Trusted Computing Rollout Hits the Desktop

Alsee writes "Previously appearing in a few rare laptops, ExtremeTech reports on the first major computer manufacturer making a full scale Trusted Computing rollout. Samsung will now install the Phoenix Core Managed Environment (cME) BIOS in every computer they make. Previous Slashdot reports on this BIOS include Phoenix Bios to Incorporate DRM and Microsoft Taking Over the BIOS."

The race is off

[ultrabot]

How long do you think before this hardware gets hacked?

I would bet on 3 months.

Re:The race is off

[raider_red]

I'm betting no more than four weeks. Two months at the outside.

Still, this is one more reason I'm considering a Mac as my next computer.

Re:The race is off

[cortana]

But how will you bank online, when your bank stops supporting non-TCPA clients in the intrest security?

After that, it's not a great leap to see the credit card companies only issue merchant accounts to those online retailers who similarly require the client to use TCPA.

At least in the UK, online government servies are in their infancy. A few well-placed bribes by a certain software company later, and suddenly I will only be able to access government services from a TCPA-compliant terminal...

Re:The race is off

[tomhudson]

If the banks were truly interested in security, they wouldn't be lettng people bank online using Internet Exploder. They also wouldn't be running ATMs that show the blue screen of death.

Banks, like every other business, do a trade-off between revenues, profits, and costs. As long as they can make a profit, they will support non-TCPA clients.

Re:The race is off

[computational+super]

According to the article, the DRM chip creates a "partition that Windows won't be able to access". If that's true, I want a PC where everything is controlled by the DRM chip. Then I could trust my computer.

Re:The race is off

[cjjjer]

I'm betting no more than four weeks. Two months at the outside.

Does not matter how long it takes. Companies who may implement DRM know there is an inconvenience factor involved. How many times will the average public patch/hack/config something to make it work outside the "law"? My guess is the die-hard geeks will do it as much as it takes but johnny-lunchbox is going to get pretty tired real quick. This has to do with America's lazy attitude toward everything. It has to work right now and without any thought on the users' part.

Backing up the entire OS

[BlueCodeWarrior]

Fujitsu, however, chose to install the FirstWare Vault software designed by Phoenix, a trusted application designed by the company. FirstWare Vault also creates a hidden partition on the hard drive. However, Fujitsu used it to store a backup copy of the OS, in case the user needed to reinstall. Fujitsu's strategy will eliminate the need to ship the OS "reinstall" disks that have begun to ship in today's PCs. The disks don't contain a full version of the OS, but just the files needed to reinstall it in case of an error. By hiding that reinstall software on a protected partition, the company saved itself the costs of distributing the media, Fujitsu said. Wouldn't this take up quite a hefty chunk of hard drive space? I mean, it says 'doesn't contain a full version,' but wouldn't this still be quite a bit? I'm not sure I want other people making those kinds of decisions for me.

Re:Backing up the entire OS

[KrispyKringle]

Not only that, but isn't the whole point of a backup disk to be able to restore your OS and software if the hard drive fails? Sure, you can still use this to restore if the software just gets screwed up beyond the hope of fixing, but if the hardware fails, I'd rather have a CD than another partition on the hard drive.

And seriously, cost of the media? How much could this possibly cost (even if the partition is only the size of a CDROM; 700MB or less)?

Re:Backing up the entire OS

[Dot.Com.CEO]

Well, it would have to be about 650Mb, or a CD's worth of data. I'm sure that nobody is going to miss less than a gigabyte of space in today's hard disks.

Re:Backing up the entire OS

[Xner]

Unfortunately the HD sizes for laptops aren't quite up there with the ridiculously large desktop format drives yet. It's not unusual to see laptops with 40GB drives, and 700MB is not as negligible there as it would be on a 120 or even 200GB desktop drive.

And regardless, it's MY disk and I want be able to use it however i please.

Re:Backing up the entire OS

[mu-sly]

What a fucking joke that is!!

Your hard drive gets screwed (hardware failure, for exmaple), so you can't re-install on a new disk because you don't have the installation media?

And I suppose it also has the "feature" that it'll automatically "fix" any "corrupt" (Linux/BSD) partitions it discovers on bootup?

What a stupid, usless waste of hard drive space to save on the price of an install DVD. This just smacks of taking choices away from the user (other than the choice to boycott this kind of shit completely).

Re:Backing up the entire OS

[Agent+Orange]

hefty chunk of space to reinstall in case of OS failure? The compressed kernel is only ~30-40MB and apt-get does the rest!

ohhhh....must be that _other_ OS.

Re:Backing up the entire OS

[throwaway18]

Wouldn't this take up quite a hefty chunk of hard drive space?

No doubt it will be compressed so I'd expect it to be about 1.5GB for a typical consumer PC preinstalled with windows XP, DVD player, burner software etc. They will still describe it as having an 80GB disk,. not 75GB free space. Manufacturers are happy to save a few dollars by slowing down PC's with software modems and sound synthesis done in software so I doubt they will balk at this oportunity.

Re:Backing up the entire OS

[mu-sly]

Plus if your virii/worms can't touch that other partition, you have a "trusted" way to work on restoring your system in the case something bad happens without having to do the fdisk/format/reinstall sequence.

Oh come on - how long will it take someone to find a way to circumvent that? A month? Less? Going on M$'s past record, my bet is on the latter.

The fact is that it's never going to be as safe as a read only CD / DVD with the install files on it.

Re:Backing up the entire OS

[Xner]

What kernel are you using? Mine is about 1 meg compressed (bzImage).

Unless of course you are talkign about a minimal userland too (base.tgz in Debian land I think).

Re:Backing up the entire OS

[caino59]

HP has been shipping computers with complete restore info on the HD for about a 1 or 1 & 1/2 years now. If you want CDs, you have to request them on their site, by mail, or phone.

If the drive dies, they send you a new drive with all the OS info pre-loaded....the average user doesn't even realize that they are using space...

Re:Backing up the entire OS

[PhraudulentOne]

Yeah and what if you upgrade the harddrive.. can you access that "protected partition" to copy the backup that you paid for to the new drive or do you now have to purchase the software again - so fujitsu could save $0.30 to send you that restore disc. This obviously seems like more limitations as opposed to more freedoms.

Re:Backing up the entire OS

[cynyr]

I have a fujitsu P2110 and it cam with a 1.5 gig partition that had all of the backup on it... as I remember windows showed the drive(haven't booted winblows on the box for a very long time).... I used dd and bzip to back it up to 2 cd's and then reformated it..... that and I don't use windows on this laptop ;)

Re:Backing up the entire OS

[thomas089]

All newer IBM Thinkpads use a hidden area on the HD to store the OS and all IBM software and drivers for recovery. If you want Recovery CD's, you have to create it yourself (takes 4 hours). If you call IBM support to ask for Recovery CD's, you need a good explanation like "SUSE Linux deleted the hidden Area".

Re:Backing up the entire OS

[bogie]

So raise the price of the PC's by .10. I doubt anyone will complain. This is just another example of reckless cost cutting that will only make consumer's lives more difficult.

Re:Backing up the entire OS

[4of12]

choice to boycott this kind of shit completely

I know that I would be interested in getting the latest high performance computer without this TCPA "feature".

If there were a handy list of MB manufacturers that do not have TCPA I'd be interested. Others might too.

Re:Backing up the entire OS

[sumdumass]

One thing that is commonly over looked in cases were hp ships the OS like this is the fact that they provide a way to burn an actual cd from thier restore files. So in addition to the other choices, you can make your own cd.

http://h20015.www2.hp.com/hub_search/document.jh tm l?lc=en&docName=bph08097

I also am thinking that it is part of the microsoft license that mandates there be a way to make a restore cd to physical media too (if they don't ship the actual cd. In the past they were allowed to do it but needed to actually have the restore cd in the box when shiped). I can't find the documents i once read saying the same or i would post a link.

Microsoft also has a way you can use these restore cd's if you have done a upgrade to service pack 1. it is called slipstreaming. This entails making a new set of install media that contains the software upgrade you have already done. stuff like the latest security updates and service packs can be installed at the same time the os is reinstalled reducing the need to go online and download so much stuff. Slipstreaming also lets you include driversupport for your latest hardware that wasn't supported by windows when you installed it.

http://www.microsoft.com/windows2000/techinfo/re sk it/en-us/default.asp?url=/windows2000/techinfo/res kit/en-us/prork/prbd_std_tgzp.asp
This link describes the process for windows 2000 but it should work on all win2000 and up operating systems including xp and the server versions.

