The Trustworthy Computing initiative is as much about securing intellectual property control as it is about "safety.""
This exposes the two main reasons that your computer is going to be crippled. To appease media companies in Hollywood in a futile attempt to combat piracy, and to protect Microsoft's desktop operating system monopoly. Companies like Microsoft and Phoenix do not state this of course, they are selling this to the public under the guise of a "safer" and "more reliable" computing enviornment. This is only a side effect of the true aims of this initiative.
Piracy of popular media such as software, music and movies is spreading rapidly
I really haven't followed this closely, other than the occasional story...BUT, after reading this article, one thing immediately leapt to mind: they seem to have *only* WinDoze in mind.
Leaving aside the issues of "maybe I don't want to be online when I'm in single user mode and upgrading my OS, let's cut to the Big Picture: how will *other* OS's operate with this non-BIOS bios?
Even nastier, *if* this is primarily created w/ M$ in mind, then will Linux have to reverse engineer how to interact...and will M$ then pull a SCO, claiming trade secret, copyright, and patent protection?
*THAT* looks like what's inside this trojan horse.
mark
Maybe IBM will see this Trusted computing move as a chance to enter the motherboards market and will start making their own motherboards without the TC crap.
Well, we can always dream, can't we?
overseas
The studios in the MPAA could always bully the U.S. into doing for Free motherboards what Japan did for rice: set a prohibitive import tariff of 1,000 percent on motherboards without a Treacherous Computing BIOS, so that such motherboards cost more than 10 times to sell than they cost to make and ship.
this was still a free market economy. There will ALWAYS be makers of non-TC boards. In fact, I would dare say that Phoenix is putting themselves at risk with this move, and may end up losing a lot of marketshare because of it.
Remember DIVX movie CD's? A totally DRM solution for a market that wasn't looking for it and didn't want it. The MPAA wanted very badly to shove that down our throats, but consumers stayed away in droves. At the end of the day, the older DVD format won out.
Phoenix may be trying to appease Microsoft by introducing TC motherboards, but at the end of the day, they still have to answer to their own shareholders and turn a profit.
Oh, I see.. that sounds far more evil than I'd thought. Talk about tying your identity to a single machine, like it or not. Totalitarian gov'ts will love it.
:) any further details you care to post.
:)
For those who don't see the obvious, such a key system should make it trivially easy to track which machine did what access and therefore who is responsible for what "anonymous" posting or whatever. A public machine can be accessed by many people, you say? No problem, just kill the owner of the library, cybercafe, or wherever; end of multiple-user access. But it was a family machine, who knows what my kids did? Too bad, so sad.
I'll gladly read (and hopefully grok -- I'm not a programmer, but I fear no source code
What about hardware-based intercepts (frex, dongles), could something like that succeed at spoofing TC for individual machines?
I'm thinking that a mere list of known keys cannot possibly keep up with the production of new machines (at the router level, you'd be forever reflashing it, and at the central-key-server level, who you gonna trust with that? China??), so instead would rely on matching a given valid pattern (hash or whatever), and that might be the hackable point (write valid patterns into the aforementioned dongle). Your thoughts?
Aside from it'll make, um, extracurricular anonymity a criminal offense, of course.
Thanks for the info, present and yet to come
~REZ~ #43301. Who'd fake being me anyway?
Yup[. The fact that NGSCB is included in Longhorn does not mean it won't run without these features on motherboards that don't have the the necessary hardware.
It doesn't mean that Microsoft is not planning that at some later stage, but for the next few years attempting to do that would be suicide for Microsoft.
There is one loophole for any vision of an Internet with only Trusted platforms - the companies that write their own software. My employer writes for Intel platform, and there is no way we will go through a certification process for every test build of the product - we often have to rush patches to customer sites, and we need network-capable software. All our cast-off machines will be Internet-capable and free of a TCP lock-in. Ditto for the network infrastructure parts - routers, hubs, etc.
under the spell of the Matrix! Do a simple reverse of this and anyone who successfully responds to the challenge has obviously not taken the red pill.
Here is an attempt to implement Open Firmware on PeeCees.
Stick Men
They are abbreviations.
An acromym can be pronounced: MOSFET, ASCII, RAM.
Not an acronym: NPN, IGBT, PCB.
gewg_
whats to stop people from creating a separate 'untrustworthy' network?
