Slashdot Mirror
Mac OS X Intel Kernel Uses DRM
An anonymous reader submits "Several people have discovered that the new Intel kernel Apple has included with the Developer Kit DVD uses TCPA/TPM DRM. More specifically, it includes "a TCPA/Palladium implementation that uses a Infineon 1.1 chip which will prevent certain parts of the OS from working unless authorized."
I hate those bastards! I knew they were going to try and sneak this crap past us! They were plo...oh wait, did you say Apple?
Wow! Spectacular use of technology Steve! You're my hero!
So who became more evil Apple or Microsoft?
Jumpstart the tartan drive.
I had thought that it was widely known that OS X won't run on anything not sold by Apple as a Mac.
i am a soviet space shuttle
I predict, just like every other software protection mechanism, will be defeated with simple patches that disable the checks.
I mean c'mon, light DRM has been associated with apple's products for a long time now. This will make it harder to run apple on non-apple hardware, and harder to pirate movies (so apple can say to hollywood: sign with us and we'll respect your rights.) There is little incentive on apple getting the DRM watertight.
In the unlikely event that they do manage it, I'll just avoid buying their hardware. I imagine the x86 version of pearpc will run at almost native speeds if there are any apple apps I want to run.
The first person to crack this DRM implementation will win a free story about it on Slashdot!
I don't care if it's 90,000 hectares. That lake was not my doing.
The ad underneath the story is for AMD :)
Would you kindly mod me +1 insightful?
More specifically, it includes "a TCPA/Palladium implementation that uses a Infineon 1.1 chip which will prevent certain parts of the OS from working unless authorized."
/. I need you! Tell me what to think!
Oh no, my two sources of zealotry are colliding. Eeek! It can't be evil if Apple does it, right... but DRM is always evil, right?
Alter OSX code at runtime. It only works on PPC at present, however.
how did you think Apple was going to keep their OS on the computers they make?
just think of it as a way to identify apple made computers for the OS, no different than a different architecture.
I am the Alpha and the Omega-3
I don't get it - Apple's hardware has always been close system as you can get from PC type computer. So of course they can be 'accidentaly' early addopters of Palladium. Don't like it? Choose another vendor.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
Honestly, I really am. I expected Apple to hold off on anything that looks like TC until Microsoft could release it first. They have spent so many years establishing a 'good guy'/counterculture/'free thinker' image that it seems foolish to rush in and be the first to build something so patiently corporate. They definitely couldn't hold off on this 'technology' forever, since their business plan seems to revolve around becoming the world's premier digital content provider, but I just expected them to place cooperate image above preparation for that switch in the near future (with MS Vista coming out so 'soon,' just begging to take the flack for 'destroying any digital rights we have left'). Then again I'm not Jobs, and so far, he's done a damn good job with Apple's image, so I'm sure it's a calculated risk.
"Fight for lost causes. You may discover they weren't."
After a certain kid in Norway gets his hands on it.
Apparently Apple's DRM kernel extension only gets involved when Rosetta is executing code. In other words, if you're running native code, there's no checking. But apparently some critical parts of the kernel are still being executed by Rosetta. And reimplementing the `AppleTPMACPI.kext' in a completely harmless manner (such that it always returns a "Yes go ahead" signal) is an option. As is replacing it at runtime via mach_override.
These boxes aren't even for sale yet. I'm sure that it'll be cracked before that even happens.
Because the last time you made a "friend" who'd never spoken to you or given any encouragement to the notion that you had a personal relationship with them, her boyfriend strangled you?
1. Release beta version with DRM to prevent installation on non-Apple machines
2. Watch people crack it
3. Repeat 1-2 until 2 fails
4. Release final version
5. Profit, of course.
My whole plan was to switch away from Microsoft to Apple due to the (relatively) benign copy protection in OS X and other products.
I may have to rethink that strategy now.
Not to be argumentative, but how do you know Apple won't be using "(relatively) benign copy protection"? I remember all the griping around Slashdot regarding iTunes/iPod DRM, but in retrospect it's clear most of Apple's paying customers, and even most Slashdotters, find those restrictions rather reasonable. I don't see why Jobs would jeodardize this huge transition by suddenly going overboard with DRM.
Q: What does the "B." in Benoit B. Mandelbrot stand for? A: Benoit B. Mandelbrot
Now it all makes sense. The switch from IBM to Intel has nothing to do with speed, heat, or anything else anyone has suspected. It's control. Apple (and the RIAA) knows that it basically has a monopoly of the online music business and that people accept FairPlay as a DRM method. Most people think that Apple, much like Google, can do no harm and people won't revolt or get angry over extensive use of restrictive technology. The next move into consumer entertainment, as many suspect, is online movie distribution. Apple got it "right" with music, so why not with movies?
The move to Intel is all about controlling consumers. And don't label me as paranoid. This is a strategically advantageous move. Apple knows that if they can get the movie industry to trust Apple and only allow online distribution through Apple's online store then Apple will have something others dont. If the rumors are false, and Apple lets the next OS run on all PC hardware, anyone who wants to get the highest quality movies (H.264, anyone?) must buy the Intel Mac OS or Apple hardware.
This move makes sense for both companies. Microsoft, despite its "evil nature," will not lock out the huge customer base who don't want DRM'd processors. Apple, on the other hand, has no problem doing this - after all, Apple likes to be "exclusive." And if they're launching a new OS anyway, why not start it off this way?
Again, I'm not trying to be paranoid, I just think that this development really brings a new understanding to the switch from IBM to Intel.
"Anything that's invented after you're 35 is against the natural order of things" - Douglas Adams
Seriously, what did anyone expect?
Apple does not want OS X installed on every generic PC out there. If Mac sales die tomorrow, Apple and OS X go with it. And no, they wouldn't open all the source after the liquidation and you would be stuck with Linux and Windows on the desktop. With both options being crap (for differing reasons).
I would absolutely love for OS X to be sold for any machine with an Intel or AMD chip inside, but it's just not going to happen because Apple is not positioned to do so and survive.
Fortunately, Apple has never even hinted at taking a route other than having OS X run on their machines and their machines only. Any disappointment should be tempered with the knowledge that they have had their cards on the table on this for some time. I don't think there was any question of another outcome.
Apple is not screwing anyone over, they are just continuing what they have done for the past 21 years (even the brief period of Mac clones only involved the OS running on approved hardware).
Perhaps things will change sometime down the road with Apple making further inroads into consumer electronics and successfully diversifying their business. I wouldn't hold my breath, though. The seamless integration between hardware and software is at the very core of the Mac experience.
It's unfortunate that OS X is going to stay on one set of hardware, but it is just the way it has to be for the time being.
"Why you little..."
Argg
it is only after a long journey that you know the strength of the horse.
wait. this means i won't be able to break the license that comes with the OS to do stuff i wanna do? unconstitutional!
The next comment I write will be ready soon, but subscribers can beat the rush and see it early!
Don't just test the waters, download the Windows 2000 source floating around P2P networks now!
are you ignoring the last 2 centuries of copyright nonsense and patents? the ever increasing copyright limits? our culture has been locked down in ways people can't even grasp at the moment.
