Slashdot Mirror
IBM Shipping More PCs with Trust Chips
rts008 submits this EWeek story about IBM shipping more computers with trusted computing inside. Since the article mentions none of the downsides, we should: trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit.
Does anyone know if PPC chips have "Trusted Computing" components built into them? With the G5 becoming more prevalent in Apple's product line, and being manufactured by IBM, I wonder if Apple would hop aboard. My PowerBook is fairly new and I won't have to upgrade for a few more years but this worries me a bit. Hell, I started using a Mac to get away from Windows Activation and all that crap in the first place.
I like big butts and I cannot lie.
The main problem, as I see it isnt even with using this kind of technology fro copy protection - its the changes in software licensing that will come as a result of this. Think windows XP activation is a bitch? imagine quicken refusing to install because your new laptops trust chip is different... :(
Urm ... What happened to the old saying "Trust is something you earn" ?
In my book money cannot buy trust. And just because somebody slaps the name "trusted computing" on a piece of silicon it does not mean that I am going to "trust" it without question- even if they are being shipped by IBM (who can do no wrong!)
I also have an issue in that who's trusting who here ? IBM ? the computer hardware ? the software ? or me?
I dont need a chip to tell me that i can trust myself, thats for sure!
Nick
Electronic Music Made Using Linux http://soundcloud.com/polyp
My 2 year old Thinkpad R32 allready has a TCPA Chip build in. :-)
It's really nice, if you want to hardware encrypt your data. Just hope the TCPA chip never fails...
I can assure that no processes run on my machines that I didn't authorize now. It's when I can't run any processes on my machines that Bill doesn't authorize that we have a problem. You can cry "tin-foil hat" all you want, but where this technology ultimately leads is to DRM locked-down boxes that won't run anything not signed by an endorsement key from an "authorized" developer.
I wonder how long it will be until everything contains trust chips.
I was thinking about this earlier last week, and made a decision I'll try to stick with - I'll get the most cutting edge PC I can that doesn't contain any builtin DRM, and then see how long I'll last.
Except for games, I think I can last quite some time. As it stands, the only thing I need a lot of extra horsepower for is gaming. I don't mind waiting an extra bit of time for a program to compile, and everything I use now works fine even on an old P3 667. If push comes to shove, I'll just game on a console and do my compiling on a stand alone machine.
The only 'bite me in the ass' possibility is if they start building hardware (video cards, hard drives, ram, etc) that demands the use of this DRM chipset, then I'd be screwed. If not, I bet I could push my next PC purchase out to easily over 5 years.
Looking for hardware (Currently need: Large Etch-a-Sketch) Have one? See my journal!
As this is something new that PC users might not expect, I wonder if IBM is taking any effort to educate purchasers about the "new functionality." While people might like to know that this might help stop the evil hackers, they should be told that software might stop functioning like they want (assuming the user does something bad, like use pirated copies). I can imagine the increased tech support calls arising from this...
Can this functionality be switched off by the customer/dealer?
What software supports it now? Are PC manufacturers going to be flooded with calls that their computer crashed, its stopped working etc?
Is the software maker or computer manufacturer responsible for those calls?
ok, so IBM is shipping those machines... but does anyone think that IBM could use those chips eventually to block WINDOWS from being installed on them? look at the bright side, we may end up with a 'LINUX ONLY' line of machines... Big Blue is pro-open source, as it's showing in the SCO lawsuit and elsewhere... So, I wouldn't worry too much about it... yet.
---- I am certain of only one thing : I know nothing else.
Knowing how exposed most software is to things like worms, it would be very easy with powerful control hardware to lock people out of their systems without actually damaging the system. One of the things I find very interesting is how does one go about preventing a worm from rewriting certain parts of Windows and user apps so that they think the trusted hardware is either not present or does not let the user do what they are trying to do?
If after a year and incredible amounts of money spent on R&D, Microsoft cannot really slow down the spread of worms, how can they write an operating system that cannot be totally mindfucked by a worm that twists how Windows deals with the trusted hardware? So maybe Microsoft requires code signing, who is to say that someone isn't going to find a way to spoof a real code signature so that the worm appears to be Microsoft?
My money is the proposition that they'll try it, it'll work great for 3-6 months then people will start writing worms that target trusted systems and that totally ruin them. Then it will be a big flop within 2 years. IBM, Microsoft and other companies need to realize that the human component of security simply cannot be automated. Despite all of their attempts at real security, Microsoft cannot deal with the fact that the single greatest security hole in its OS is the user that never patches and that thinks it's not cool to remember what they aren't supposed to do to avoid getting worms and other hacks.
And if it doesn't work, just stock up on as much pre-trusted hardware as possible and put it into a closet for safe keeping....
Click here or a puppy gets stomped!