I'm thinking that a mere list of known keys cannot possibly keep up with the production of new machines (at the router level, you'd be forever reflashing it, and at the central-key-server level, who you gonna trust with that? China??)
And what about a DOS attack on that server? Noone could connect to the internet; Slammer pales by comparison. Even without security holes this would allow a lot of damage.
"We have got to make Stan understand the importance of voting, because he'll definitely vote for our guy." - South Park
However, ISA looks similar to PCI to the BIOS, and the IDE controller, embedded video/sound, etc., etc., are just PCI devices that are soldered onto the board. After all, HDD handling could be done by any Phoenix, AMI, or IBM BIOS 10-15 years ago, when PCs were just as integrated as they were back in the day of the AT - not at all. BTW, what I was asking is if it's ok to use this code and not have IBM sue you, not if it would actually work. It's a good place to start, as modern* BIOSes evolved from this.
* They're not that different from those old BIOSes in the AT...
How would it be suicide? Virtually every copy of Windows comes preinstalled on a new PC. All new PC's will have the new hardware.
Even if product activation doesn't requre the new security system, even if you can turn it off, all PC will come with it enabled by default and disabling it will cripple the system. Microsoft has undertaken an enormous project to change the very hardware of computers. They sure as hell want it used.
Presumably, a manufacture would be able to give the user the option to turn the TCPA core on or off. in fact, I believe that's part of the TCPA spec.
autopr0n is like, down and stuff.
should make it trivially easy to track which machine did what access and therefore who is responsible for what "anonymous" posting or whatever.
Yes and no. They have designed a an "identity" system that can run on top. It supposedly protects your anonymity. I'm still trying to figure out the technical details of that higher level system. It *definitly will* be possible to track things back you through the Identity service records. You have to trust that they will not share this information with anyone, but there is absolutely no doubt they will turn it over to a subpoena. I have my doubts about the entire system. I'm pretty sure you locked into using a single such service and I'm not sure it is practical to actually make use of multiple identities for anonymity, and I'm not sure it will really prevent "trivial" tracking in any case.
What about hardware-based intercepts (frex, dongles)
Useless without an authentic key. The system is bases around Trusted devices only trusting other Trusted devices, and they do so by proving that they have an authentic key without ever revealing the key itself.
a mere list of known keys cannot possibly keep up with the production of new machines
Right. There is no need for any list. I guess I'll explain asymetric keys and signing.
With the new cryptography you get key pairs. Each pair has a public key and a pivate key. You can freely give your public key away to anyone and everyone. If they encrypt data with your public key then only your private key can decrypt it. If you keey your private key secret then only you can decrypt it. This is how they keep the key locked up inside the chips, they exchange the public halves.
Signing is based on the reverse process. If you encrypt something with a private key then anyone can use the known public key to decrypt it. If you decrypt something with a public key and it works then it could only have been encrypted with that specific private key. If someone has your public key then a signature is proof that it was done by the person (or chip) that possesses that private key.
There is a master ROOT private key. It is known as the "Root of Trust". You are TOLD to trust this key. The person controlling the ROOT private key get to define the meaning of "trust" any way they like. Every one gets the master ROOT public key. All Trusted chips know this key.
The here is an authentication in action:
Exchange four peices of data:
(1) Public key A
(2) Public key A encrypted (signed) with Private key B
(3) Public key B
(4) Public key B encrypted (signed) with the master ROOT private key.
You use the ROOT PUBLIC key to decrypt (4). If the decryption works and matches (3) then you know the ROOT PRIVATE key was used. The people in possestion of the ROOT Private key have announced that they will only use it to sign the public keys of Trusted manufacturers. Remember, possessing the ROOT Private key means you get to define what "trust" means. A manufacturer can only get their public key signed after agreeing to a big fat contract and verification that they will only produce properly Secure and Trusted chips in compliance with the policies set by the those in control of the ROOT.
So assuming you "trust" the people controlling the ROOT, you can "trust" that key B is a genuine manufacturer key and you can "trust" that that key will only be used in connection with authentic chips. Key B is now Trusted.
You now use (3), the Trusted key B to decrypt (2). If the decryption works and matches (1) then you know the private manufacture key was used. The manufacturer has announced (and thoes running the root will enforce) that it will only be used to sign the public keys of authentic Secure and Trusted chips.
So you now know that key A is the public key of an Authentic and Secure Trusted chip.