Science : Proprietary , Knowledge : Open Source
You gutless fuck! If you are going to call someone a fucktard have the balls to put you name by it!
"The most dangerous creation of any society is that man who has nothing to lose." - James Baldwin, American author
The headline states "Mac OS X Intel Kernel Uses DRM". According to TFA, it's Rosetta (the PPC emulator, which isn't written by Apple) that uses DRM, not the kernel of the OS itself: We've discovered that the Rosetta kernel uses TCPA/TPM DRM. Some parts of the GUI like ATSServer are still not native to x86 - meaning that Rosetta is required by the GUI, which in turn requires TPM. In fact, we already know that the kernel doesn't use DRM and can run on any Intel box you want, because it's open source and can be downloaded here. It's the GUI that Apple wants to be locking in to their hardware, not the kernel. I suspect that they probably will make something other than Rosetta check the TCPA chip, but that's not what is going on right now.
if you're coming from M$ Windows. As a matter of fact, I'd say it's not a whole lot easier (if at all) to use than the default "desktop" install of Redhat or Suse Linux. The only advantage you'd have over Linux is the ability to walk into a store and buy shrinkwrapped software and even that's not entirely easy for Mac owners since a lot of stores don't carry Mac titles either.
"Otherwise someone will hack OS X to work on any machine with an Intel processor"
that would rock. imagine how overpriced that hardware must be for apple to refuse the added sales this could bring
or for all you conspiracy theorists, maybe apple is bending to microsoft's desire for less competition in some shady sort of back-handed deal
apple were cool.
Im willing to bet that that idea wasnt considered by apple until you (parent post) wrote about it here :P
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
No, this is obviously bad for end users. Consider two cases:
Case A: There are no restrictions.
As an end user, you can always (A) buy a PC and run M$/FreeBSD/Linux, (B) buy an Apple and run Mac OSX. But, without restrictions, you can also (C) buy an Apple and run M$/FreeBSD/Linux on it, or (D) buy a PC and run Mac OSX on it.
Now, Case B: Apple sets hardware restrictions.
You now cannot (D) buy a PC and run Mac OSX. There is no added benefit for you as an end user.
With that out of the way, I suppose it is Apple's decision, as it is their OS (well, their GUI), although it is a faggoty decision.
Based on how the iPod works (or doesn't work, ie can't copy songs from an iPod to a computer), one could have seen this coming from a mile away, but how possible would it be to get around this? It didn't take long for xPod to come along. Any chance of a cracked Mac OS X anytime soon?
Partial Credit: The Engineer's Best friend
"Well, the bridge didn't fall all the way down!"
From what I've read, the windowing system is using a kext to validate the hardware. The kext could be replaced with a fake one that replies anything. The real question is can software authenticate the TCPA chip through the kext. To do so, the chip would have have a private key embedded in it that was chained to a public key embedded in the OS.
I don't known anywhere near enough to know if TCPA supports this. Apple would be the only user of the OS authenticating the hardware I can think of so it's possible TCPA leaves out this feature. There are plenty of uses for the hardware authenticating the OS but the other way around is rare since most software vendors want to run on as many types of hardware as possible.
'nough said.
Well, actually, you can get it to run on some PPC clones out there, last I heard.
I prefer the "u" in honour as it seems to be missing these days.
So much for Think Different
If you analyzed the mach_kernel binary file on the Developer Kits, you would see that the kernel is vastly different than the Darwin 8.2 that Apple released as open source. For one thing, it automatically calls the oah750 daemon (better known as Rosetta) every time that it finds a non-universal PPC executable.
Before the kernel uses Rosetta to execute the PPC application (i.e. ATSServer in the case of starting a GUI), it calls the TPM kernel extension and checks the private keys in the TCPA chip. This is the only thing, as far as is apparent, that prevents Mac OS X from flawlessly running on a non-Apple system.
"Why do I feel like I'm being choked by a friend?..."
Is Wayne Brady going to have to choke a bitch?!? -Dave Chappelle
-=gabe2=- macbook dual 2.0
Oh do stop panicing, this will be cracked, and easily, if it has not already been done.
I am beginning to think companies put these copy protection things in the hardware for a variety of reasons:
1) They get free advertising with the protests.
2) They get free advertising when it is cracked.
3) They get free advertising when they chase the crackers.
4) They get free advertising when they chase the cracks' distributors.
And maybe it gives the content providers a warm fuzzy feeling.
threadeds blog
Just abusing copyrights and patents and otherwise impinging upon certain rights of other to protect your profits is unreasonable and immoral.
Everyone here has been waiting for OSX-x86 ISOs to hit torrent sites so they can run OSX on their whitebox PCs. As has been seen many times before, not every ADC member holds up their end of the bargain with regard to their NDA. Knowing this full well it was rather obvious Apple would have to take some sort of action to keep their OS from being widely pirated within days of the first dev kits being delivered.
There's a lot of hand waving here about companies removing people's rights and slippery slope arguments along the lines of "if they do X they will eventually do Y for reason Z". This entirely ignores the fact that Tiger-x86 is probably the hottest thing to hit torrent sites in a long time. It was bad enough when developer releases of Tiger for PowerPC were making the rounds and people were making stupid assessments of the system months before release. The development kits and pre-release copies of OSX are meant to be in Mac developer hands, not Joe Dork down the street on his PC.
It is not a particular right to run OSX on anything but a Mac, the OSX EULA that you have to agree to in order to install the system specifically states that. Apple locking OSX onto Macs means they can continue to sell the machines with a straight face. No one would bother to buy a Mac if they could just grab a copy of Tiger and slap it on their PC at home. Apple would have little incentive to continue Mac development if there were no Macs being sold.
I'm a loner Dottie, a Rebel.
We definetly need an "(+1) correct Simpson quote" modifier.
we need an "-1 Plain wrong" moderation option!
DRM now or DRM later?
If you're reading this, stop it.
It's worse than you think...
Apple won't let me run Mac OS X 10.3 on anything other than my Apple-brand PowerPC hardware!
Seriously, though, what did you expect?
This will only delay things a bit. It can't take long for someone to swap the kernel under the hood to an unencumbered Darwin.
it would totally rock if they cracked it
how's the driver support?
add "presuming this bit about palladium is true" and change "is" to "will be" and "OSX" to "OSX/x86"
What .com will be the first to offer a "Mac compatible" PC?
How long in a clean room?
Domestic spying is now "Benign Information Gathering"
Using firmware that nobody could legally copy has long been grudgingly accepted, but Apple crossed the line with DRM.
I find it interesting that despite everyone's worry that Apple was moving to Intel for the sake of Intel's DRM chips (Another Theory on Apple's Move To Intel), it's an Infineon chip being used to enforce the DRM. Even more amusing is that it's the Rosetta emulation software that is using the DRM, not the kernel itself.
Personally I think it's a good move for Apple. It lets them lock down their proprietary components without impacting the open source core of the system.