Although this does create an easy way to get the media in front of you, most people arent even aware of it. Also if the OS can't see the hidden partition, i'm not sure anythinh like this would even work. It might even violate the microsoft license/contrac that says they need to provide the cd's or a way to make them. I'm not too sure because a quick google search isn't producing the documents i once read. Instead it is producing a bunch of links to people that got screwed by this practice when the drive failed.

I got burnt years ago on my Packard Bell 486sx that had a little popup saying use diskimage to make the win3.11 backup floppies when i loged in for the first time. then it crash somwere between the time i left to by a box of floppies and when i got back and had to wait 3 weeks for packardbell to ship my os and come fix the computer. That whole system was a bad experience. and i feel for these other people that have that problem. i even read in the microsoft news groups that say they have to buy a complete new os when something like this happens.

Re:Backing up the entire OS

[BlueCodeWarrior]

There's also the issue of how much money it cost to develop this technology.

They cost $.10 to make, but it cost them how much to develop the technology to save that $.10?

Re:Backing up the entire OS

[metamatic]

It's a long time since Windows systems regularly shipped with install CDs. If you're lucky you get a set of crappy "rescue" CDs which wipe the entire hard drive and replace it with the image the machine shipped with.

Re:Backing up the entire OS

[osu-neko]

Oh come on -- why would it take that long to circumvent? If the BIOS doesn't let me see a hidden partition, what's stopping me from pulling the HD out and sticking the PC I'm typing on right now? Nothing in this PC's BIOS is going to prevent me from looking at any partition I want to...

For that matter, why not just bypass the BIOS entirely?

Forgive me if these are stupid questions -- I'm unfamiliar with how this new tech is supposed to work. How does it prevent me from doing either of the above?

What next.

[Omni+Magnus]

First I have to mod my XBOX, and now my laptop. When will it end?

Re:What next.

[sadangel]

When you and everyone else stops patronizing organizations that produce such hardware in favor of open alternatives. Supporting OSS is fine, but something needs to be said for supporting the same ideals in the hardware domain.

Re:What next.

[minus_273]

or you can just get a mac and be happy with open firmware :)

Screencap...

[stevens]

Detecting USB controller...
Detecting peripheral: PC104 Keyboard...
Detecting untrusted user at Keyboard!
20000 volts sent to keyboard...

Re:Screencap...

[execom]

and it won't discharge your battery :)

Re:Screencap...

[Mattintosh]

So that's why they had such problems with that in Star Trek...

the problem with trusted computing.

[scumbucket]

The problem with most "trusted computing" proposals so far is that "trusted" is an accurate description of them. It's just an imcomplete description. They aren't about insuring that you, the owner of the computer, can trust the computer or the software on it. They're about insuring that third parties (such as Microsoft, HP, etc.) can trust your computer to do what they tell it to do. The proponents omit that part because they know all too well that if they did say all of what they meant that the average consumer would scream bloody murder and refuse to have anything to do with it.

Re:the problem with trusted computing.

[Adrian+Lopez]

I totally agree with you. Trusted computing does not benefit users as much as it benefits software manufacturers who wish to impose draconian restrictions over our use of software and media. Frankly, with stuff like DRM, the DMCA and now the FBI's attempt at forcing server software to include wiretapping capabilities, I fear for the future of free and unrestricted access to computing technology.

Re:the problem with trusted computing.

[NeXTer]

I can see if the e-mails I got claiming to be from my mother are really signed by her computer or not.

Which is the problem with the whole idea of trusted computing. What if your mom got herself a new computer? What if you upgrade your system?

The problem with TCPA and the likes is that it's tied to the system and not to the user. If you get a new system all your protected content is just so many gigs of useless bits.

Catastrophic hardware failures do happen, and would be even more catastrophic if the data is hardwired for a particular system.

Re:the problem with trusted computing.

[SillyNickName4me]

> For example, if I want to filter virus and spam mail from the real thing, I can see if the e-mails I got claiming to be from my mother are really signed by her computer or not.

Factually true, but how helpfull is that?
If her computer decides to send you a virus or is used somehow as a spam relay, the mail could be very well signed by it.

It is usefull to have a cryptographic id, and as long as that also comes with an open interface it will not be in the way of anything.

Online traders? are very interested in reliably determining who is going to pay them, which computer is used for that is pretty much irrelevant.

The one simple problem with Trusted Computing is that it is purely and exclusively aimed to allow media providers to determine what a computer can and cannot do while playing whatever media.

DRM is oen side of that, wanting the same type of control as DVD offers (unskippable parts etc) is another.

The consumer is not served by this, and except for the cryptogrpahic id, it is very much useless for anyone other then media providers and software makers who need strict control over the runtime environment.

The price the consumer will pay comes first fo all in the form of loss of flexibility, and in the long term a dramatic increase of the cost of general purpose computing combined with a huge push toward specialized multi-purpose 'black box' devices.

Maybe we just should start living with the fact that if you need such a controllable device, you should make such a device and keep it out of general purpose computing.

In that sense, the French minitel network may be outdated technologywise, but it did definitely offer what merchants, banks as well as customers needed to do transactions that are way more reliable then anything possible on the internet today.

And the fun is that you can emulate those devices on a pc but transactiosn depend on something like an external card reader.

Anyway, it is not the computer but the user that is of interest to online trading, posing TCA as a solution for that when all it provides is runtime control and indentification of the computer is simply utter bullshit.

Re:the problem with trusted computing.

[the_mad_poster]

(;-))

Emoticon with a combover?

Re:the problem with trusted computing.

[Our+Man+In+Redmond]

Every time I hear the phrase "trusted computing" or "trustworthy computing" I think of the "trusted" prisoners who get to work in the prison library. It's the same level of trust, and the same overseers doing the trusting.

this just in!

IBM has had thinkpads containing TCPA chips for years! On top of that, they provide a Linux driver for it on their website!

Re:this just in!

[capn_nemo]

Just wanted to point out that the 2nd of the listed papers on this IBM link, "TCPA Misinformation Rebuttal" is an excellent explanation of the differences between TCPA, Palladium, and DRM. It also helps explain fact vs. fiction in much of the misinformation circulating about what TCPA can and cannot do. An excellent read!

http://www.research.ibm.com/gsal/tcpa/

Re:this just in!

[ajs]

The line I found most interesting in IBM's "Why TCPA" paper was:

"... the TCPA chip is not well suited to DRM tasks, and IBM's implementation of the chip was neither designed nor evaluated for the necessary tamper resistance needed to provide effective copy protection..."

Interesting stuff, and certainly not what I had been lead to believe previously. Anyone out there that's looked at TCPA to verify this?

BIOS DRM Labeling

[codeonezero]

If I remember correctly doesnt the Record Industry have to label "protected" CDs?

Would be a good idea if these PC manufacturers labeled their PCs as using BIOS DRM.

That way an informed consumer can make a choice whether or not they want DRM on their system.

Just a thought.

Re:BIOS DRM Labeling

[ultrabot]

That way an informed consumer can make a choice whether or not they want DRM on their system.

It won't matter much, because most people don't care either way. Worse yet, the salesman simply tells the customer that the feature will "enable access to new media formats" and the sucker takes the bait.

Re:BIOS DRM Labeling

[IANAAC]

It won't matter much, because most people don't care either way.

But people will start to care once stories start coming out of people not being able to run their software that they "brought home from work".

You'll then start to see people actively looking for PC's that don't have DRM enabled.

Re:BIOS DRM Labeling

[BiggerIsBetter]

You'll then start to see people actively looking for PC's that don't have DRM enabled.

And shortly after that you'll find that PCs that don't have DRM enabled aren't available unless you're a government agency or a corporation on contract to one.

Next thing you know

[captain+igor]

We're all going to be surfing the net with a government approved "conduct officer" standing behind us.

Re:Next thing you know

[Jon+Abbott]

We're all going to be surfing the net with a government approved "conduct officer" standing behind us.

Kinda like this?

this is old news

[sulli]

my windows 98 laptop has a backup of windows on it. this is nothing new at all (except that it's in a "hidden" HD partition).

Re:this is old news

[cayenne8]

Great..so, if you buy a computer...it is STUCK with the same version of windows forever????

(Assuming you buy a Dell or other one that won't ship without an OS on it..."

Whoops there goes another rubber tree plant...

[Thud457]

Well it's time to add Samsung to the anticorporate do not buy shitlist.

Good thing I build all my computers from components recycled from the dumpster bay at Texas Instruments in Austin.

Re:Whoops there goes another rubber tree plant...

[Pumpernickle]

Finally! I meet someone who agrees with my plan to make a beowulf cluster of TI-85s!

How's the processing speed on it? :)

Re:Whoops there goes another rubber tree plant...

[TrentL]

Well it's time to add Samsung to the anticorporate do not buy shitlist.

I wish I was a regular consumer of Samsung products so that I could stop buying them now.