My main problem with "trusted" computing is the fact that it could lock out software that the manufacturer of the computer deems "not trustworthy." But, what does "not trustworthy" mean? Could some manufacturers use this technology to further entrench the Windows monopoly by locking me out of my "not trustworthy" Linux or *BSD disks? I could just think of the things that MS could do, such as force its vendors (Dell, HP, Gateway, etc.) to only ship "trusted" computers. I know, I know, I might be paranoid here, but I'm just saying that this is possible.
You've also fallen into their trap.
Having a system that you trust does not imply or require a system that they trust.
The fact that the underlying trust implementations might be similar doesn't mean that you're obliged to accept the one when you're really looking for the other.
Yeah, and they don't have to buy software from manufacturers that are able to require trust chips once enough of them are in place, either. All this stuff about end users gaining secure storage and control are a smoke screen for what this is: a dongle built into every computer, that has the ability not only to lock a software purchase to that machine but to ensure that only software signed by those making the keys will run.
Yes, I know that currently an endorsement key isn't required to run anything--that's because corporate America, while evil, isn't too stupid to know how to boil a frog.
Suppose that I back up my data and then my motherboard dies. Now I can't restore my backed up data because the new computer doesn't trust it or it doesn't trust the new computer.
I remember a time when software vendors made it impossible to back up 5 1/4" disks by physically damaging them. The customers reacted by not buying their software and they backed off. I also remember a very early version of XP that wouldn't let you change any part of your computer without phoning Microsoft for a new key. Customer reaction was such that XP is much easier to deal with now.
It also occurs to me that if the trusted computing chip keeps legitimate software from running then that is restraint of trade.
You bet I can. I run only Free Software!!!
:-)
Personally I am not opposed to the trust chip technologies because I think that we are to the point now where the interests against extending copyright protections are stronger than those for it. I also think that such trust chips may allow many new applications which we can't think of today in the Free Software world.
One trend I think people often fail to understand is that freedom from EULA's becomes more appealing the more the mainstream technologies become encumbered. If Microsoft wants to fight their users, great! We welcome the refugees
LedgerSMB: Open source Accounting/ERP
The whole point of "trusted computing" is that your computer trusts some other entity more than the user or administrator of that machine. If you had the encryption keys to make anything you wanted work then it would be a good thing, but that would defeat the purpose MS et al. have designed it for.
Trusted computing means your computer doesn't trust you. Personally, I'd find it rather hard to trust my computer in such a situation.
At best this will mean owning two computers; one which doesn't trust you (but which Microsoft does trust), and one which you can trust. I just hope the machines we can use to run code we can trust (ie open source) won't become prohibitivley expensive or even illegal (and you can bet the **AA et al. will want *every* machine sold to trust them more than you).
Chernobyl 'not a wildlife haven' - BBC News
> This means that the boot loader can be signed to prevent you from running a non-Windows operating system,
Although I fear that as much as the next guy, actually I trust that having a windows-only boot loader would be such a clear sign of monopolistic behaviour that even Microsoft wouldn't get away with it in court.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
What it will do is stop a legitimate user from transferring a purchased license, say, at the time his machine dies to a spare.
Absolutely not. Any TC system that doesn't allow for that eventuality would be laughed out of the marketplace, along with all the software vendors who release products under that system.
Be realistic. I feel like I'm back in the days when Microsoft Product Activation System (in Windows XP and Office >XP) was first announced. Everyone was talking about it like it was the end of the world, and what did it turn out to be? A perfectly reasonable copy protection system, that at most causes a few minutes of inconvenience for advanced users every year or two when they upgrade their computer, or move their copy of Windows to another machine.
This space intentionally left blank.
And exactly why is AAC's DRM "less evil" than WMA's DRM? Because it is made by Apple and not MS??!?!
Anyone else like a big slice of bias with that? Anyone?
Where's the +1 lazy bastard mod point when you need it?
The truly paranoid would of course argue that Microsoft has made lockdown on their systems intentionally difficult, first to generate income from training for their systems, and secondly to usher in palladium.
While trusted computing for general purpose home PCs is a dangerous concept for civil liberties, trusted computing does have places I think could be very useful.
Corporate PCs and servers. With a hardware enforced trusted computing policy, it will be much harder for users to bork the corporate network by installing a virus and spyware ridden warez game or weather bug thing.
Safety critical systems could also benefit, to prevent user modifications that could cause the system to operate in an unsafe manner.
Trusted Computing certainly isn't a cureall even in these cases, but its not a completely evil thing. It does have legitimate uses.
"Since the article mentions none of the downsides, we should: trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit."
Then people will start choosing the software that does permit them to do what they want. Might be a downside for uninformed users in the short run, but seems like a good thing in the long run.
to those students out there studying computing? or those independant software developers?