It also provides a "how to" example of lock-down that isn't dependant on the kernel itself for implementation. You don't need to pay for and install an entire OS upgrade ala Microsoft just to lock down one component running on the system (e.g. a media player.)
I do not fail; I succeed at finding out what does not work.
They have many other and MORE EFFECTIVE means of controlling where their OS goes than use of a TCPA style TPM.
They could, for instance, embed some necessary structures for boot in ROM.. or even encrypt it.. and that would not carry the TREMENDOUS TACIT THRAT to user rights that using palladium would. If theyre using it for this now.. what happens when this stuff comes out.. you think they won't start branching it out to other things.. like "voluntary compliance" with powers that be to prevent you from backing up your own cd's with itunes?
how about that nasty trick M$ is trying to pull with vista/longhorn which is designed to prevent emulation?
if they're willing to pull this instead of using some other means, where are they going to stop.
Needless to say, i'm now very glad I followed my gut and bought the g5 when I did. I at least get 4-5 more years of freedom without having to tinker with config files like I did with linux.
After that.. I sincerely hope linux will be up to the job, because I personally will be holding apple up to a microscope for the next half decade. one step out of line and they lose a customer for life.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Just four words:
I told you so! (and these posts were almost 2 months ago)
There are other reasons for using the TPM. I'm sure someone with a vivid imagination will come up with more reasons, but here are a couple I came up with when I read the article title:
I don't think Apple is overly agressive when it comes to licensing and DRM. If anything, they'll likely follow their tradition of using products like this to not only render accesible new content, but to provide new features.
As with USB, Apple is employing a new technology that will cause some disruption to be sure, but it'll also help to overcome the inertia that comes with the commodity PC/Windows market.
People who scream about the DRM sky falling are being shortsighted. The TPM provides for much more than copyright enforcement - it also provides a way to avoid entering serial numbers, inadvertent per-CPU licensing transgression, and could make finding stolen products easier.
Some of the pirates do it because the companies (and others) have effectively declared war on the rest of us, and it's one way of fighting back.
Thats the answere prepiatry os...
I think this is a bad move by apple they should not try to copy microsoft. If everyone who had a pc could dump windows and run mac os the world would be a better place overnight. LESS STUPID PEOPLE.
I know a great deal about TPMs, I have a computer with a TPM. They are very common. Many high end laptops and desktops have TPMs. Here is an up to date list of systems that have TPMs. They include manufacturers such as HP, IBM, Acer, NEC, Dell, Gateway, Toshiba, Fujitsu, and Samsung. You've probably heard of some of them. It's easy to get a computer with a TPM. Probably in a few years it will be hard to get a computer without one.
What does a TPM do? Essentially it is just a crypto chip. It can hold keys, and sign and encrypt data with them. It's completely passive. It never takes control of your system or does anything invasive. It doesn't even monitor the bus or snoop on data flows. It merely hashes, signs and encrypts data, on request from the CPU.
How is it used for DRM? It can't be done today. They way it would be used, sometimes in the future, is to ship the chip with a unique key pre-installed in it, and with a certificate from the manufacturer on that key. Then the BIOS and OS get enhanced to do a "trusted boot" in which every software component gets its hash reported to the TPM. This allows the TPM to send out a crypto-signed "attestation" about the software configuration on the computer. It is signed by the built-in key, and that key is known to be a legitimate TPM key by virtue of the certificate that was created at manufacture time.
This lets a remote server verify that you're running a genuine version of Media Player or iTunes and not some hacked thing that will strip the DRM and put it out on the net. Your system can report its software configuration and that attestation can't be forged, because you don't control a TPM key that has a cert on it from a TPM manufacturer.
It's a complicated system, and no part of it exists today. Manufacturers don't ship TPMs with pre-installed keys, and they don't issue certificates. Nobody wants to touch that stuff with a ten foot poll. I know, I've tried to get a computer with a certified TPM for research purposes, but they're just not available.
How would Apple use a TPM to keep the OS from running on non-Apple PCs? This is the $64 question, but I haven't seen much information about it. If they just look for the presence of a TPM, that won't help much - see above for all the computers out there that have TPMs.
My guess is that it is more likely that the mechanism Apple will use or is using to keep from running on non-Apple hardware is not the TPM. They will probably use a custom chip. The TPM is extremely standard, the Trusted Computing Group has hundreds of pages documenting it. It would be crazy to twist that standard.
Rather, I'm guessing that Apple uses the TPM for crypto purposes, possibly with an eye towards eventual DRM if and when the necessary massive infrastructure ever gets built. Due to its unique position as designer of both the computer and the software, Apple might even be in a unique position with regard to rolling out some form of TPM based DRM, just as they were among the first to create a commercially successful DRM system in iTunes. My speculation is that Apple is not using the TPM to stop hackers porting its software, they're using the TPM because it's useful. It just happens that the hackers don't have many systems with TPMs.
If so, then, it is merely accidental that the use of the TPM is a road block for experimenters determined to run the Apple software on non Apple PCs. It's possible that if they looked at the list they would find some computers lying around that had TPMs in them, and if they tried on those computers, the TPM software would work fine. Maybe the OS would then run in its current form. It sounds like it's worth a try, anyway.
*cough* itunes, drm, turning up the heat slowly, more restrictions soon, told you so *cough*
I liked my powerbook, but now it's time to say fuck you Apple, enough is enough, and part ways it seems.
Beep beep.
tell it to the windows logic users (~25%) that apple end of lifed when they aquired the company.
sum.zero
Oddly enough, even though you're a troll, your post brings up an interesting question: The Darwin kernel is Free Software. According to the headline, the kernel is the part that implements the DRM. Given this, shouldn't it be trivial to get the source code, remove the DRM bits, add some code to lie to programs requesting authorization (i.e., fake the DRM), and go merrily on your way?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Darwin is BSD based, thus there is no obligation for apple to share that part of the code. If they need to hide their code to protect "trade secrets" and all that, there is nothing to stop them.
Oddly enough, even though you're a troll, your post brings up an interesting question: The Darwin kernel is Free Software. According to the headline, the kernel is the part that implements the DRM. Given this, shouldn't it be trivial to get the source code, remove the DRM bits, add some code to lie to programs requesting authorization (i.e., fake the DRM), and go merrily on your way?
Umm sure unless you want to play some DRM content. It's like buying a DVD player with no DRM. All your DRM (encrypted) DVD's no longer play. I guess if you want to be limited to playing just your friends home cam DVD's you'll be fine.
The DRM is for playing purchased media.
The truth shall set you free!
Logicdisorder BITCH!
"The most dangerous creation of any society is that man who has nothing to lose." - James Baldwin, American author
I'm not saying that a Palladium-style DRM OS can't be defeated, but it will be done in a way similar to the way game consoles DRM is broken: usually by exploiting bugs in the code. The alloying thing about that is that the crackers need to play catchup with an endless stream of OS updates that plugs these holes.
The other solution is a hardware patch. I'm sure these will appear too, but it may take time. How long did it take for the Game Cube? 3 years? A personal computer typically has a shorter life time than that.