Now we get to watch how lopsided things get for someone running a Trusted Computer. Lets say I'm the New York Times website. I don't nee
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
whats to stop people from creating a separate 'untrustworthy' network?
Absolutely nothing. You are perfectly free to do so. Anyone on your network is can only see what is on your network. Any one who is Trusted Computing compliant can see everything on the Trusted network AND they can see everything on your network.
Trusted Computing is designed to make those on the OUTSIDE suffer.
Tell me - what do you think the general public is going to do when faced with the choice of running an OLD computer and they can only get some websites to work, or they can run a NEW and "enhanced" computer and ALL websites work?
It's exactly like Javascript and cookies. I suggest you try to turning either or both of them off for a week and surfing the internet. You will find it extreemely frustrating as you will be locked out of a LOT of websites. So the public leaves cookies turned on, they leave javascript turned on, and they will leave Trusted Computing turned on.
And what about a DOS attack on that server? Noone could connect to the internet;
No such server exists. There is no "list" of authentic keys. The process does not use ordinay encryption keys, it uses asymetric keys. There is a published "Root of Trust" master public key. Every Trusted Computer already knows this Root public key. There is a chain of steps that you can use, starting from that Root public key, that can authenticate the keys belonging to genuine Trusted chips.
I explained in this post why you cannot "spoof" this process. Knowing the Root public key does not allow you to fake a genuine Trusted key. You need the Root PRIVATE key to make fake keys. You don't have they key and you can't get at that key. It is locked inside a single chip and that chip is owned by the people running the system.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
But I'm speaking of the "next generation internet", where every client connection is "trusted" and provides the service provider with a way to know who, exactly, is on the other end of the connection. Note that I'm not referring only to internet service, but web services, content delivery, e-commerce, etc.
I don't doubt that supporting Linux does not make good business sense, when there is a definite limit on the amount of money an ISP can spend training their employees, and, let's face it, desktop Linux does not provide one standard way to connect to the internet; the Windows monoculture does.
But I see the future. Microsoft has been trying to turn the desktop computer into a set-top box for years, but has never succeeded because it lacked the means to effectively control what users do with their computers. It is now using its market dominance to force hardware manufacturers to give it a way to control what users can do with their own property. Once that happens, Microsoft will step right in and effectively control who is allowed to access the internet, at least, in the United States and other Western countries in which Windows is the predominant operating system.
Slashdot is my Mercer Box.
Honestly, I don't expect "trusted computing" to act as much more than a lock on the front door - it will keep honest people honest, but not do much to deter the determined. Someone will find a hole, and exploit it.
That will take time, however. In the end, Palladium won't solve any problems, just as the lock on my front door is not proof against a determined criminal with the patience, skill, or knowledge to circumvent it.
In the interim, most computers will be crippled, and useless for anything but consumption of products whose cost is based in part on Microsoft licensing fees.
Slashdot is my Mercer Box.
you're free to say anything that you like, however there can be consequences for what you say.
you can't scream that you're going to kill $WORLDLEADER or shout fire in an auditorium.
a better argument would be to make this a satire case.
As Al Franken said once, "the first amendment protects satire, even if the people you're talking about don't get it" -- it was something like that anyway.
I don't 100% follow the key process, but now I have a much clearer picture of the general operation and how the system will behave in the real world; thanks very much. Saved for reference (and for frightening others).
The intentional and unintended consequences of such a scheme are limitless, and could have severe economic effects.
Frex, say my web host decides to implement Trusted Computing. All of a sudden my websites, that have been available to anyone who visits, are visible to only a limited subset of websurfers. This would significantly impact my business, because a high percentage of my clients use old equipment (which would be locked out). IOW, the WEB HOST gets to tell ME who I should trust, and I pay for it with reduced income. And jumping ship only works so long as there are other ships to jump to -- and assuming "nontrusted hosts" don't get locked out. (Could an ISP effectively prevent its users from visiting any untrusted sites??)
And the mail server, where email from untrusted servers would not be delivered, right? What about when root servers (frex, Verisign) decide to implement it??
I suspect such effects will impact small business far worse than the enterprise, which doesn't rely on web or email contact in the first place (witness how many corporate websites are actively every-browser hostile, or publish broken email contacts).
As to the identity layer, yeah, I'd expect we could trust that exactly as far as gov't entities desire it to be trusted. Maybe not so much obviously ill effect in "free countries" where we still have the right to bitch about privacy invasions, but what about the rest of the world??
