Slashdot Mirror
Trusted Computing Rollout Hits the Desktop
Alsee writes "Previously appearing in a few rare laptops, ExtremeTech reports on the first major computer manufacturer making a full scale Trusted Computing rollout. Samsung will now install the Phoenix Core Managed Environment (cME) BIOS in every computer they make. Previous Slashdot reports on this BIOS include Phoenix Bios to Incorporate DRM and Microsoft Taking Over the BIOS."
How long do you think before this hardware gets hacked?
I would bet on 3 months.
Save your wrists today - switch to Dvorak
Fujitsu, however, chose to install the FirstWare Vault software designed by Phoenix, a trusted application designed by the company. FirstWare Vault also creates a hidden partition on the hard drive. However, Fujitsu used it to store a backup copy of the OS, in case the user needed to reinstall. Fujitsu's strategy will eliminate the need to ship the OS "reinstall" disks that have begun to ship in today's PCs. The disks don't contain a full version of the OS, but just the files needed to reinstall it in case of an error. By hiding that reinstall software on a protected partition, the company saved itself the costs of distributing the media, Fujitsu said. Wouldn't this take up quite a hefty chunk of hard drive space? I mean, it says 'doesn't contain a full version,' but wouldn't this still be quite a bit? I'm not sure I want other people making those kinds of decisions for me.
First I have to mod my XBOX, and now my laptop. When will it end?
The problem with most "trusted computing" proposals so far is that "trusted" is an accurate description of them. It's just an imcomplete description. They aren't about insuring that you, the owner of the computer, can trust the computer or the software on it. They're about insuring that third parties (such as Microsoft, HP, etc.) can trust your computer to do what they tell it to do. The proponents omit that part because they know all too well that if they did say all of what they meant that the average consumer would scream bloody murder and refuse to have anything to do with it.
CMDRTACO CHECK YOUR EMAIL!
IBM has had thinkpads containing TCPA chips for years! On top of that, they provide a Linux driver for it on their website!
If I remember correctly doesnt the Record Industry have to label "protected" CDs?
Would be a good idea if these PC manufacturers labeled their PCs as using BIOS DRM.
That way an informed consumer can make a choice whether or not they want DRM on their system.
Just a thought.
.... ... }
int main (void) {
We're all going to be surfing the net with a government approved "conduct officer" standing behind us.
So this is the dawn of the Unpersonal Computer? One that hides things from it's users and gives control to other people.
Screw that idea!
I just refuse to believe that the Trusted Computer Initiative will deliver more secure computing.
The XBOX was an attempt at some kind of DRM and it got hacked to pieces because DRM is just impossible. Plus the fact that Microsoft write overly complicated software with bad tools and bad programmers.
But Microsoft bashing aside, they aint alone. I don't think there is any company or organisation capable of deliverying decent computer security at the moment.
The tools do not yet exist to manage projects containing millions of lines of code in a way that won't introduce security flaws.
Si.
Besides anti-MS statements and rhetoric about DRM, can someone actually tell me how this will affect what I can do with my computer?
I always save my last mod point to mod up a good troll. You people are too serious.
What really worries me is the unannounced DRM / Trusted Computing BIOS boards that will be coming out. Since this is an anti-consumer feature, and the BIOS companies know it, they don't want to impede their rollout with a consumer backlash.
I recall something about one of the Phoenix guys saying that the consumer was not their customer, the media companies were. DRM put directly into the BIOS, with no option to get a motherboard without it is going to be a real issue. Reminds me of when all the local banks in my area added thumbprint for check cashing on the same day. You couldn't bring your business elsewhere because they all did it.
So wants to start up a BIOS company?
In general, I think that most /.ers would agree that invasive DRM practices are not a Good Thing(tm), but I wonder how the general public will see these initiatives, if at all. I think that either of two things will happen:
People inexperienced with computers will see the nice friendly keywords like 'safe' and 'trusted', and favor these products out of fear, which is obviously what the manufacturers want.
Alternatively, Joe User, who neither knows nor cares about security will simply ignore such concerns as fine print, since any kind of technical explanation is of no interest.
Unfortunately, I think the principal outcome may be that, like it or not, these Trusted Computing initiatives may propagate, either from adoption by fearful masses, or simply by sliding under the average consumer's radar.
...and consumers will buy it because it's a "feature". This wonderful new "trusted computing" will give you access to all sorts of places, simply because we're not going to offer access to anyone else. See?
Kjella
Live today, because you never know what tomorrow brings
Case in point : DIVX.