Seriously. I know it's politically incorrect to say this here and I'm sure this post is just going to get flamed to a crisp, but I am excited by the prospects of a DRM that might actually work and I am not at all surprised to see Apple taking the lead here.
There are a lot of reasons DRM will be a good thing for our culture but since all anyone really cares about is getting a free ride on hollywood I won't even bother to go into it here. If you want to read my arguments you can hit the comments on the various "free culture" posts at lessig's blog or... well, if you even care why I think DRM is a fantastic thing for computing that's pretty much your *only* chance to find out why.
My whole plan was to switch away from Microsoft to Apple due to the (relatively) benign copy protection in OS X and other products.
I may have to rethink that strategy now.
I was planning on making my next computer a Mac as I refuse to get anything like WindowsXP which requires activation so now if I do I guess I'll have to get a G4 Powerbook. And I was hoping the price of an Intel Powerbook would be lower than they are now. When I'm ready to get one I just hope the Intel's will be announced if not released as I'm thinking they will cause the prices of the G4s to drop.
FalconShould there be a Law?
Relax.
TPM is not about openness or restrictive use of H/W. Only about authorization of OS to enable certain SW components.
TPM only enables resident OS to enforces whether it should run or not (all or parts of it; most likely parts of it).
Having Linux and TPM, together, is only useful if you are making commercial distros (albeit a very restrictive one).
So, try not to get your panty in a bunch -- Intel-based H/W manufacturer ain't going to make machines if it ONLY runs on a specific operating system. Low profit margin in an already thin-operating margin/market. OS provider MUST shell out $$$ to deploy this TPM-based HW.
The only danger I see down the road, is pulling a lefthook (after widespread TPM deployment) is hooking the Hard Drive to TPM. Its profound ramification, I leave to your imagination.
The first person to crack this DRM implementation will win two free stories about it on Slashdot!
It's difficult to see a way to restrict this approach; but perhaps I'm missing something.
The best way to predict the future is to create it. - Peter Drucker.
Oops.
I meant to say "OS Provider MUST shell out $$$ to deploy a HW that authenticates OS."
TPM-based motherboard is just an add-on and mostly a no-op for today's OSes.
The copyrighters right to copyright is not protected by the U.S. Constitution
The U.S. Constitution Online
...
Falconhttp://www.usconstitution.net/const.html#Article1
Section 8 - Powers of Congress
To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;
Should there be a Law?
I don't really care if I'm not able to run OS X on other hardware. I'm only concerned with being able to run other software on Apple hardware. The kernel can use as much DRM as it likes so long as the hardware does not use any while running another OS.
I enjoy their hardware, but am not a large fan of their OS. That's why I'm writing this from my PowerBook running Ubuntu.
Welcome to the land of the free...pay toll ahead...no photography...please open your bag...
but can't you just program the kernel to tell the media player program "yeah, sure the DRM is fine. carry on!"
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
how did you think Apple was going to keep their OS on the computers they make?
:X
javascript:void(osx.g_sDisableAppleCheck='all')
No big deal then. I'd expect them to port all the code to x86 by the time they release those things anyway, and other software vendors will surely follow soon.
(BeOS would have otherwise been a good choice, as it is closer to the Mac philosophy than any other system I've seen.)
So long as you install some solid helper applications (Webmin is often a good start) and a comprehensive GUI (KDE, rather than FVWM, for example), a good office suite (Open Office 2 is getting there) and a good collaborative environment (eg: OpenGroupware) then Linux is reasonably usable for anyone used to the Apple Mac or Windows.
Only reasonably? Well, you have to remember that the philosophies are quite different and therefore there will always be some perspective shift required. You also have to remember that a great many of the packages I listed are in beta for the next release - and Open Source is arguably always "beta" as there is always something under development in any package, even if the bulk of it is stable.
The only two other options I can think of are plying modders with beer until they produce a mod-kit for OS-X that removes DRM, or plying the SheepShaver developers with beer until they add OS-X support. Then it won't matter any more.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
but can't you just program the kernel to tell the media player program "yeah, sure the DRM is fine. carry on!"
Um.. sure unless the key for your copy is in the hardware. It's like the access card on a Dish TV box, a cable box, or the firmware in a DVD player. The media is encrypted and sent. The key is tied up in firmware. Just flipping a bit to tell it to play won't work unless you also have a working decryption program with working keys for the file. On download on demand media, the file will be encrypted using your key hash. Then the file can be played on your machine using your key. It won't play elsewhere because the key for decryption is missing. There is no bit that says it's ok to play. There is the problem with the wrong key can't decrypt the file for playing. That's how DRM works.
The truth shall set you free!
Does it really matter what his parents call him? When he see him online, he's Logicdisorder, and we can look up his posts by that name. His "real" name is irrelevant.
What would happen to Mac Office do you think if Apple dared to try such a thing?
Does a Christian soccer team even need a goalkeeper?
There's been PPC hardware released that was non-Apple and it lacked Apple's firmware too, plus Apple didn't pull the PPC emulator that will run on Intel for PPC OS X applications out of thin air. All Apple needs to do to maintain status quo is to modify EFI in some way that makes running OS X impossible without it.
The first time Apple did this, the OS looked at a few certain bytes of ROM, and if they didn't say "APPLE ][", it wouldn't run. If it did, it'd run. If it ran and it wasn't Apple hardware, the manufacturer was infringing the copyright (ironically, owned by Microsoft) and Apple went after them. If they were outside the US, the importers were sued, and sometimes Apple sued the makers on their home ground. Apple successfully fought off the Apple II clones this way.
What they are doing now is much the same on one hand, but on the other very different.
However, they're not just limiting this to the OS and hardware. They're making it possible to run or not run DRM based material. There is only one reason for this. They intend to produce machines which, just like Microsoft based machines, allow complete pay-per control. This is the intended end point. Without the DRM in the software, the machine won't run it. With the DRM in the software, only machines with the proper hardware will run it. The only way around it will be to have both hardware and software without it, and soon neither will be produced.
Sure, there'll be work arounds. There'll also need to be work arounds to prevent any such machine connected to the net from phoning home and tattling that it's being abused.
Of course I'm paranoid. I've been watching them do this stuff for 25 years.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
This is an interesting idea. I know that for a while people have been using custom kernels built from the free Darwin source to get OS X to run on older pre-G3 PowerMacs, for instance. So at least now it seems to be possible.
They have probably considered the possibility and taken steps to ensure that using a non-approved kernel image isn't possible.
"(Man) tries to live his own life as if he were telling a story. But you have to choose: live or tell." --Sartre
I just hope the Linux kernel developers get their hands on this amazing technology quickly! I don't want to keep using out-dated, inferior, non-DRM technology that doesn't "just work".
-William Brendel
if people weren't pirating things, there'd be no need for DRM
Piracy or not piracy, there is no need for DRM, given that it won't be effective in restricting pirates' abilities to do as they like. They would implement it anyway: just look at everything that is being done to restrict your freedom in the name of the greater good.
how can you blame companies for trying to protect their profits when thousands of people are ripping them off
I wouldn't blame them for protecting themselves, but this is not what they're doing. First, their profits are skyrocketing, mainly thanks to P2P; just look at recent studies proving this. Second, nobody's ripping them off: sorry man but I will not take this bullshit anymore. If Joe User downloads stuff that he would not buy if his life depended on it, he's not ripping anyone off.