Will be interested in whatever further you have to contribute on the topic.
~REZ~ #43301. Who'd fake being me anyway?
As to "whats to stop people from creating a separate 'untrustworthy' network?" -- How many people are actually using Internet2, or whatever it's called, for ALL their internet needs? (Personally, I don't even know how to access it.) Such things sound like a good idea, but tend not to thrive in practice.
:/
I surf in the most minimal configuration I've found is practical: all cookies allowed, all images and javascipt off. It makes life online far more pleasant, if you know what you're doing. But most people cannot cope with the non-js workarounds for js-infested sites, or even the much-simpler tricks for dealing with graphical menus without loading images; far less could they cope with workarounds for TC-lockout.
But given that TC will require everyone to buy a whole new monkey, it will also create a second class online citizenry -- and could effectively lock out half the world, even given several years to penetrate the hardware market. Two examples leap to mind:
Dictator wants to prevent his people from accessing websites outside his country? Just prohibit importing TC-enabled tech, with appropriately draconian penalties.
Po'folks everywhere. People in rich countries tend to forget how much of the world still runs systems from the 486 era, because that's what they can afford. Hell, I have two disabled clients (in Los Angeles) who still run 486s, and can't afford (nor justify buying) better. What happens then -- do taxpayers get to buy new TC-enabled machines for everyone who is covered under the Americans With Disabilities Act?
Great, now we'll have TC-inspired social welfare. Just what I've always wanted to pay taxes for.
~REZ~ #43301. Who'd fake being me anyway?
I don't 100% follow the key process
Ok, I think I can explain it with a simplified example. In normal encryption there one one key. A key is like a password. If you lock something with the password "PinkJellyBeans" then it can only be unlocked with the password "PinkJellyBeans". That's old encryption.
The new encrytpion is like addition and subtraction. You can tell everyone your public key is to "add one". Your private key is to "subtract one". If someone tells you the "add one" key, you can't in a billion years figure out how to "subtract one".
Say someone wants to send you the message:
"1234Mississippi7777"
They use your public key and add one. The encrypted message becomes:
"2345Njttjttjqqj8888"
You are the only person who knows the key "subtract one". You are the only person that can read the message.
Now we get to signing. Signing is a way to prove that you wrote a message. Say you want to sign the message:
"1234Mississippi7777"
You use your private key "subtract one" and get:
"0123Lhrrhrrhooh6666"
You then send both "1234Mississippi7777" and "0123Lhrrhrrhooh6666" to someone.
That person, or anyone for that matter, can then use your public key "add one" on the second message and verify that it matches. Since no one else on earth knows the secret key "subtract one" then you are the only person who could have created that signature. Therefore it really is you saying "1234Mississippi7777" and not some imposter sending a false "1234Mississippi7777" message.
Actually I skipped a step in there. That method works perfectly fine, but consider what happens if you want to sign an encyclopeida - you'd have to send the entire thing twice, once normal and once encrypted. There is a math method called a "hash" that lets you write a short signature no matter how long the message is. You send the encyclopedia and add twenty-letter signature at the end. If anyone changes a single word in that encyclopedia then the signature wont match. If anyone tries to insert a lie into a copy of the encyclopedia (or tries to change a program to defeat DRM) then the signature does not match and the encyclopedia (and the program) are not trusted and are not used.
The Root private key is only used to sign authentic manufacturer public keys. If some potentially untrusted source gives you some unknown public key and that key is signed by the root private key then it must be an authentic manufacturer public key. You do not need to have any trust in the person giving you the key and signature. You can verify for yourself that the key is genuine.
Now you know you have a manufacturer's key and are given some unknown key. That unknown key is signed by the manufacturer's private key. Again, you don't need to trust the person giving you this information, you can use the public key to verify the manufacturer's signature. You now know that new key you got is a genuine chip key because it was signed by a genuine manufacturer.
If you trust that the Root will only sign manufacturer keys, and if you trust that the manufacturer will only sign secure chip keys, and you trust that the chip will never reveal it's key to the owner, and if you trust that the chip will not permit the owner to view a webpage without viewing the ads, then you can lock data to that key in that chip and you can "trust" that the owner can only view the webpage if he views the ads.