Not a PC

[FrostedWheat]

So this is the dawn of the Unpersonal Computer? One that hides things from it's users and gives control to other people.

Screw that idea!

Time to start stockpiling hardware...

[rc.loco]

...or treat this as impetus to finally make the switch to Apple-based computing.

Vote with your dollars, folks.

Trusted?

[Ckwop]

I just refuse to believe that the Trusted Computer Initiative will deliver more secure computing.

The XBOX was an attempt at some kind of DRM and it got hacked to pieces because DRM is just impossible. Plus the fact that Microsoft write overly complicated software with bad tools and bad programmers.

But Microsoft bashing aside, they aint alone. I don't think there is any company or organisation capable of deliverying decent computer security at the moment.

The tools do not yet exist to manage projects containing millions of lines of code in a way that won't introduce security flaws.

Si.

Re:Trusted?

[jacksonyee]

The problems with digital information management have never come from the tools and software involved. Design flaws in the software can certainly make it easier to do stupid or ignorant things, but the real issue is that the vast majority of computer users view their computer as an appliance like a dishwasher or a laundry machine rather than the complicated, time-consuming device that it really is. As such, they will never take the time to proper train themselves on security and rights management.

In the corporate environment, this is not that large of an issue since the IT department normally takes care of training, containing, and issuing permissions. In the SOHO market though, this is a real issue, and this is one reason why these Microsoft worms have been spreading as fast as they could. I would love it if computer use was regulated the way a car was here in the U.S. You're allowed to do whatever you want with it when you're on the roads, but you have to be trained to use it before you can drive, and you have to be periodically inspected to make sure that you're not a danger to everyone else on the roads. It sounds like a big hassle, I know, but I really think that it's the only way to rid us of the ignorance clause, even if it involves nothing more than studying a pamphlet and answering 20 out of 25 multiple choice questions correctly.

Re:Trusted?

[jav1231]

Oh that's great. Let's limit freedom in exchange for perceived security? Anytime you talk about placing a restriction on freedom, you should default to "No" and be convinced otherwise. I don't think regulation is the answer. Nor, however, do I think Trusted Computing is the answer either. I think some ISP's have a decent approach. If your home PC is a security risk, I'll notify you to either fix it or lose your access to the 'Net. Once off the 'Net, I have the right to have a buggy, virus-ridden PC if I so choose...or just do 'cuz I'm stupid. In the long run, the answer is education. Knowledge is ultimately the key. People must take it upon themselves to learn more about PC's and computing in general. Requiring some sort of license or permit is just not the anwswer for the US.

It will never work

[Tuxinatorium]

It will never work until program encapsulation is implemented in the ISA. These silly software switches will be easily circumvented.

Re:It will never work

[John+Courtland]

Circumvented or reburnt. If we are able to flash the area of the chip containing the "TCPA" bullshit, then we can just inject our own "trusted" code on there. Since the code can't possibly be too complex (unless a Linux/BE/DOS/all non-Windows lockout is attempted) it shouldn't be much to dump, disassemble, and alter.

BIG BROTHER INSIDE

please nip this in the bud
Spread the word: DO NOT BUY THEM
send a clear message of dollars (or lack of them) that we do not want "BIG BROTHER INSIDE"

Honest question

[kneecarrot]

Besides anti-MS statements and rhetoric about DRM, can someone actually tell me how this will affect what I can do with my computer?

Re:Honest question

[midav]

It is not the question of what YOU can do with you computer. It is a question what OTHERS can do with your computer. You (and I mean it in general sense) do not need this feature to operate your computer.

Re:Honest question

[RickHunter]

Let me put it this way.

Right now, you have control over your computer. You control what gets installed, what can run, and what you do with your data.

This means that you can no longer do any of that except insofar as whoever DOES have control of your computer sees fit to allow you to. In other words, you no longer own or control your data.

Re:Honest question

[IgnoramusMaximus]

As the other posters mentioned from the "basic consumer rights" standpoint you will no longer be in charge of your own computer but the signatories to the "trusted computing" will.

One additional note: It is very likely that anyone wishing to make software that would install on your PC will need to obtain a license from whomever is the encryption key issuing "authority" in the "trusted" computing world. This will put an end to making your own sofware and also it probably will financially impact small software companies. Not to mention that it will give total control of what software will be granted a "license" to the few signatories of the "trusted" computing. In essence Microsoft will get to decide who will be allowed to make software for the PC platform.

Re:Honest question

[Unknown+Kadath]

First, I think it's partly the fear of being poised at the top of a slippery slope. (Granted, the "slippery slope" argument is a logical fallacy--but debates are not won on logic alone.)

So it's completely peachy and great that there's a backup copy of your OS partitioned off on your drive, and tech support can just walk you through a reinstall unless you somehow managed to hose the partition.

Then, they start shipping computers that do an automatic OS reinstall when certain conditions are met. Maybe annoying for power users, but it will serve most people well.

Then a third-party vendor asks, "Hey, can we get in on this? Have our software phone home telling how the owner uses it. Then we can improve future versions." Annoying, but for a good cause, right?

Then the data this third-party is getting shows that people are jumping ship on their application for one that costs less, and they cripple cross-functionality...and keep sending updates to your computer even if you patch it back the way you want it to be. But you don't get to say anything, because you clicked Yes on the EULA.

Then, seeing the success, a bunch of other vendors jump on the "trusted" bandwagon, and suddenly your computer is about as much yours as if it were part of a bot net. Incremental steps toward a worst-case DRM-everything, your-PC-is-controlled-by-vendors future is what the worry is about.

Is it a justified worry? Given the tendency of, well, humanity to take a mile when given an inch, and the disturbingly long and broad reach of corporations, I'd say yes.

Second, I think the furor over trusted computing is a matter of principle. Allowing control of one's computer to be placed in the hands of one or many corporations, or the government, is something many people, me included, find abhorrent. It's a thread of libertarianism (little "l," moderators, not the political party) that, as far as I can tell, runs through a great many of the more common Slashdot opinions. ...which is not precisely an answer to the question you asked, but does explain why the question you asked is not precisely the right one. ;)

-Carolyn

Re:Honest question

[back_pages]

Another way to look at it is that there are two kinds of computer users: Those for whom the computer is a big mystery and are constantly plagued by spyware, popups, et cetera; and those who know how the computer works, solve their own problems, and could generally be known as computer enthusiasts.

With DRM infected appliances, the latter is locked out of their own machines to a certain extent. You'll no longer have the ability to solve your own problems but have to rely on the magical mystery software that comes with the computer.

The distinction will probably be slight at first, but I think it's hardly appropriate to call a DRM infected machine a "computer", since there will be technology in place to prevent the owner from doing certain general purpose computations. DRM infected machines will be entertainment/office appliances and horribly undesirable to people interested in their computers.

Re:Honest question

[plcurechax]

For a slightly doom-spelling (unforunately Ross tends to be right far too often) check Cambridge University professor Ross Anderson's Trusted Computing FAQ. There is also his Cryptography and Competition Policy - Issues with `Trusted Computing' paper as well.

You can also look at documents at Trusted Computing Platform Alliance, and I recommend reading The TCPA; What's wrong; What's right and what to do about by William A. Arbaugh

Re:Honest question

[Alsee]

I submitted the article.

I've a programmer and I've been reading the techincal specifications on the system. I'm pretty much an expert on it. I will keep this post as non-technical as I can.

Trusted Computing pertty much does two things. Number one, it keeps some keys hidden inside a special chip. These keys are sort of a cross between a unique seirial number to identify your computer and a password to lock files. The nasty part is that it secures the computer AGAINST the owner. It locks your data such that YOU can't get at it, except in the approved manner. Number two, it allows other people to "look" inside your computer to see EXACTLY what programs are running - it snitches on the owner.

If you don't like something about how your computer works and you try to change anything, your files go dead and unusable. If you try to change anything then whenever you connect to a website or any other machine, and that machine asks to "look" inside, then your computer will report that the owner has made an "unauthorized modification" and the other computer will refuse your connection.

To put it in more concrete terms, say you go to a website. Say the website has ADs. As soon as you try to connect the website will ask to peek inside your machine. If is sees that you have pop-ups blocked it will refuse to you see the webpage. It will be impossible to see the website unless you "voluntarily" view their ADs, and do so in exactly the manner they want.

If you go to another website it can refuse to show the webpage unless you install their spyware. If you refuse the spyware it is impossible to see the webpage.

Microsoft is advertizing new DRM e-mail. If you you don't have a Trusted machine, or if your machine is non-compliant then it is impossible to see the e-mail. If your machine is compliant then you can see the e-mail, but your computer will be physically incapable of printing out that e-mail or saving it or forwarding it, and your computer will enforce it's deletion after a certain date. Some companies (like Microsoft) will love this feature because it means that old incriminating e-mails vanish and can't embarassingly pop-up in court later.