It wouldn't hurt for slashdotters to educate people when the chance comes up. To be effective, try to be informed, not shrill.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I would like to see whether this is, indeed, trusted computing. The article was somewhat vague in some ways. If it is the full-fledged hardware portion of the Pallidium initiative, as part of the article implies, it's very, very bad. If, instead, it's a way to save money on a system restore disk by having the hardware hide a portion of the hard drive from normal software, it's annoying, but probably fine, depending on how it is done (if there's a PKI, that's bad, but if it's just read-only, that's fine).
If trusted computers do appear in your area, I would suggest the following strategy for making them go away:
This assumes the companies have a 30-day no-questions-ask return policy (which is usually the case). You can even say that the "trusted" computing was the reason you returned it. Once they start losing tons of money, it'll go the way of DiVX (not the codec -- the old DVD standard which needed to call home to get authorization). It was pushed by Circuit City, which had a ton of people do this to them, so they introduced restocking fees, and lost a lot of customers who knew nothing about DiVX. Eventually, Circuit City backed off the DiVX thing.
If you want to be illegal (which I don't recommend), some people have a modified scheme:
This costs them a heck of a lot more, and gets around the place of returns without restocking fee. If you need to buy a DRMed product, you can also use this to make sure the company pays the manufacturing costs for 2 of 'em instead of one, and loses money on the sale. It is, however, illegal, and probably unethical.
I was gonna buy a Samsung monitor, DVD drive and floppy drive. Now i'll be getting a Phillips, Lite-On and oem brand. Let them know with your wallets people.
"Sic Semper Tyrannosaurus Rex."
is great and all but without a massive movement that information doesn't always flow upstream very quickly. In other words speak with your wallet and with your voice. Email is still free (mostly) so everytime your specifically purchase a non-DRM product over theirs write and tell them! Let them know how much $$$ they're losing on a sale-to-sale basis. Companies live and die by numbers and having another level of data tells them even more forcefully that, yes a boycott is in progress, and they're actively losing our money.
-- I'm not a pessimist, I'm a realist. It's not my fault that life sucks so much. --
So what makes an application "trusted" is that it has been blessed by Microsoft, ie. any software publisher with the funds to pony up the fee to Microsoft to get the trusted seal of apporval I suppose. So that's supposed to make computing more secure... and what is a "secure" computing environment anyway? Most of us define a secure computing environment as a desktop we can work at where our data is secure, private, stable, and uninterupted by rogue applications that pop up in your face unexpectedly refuse to be ignored... this is where "trusted" vendors are trying our patience. It has become more common for every Windoze desktop application sold today to hag nag screens popping up for any number of reasons: "Do you want to check for updates?" ... "Do you want to register now or be reminded to register in the next 15 minutes?" ... "Would you like to see some exciting new offers? I'll just go ahead and add them to your bookmarks menu anyway..." ... and all this happening when the offending application is not even running! Desktop software is becoming increasingly intrusive and interupting the workflow process.
So I ask you, what's worse: having a malicous virus annoy you and interupt your workday or having an application you paid for essentially behave even worse? At least virus authors don't nag you to register.
So my point is "secure" and "trusted" computing is obviously a joke when the companies driving this initiative are more intrusive and disruptive to the average work day than most virus authors.
Now I am compelled to take measures to ensure that no potentially illegal activities (corporate) are able to be hidden by this DRM nonsense. I will have to bring a digital camera into my workplace as soon as I start running into unprintable emails, documents, etc. As soon as I get any document with an expiration/self-destruct date. I will start taking steps to ensure that all such items are "documented" via digital photography, if need be, so that I can safely be a whistleblower as required. I will not, under any circumstances, EVER be party to illegal activities by any corporation for the sake of money. I will not be party to unethical activity of any kind. If I come across such, I am compelled to blow the whistle and if M$ and other corporations feel the need to try to cover their unacceptable, illegal, unethical behavior via DRM crap, then I WILL sidestep it one way or another. I am honor-bound to do no less.
On a personal note, it is automatic that I will never ever again purchase any system that contains a phoenix bios chip in it. Old or DRM-enabled new, phoenix has ceased to exist as far as my money is concerned.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
People are saying that these computers are likely to be hacked very quickly.
I agree.
I also predict the reaction of the companies will be to
(1) make it even *more* draconian.
(2) Whine that the entire computer industry as we know it will be destroyed (and the terrorists will win!) unless Congress enacts laws that will make it illegal to break into "Trusted" computers which given the way Congress usually drafts laws will probably be so vague and broad that merely open the case of any computer (w/o a government sanctioned license) will count as infringement worthy of 5 years jail. (Maybe we should call this the Patriot Computing Act?) And if they are really good, enact laws force everyone to upgrade to Trusted computing within say 5 years or else via legislating that within 5 years every new computer sold in the US has to be a "Trusted" computer.