Even in a scenario where companies were actually suffering because of teh evil P2P haX0rz (which is SF), such measures as DRM would essentially equate to solving the problem of pollution by asking people to switch their lights off about 1/10th of a second earlier than usual. But we would all know the causes of pollution lie elsewhere.
Honestly, you should be mad at the pirates, without whom we wouldn't have this problem
As I have shown, there is no problem. And I'm mad at sheeple like you who think this world would be good and just if not for these damn pirates, and who don't realise the need to act now, to fight against the ones trying to turn your house into a jail and your life into a privilege.
Global warming is a cube.
But I don't need to be. I don't see quite how this is anything more than a stumbling block to supremely piss people off.
Now, as far as OSX is concerned, I honestly might buy it and try it. Unfortunately, it won't run on any of my Intel hardware. So regardless of whether Apple is mainly in the hardware business or not, they just lost a sale. They're failing to see that they can directly compete with Microsoft ad tap into the huge market of people with x86 PCs.
DRM could be put to valid uses, such as stopping first posters...
it looks so empty with out the HUGE G5 heat sync :)
(yes i know i suck at spelling fell free to correct my grammar and/or spellin i dont care, im still not going to change
It'll be a lot more than one. There will be at least a half-dozen repeats.
I rarely criticize things I don't care about.
So who became more evil Apple or Microsoft?
Wow ... Spoken like someone who knows absolutely nothing about Microsoft's history. Your question betrays an incredible depth of (perhaps willful) ignorance.
We related to companies in much the same way we relate to the people in our lives: we don't regard any as being "totally good" or "totally evil", rather, we regard people as being somewhere inbetween, with varying proportions of "good" and "evil". Some people are mostly good but occasionally bad; these people we (rightfully) tend to forgive when they do an occasional bad thing, and as long it's not too bad we keep those people in our lives. Other people though are sometimes good but mostly bad, and this type of person we avoid. We relate to companies in the same way, and it makes perfect sense to do so. There is nothing hypocritical about it, as the astroturfers on slashdot desparately try to imply, when we appear to treat different companies by different standards --- just like there is nothing hypocritical about it if you forgive your, say, mostly-good girlfriend when she occasionally loses her temper with you, but you don't forgive someone who always treats you like crap for doing the same thing. Not only is this perfectly normal, it makes perfect sense too.
There's no such thing as a totally good or totally evil person or company. So what normal people seek out is those people/companies who are "mostly good".
And people protecting their rights when companies ( corporations, individuals, gov., ) try to make the access to information difficult or even impossible ? And if THEY are mad on pirates why don't THEY go after them ( those terrible pirates, maybe terrorists? ) - why bother all and everyone ? You know - real pirates exist ( even in software world. ) Might that be too difficult or might there be some other reasons ? Where do you think it is easier to get the money - some real crooks or from big public ? This subject is so old..
... the first REAL challenge the juarezkiddiez have had in years? :-)
Ready, set, go.
Seriously - Apple operating systems run on Apple-approved hardware ONLY, plzkthks. Has been, will be. We're back to roms but this time we know (to some extent, anyway?) what's in the damned things.
Or, to quote Apple's VP of Marketing from a CNet article, "We will not allow running Mac OS X on anything other than an Apple Mac." (Scroll to the end of the article text.)
Anybody in the audience to whom this comes as a Sudden Surprise, only now provoking them to be pissed off at Apple, apparently missed that article (or anything quoting it).
Failing to see? Yeah, it's dead easy to compete directly with Microsoft in the OS business. That's why NextStep put MS out of business, which is why Steve Jobs never went back to Apple, and now owns 40% of the world's wealth.
(The other 60% belonging mostly to IBM, because if a pipsqueak startup like NeXT can dethrone MS, obviously the biggest, baddest corporation in IT can do even better with OS/2.)
Thank god I dumped Apple after IBM dumped them.
Yeah! You really stuck it to 'em, by sticking with the Wintel platform that ... uh, oh wait ... will also be DRM'd in the near future.
Did you really think Intel put in DRM just for Apple? WTF.
"we're all responsible for our ills, in one way or another."
Well... Kinda. To paraphrase Billy Joel, 'We didn't start the fire...' Most of use didn't implement these sorts of things or control the general direction. There's simply too much for one human brain to handle - and most humans aren't real technically minded to begin with.
All we can do is begin to address and redress already existing ills as we discover them. I believe we are only responsible if we know about it and do nothing.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
it was reported very early that using Intel did not mean cheap PCs from Apple. Their business model says they must control both hardware and software, so DRM chip(s) are expected. IMHO the main stated reason, stated by Steve, is tied to power consumptions, not cost.
There was an unknown error in the submission.
Infineon is the company name, not the chip name. If Infineon deals with Apple the way they deal with my company, Apple will switch to someone else in after a short time. Did 3 Infineon execs get locked up in Germany?
There was an unknown error in the submission.
But if no one posted first, then no one could post second, or third, and there'd be no posts at all.
"Stop failing the Turing test!" -- Dilbert
What we're getting here is an on board tamperproof(ish) crypto processor.
Exactly the thing you always wanted to safely put your ssh keys into, to have your X509 cert tied to, to lock your own VPN's into. And because it is not some separate chip card - and relatively fast compared to that - it propably can be used in much more secure modes; voiding the need to have things like passwords or unencrypted private keys in memory.
And one worry less for when things get stolen or taken over.
Given a few bright hackers won't be long before openssl, firefox and what get augmented with this chip as their storage areas.
Dw
Now, imagine you hired somebody and you told him to do something, but now, instead of just doing it, he insists on getting permission from someone else before he will do what you tell him to do. This leaves someone else in complete power of whether or not you can get this guy to do what you hired him to do in the first place...
Its yet another layer ( possibly dozens of layers ) of additional negotiation that has to be played out before things can happen.
There are many businesses out there who are running on razor-thin profit margins as they try to remain economically competitive. Adding yet more layers of nonproductive negotiation will require cutting finances somewhere else, and often nothing is left but salary and benefits.
On top of that, DRM enables somebody else to control whether or not the infrastructure you already paid for and installed will be permitted to continue to function. Would you want a toilet which insisted on "phoning home" and getting permission to accept a load?
Believe it or not, there are many people out there which have a so-called "business" education that are completely unaware of the business risks of having somebody else at the switch which controls whether or not the business can function.
We are trying our damndest to protect their ass.
Its like trying to make sure your neighbors don't erect highly flammable houses in fireprone areas. Just as firemen know a fire in a neighborhood threatens all the houses, this DRM thing can easily get out of control and threaten all of us.
There are some of us who know there is no reason at all to pay someone else over and over and over again for work that's already been done. But we also realize using DRM to enforce that paradigm is quite doable, and there are a helluva lot of people out there which will jump at the chance to lure us all into this cat trap.