Cisco has announced a new router. It is supposedly an "anti-virus" system, and even the Slashdot story on it reported "Cisco to block viruses at the router". Actually it does not block viruses. What is actually does is look inside your computer to verify that you are running specific approved software. The *advertized* purpose is to check that you are running approved and up-to-date anti-virus software and firewall. It then locks out any potentialy "vulnerable machines" becuase they are a "threat" becuase they "might get infected". If your ISP isntalls one of these machines then you will be denied any internet access at all unless your machine is "compliant". It you aren't running Trusted Computing then they can't verify compliance and you are denied acces. If you aren't running EXACTLY the software they require, or of you alter it in any way, then you are denied internet access. And they can require you to run anything they like, not just security software. Tehy can require you to run software that forces your computer to throttle your own internet connection speed. They can force you to run software that displays ADs. They can force you to run software that tracks everything you do to collect marketing data.

The President's Cybersecurity advisor spoke at a computer conference where he called on ALL broadband providers to install such routers and to REFUSE access to anyone not running a Trusted Computing compliant system.

Pretty much all software will require "Product Activation". It will be impossible to even install the software without submitting to any activation procedure they dream up. If you try to alter the installed program in any way then your data will be locked and unusable, and the software won't run at all.

It will be impossible for people to make interoperable software. And "secure" data saved by on

Re:Honest question

[IgnoramusMaximus]

I really don't think anyone is seriously considering such a system; maybe in ten years..

Yes they are. The timeframe might be long, but as someone else noticed insightfully on this thread, the DRM technologies are a slippery slope of small increments leading to the demise of Personal Computer to be replaced by Personal Computing/Enterntainment Appliance. The people who wish it to be so are wealthy, powerful and prepared for a long-haul battle since profits and control that could be gained by forcing everyone to use DRM are truly immense.

Re:Honest question

[Unknown+Kadath]

Oh, I agree with you. I should perhaps have said "debates are not won on formal logic alone." Just because something can't be formulated into a Boolean proposition doesn't mean it's wrong. (I would have had just as many replies from people saying "Slippery Slope is a logical fallacy!" if I hadn't included the caveat, though. ;)

Still, it is better to frame objections to a course of action in terms of principles. "Trusted" computing is not odious because it may be put to bad uses. It is odious because I object on principle to ceding control of my computer to anyone, especially a paternalistic government or corporation.

-Carolyn

Re:Honest question

[bhtooefr]

FUD, FUD, FUD. I disagree with TCPA, NGSCB, and DRM, but what you said about TCPA not allowing "untrusted" apps to run isn't true. It'll definitely allow untrusted apps to run (not talking about OSes) - it'll just not allow said untrusted apps to access data (unless a hole is found in the TCPA system).

What really worries me

[onyxruby]

What really worries me is the unannounced DRM / Trusted Computing BIOS boards that will be coming out. Since this is an anti-consumer feature, and the BIOS companies know it, they don't want to impede their rollout with a consumer backlash.

I recall something about one of the Phoenix guys saying that the consumer was not their customer, the media companies were. DRM put directly into the BIOS, with no option to get a motherboard without it is going to be a real issue. Reminds me of when all the local banks in my area added thumbprint for check cashing on the same day. You couldn't bring your business elsewhere because they all did it.

So wants to start up a BIOS company?

Re:What really worries me

[stratjakt]

I recall something about one of the Phoenix guys saying that the consumer was not their customer, the media companies were.

Uh, no.

He said that the motherboard manufacturers are their customers. Which is true. Have you ever called pheonix and ordered a BIOS?

He said nothing about your imagined conspiracy theory about the "media companies".

Oh, BTW, the FDIC mandated those thumbprints.

Re:What really worries me

[NinjaPablo]

You might want to take a look at the LinuxBIOS project if you're interested in an unrestricted alternative.

It's time

[piquadratCH]

OK guys, I think the time is come to buy one last decent computer before this whole TPC-NGSCB-hell breaks loose...

Consumer Aspect?

[RandomLinguist]

In general, I think that most /.ers would agree that invasive DRM practices are not a Good Thing(tm), but I wonder how the general public will see these initiatives, if at all. I think that either of two things will happen: People inexperienced with computers will see the nice friendly keywords like 'safe' and 'trusted', and favor these products out of fear, which is obviously what the manufacturers want. Alternatively, Joe User, who neither knows nor cares about security will simply ignore such concerns as fine print, since any kind of technical explanation is of no interest. Unfortunately, I think the principal outcome may be that, like it or not, these Trusted Computing initiatives may propagate, either from adoption by fearful masses, or simply by sliding under the average consumer's radar.

.. and in other news

[Quixote]

Samsung will now install the Phoenix Core Managed Environment (cME) BIOS in every computer they make.

... and in other news, geeks (who make the majority of the purchasing decisions worldwide) have decided that they will boycott every computer that Samsung makes.

I'm sure they will

[Kjella]

...and consumers will buy it because it's a "feature". This wonderful new "trusted computing" will give you access to all sorts of places, simply because we're not going to offer access to anyone else. See?

Kjella

The proles are our only hope.

[Thud457]

The general population isn't as stupid, ignorant or sheeplike as us slashdot elitists like to think. If this actually pinches people, they'll kill it off quick enough.

Case in point : DIVX.

It wouldn't hurt for slashdotters to educate people when the chance comes up. To be effective, try to be informed, not shrill.

Re:The proles are our only hope.

[derphilipp]

You are right but some things make me think different: o If Trusted-Computing is established once - how can you get rid of it ? o Will Joe User care more about a huge Diskdrive and a shiny graphic card to play the newest games - or about "technical stuff" like Trusted Computing ? I don't think people are dumb - I think they just don't care because they don't know enough about it and don't get informed...

Re:The proles are our only hope.

[jedidiah]

Trusted computing will hit people right in their wallet. For this reason alone, consumers will revolt. Think of all of the bruhaha that TurboTax caused with their strict licensing management last year.

The "PC revolution" was built on casual piracy. When media moguls try to eliminate that sort of network marketing, they do so at their own peril.

Re:The proles are our only hope.

[rokzy]

you mean the way Windows XP is cheaper than previous versions since it has activation codes?

Don't worry , its only the BIOS

[Viol8]

Why this is going in the BIOS beats me since most modern OSs (certainly linux) and even windows use the bios as something to boorstrap their boot
loader whether it be LILO or NT loader. After that the bios is bumped out of memory and ignored. Windows may well use portions of this BIOS if it suits MS but linux and other
OSs can just happily ignore it and nothing will change. Or have I missed something?

Re:Don't worry , its only the BIOS

[Amnenth]

Let's just hope that the BIOS dosen't require the bootstrap code to be digitally signed or something.

BIOS ERROR: Unsigned bootloader (LILO) detected on Primary Master drive.

Re:Don't worry , its only the BIOS

[stratjakt]

The bios now has crypto features to authenticate 'trusted' applications that the OS can use, or choose not to use. IIRC, it can be completely disabled in the BIOS.

Even if MSFT, in some future version of Windows, decides that Windows won't run at all unless it's enabled, it still wont have affected linux.

Making "trusted" computing go away

[arrianus]

I would like to see whether this is, indeed, trusted computing. The article was somewhat vague in some ways. If it is the full-fledged hardware portion of the Pallidium initiative, as part of the article implies, it's very, very bad. If, instead, it's a way to save money on a system restore disk by having the hardware hide a portion of the hard drive from normal software, it's annoying, but probably fine, depending on how it is done (if there's a PKI, that's bad, but if it's just read-only, that's fine).

If trusted computers do appear in your area, I would suggest the following strategy for making them go away:

1. Order a trusted computer from one of the trusted computer makers
2. Return it
3. Go back to step 1

This assumes the companies have a 30-day no-questions-ask return policy (which is usually the case). You can even say that the "trusted" computing was the reason you returned it. Once they start losing tons of money, it'll go the way of DiVX (not the codec -- the old DVD standard which needed to call home to get authorization). It was pushed by Circuit City, which had a ton of people do this to them, so they introduced restocking fees, and lost a lot of customers who knew nothing about DiVX. Eventually, Circuit City backed off the DiVX thing.

If you want to be illegal (which I don't recommend), some people have a modified scheme:

1. Order a trusted computer from one of the trusted computer makers
2. Take out the batteries (which are potentially explosive), and connect the battery plugs or some port in back to 120VAC, thereby frying the motherboard
3. Return it as defective
4. Go back to step 1

This costs them a heck of a lot more, and gets around the place of returns without restocking fee. If you need to buy a DRMed product, you can also use this to make sure the company pays the manufacturing costs for 2 of 'em instead of one, and loses money on the sale. It is, however, illegal, and probably unethical.