Remember, in the field of "intellectual property" and anything associated with "computers" or "digital" or "internet", if something fails, it's not because it's a technological impossibility, your business model is failing or your customers plain don't want it or even hate it. It's because you just haven't made it draconian enough, your customers are your enemies who need to be punished and made to toe the line and you need draconian broad-based legislation otherwise the economy will collapse, WWIII will happen and of course, the terrorists will win.
Please do buy only hardware which lets you choose your OS.
This situation sucks because the only way we can fight it is by being Good Consumers - but since non-MS users are in a minority, the value of our informed consumerism is limited.
GNU/Linux is proof that if freedom only requires hard work, people will work for freedom - now the proprietary world realises that freedom must be made either illegal or obsolete.
Please help publicise swpat.org - the software patents wiki
Go with apple and full vendor lock in. I'm replying here since this is the top comment I could find saying this. How is apple the solution?
The penchant around here for apple is proof to me that more linux geeks are interested in being a part of an 'exclusive' minority than in being involved in things that are open and free (as in speach).
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Remember "eXistenZ?" It's like that - half the world's computers are under the control of anyone willing to run regular nessus scans and a few backdoor control panels. So.. yeah, maybe some in the linux crowd resent this because the boon won't last more than a few more years. But honestly, something HAS to be done. If that means creating software and system that then set the precedent of forcing corporations to become responsibe administrators of the systems they market on wide scale, so much the better.
This doesn't mean I have to buy one, or that there won't always exist other mechanisms for connecting to the public internet. But most people don't know a fucking thing about free specch - hell, many of them believe "free software" is illegal in any form. All they want is a terminal in their home that feeds them the latest buzz from aol and msn and ebay - and the internet is a fucking mess today because of these users and their five year old Windows 98 and ME security siphons.
The internet exists well outside the US, and many countries are making a giant leap in the direction of OSS. Combine that with a giant push toward obsoleting those fucked up "legacy" systems and we all move closer to a more secure AND more usable internet for everyone.
Sorry... I'll go put my chicken little costume back on now and join you all back at the shack...
No, that paper is a basically a bunch of mis-leading propaganda designed to obfuscate the truth that TCPA exists solely for the purpose enabling Palladium and Palladium type DRM and user controlling mechanisms.
Read the EFF report to see why if TCPA were not designed with user control in mind, they could have implemented some very simple changes (user override) to make sure that the user had access and control over all aspects of his own machine. They didn't: instead they opted for to create a system whereby the TCPA chips can be used exactly for the things they claim they have nothing to do with (shipping them with so called "Endorsement keys" which are vendor signed, user inaccessible keys that can verify to third parties that you are using an Operating System that they like).
The logic of the rebutle is backwards all over the place. For instance they claim that TCPA is not for DRM since the chips are not tamper resistant to hardware attacks: This rather shows, unlike what some people have argued, that the chips are not designed to help against things like hardware theft and corporate espionage. For DRM you don't need tamper resistance since laws like the DMCA will keep the means of tampering out of the hands of most of the population.
Also, the argument against the endorsement keys being used for DRM is something like "nobody has a system to running for signing and verifying them today" which is supposed to convince us that such a system will not exist when they are widely deployed (note that as a feature they are 100% useless without such a system.)
But your PC will - and Apple, by actions they have taken, have shown they are interested in the user having control over the computer. Audio DRM that lets you burn as often as you like, and makes the files your own. Use of Open Firmware and other open technologies (like Darwin or BSD). Lack of product activation on any Apple software.
As we all know "trusted" computing is eaxctly about not trusting the users. Apple trusts the users, and therefore has no reason to deploy a "trusted" platform (which also adds cost, a double whammy).
Basically, Apple is your last large commercial hope. If you want to stop stuff like trusted computing, then head over and support the vendor who is at least trying to head the other way, instead of joining the crowd headed down the path you don't like.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
As we've seen recently in Intel vs. China regarding China's own wireless standard (labelled GB15629.11-2003 for those interested), we can probably at least count on China to get hissy about this.
:?
Simply put, whether the threat they perceive is real or not, there is no way they are going to allow American proprietary rubbish (with evil spyware code to boot) to penetrate the Peoples' Republic. So if we have to start importing all our parts from the commies, then so be it, but even if dumbass consumers in the West buy this kinda rubbish (and, as others have said, they undoubtedly will), it simply will not fly politically elsewhere.
The push for Linux in Asia is clear - HP are going to ship Linux boxen, China has variously shown its keenness towards the open OS, NTT DoCoMo are putting Linux in phones and so on - this kind of stuff really does matter. At the very least, American hardware manufacturers are going to consider the bigger picture before alienating large numbers of potential consumers.
Microsoft is not invincible. It has failed in the mobile phone market, failed to crush Java (now, of course, flourishing on mobiles) and has a long time to examine consumers' reactions before Longhorn comes out. I really don't think it will try to push this too hard...
iqu