Me and a lot of other people here have been trapped before, and know what this kind of cat trap looks like and what it does.
Once that door slams shut behind you... err, well forget about a lot of stuff you used to take for granted.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
I still think the problems raised by DRM are greater and more severe than those it purports to fix. Obviously, fair use and doctrine of first sale are the first to disappear. But also, common carriage is at risk, and if DRM gets into routers and switches then it will be possible to make the Internet into the same mess the telecommunications network is in.
The nature of DRM and the clumsy attempts we have seen so far also indicate that there is great potential for human rights abuse, too. There is of course the ability to monitor who is interacting with whom, the DRM software has to track this to work. There is also the ability to block or censor communications. After all, restricting access or dissemination is what DRM is all about. And that directly affects both the right to free speech and the right to peaceably assemble -- after all what can be published or organized without the Internet or the Web these days, without them you're shut off.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
I for one, welcome our new Apple DRM overlords!
By the perception of illusion, we experience reality
Anyway, it turns out it was worth buying hardware for -- it's great. In fact, I just had my dad get a new iMac (despite the fact that it's not upgradable). Surely you could scrounge up enough for a Mac Mini, or something?
Of course, considering this article I might have to switch back to Linux in the future. I sure hope Apple doesn't become more evil than it already is! : /
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
This will never (I'm saying never) be a ploy to keep you from sharing your iMovies with your family without paying royalties. This insures the OS stays on the platform it was designed for.
I can't wait til the hack comes that gets OSX on commodity hardware.....then the bitching that will follow about how it's not stable, doesn't work with some bizarre image editing software that's open source...blah blah.
Some people in this thread want to "borrow" a lawnmower to try it our for a haircut. That's the analogy here, folks.
While the l33t crowd is trying figure out how to make CoreImage work on their Chaintech PC video card, I'll be getting hundreds of hours of productive work done on my mac, regardless of the CPU.
pucker up, buttercup
Yes, but what about if nobody could post AC until at least one logged-in user had made a post? That way, in order to get a first post, you would have to risk your precious karma.
Je fume. Tu fumes. Nous fûmes!
Can we get the DVD kid (Jon Johansen) to start working on this ASAP?
Mac toys and accessories blog
I blame the parents and the decline of spirograph.
-- Using the preview button since 2005
If you read the TCG official docs, you'll see that remote attestation (signed hashes of the hardware and of the bootloader can be encrypted and then checked by the OS or sent through the internet) is an official feature of TCG/TPM/TCPA.
Its amazing how many more seeds there were for OSX Panther on eMule and BT trackers just after PearPC made their first usable release.
Apple isn't particularly worried about its users committing copyright infringement - even today OSX doesn't force the user to register it online or authenticate. However I bet they are worried that their OS would be widely pirated by Windows users who want the experience without paying for it, as to a hardware company that's suicide.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
haha
yet again. apple brings us features that microsoft plans to use in longhorn before ms can put it out. and you thought it ended with desktop searching.
MS very often crushes companies for no good reason, remember the anti-trust case? Convicted in a federal court for doing it should sort of tip you off that they do it. Apple however has bought out people several times, with the prime example being iTunes.
I noticed we don't have right to speak against Apple or some guys/gals with direct or indirect commercial contacts with Apple jumps into discussion and calls us:
;)
1) Ignorant
2) Zealot
3) Clueless
4) Lifeless
I admit I am a big mouth on Slashdot, but it doesn't mean I have to get harassed by unethical people can't even tell about the companies they work for, the contracts they have with Apple and how close they are to Apple workers themselves.
I "switched" to Mac after struggling with x86, Wintel and never ending lack of Linux desktop for 10 years but I must say I expected the developers for this elite platform being a bit more elite and having own way of thinking.
Mactel costed me getting banned from 3-4 channels, giving up (deleting) 2-3 open source projects I donated to and having a bad taste in my mouth about my "switch".
Enough damage.
"Think different" you know
Ps: In 24 hours some zealot with lots of "developer" karma will find an explanation to this fascist choice of technology.
seems I will save money and buy myself an G5 PowerMac before they disappear. And hope & pray that it doesn't break down to soon.
...
... life sucks really bad.
With Windows Vista saying: You can't do shit on your own PC and Apple saying: You can't do shit on your own Mac, I probably have to return to Linux or try to live with what I have forever
[a lot of angry words here about DRM crap]
So I need to wait for a cracked Apple Kernel then? Holy moly
"Freiheit ist immer auch die Freiheit des Andersdenkenden" - Rosa Luxemburg, 1871 - 1919
Yes, we daffenittlay do.
Why should they? I work on an app that's cross platform - Linux, alpha on Mac OS X and a Win32 port in the works. Having access to the latest Mac OS X for free on my normal desktop without having to scrounge some 400MHz gutless laptop to do builds on would massively improve my ability to work on the Mac OS X support. As it is, I just don't find it worth the effort, so it's mostly a couple of contributors who have Apple hardware doing the work.
I don't understand why Apple isn't handing out CDs of the early builds to developers in a way that'd make AOL look frugal. Surely they want to maximise exposure and get more developers trying it and using it now? There would be a lot of user installs too, but that'd only last as long as that version stayed current - by 10.6 or 10.7 those users might well be eyeing a Mac for an upgrade.
Personally, I'd *kill* for a Xen port of Mac OS X for developers, so I didn't even have to reboot from my normal productive working environment into Mac OS X
Your X install, include your .xinitrc shouldn't be any different across *nixes (so long as the same x.org or xfree release is being used, and even there, it's stayed fairly consistent). It's just that RedHat does a lot more for you by default than FBSD does.
;-)
Personally, FBSD is one of those things I really wanted to like, but time and time again left dissapointed. That said, it's a *nix, so it certainly has it's good qualities
Honestly, how many Apples have Word, Excel, etc. files on them? How many Apple users use Textedit, Pages or older Appleworks software with these? And why would Apple give Microsoft control of those files? Locking down Word files to Word, Excel files to Excel, etc. would only hurt Apple.
It's worth asking what this *is* for ... and what this *could* affect.
(If worst comes to worst, I'll keep this machine. indefinitely.)
If it weren't for Microsoft tolerance of bootlegged Windows and MS Office, their dominance wouldn't be as clear. "Pirated" software is good for sotware companies. Their products get exposed to a vast amount of people. People that work at companies. People that make decisions about what software to buy for their business.
So if Apple goes TCPA and MS follows, then the only non-crippled system left is Linux (sorry BSD guys, your OS is still hostile)
That might be good news. And my current iBook might be my last Apple.
------- Look mum! I have posted another Slashdot comment! --------
Both OSX and Windows are rented operating systems. One rents them as a service, from the vendor. Think of all the other things you've rented in your life (a car, TV, apartment) and the restrictions surrounding use of those. When you 'buy' a copy of OSX, you are actually signing a lease to use it for an undisclosed period of time, with restrictions, in full knowledge you will likely upgrade. When you upgrade, as so many people did with Tiger, that is simply considered to be another installment.