Will these chips suddenly stop any written program from working unless 'signed'?
What will they do to let peoples program as usual? special compilers which auto-sign programs for them?
And what happens if one of those suddenly got out to the rest of the world. all programs which are signed from it get blocked?
hypotheticaly, what happens if such a compiler from say, Microsoft got out. would they block ALL microsoft products?
I think not. The potential for abuse of this system is staggering, and its ultimate worthlessness is astronomical. All it takes is for the system for 'signing' such programs to 'escape' ( or be rescued, depending on your point of view ) from a major software developer , and the whole thing is worthless.
But trusted computing to the OSS world really means that no processes will run on my machines that I didn't specifically authorize
You are running processes on your OS operating system, that you DIDN'T authorize?! WTF!
By the way, even with Trusted computing, buffer overruns, and exploits will still happen.
You do realize that protecting machines against malicious attacks has always been a red herring, right? Trusted Computing ensures that signed code runs in a protected space which unsigned code cannot effect. However, most computing will still occur outside of the signed code space, and for legacy reasons every feature of today's Windows computing environment will need to remain exposed to unsigned code. In other words, this has no more chance of stopping a someone from hacking into your computer than insulating your house will stop someone from stealing your car.
If they really wanted to reduce the amount of damage malicious code could do, they would create a unix like permissions environment, with an automated way of setting permissions levels. Not only is this the obvious way of reducing malware, it is the proven way. It is a lot like what Trusted Computing proports to be, but with the user retaining full control. But the user having full control is what this is supposed to stop.
No, what Trusted Computing means, and has always meant, was not that you could trust your computer but that the media owners could trust your computer... Creating a sandbox environment where no code can touch any other code or modify its behavior in any way would not function in an environment where your typing enhancement systray app was correcting your spelling in your legacy e-mail client, but rather preventing you from recording a movie as it is written out and watching it later.
Trusted Computing is DRM.
I'm not saying DRM is necessarily a bad thing... Quite frankly if it does open up the floodgates of every movie in IMDB's database available to the public at a moment's notice, I'm all for it, at least in theory. In practice it needs to be defended against, because the industry leaders have shown themselves to use every inch of power they gain over their users to manipulate them and cement their power. While Microsoft may not trust me not to steal movie trailers from their website, I sure as hell don't trust them to let me run SkyOS 5 without interference.
I'm glad that you've brought up what the TCPA is claimed to do, because there are still large swathes of people out there who believe the lies. To be quite frank, if they were more honest about the goals of the platform we might be more inclined to trust them. But when they're trying to smuggle in more control over their users in the guise of protecting them from something they have no hope of protecting them from, there can be no option but resistence.
The ______ Agenda
IBM has had these Security chips available in their machines since 1999. I remember PII's with them built in.
All these are designed to do is interface with an IBM software product to encrypt files using a Hardware chip, do on the fly disk and network encryption and other security related protections that you couldn't do practically with just a CPU software solution.
Specificially, If you have a Thinkpad there's a good chance it has one of these right now. This was one of their selling points that if the System was ever stolen they couldn't get access to any of the data because it's all encrypted to the physicial hardware itself and only the original laptop could access it.
Their site for the current data on their security chip is here
This new chip definetly looks more advanced, and could possibly be used for DRM purposes, but in the end its going to do the same things as the older hardware and the older hardware could be used for the same thing.
In Soviet Russia, Trojan exploits YOU!
Trusted computing appeals to your boss, the same guy who ordered padlocks fitted on every PC case at work.
When I was a student back in the 1990's, we had a professor who was a paranoid sys-admin (paranoid in the sense that he Burt Gummer seem like a Quaker). In one of his fits of paranoia, he decided to fit locks onto the data lines of the floppy disk drives to stop software being installed on 8Mhz MS-DOS PC's. (This was pre-Internet so there was not WWW, or even Ethernet cards on the PC's, just RS232 terminal lines to the server), and where PC's only had a single user account. It took the technicans the entire bank holiday to drill a little square hole in each PC case in the lab, thread and fit a lock, rewire the floppy disk drive, and lock the case. On the first day after the holiday, our sys-admin had a big cheesy grin as he saw the reaction of the students.
Three days later he was mad as hell, as somebody had contacted a componenets supplier, and requested an identical lock with a specific key number - the same key number that matched all the locks in the lab. The department had spent thousands on getting approval, purchasing locks, drilling, rewiring, and it had all gone up in smoke due to a $20 lock.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Back when WinXP was new, M$ posted on their site a list of requirements for hardware to be "XP certified" or whatever they call it. One of the items was that the BIOS was *not* allowed to be user-accessable.
This particular criterion doesn't seem to have found much enforcement, but as you can see the concept was already there some time back.
~REZ~ #43301. Who'd fake being me anyway?