You trust that the root can control the manufacturers. You trust that the manufacturers can control the chips. You turst that the chips can control the computers. You trust that the computers can control their owners. Now you don't have to trust the owners at all. The definition of Trusted Computing is that you don't have to worry about trusting owners, you can control the owners.
From a purely technical point of view it's pretty impressive that the system functions securely based on non-secret keys and on information given to you by an untrusted source. Except for the p
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Okay, let me see if I halfway grok this: The TC has both an encrypting key and a confirming key (sortof like having an encrypted passphrase required to access the other key?), and both have to be right or it's no-go. And a hash (like a CRC check, yes?) to confirm the data is what it was supposed to be, per what the key expects to see. I couldn't explain it to someone else to save my life, but I think I see the general picture of how it works.
:(
:/ (We still have a dialup BBS here.)
Also sounds like it's the grand step toward returning us to the world of dumb terminals ("You can see and do only what I say you can see and do"), however well-disguised it may be.
I can hear the "software by subscription" crowd drooling at the gates, too. (Speaking of Gates, M$'s own people at their own seminars have talked about shifting to software by subscription, and boy would this make it easy to enforce.)
I think we'll all wish we looked half as good as the goatse.cx guy when they're done with us
I just had another thought: this could be enforced to the point of not letting a TC machine network with an un-TC machine via an ordinary LAN, yes? So if you don't upgrade the rest of your LAN, the TC machine may refuse to play nice with it. So if you need a TC router to connect to the world, you'd also need TC machines to speak to the router on your home network. Am I thinking in the correct direction here??
Ya know, for email type stuff, FIDONet's tin cans and string approach is starting to sound right appealing all of a sudden
~REZ~ #43301. Who'd fake being me anyway?
if you need a TC router to connect to the world, you'd also need TC machines to speak to the router on your home network
Exactly.
The ultimate enforcement is if the internet backbone routers set a rule that non-TC connections must be dropped and enforce that rule all the way down the line. Your ISP would lose their connection unless they enforce the rule on you.
It's all "voluntary". You are perfectly free to put a non-TC machine on your router, but then your ISP must drop the connection to your router. You can have your non-TC LAN or you can have an internet connection. You cannot get both.
You might manage to connect the non-TC machine to your home network in some alternate way, but that connection would not properly pass on the internet link. You could manually relay ordinary text files and whatnot, but the non-TC system would be walled off from the internet.
The main issue is that the non-TC machine is locked out of all "secure" data. If you download music or view a secured webpage or save secured data from an application, there is absolutely no way to see it or use it on the non-TC machine. It's all encrypted and you are forbidden to ever see the key to your own data.
Okay, let me see if I halfway grok this: The TC has both an encrypting key and a confirming key
Every chip has "confiming" key pair (public half and private half). They call it the "endorsement key". It is only used for the signatures that prove that you are communicating with a genuine chip. After that all critical activities happen inside the chip itself.
Then every chip has a RootStorageKey that never leaves the chip. This key is only used to encrypt other keys. You get an entire "tree" of keys growing out from the RootStorageKey. A branching tree of keys locking keys locking keys locking keys. In order read a file you must walk along the chain unlocking each key in the sequence. The file is locked with the final key at the end of that particular chain - a "leaf" of the tree.
There's the RootStorageKey locking the BIOS key. The BIOS key locks the operating system key. The operating system key locks the keys of all of the applications. Individual files could be locked under the application key, but more likely the application will ask the operating system to use one of its keys. The application doesn't mind passing this control back to the operating system because the operating system will obey the application.
I think there's also an "identity key" in the chain, but I'm a bit fuzzy on where it comes in the sequence.
And a hash (like a CRC check
Exactly, except it is designed with different intent. CRC is designed to catch mistakes. It is usually 16 or maybe 32 bits and it uses "easy" math. This hash is specially designed to be secure against attack. It's 160 bits with nasty math.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Voluntary, yeah, as in "All things not compulsory are forbidden". :(
Occurs to me there's another problem with this whole tree-of-keys thing: what if the chip croaks? (More likely that the mainboard it's attached to would fail, but I gather it amounts to the same thing. Presumably it would not be a socketed chip.) Do you lose access to all your data? If your ISP (or perhaps your bank) considers your identity as tied up in a particular chip, could you lose your access til you got "recertified"?? What about transferring backups to a new machine, whose TC key won't match the old one? (I guess someone would have to write TC-specific data transfer utils, assuming that would work.) How could anyone do crashed-HD data recovery without having possession of the appropriate keys (which evidently means of the entire machine)?? What if the TC chip experiences flipped bits (due to a power spike or whatever, and at any stage of the chain), and consequently decides it ain't your data after all? (Am I snuffling down the right track, or should I get my tinfoil hat refitted?)