The question is though,

[pair-a-noyd]

who the hell would buy a Samsung computer anyway?

I'm building a computer...

[Cyno01]

I was gonna buy a Samsung monitor, DVD drive and floppy drive. Now i'll be getting a Phillips, Lite-On and oem brand. Let them know with your wallets people.

Re:I'm building a computer...

Indeed... I was about to buy a new Samsung monitor next week.

Posted as "anonymous" because I don't want my girlfriend to know I bought a monitor while she was gone....

Re:Not a PC - UnPersonal Computer

[Jtheletter]

That dawn has already happened, it's called any MyDoom.x infected windows box which is now a port for spammers.

This is Bob Barker reminding you to help control the spam population and have your operating system spayed or neutered. (patch patch patch!)

I wonder....

[ronfar]

I wonder what Sony would do if Microsoft wanted to put out this BIOS that would only run Microsoft operating systems. Would they put such a BIOS in their computer? Come out with VAIO Linux? (Or maybe more realistically, a proprietary VAIO-OS based on BSD?)

I think Microsoft and Sony are locked in a struggle right now (hence the XBOX, Microsoft's shot accross Sony's bow), so I can't see Sony going along with this.

I've a TC bios in my computer

[0x54524F4C4C]

Got it 2 weeks ago while travelling to South Korea. The Samsung desktop was pretty heavy to handle in the return trip, but I think it was worth the trouble. Now I have a computer that can only run the software that Microsoft allows, so no viruses or open source suspicious code will run on it. This feature is what I was waiting for. Now I won't need to run antiviruses and firewalls just to make my computer safe, while taking over resources from other applications. I wonder if Linux will be able to copy this feature, or if its developers will steal code as they did with SCO.

I will not...

[adamgreenfield]

ever use one of these machines at home. Flat out I don't agree with it. It would be the equivilent of car makers telling me what I could do with my engine, or what kind of tires I could put on it. Then enforing that by saying if I don't my car won't run.

I don't think that the majority of business will look at this situation and care, and even *IF* consumers reject it, I think that we will see it in the work place is some form at some point, however we didn't *really* have control over our workstations anyway. If my company chooses to give control of my workstation to Microsoft (or anyone else), I guess that is their choice.

However one of these machines has no place in my home. I thinks its a bad idea, but I'm not sure that people will see it (buisness minds anyway) until its too late.

Speaking with your wallet...

[Jtheletter]

is great and all but without a massive movement that information doesn't always flow upstream very quickly. In other words speak with your wallet and with your voice. Email is still free (mostly) so everytime your specifically purchase a non-DRM product over theirs write and tell them! Let them know how much $$$ they're losing on a sale-to-sale basis. Companies live and die by numbers and having another level of data tells them even more forcefully that, yes a boycott is in progress, and they're actively losing our money.

Re:Speaking with your wallet...

[nostriluu]

Absolutely. I've often thought it would be nice if non hegemony users would collectively buy hardware that was completely free & open. For maximum effect, "everyone" waits three months for their next purchase, and buys identified, free, open, performant and well supported hardware at the same time, hopefully causing a blip on screens somewhere. With the number of vendors that are out there, it could make some realize the advantages of opening up.

Of course, this is somewhat contrary to the hacker goal of supporting everything that has an (electrical) pulse.

Trusted vendors being obnoxious

[Kurt+Gray]

So what makes an application "trusted" is that it has been blessed by Microsoft, ie. any software publisher with the funds to pony up the fee to Microsoft to get the trusted seal of apporval I suppose. So that's supposed to make computing more secure... and what is a "secure" computing environment anyway? Most of us define a secure computing environment as a desktop we can work at where our data is secure, private, stable, and uninterupted by rogue applications that pop up in your face unexpectedly refuse to be ignored... this is where "trusted" vendors are trying our patience. It has become more common for every Windoze desktop application sold today to hag nag screens popping up for any number of reasons: "Do you want to check for updates?" ... "Do you want to register now or be reminded to register in the next 15 minutes?" ... "Would you like to see some exciting new offers? I'll just go ahead and add them to your bookmarks menu anyway..." ... and all this happening when the offending application is not even running! Desktop software is becoming increasingly intrusive and interupting the workflow process.

So I ask you, what's worse: having a malicous virus annoy you and interupt your workday or having an application you paid for essentially behave even worse? At least virus authors don't nag you to register.

So my point is "secure" and "trusted" computing is obviously a joke when the companies driving this initiative are more intrusive and disruptive to the average work day than most virus authors.

I think businesses DO want this...

[CompSci101]

Hey all,

While it's easy for us geeks to be upset by this, do you think that it's just the media companies that want this sort of thing?

For instance, Lotus Notes (used by corporations "serviced" by IBM the world around) has a nifty feature whereby should a sender wish, they can block access to many client features like, oh, printing or forwarding. Making an unpopular/possibly illegal move with your company? Do it by e-mail! No whistleblowers (save the truly geekiest that can get around this sort of thing) will bother you. Being subpoenaed by the FBI (like Microsoft has been over and over and over again via e-mails)? Have your trusty computer eat it! Simple!

The geeks, for our part, must take a stand and make sure people who buy this equipment are appropriately punished for it. This includes our friends and family -- if they buy something containing this sort of embedded DRM, refuse to help them with anything and everything regarding the cursed device. Assuming you'll be able to get around the DRM and help them to begin with...

Bah. Paranoia sucks.
C

My worst nightmare...

[Thud457]

DRM becomes prevalent, and Gator learns how to use the DRM features to make itself uninstallable. And every GD spamzombie worm soon follows.

Hmmmm...I wonder...

[GeneralEmergency]

...could it now be the time for an open source BIOS project?

These things are all now flashable anyway, right?

Re:Hmmmm...I wonder...

[Carrot007]

like http://www.linuxbios.org/ maybe?

I was thinking about ridding myself of extra MBs

[teamhasnoi]

but I think I'll just hang on to them. Not like I'll get any $$$ for them - right now...

Really, I think the first customer of these Samsungs is going to be some giant corporation that will pick up a pile of these and deploy them all over. Perhaps the Attorney General's office in California will grab some. :P

Companies like Verisign, Network Solutions, and Microsoft have shown that those who are supposed to be trusted, can't and shouldn't.

How is 'Trustworthy Computing' supposed to work when you can't trust the providers of the technology?

Think of the software lock-in and stranglehold that licenses are going to have on these machines - or the uselessness of a boat anchor when it gets hacked by a virus that will be allowed to run on it during its rollout period, or when it gets hacked.

Ugh. Keep your old machines, geeks! (Sorry, wives and girlfriends...)

A shame...

[praedor]

Now I am compelled to take measures to ensure that no potentially illegal activities (corporate) are able to be hidden by this DRM nonsense. I will have to bring a digital camera into my workplace as soon as I start running into unprintable emails, documents, etc. As soon as I get any document with an expiration/self-destruct date. I will start taking steps to ensure that all such items are "documented" via digital photography, if need be, so that I can safely be a whistleblower as required. I will not, under any circumstances, EVER be party to illegal activities by any corporation for the sake of money. I will not be party to unethical activity of any kind. If I come across such, I am compelled to blow the whistle and if M$ and other corporations feel the need to try to cover their unacceptable, illegal, unethical behavior via DRM crap, then I WILL sidestep it one way or another. I am honor-bound to do no less.

On a personal note, it is automatic that I will never ever again purchase any system that contains a phoenix bios chip in it. Old or DRM-enabled new, phoenix has ceased to exist as far as my money is concerned.

Easily hacked?

[tehanu]

People are saying that these computers are likely to be hacked very quickly.

I agree.

I also predict the reaction of the companies will be to
(1) make it even *more* draconian.
(2) Whine that the entire computer industry as we know it will be destroyed (and the terrorists will win!) unless Congress enacts laws that will make it illegal to break into "Trusted" computers which given the way Congress usually drafts laws will probably be so vague and broad that merely open the case of any computer (w/o a government sanctioned license) will count as infringement worthy of 5 years jail. (Maybe we should call this the Patriot Computing Act?) And if they are really good, enact laws force everyone to upgrade to Trusted computing within say 5 years or else via legislating that within 5 years every new computer sold in the US has to be a "Trusted" computer.

Remember, in the field of "intellectual property" and anything associated with "computers" or "digital" or "internet", if something fails, it's not because it's a technological impossibility, your business model is failing or your customers plain don't want it or even hate it. It's because you just haven't made it draconian enough, your customers are your enemies who need to be punished and made to toe the line and you need draconian broad-based legislation otherwise the economy will collapse, WWIII will happen and of course, the terrorists will win.