Non-rental operating systems, like Linux and the *BSD's, legally allow you to do as you would like to with your music, share, distribute, modify.
It would make Microsoft a lot of money.
Keeping Hollywood and the RIAA happy - that's more like the main reason to do this.
:-(
Apple, yesterday: "Think different."
Apple, from now on: "Mainstream, but as the champs of it."
And of course, DRM on the coming Macs will also be doing Pixar a favour.
My sympathies to Mr. Gandhi, Rev. King, Mr. Picasso, Mr. Einstein and others as it looks like their names have been misused in an Apple ad campaign.
I mean, can this prevent stack overflow sploits, and other methods of raising some process privileges from working?
It would be interesting to see a method to "hardlock" user permissions, and access to the sistem. This can be very usefull, indeed.
Of course it's a way to prevent access to protected areas, like DVD-Burning, or any other API Apple don't want hackers to be messing with. Or to prevent OSX from running on "unnautorized hardware", but let's concentrate on the positive side of this stuff...
Now... since this thing operates on kernel level, and if Darwin (the OSX kernel) is OpenSource, is there any chance that the source for DRM stuff will be released as OpenSource too?
---- You know how some doctors have the Messiah complex - they need to save the world? You've got the "Rubik's" complex
Oh, be serious now. It's their OS. They want to keep it on their hardware, for several reasons (which I think have been hashed out sufficiently). The technology is available (in the form of TCPA) to do it. And really, I think this is the most sensible, legitimate use of this technology that I've heard of. Really, what'd you think they were going to do - cross their fingers and hope? I think it's pretty clear Jobs & Co. have thought about this long and hard. So no, I don't think this is boycott-worthy.
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
You know, I was actually slightly thinking about buying a Mac. I figured, if the prices drop enough when they switch to Intel, I can buy one and run Mac OS X and Linux (probably Gentoo) on it. But I am absolutely not ever buying an Intel Mac for myself, just because the next logical step after restricting the OS from booting on "non-trusted" BIOSes is restricting the BIOS from booting "non-trusted" OSes, like, oh, say, Linux.
I will build my own CPU out of TTL chips and wire-wrap if it comes down to it, but I'm never accepting a computer where Trusted Computing is used against me. (Frankly, it's an awesome idea to include the chip, but only if it is used for user-requested cryptography. Using it against the user is BAD!)
ttuttle is a rankmaniac
stickers that say don't run our OS on non apple computers. ;)
(This is a bit offtopic, but still related to Trusted Computing...) You know, I think the whole Trusted Computing thing has gone on long enough with the industry spreading FUD about how it will enable "an enhanced, market-driven dynamic media distribution paradigm shift" (e.g., lots of fancy buzzwords meaning that we aren't allowed to share media anymore). We should start spreading equal FUD, saying that "Foobar chipset computers will keep you from sharing media with your friends." Realisticly, when used by M$, TC will extend to include banning P2P programs as best as they can and enforcing blanket restrictions on what you can do with media. People will hear this and think, "I'm not buying *that* piece of shit! It won't run KaZaA and all those lame spyware-ridden P2P apps! How will I *ever* get music without downloading it from some *other* person who *did* buy the CD?!" In other words, they will call BS like we have all been doing. Any thoughts?
ttuttle is a rankmaniac
more complicated than building a rocket ship from scratch using only a stick of gum and some 2x4's
Gromit, that's it! Cheese! We'll go somewhere where there's cheese!
Everybody knows the moon is made of cheese...
If you analyzed the mach_kernel binary file on the Developer Kits, you would see that the kernel is vastly different than the Darwin 8.2 that Apple released as open source.
The software shipped with the developers kits isn't any of the released software, so there's no reason to assume that the released version of Darwin would match it. Apple didn't release the source to Darwin 8.0 when developers got Tiger, but rather when it shipped.
Damn, talk about irony! The entire "free software" community has had its fists buried so deeply in its ears over this issue for years now it is doubtful we can make a meaningful recovery of the ground that has been lost.
You try to pretend TCPA and DRM can be killed at birth and you are wrong. You try tto pretend DRM cannot be made to work and you are wrong. The same technology that protects HOLLYWOODS data can protect YOUR dat and MY data. DRM will allow computing to move into a new paradigm where conversations can be reasonably assured of being completely ephemeral OR where "data" can be moved from point A to point B with the relative security and geographic displacement of a physical object. But people lie and copy and cheat and forge and so to do this requires a *trusted platform* - a system you and I can both agree has been verified for honesty by a disinterested third party to our exchange.
If you don't want to buy DRM media then don't buy it. But insisting someone is trying to "take your rights away" because they are asserting *their* rights is, at best, disengenuous.
The open source community at large needs to take off the tinfoil hats and start doing some real development on these platforms. Like it or not DRM is coming and if you sit out the party no one is going to listen to you complain that everyone else already got all the cake and ice cream.
First, it assumes that businesses survive because of merit. Exhibit A: BeOS.
The OS that was released half-finished on hardware that was half-finished, and that was sustained by sales of incomplete betas? The OS that uses the worst object-oriented language in existence as a core part of its API? The OS that was never released with production quality TCP/IP support, at a time when the Internet was becoming key? The OS that was supposed to be small and fast and sleek and yet required more hardware and a faster processor than any of its competitors (yes, even Windows NT and UNIX) just to boot?
It's only by comparison with "classic" Mac OS (which has also finally got what it deserved... some seven years later than originally scheduled) that BeOS looks good.
And why the hell would Apple release a Darwin kernel that calls commercial third-party software?
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
It's a little different because up until now we've had the option of breaking the law. Imagine how different the world would be if civil disobedience were impossible.
In Soviet America the banks rob you!
This isn't true. Contracts can contain illegal terms, and if they do then they're invalid. An obvious example would be if an employer inserted a clause saying they could kill you if your performance fell below a certain level. If an employee signed their life away like that for whatever reason, it's irrelevant. The contract clause is illegal, and any employer that followed through on it would be in a lot of trouble.
There are legal protections on the content of employment contracts to stop employers from demanding unreasonable conditions from their employees, current or future. It's also why we have things like minimum wage. Some rights can be given up in a contract, but others can't.
Whether a drug-testing clause is or isn't okay would depend on your local legislation. Some governments would definitely consider it a breach of personal rights, and would disallow an employer from deciding who to hire based on their acceptance of submitting to a drugs test. Chances are there would sometimes be exceptions with this, however. It might be acceptable, for instance, if it's an obvious safety issue on the job, and/or if there's reasonable cause for suspicion that you're taking drugs. An employer might have to provide convincing evidence for suspicion, however, regardless of what a contract states.
Personally I don't think that nearly enough is done to stamp out ridiculous and illegal clauses in contracts. This is exactly the same reason why we have hopelessly one-sided terms of service on shrink-wrapped software. There's very little, if any, penalty for putting in highly dubious or illegal clauses and then pressuring someone to agree to them.
This is terrible. There is another OS kernel with a TPM driver now as well. We'd all better stop using this 'Linux' thing as well.