Nasty math like multi-dimensional hash tables?
~REZ~ #43301. Who'd fake being me anyway?
what if the chip croaks?
Then you can toss your harddrive out the window to chase away the pigeons. That, or it makes a very geek-sheik paperweight.
If your ISP (or perhaps your bank) considers your identity as tied up in a particular chip
It shouldn't be a "problem" to just grab a new machine and start from scratch, assuming a suitably broad definitions of "not a problem" lol.
What about transferring backups to a new machine
There is a limited function for this, but I'm not sure if it is a mandatory part of the spec or optional. You have to go through the chip manufacturer. First they deactivate all of your data on the old machine. (The number one rule is that the data may NEVER be active on more than one machine). The chip exports a special code. You give that code to the manufacturer along with a code from the new chip. The manufacturer then uses his secret key to allow you to import the RootStorageKey into the new chip. The new can can now activate the data.
crashed-HD data recovery
That's a bad situation in any case. It does make your data more "fragile", similar to the risk if you were using encryption for your own benefit. You could theoretically backup your harddrive data, but it wouldn't be easy. It would only work if you restore that data back under that undamaged motherboard.
What if the TC chip experiences flipped bits (due to a power spike or whatever, and at any stage of the chain)
Hmmmm. If the permanent endorsement key or the RootStorageKey had a bit flipped by a cosmic ray then your data would be gone. Same as a dead chip. Pretty unlikely, but I'm sure with a few million machines it will probably happen to a few people per year. If a power-glitch messes up a calculation in progress it will most likely be no worse than an ordinary glitchof that sort, possibly losing some data from that particular session. A glitch could conceivably cause pretty massive data loss if it had really rotten timing. Pretty unlikely, but you could possibly keep a backup of the drive as I mentioned earlier, only restorable back under that undamaged motherboard.
Nasty math like multi-dimensional hash tables?
How to hash a frog:
Step one: Smash with a nice lumpy bowling trophy.
Step two: Toss in a blender for 3 seconds.
Repeat both steps 80 times.
Read the random arrangment of red and green speckles. That is your final hash value.
Suffice it to say that current experts consider it impossible to break a 160-bit SHA-1 hash with current math knowledge. A quantum computer might be able to do it.
As for CRC's, any programmer could be lazy and simply brute-force a 16 or 32 bit CRC without even using a braincell. Or he could do a math analysis, CRC is simply a single pass of a simple operation. Or he could do a Google search to locate a short peice of code to directly generate any CRC value at will. Don't bother trying to follow and read the link, it's just there as proof that there is a simple known method.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Dead chip dept... well, I am now totally convinced that no data more important than a tempfile belongs on a TC-enabled system. It's begging to get lost, or very-expensively-recovered. (In my experience, backups very seldom are used to restore the exact system they were made on, and BIOS-level chips are the first line of frying in the event of an electrical incident.)
:) Yeah, I knew basic CRCs could be faked... [reads method despite warnings, but only gets small headache] ...and it doesn't look very complicated either.
Then there's the "what if the chip manufacturer goes out of business" issue, leaving you hanging with data that you need to migrate? or outright orphaning your data, in the case of subscription TC. It's all well and good to require a central archive to cover such situations, but then you've got another critical point of potential failure if THAT archive goes away. Or perhaps is compromised, run by someone with motivation to disable certain folks' TC'd systems, etc. As you say, the Trust all flows one way. In Real Life[tm], we call that a dictatorship.
I've been thru that sort of situation with a copy-protected diskette that had gone bad and wouldn't turn loose of the HD (used "bad sector" protection -- ironically, it had developed a real bad sector under the fake one!) so we could migrate the app to a new machine, and the publisher had since eaten by an outfit who refused to replace the diskette. In that case, my client was able to buy a competing product that could read the old app's files, but with TC, one would not have that luxury.
Hash... I see. That poor mashed frog is damnear unidentifiable
~REZ~ #43301. Who'd fake being me anyway?
"what if the chip manufacturer goes out of business" issue, leaving you hanging with data that you need to migrate?