"before this hardware gets hacked?" Not the hard !

[da5idnetlimit.com]

The question should be :

How long before this BIOS is hacked...

And, more precisely, hacked and shipped whithout the extensions, or even funnnier,a modified bios with specialised settings to fry the mobo/cpu/Security chip....

Bios viruses existed at one time, when bioses where few... Having everyone using the same secure bios from one vendor (phoenix) could bring some interesting results in the long term...

+ On the side, I seem to remember that some chips makers use "windows only" application to upgrade the firmware of hardware, and that some others try to get the same thing to update the bios from within the Windows OS...

Knowing the high level of security provided by windows, the next betting question :
how long before the first worm designed for modifying the "secure bios" on a worldwide basis (install the virus, if it install from windows do it now, if needing out of Windows execution, mark the bios modifier to launch at next windows startup, using a sort of dos mode and a blank and/or fake "microsoft testing HDD" screen , or defeating the "trusted computing" security thingy by wiping out all the partitions on disks including the hidden ones...

This idea patented, if you do it, I'll reclaim a large sum to be taken from the "Wanted!" announce made for your head by Microsoft... 8p

Macs etc.

[H4x0r+Jim+Duggan]

Please do buy only hardware which lets you choose your OS.

This situation sucks because the only way we can fight it is by being Good Consumers - but since non-MS users are in a minority, the value of our informed consumerism is limited.

GNU/Linux is proof that if freedom only requires hard work, people will work for freedom - now the proprietary world realises that freedom must be made either illegal or obsolete.

Re:Macs etc.

Why would you want to install Linux instead of OS X on a mac?

Hrm, how about in the case of my G3 iBook it's less resource hungry, faster, and /far/ more stable?

Re:Macs etc.

[Tin+Foil+Hat]

A corrolary to this, and one we should remember, is that venerable quip "If voting could change anything, it would be illegal." IOW, watch your back.

That's the ticket

[stoolpigeon]

Go with apple and full vendor lock in. I'm replying here since this is the top comment I could find saying this. How is apple the solution?

The penchant around here for apple is proof to me that more linux geeks are interested in being a part of an 'exclusive' minority than in being involved in things that are open and free (as in speach).

Re:That's the ticket

[H4x0r+Jim+Duggan]

> How is apple the solution?

The problem with the new BIOS is that it controls your system software - actions must be validated. To make this work, unfree software will be required. This means that you mightn't be able to install GNU/Linux on DRM-PCs, or if you can, you'll have to run unfree software on your system to validate your actions.

The idea of Trusted Computing is that the content owners can trust your computer to do what they say. Code Is Law - except when the code is free. On Mac hardware, you can run a free code OS - so buying a Mac (and replacing the OS with GNU/Linux or *BSD) instead of a DRM-PC is a great idea.

Re:That's the ticket

[aristotle-dude]

Hmm. The PC hardware platform is more open? What was the name of that firmware Apple uses? Oh that's right. Open Firmware. It had been used by HP and Sun in the past. If you want to make a difference in the world instead of spreading fud about Apple not using open standards for hardware and software, petition PC makers to start using Open Firmware instead.

Re:That's the ticket

[bizcoach]

The only thing you need is a trusted 3rd party (GNU.org?) which have released the source for the Nexus, and have signed it.

The GNU project will never in any way directly or indirectly endorse the so-called "Digital Rights Management" (DRM) stuff which has no purpose besides making it more difficult to copy and distribute digital data.

The reason I would love DRM, is that I can go to a friends house, and use his computer, without having to worry if he has started a keylogger.

Preventing keyloggers isn't part of the job description of the implementors of DRM systems. Their job is just to (try to) kill the P2P filesharing revolution, nothing more, nothing less.

Re:That's the ticket

[metamatic]

OpenBIOS is a project to develop an open source implementation of the Open Firmware specification.

If you want to look at the OS X source code, you can get it from http://developer.apple.com/darwin/.

I'm not sure why the source to Apple's Open Firmware isn't available, but I imagine it's because they licensed it from one of the commercial Open Firmware vendors.

Re:That's the ticket

[osu-neko]

You tell me what the apple users options are when apple decides to make a change. They can accept it or leave apple.

Right.

When a manufacturer does something I don't like- I just go to another manufacturer.

Exactly. So, as you've just pointed out, what the apple users' options are and what other manufacturers' users' options are are the same: you don't like what they do, you leave that manufacturer and go with someone else...

Did I miss your point somewhere? I thought you were suggesting the case is somehow worse for Apple users?

Give positive feedback to the good guys as well

[FreeUser]

Speaking with your wallet is great and all but without a massive movement that information doesn't always flow upstream very quickly. In other words speak with your wallet and with your voice. Email is still free (mostly) so everytime your specifically purchase a non-DRM product over theirs write and tell them! Let them know how much $$$ they're losing on a sale-to-sale basis.

Excellent point, but it does not go far enough.

Each time you make such a purchase, tell NOT ONLY the DRM manufacturer why they lost a sale, be sure to also tell the DRM-Free manufacturer that you bought their product specifically because you value consumer rights and resent their competitors. In other words, give positive feedback to the people who are doing the right thing as well...lest they be befuddled by the likes of Microsoft as well.

Re:Making "trusted" computing go away (on ethics)

[ronfar]

It is, however, illegal, and probably unethical.

For what it's worth, I don't think it is unethical, but I think it may be bad strategy. If a person got caught doing it, it would reflect badly on any organized resistance to trusted computing.

Unethical, though? Think about the future we'll all have to deal with if this comes to pass. I don't want to live there, do you? These corporations don't have the right to do this to humanity, or even to make the attempt. Therefore, they lost their right to make a living, to own property, or to continue to exist as organizations when they started doing this.

They aren't taking away our rights with just bad hardware and software, that wouldn't be a threat. They are taking a two pronged approach, making the bad hardware and software and changing the structure of laws and legal rights to make the alternative illegal. (If it was just the former, I wouldn't care.)

The sad thing is, where this is really being lost is on the legislative front. Everyone brings up DIVX, but these companies all learned from DIVX. DVD is hardly purchaser-rights friendly, but it has won.

What we really need is some way to attack this problem that is as effective as the GPL was for software, but part of the problem is that the GPL was based on previously existing copyright law, not custom crafted laws created by the adversaries themselves.

Trusting you to do the wrong thing

[poptones]

The problem is "trusting the user" MOST often means "trusting" someone to download any shit that pops in front of them in a pretty package, "trusting" them to NEVER update their system to clear up known security problems, and "trusting" them to leave their system online, no matter how badly corrupted it is, until it is so sick it no longer functions at all.

Remember "eXistenZ?" It's like that - half the world's computers are under the control of anyone willing to run regular nessus scans and a few backdoor control panels. So.. yeah, maybe some in the linux crowd resent this because the boon won't last more than a few more years. But honestly, something HAS to be done. If that means creating software and system that then set the precedent of forcing corporations to become responsibe administrators of the systems they market on wide scale, so much the better.

This doesn't mean I have to buy one, or that there won't always exist other mechanisms for connecting to the public internet. But most people don't know a fucking thing about free specch - hell, many of them believe "free software" is illegal in any form. All they want is a terminal in their home that feeds them the latest buzz from aol and msn and ebay - and the internet is a fucking mess today because of these users and their five year old Windows 98 and ME security siphons.

The internet exists well outside the US, and many countries are making a giant leap in the direction of OSS. Combine that with a giant push toward obsoleting those fucked up "legacy" systems and we all move closer to a more secure AND more usable internet for everyone.

Sorry... I'll go put my chicken little costume back on now and join you all back at the shack...

DON'T BUY IT!

[hanssprudel]

No, that paper is a basically a bunch of mis-leading propaganda designed to obfuscate the truth that TCPA exists solely for the purpose enabling Palladium and Palladium type DRM and user controlling mechanisms.

Read the EFF report to see why if TCPA were not designed with user control in mind, they could have implemented some very simple changes (user override) to make sure that the user had access and control over all aspects of his own machine. They didn't: instead they opted for to create a system whereby the TCPA chips can be used exactly for the things they claim they have nothing to do with (shipping them with so called "Endorsement keys" which are vendor signed, user inaccessible keys that can verify to third parties that you are using an Operating System that they like).

The logic of the rebutle is backwards all over the place. For instance they claim that TCPA is not for DRM since the chips are not tamper resistant to hardware attacks: This rather shows, unlike what some people have argued, that the chips are not designed to help against things like hardware theft and corporate espionage. For DRM you don't need tamper resistance since laws like the DMCA will keep the means of tampering out of the hands of most of the population.