I missed that fact, Good catch. Very few disscussions go so far as to reach the migration feature, but I'll have to remember that point.
reads method despite warnings
Too bad it's in Perl, which I don't speak. Most of the code in there is the normal code you need make the normal CRC in the first place. You need to calculate the normal CRC before you can fake it into a new value. I'm pretty sure the code we are reffering to - the code to fake the CRC - is merely a single equation on a single line. I could dig it out if I made the effort.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
NOT by a long shot.
WWII was started by Pearl Harbor which was ALLOWED to happen precisely so that America would have an "excuse" to enter the war. Much like the World Trade Center debacle on 09/01/2001...
Fact: On January 27, 1941, the American ambassador to Japan warned Washington that the Japanese were planning an attack on Pearl Harbor, if negotiations broke down. Later in 1941, a Korean lobbyist, considered a reliable source of information, twice warned that an attack on Pearl Harbor was being planned during November and the first week of December 1941, including December 6, the American code-breakers had intercepted Japanese messages that clearly pointed to an imminent attack on the Hawaiian Islands. These intercepted messages were seen by FDR and other cabinet members.
"Microsoft does not rule the entire world nor will they ever."
But they're pretty damn close sometimes. Find a laptop, with relative ease, that has everything that say, Toshiba would have -- that doesn't come with Windows on it. Find one as a single consumer without a business and feel the pain.
I know you can find laptops that don't come with the Microsoft Tax, but it's difficult and annoying to do so.
The whole "doom and gloom" attitude comes from years and years of frustration many of us suffer from having to work with Microsoft's crap, work around it, or trying to get rid of it in daily use. There's also having to work with people who nothing but Microsoft, and interoperate with their garbage through closed standards.
They rule computer games right now, they pretty much rule consumer laptops, and they continuously cause massive inconvenience for all of us in other markets as well.
I think what the parent poster meant was that it wasn't impossible to sell motherboards that don't run windows, but that Microsoft will find a way to override market forces and give the consumer another good reaming for old times' sake...
Yes, well I think if you're a consumer of Microsoft products then you make your purchase both accepting and inviting that reaming.
Games? I wouldn't know much about that. My family has Sony and Nintendo systems, the kids share games with a bunch of other families in the neighborhood. I have heard that Microsoft does produce a game console but other than a casual glance at the store I've never seen anyone play one and don't know of anyone who actually bought one.
I guess where I'm at people are a little more attentive when they make a purchase. We have to be, nobody here makes a lot of money. When we spend what we have we look hard before we leap.
You said yourself that you can find laptops without Microsoft products. You could also purchase them with Microsoft products and then not use those products. It's your choice. If you're running Microsoft products because "it's difficult and annoying" to do otherwise, that's a choice you make. You obviously have an option but it's not important enough to you to take that other option. You obviously have determined that the reliability of the application, the security of your data, the rights to your applications and data and your freedom of choice are not worth the extra hassle. And that's ok, its your choice.
. Quit playing Monopoly with Bill. Switch to one of many non-Microsoft products today.
Glad to be of service. I have the habit of migrating existing installs when possible (less disruptive to my clients, being of the SOHO species, and my first responsibility when repairing a system is preserving their data), so that was among my first thoughts.
:)
:)
I don't speak Perl any better than I speak C, which is to say, I can sometimes halfway follow well-commented code, if I already know what it's supposed to do. I've done far too much staring at DOOM source mods.
Pascal is easier; if I know what the program does, I don't need the comments
~REZ~ #43301. Who'd fake being me anyway?
What I meant about "Microsoft Rules Games" wasn't that they made good games or ruled the market. I should have been more clear. They certainly only publish games like Sierra does, and they're getting screwed with the X-Box.
What I meant was that if you want to play games, you need Windows. There's not much consumer choice you can make there, except for using Windows without paying for it. =)
When it comes to finding a Laptop without windows on it, sure you could buy it and not use Windows. That's what I would do. But you've just given Microsoft money you shouldn't have had to. That's one of the two strongarm things I was saying they did.
If you want a Laptop, you're most likely paying the Microsoft Tax.
If you want to play computer games that aren't on a console, you're going to have to use Windows for most of them.
You can't make consumer choice when there is no non-Microsoft option for many applications. It used to be much worse, but it's getting better.
What pisses me off the most is the general stupidity of the consumers out there limits my choice because they feed this company who ruins software for all of us.