Also, the argument against the endorsement keys being used for DRM is something like "nobody has a system to running for signing and verifying them today" which is supposed to convince us that such a system will not exist when they are widely deployed (note that as a feature they are 100% useless without such a system.)

Re:DON'T BUY IT!

[Zork+the+Almighty]

Linux doesn't mitigate anything, since the BIOS verifies the operating system binaries, and the operating system verifies application binaries. Good luck recompiling anything, let alone modifying the source code.

Re:DON'T BUY IT!

[Hobbex]

My god did you fall for their lines completely. You bet they have a Linux running on it, if you want, they will even tell you have they have an open source implementation of all the drivers. "It's open source so it has to be good."

But you are missing the point 100%. Why do DRM systems have to be based on closed systems like Windows? Why can they not be open source? Because they have to act against the user, and if they were open, the user to could modify them to act in his interest instead. But the whole point with TCPA is to sidestep this: because the part of the process that acts against the users interest is embedded in the chip, whether you can modify or see the software or not doesn't matter in the slightest.

Re:DON'T BUY IT!

[Minna+Kirai]

That kind of ignorance is seriously dangerous. Linus himself has explained this topic in detail.

How would they force you to use such a thing?

They (the Evil Giant Corporation) compile Linux for you, and send you the kernel image (either included with the computer, or downloaded as a later upgrade). They have computed a cryptographic signature for that kernel, and transmitted it to the DRM chip (which only they can control, not you).

That chip will only load a kernel if the signature matches- if the kernel is on a short list of approved kernels. The corporation can still give the Linux source code to their users (as required by GPL), but those users cannot then edit+recompile+run the kernel, because it'll be rejected by the DRM chip.

Therefore one of the major benefits of Free/OpenSource software has been killed by DRM (and the new federal laws that make DRM possible)

PS. That's only half of the way they "force you to use the thing". The other half is the propagation of trust from hardware to kernel to application, which should be obvious if you read the EFF pages.

Just sent my tinfoil email off to Samsung..

[msimm]

Someone suggested that we speak up. I'm game:

I am writing you to share my disappointment over the announcement of your planned use of the DRM enable Phoenix bios. I believe that any product that contains 'features' able to limit users in their freedom to use their computer (and included data) is an anti-consumer feature. I can not in good conscience support a company who willingly chooses to support such a technology. As a the chief technology representative for my company and a trusted knowledge base for many family and friends I am afraid I will have to recommend against any purchases of Samsung hardware or equipment.

I understand that these time are hard between the push from big businesses and media conglomerates and the promise of additional features, DRM can sound like a very appealing solution. Unfortunately at this time I do not believe DRM to be beneficial to the consumer and must make my recommendations based on the very real possibility that this technology will be used to the disadvantage of the consumer.

Thank you,
My Name (ha ha I have more then just a NICK!)

Extending the Monopoly

[sycodon]

This has been covered in a previous discussion, but it may be appropriate to revisit the topic.

If Windows is integrated into the BIOS, then presumably the computer makers would have to pay M$ for the privilege of selling this BIOS. Fine. No problem because the computer makes will be able to sell systems with regular BIOS.

But Wait! Now M$ tells the manufacturers that if they do use regular BIOS, then they won't sell them the rights to use the "Trusted" BIOS or they charge more for the "Trusted" BIOS. It's Deja Vu all over again.

So then all the manufacturers stop selling anything that does not use the "Trusted" M$ owned BIOS, which or course will not work with Linux, or anything else other than an M$ OS. And maybe even the latest one. No more foregoing those paid upgrades.

Just Say No

By actions they have shown active avoidance.

[SuperKendall]

But your PC will - and Apple, by actions they have taken, have shown they are interested in the user having control over the computer. Audio DRM that lets you burn as often as you like, and makes the files your own. Use of Open Firmware and other open technologies (like Darwin or BSD). Lack of product activation on any Apple software.

As we all know "trusted" computing is eaxctly about not trusting the users. Apple trusts the users, and therefore has no reason to deploy a "trusted" platform (which also adds cost, a double whammy).

Basically, Apple is your last large commercial hope. If you want to stop stuff like trusted computing, then head over and support the vendor who is at least trying to head the other way, instead of joining the crowd headed down the path you don't like.

Re:By actions they have shown active avoidance.

[Daltorak]

If Apple really believed in letting users have control over their computer, they would:

a) Allow other vendors to sell non-Apple-branded hardware that runs OS X;

b) Allow their own users to boot older versions of their operating system (By design, G5 users can't boot OS 9);

c) Make it easy for users to choose alternate themes and UI styles, without requiring non-free, buggy, third-party haxies like ShapeShifter. Apple is, after all, the only OS vendor left that doesn't include this functionality in the box;

d) Quit the practice of disabling software-only features between product lines; for example, iBook owners have to apply a hack to allow dual-display functionality via the video port. PowerBooks (which have the exact same OS) allow you to do this without a hack.

That's a partial list.... there are other things Apple does to enforce artificial limitations on users, that aren't the fault of the hardware itself.

Steve Jobs wants you to live your computing experience according to his personal vision -- one that will cost you extra money (especially when compared with Linux, but even Windows is much cheaper), and has a degree of uncertainty due to Apple's insistence on not discussing their upcoming OS products.

It's a great product, to be sure (I'm typing this comment on my iBook G4), but let's not fool ourselves into believing that Apple is less controlling than Microsoft is when it comes to user experience.

Re:By actions they have shown active avoidance.

[SuperKendall]

I just don't even know where to start. I'll just try and do a list.

Ok, all ready - just post the list someday when you're up to it.

If I understand your primary argument is that Apple hasn't done it yet so they wont. Your faith is misplaced.

Not according to what they've done so far. I've been very pleased. I listed the variety of fronts on which they've helped.

Apple is not a large commercial hope.
You cannot talk about both entities in this monolithic fashion. You can talk about apple as a single vendor- they have full control over what hardware is available to you. The PC world is exactly the opposite. And this is the key to my objection to this whole line of thinking. Every PC maker has not gone this route yet.

BUT almost every commercial vendors path in the pC world is dictacted by just as small a set of vendors - one in fact, Microdoft. If you need Pallidium to run Longhorn - there you go. What will all the hardware makers do?

There are still tons of choices within the PC world - from companies much larger than apple. I don't have to buy an overpriced apple machine

Nor do I, I buy the resonably priced ones instead. Plus of course my time is way too valuable to screw around with a PC anymore. I've grown up in that regard.

I don't buy Yugos for simialr reasons - I'd rather buy a Honda thanks.

to show that I wont buy this kind of crippled hardware. I can just buy a PC from another manufacturer. There is no logical reason for Apple to be the only alternative.

Yeah, too bad it's working out that way. It didn't have to be so, but PC makers have to go where Microsoft leads.

And don't say - "Well this is just the first. All PC hardware will be this way- but Apple never will" That is just fuzzy thinking at best.

It's careful act of observation and prediction. You might as well say we can't be sure the sun will rise tomorrow. Obviosuly nothing is 100% but as the old joke about the engineer says - close enough not to matter.

Not to mention that as I said, if you wish to put your foot down at the very least put your money into somebody not activley planning to support Pallidium. You can either buy Apple or some mothboard from a shady manufacturer.

Re:By actions they have shown active avoidance.

[SuperKendall]

a) Allow other vendors to sell non-Apple-branded hardware that runs OS X;

What's stopping you? You just won't be able to licence OS X to run on it, but you could build the hardware. No-one has because there is no money in it for anyone else.

b) Allow their own users to boot older versions of their operating system (By design, G5 users can't boot OS 9);

But you can boot any OTHER OS you like - like Linux. They just want to shut down use of OS9, which is the way of things with proprietary software. I'm sure in ten years there is going to be some Apple hardware that will not run Jaguar.

c) Make it easy for users to choose alternate themes and UI styles, without requiring non-free, buggy, third-party haxies like ShapeShifter. Apple is, after all, the only OS vendor left that doesn't include this functionality in the box;

I beg to differ. OS X ships with X11 which allows be to engane my wildest fantasies as far as window management goes - or as I said I can run X11.

d) Quit the practice of disabling software-only features between product lines; for example, iBook owners have to apply a hack to allow dual-display functionality via the video port. PowerBooks (which have the exact same OS) allow you to do this without a hack.

That is pretty annoying - but wasn't it a case of too little video memory to support Quartz Extreme in that case? I think there was at least a little technical reason behind that choice (though possibly it was just a matter of wanting to keep a feature unique to the Powerbook line, in whcih case I'll give you that one).

Steve Jobs wants you to live your computing experience according to his personal vision -- one that will cost you extra money (especially when compared with Linux, but even Windows is much cheaper), and has a degree of uncertainty due to Apple's insistence on not discussing their upcoming OS products.

But the vision he has is only a guide - you are free to remove yourself of it when you like. You could if you liked only use X11 apps on OSX. You could just install Linux. You can stick with the command line.

It's a great product, to be sure (I'm typing this comment on my iBook G4), but let's not fool ourselves into believing that Apple is less controlling than Microsoft is when it comes to user experience.

The difference between Apple and Microsoft is that Apple controls the user experience within its applications, but lets you leave if you like - whereas Micrsoft tries to make sure you cannot migrate elsewhere. Yes Apple is controlling in the UI space, but that's mostly it.

iTunes burns standard MP3's you can use anywhere - Windows media burns to Microsoft format files.

iMovie generates movies in standard MPEG2 you can do anything with - Micrsoft has you use thier own codecs.

We all know about Word. Apple ships with a viable very simple word processor - TextEdit. Just compare features of TextEdit to wordpad sometime!

Apple ships with X11 and a dev kit so you can do what you like. Microsoft would rather you stick to writing (and running) Windows apps, thanks.

Apple ships with a REAL set of command line tools, so at any time you are free to leave whatever restrictions you feel the GUI has. Microsoft has sort of addressed this with UNIX tools for windows, but I don't think it ships with Windows.

Trusted Computing is NOT DRM

[KidSock]

As usual there are many comments about how Microsoft is taking over your bios. Just because your laptop has a security device in it (my thinkpad does) doesn't mean Microsoft is going to gain control over your machine. People frequently speak about TCPA and DRM as if they refer to the same thing because TPCA is prerequisite for DRM. That is NOT true.

TPCA just means the motherboard has some hardware for generating and possibly storing cryptographic keys. There might also be some secure memory and other things that assist with performing security critical computing on a PC without someone deciphering the keys or reading private data or media directly from memory. It is a feature that should probably be considerd good particularly for people who wish to use such a computer for monitary transactions or other highly secure communications.

Digital Rights Management has to do with delivering media to a PC in a way that restricts the user from decoding and copying it as it is displayed on the target output device. TCPA would be necessary to do this but that is incedental (but not coincidental).

People think TCPA and DRM equates to the consumer loosing control of their computers. In some cases this will be true. Your employer could lock down your workstation tight as drum so you can't install that scewball program. But the TCPA hardware is just another couple of chips on the board. How keys are managed and how the secure memory is accessed is understood. I believe there's a GPL driver for the security chip in my Thinkpad T30. As for DRM, well ... too bad. You won't be able to rip that DVD or burn or fry or copy whatever. Last I heard it *was* illegal. Get out and play frisbee instead. Write your own music. Build a toy car with your kid.

China

[ickoonite]

As we've seen recently in Intel vs. China regarding China's own wireless standard (labelled GB15629.11-2003 for those interested), we can probably at least count on China to get hissy about this.

Simply put, whether the threat they perceive is real or not, there is no way they are going to allow American proprietary rubbish (with evil spyware code to boot) to penetrate the Peoples' Republic. So if we have to start importing all our parts from the commies, then so be it, but even if dumbass consumers in the West buy this kinda rubbish (and, as others have said, they undoubtedly will), it simply will not fly politically elsewhere.

The push for Linux in Asia is clear - HP are going to ship Linux boxen, China has variously shown its keenness towards the open OS, NTT DoCoMo are putting Linux in phones and so on - this kind of stuff really does matter. At the very least, American hardware manufacturers are going to consider the bigger picture before alienating large numbers of potential consumers.

Microsoft is not invincible. It has failed in the mobile phone market, failed to crush Java (now, of course, flourishing on mobiles) and has a long time to examine consumers' reactions before Longhorn comes out. I really don't think it will try to push this too hard...

iqu :?

What I want to know is..

[f0rt0r]

Who this 'Average User' guy is. He needs some serious computer training! Anyone have his email address?

i hate to say it

[mattyrobinson69]

but this could be the end for OSS. its obvious that its microsofts intention to force its operating system upon us all. if they can trick apple into licensing the gui code off them all those years ago, they can convice the courts (if they even get there) that they're doing it to protect us all.

bastard bush administration. they should have followed the anti-trust lawsuit that was started by the clinton administration.

Alternative BIos

[nurb432]

And how do you propose to load it onto one of these restricted beasts... It will need to be keysigned, and duplicating that is a crime.

Oh, and what about all that esoteric proprietary hardware? ( especially in laptops, but this point holds true for future appliance based PC's ) Who is going to write bios routines for those, with out any documentation?

Its a grand idea, but i dont think it will work out in practice, when it counts and we really need alternatives...

4 normal things you cant do on a Toshiba laptop...

[JustNiz]

* Can't use all of the hardrive space you ordered/paid for because you HAVE to keep a recovery partition. (Jeez Toshiba, whats a 50 cent CD compared to your profits on a $1500 laptop and the goodwill of your victi.. err.. buyers?)

* Can't reinstall your laptop if/when your hard drive crashes because you've just lost your hidden install partition too. Does your laptop just become a very expensive doorstop?

*Can't re-partition your hard drive for fear of messing up the hidden install image partition.

* ever install or use the copy of Windows that YOU PAID FOR on any other computer.

Please people, vote with your money. Dont buy this Toshiba shit.

Technically accurate but misleading

[0x0d0a]

While TCPA does not imply DRM, it is closely tied to it.

* TCPA or a TCPA-like system is necessary to implement DRM.

* TCPA's primary current application is in implementing DRM. There have been a few alternate suggestions, such as perhaps ensuring that nobody has attached a monitoring device to your computer or installed similar software, such as Magic Lantern. However, for Joe Q. Public, TCPA's primary use is to implement DRM.

* TCPA adds to the cost of hardware. If you are buying TCPA-capable hardware, you are throwing money down the drain if you do not intend to use TCPA.

* TCPA significantly increases complexity. Complexity is a major factor in determining reliability. I feel that PCI, AGP, ATA, USB, Firewire devices (and the BIOS) should be as a reliable as possible -- frankly, people have enough problems with flakiness as it is. It's not as if you need to have a burning desire to pirate movies to want to avoid TCPA.

It is a feature that should probably be considerd good particularly for people who wish to use such a computer for monitary transactions or other highly secure communications.

This statement of yours, while true in theory, is misleading, and I can't help but shake the suspicion that you intended it to be misleading. TCPA allows computer components to authenticate to each other. For all intents and purposes, the only attacks this avoids are local, physical attacks on a computer. Furthermore, short of a user using a smartcard or carrying some other kind of cryptographic security device with him, TCPA provides zero security unless the initial system configuration is trusted. It doesn't do a thing to allow me to trust another person's computer or a mall kiosk. For any of this to be useful, a comprehensive and well-built supporting software system is required. That software infrastructure does not currently exist.

TCPA's primary benefit over other proposed DRM systems is that it may be disabled in the BIOS if so desired. At that point, it becomes little more than the MP3 player that's built into my own computer's BIOS -- another useless feature that I dumped money into that increases complexity and reduces reliability.

I believe there's a GPL driver for the security chip in my Thinkpad T30.

The GPL is almost irrelevant when it comes to TCPA systems. The entire point of the BIOS-level support (rather than just doing everything in software) is that it loads signed binaries, and you won't have a signing key. So you cannot make modifications -- perhaps some Linux distro vendor might be able to put out a signed kernel binary, but that's it.

As for DRM, well ... too bad. You won't be able to rip that DVD or burn or fry or copy whatever. Last I heard it *was* illegal. Get out and play frisbee instead. Write your own music. Build a toy car with your kid.

If TCPA lasts more than three months in the wild once people start using it for DRM, it will blow my mind. What the TCPA people are trying to do is *vastly* more complex and less feasible than what Microsoft's X-Box people are doing -- and the X-Box's DRM was broken multiple ways.

For starters, they are trying to make a huge array of hardware that has been designed by ordinary old hardware folks (*not* security people, and there is a *huge* freaking difference) work securely. Microsoft failed to do this perfectly -- they didn't encrypt some data that went over a bus, and incredibly minor error, and it came back to haunt them. And that was (a) a closed system -- all Microsoft has to do is stop making X-Boxes that are exploitable and (b) a system where a break only allows *bogus media to be played on that system*. Two *huge* impediments, either of which would kill TCPA as an effective DRM system.

First, the fact that TCPA is designed for use in an open system -- the PC architecture. It only takes one vendor of video cards to include a debugging feature on their card, or a diagnostic mode, or running so

Don't be so sure...

[danro]

The reason I would love DRM, is that I can go to a friends house, and use his computer, without having to worry if he has started a keylogger.

Don't be so sure of that...
There are hardware keyloggers out there you know.

Also, get some new friends, man...