Rich
Does anyone really expect software controls to prevent anyone from pirating this? Unless each DRM chip has a secure checksum of the kernel to validate tampering and be unique to each installation (and break updates), how can anyone expect this to stick?
Granted, I don't know anything about the Intel DRM technology, but I don't see how it can work long term.
Here I am, releasing Trusted Linux. Here's the GPL-ed kernel, and because it's GPL here's the source to the DRM component that's linked with the GPL-ed kernel. Now none of you buys download the source to the DRM code and modify it, y'all hear, that would be naughty.
It's even hard to see how you'd get away with DRM in an open-source kernel, since if everything in the kernel except DontTouchMeImTheDRMCode() is available in source, the opportunities for bypassing DontTouchMeImTheDRMCode() DRM are unlimited.
The time to panic is when 10.4.7 or so is released on the new Intel Macs and Darwin 8.7 doesn't show up on Apple's website. Right now we should be in pre-panic mode.
The Apple Panic Alert level is: [A Nice Hot Cup of Tea].
Microsoft will be forced to push up the rollout of similar lockdowns for Shorthorn because if they don't Apple will have all the video over net business locked up and Hollywood won't let Bill play.
Wrong, wrong wrong. Content providers will never, ever, target the Mac to the exclusion of windows. Windows has over 90 per cent of the desktop market. No matter how good the DRM on the Apple may be, I think most content providers would rather sell to the larger market. Hell, even apple don't just target the Mac (itunes).
"I realise this is not a very popular opinion but it's the truth, and there for needs to be said" -Bill Hicks
microsoft's problem is the complete opposite as this one. microsoft is trying to prevent unsigned code from running on "their" hardware.
The question is... once they have the DRM support, what will they do with it?
FairPlay that actually works?
Make sure you have good backup copies of your iTMS music on audio CD or (cough cough) otherwise. Not so you can warez it, but so you can keep playing it on your PPC Mac if iTunes switches to requiring Intel DRM support to decode iTMS tracks.
Also: if they're actually planning on supporting strong DRM (hint: Video), they're going to have to think about closing the Darwin source.
Just one little phrase in the EULA holds the software company who coded that DRM harmless, yet even in the case of abandonware, current DMCA law still considers one trying to salvage his investment to be a criminal.
We little guys best stay out of this and leave this kinda stuff for the big guys who can afford to finance the proper legal teams, as DMCA law forbids solving the problem on the technical level.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
Guess I'll use my G4 Apples as long as possible then switch back to Linux full-time when the Apintel's come out. Unless...someone comes up with a way to recompile the kernel without Big Brudduh!
"Personally, FBSD is one of those things I really wanted to like, but time and time again left dissapointed. That said, it's a *nix, so it certainly has it's good qualities ;-)"
/. posts on that subject have made my feelings quite clear. It's *my* computer, I'll say what happens, thankyou.
:) Their loss.
Have you tried PC-BSD? http://www.pcbsd.org/
I'm not claiming it's any competition for windows, but it's fast approaching the friendliness of a lot of linux distros.
I was quite impressed. They seem to have made some major progress, and seem to be working and releasing at a brisk pace, and most things either "just work" or are configurable with a GUI.
Again, I'm not saying it's as polished as windows or even some of the more user-friendly linux distros, but it's worth a look. For many it may be a friendly enough desktop to consider as a combo desktop/personal server, with the *BSD server goodness mitigating some of the friendliness issues remaining.
I'm a linux-user with medium skills with linux, and had tried FreeBSD a couple times, but the initial learning curve was so steep to get a working and configured desktop that I couldn't afford the time investment.
I'm now happily multi-booting 2 linux distros, windows, and PC-BSD, and have enough of a leg-up to be able to explore and learn at an acceptable (to me) rate. My g/f even had me replace her linux/KDE desktop with PC-BSD, which shocked me...she's not a geek or even especially interested in OSs. She told me she just liked PC-BSD because it "felt more stable".
I hope the folks at PC-BSD keep up the great work they're doing in making FreeBSD easier for people not already well-versed in *BSD/UNIX to get a start with.
Hopefully that will help them through that critical initial period until they've gained enough experience, so they'll stick with it.
As to TCPA/TC, my past
If it ceases to be possible for this state of affairs to continue, then I have other interests and places to spend my money. Maybe some more vintage guitars/amps and EFF donations.
Just my $0.02
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
From the .nfo:
Release: Apple MacOS X Tiger *x86* *PROPER*
Type: OS
Format: ISO
Archives: 47x50mb
Date: 08/2005
System requirements: Intel Pentium 4 w/HT/1GB RAM/10GB+ HD
R E L E A S E N O T E S
Thanks to the guys at phe*NIX who released a non-working copy. Too bad we at XiSO had the OSX x86 DVD for a few weeks now, working hard on disabling the Infineon/Trusted Computing module which is present onboard of the "developer" Apple-Intel boxes. As some of you have heard, Rosetta, Apple's binary translation software used to convert PPC binaries to x86 bytecode at runtime is a primary user of this Trusted Computing module, and since majority of OSX Intel apps are actually PPC bins, not much of the OS is usable without this binary converter working. So we patched that, as well as a check during boot for "supported hardware". Enjoy!
I N S T A L L N O T E S
1. Burn to DVD using your favorite burning software.
2. Enjoy this fine release from XiSO.
3. This has been extensively tested on various hardware configurations, but you WILL NEED a SSE2+ enabled CPU to run this on. Also, this has *NOT* been tested, and not expected to work on AMD CPU's.
http://thepiratebay.org/details.php?id=3363864
That was quick.
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
---
* i.e., that actually have a battery life and don't light the user's capri pants on fire
They say the mind is the first thing to
Hasn't been illegal for over a year :)
Neko
Nobody seems to have figured out that there are much more difficult things to solve before OS X can "run everywhere": There are no drivers for 99% of the white box hardware out there. This has always been the #1 reason, IMHO, why nobody should have expected a shrinkwrap OS X.
Why would Apple want to get into the same driver morass that M$ is in? If there is a driver problem with Windoze, it looks like a M$ problem, whether it is or not. Hence the certification program. But that doesn't really make life any easier: Imagine the nuisance value for an O/S vendor having to certify and keep track of 100,000 random device drivers... Software support is hard enough just in a niche (for example, imagine Dantz's headaches supporting Retrospect and the endless combinations of host/adapter/drive!) But an O/S vendor has to support every permutation to some degree, or at least give an appearance of caring.
Apple's big win in this area was (like Sun, SGI, and dozens of other high end vendors) was controlling both the hardware design and the O/S, so they only had to support a relatively tiny set of hardware, and they had perfect access to its specifications and often designed it themselves anyway. That perfect integration is not available to generic O/S vendors like M$ - and the difference in end product has always been stark (for those who bothered to compare).
you had me at #!
how is paying for mac os x and installing it on an x86 computer you already own, copyright infringement?
You didn't pay for the software, you paid for a license with respect to the software. Your subsequent reproduction, distribution or derivation from the software is only permitted to the extent it is within the scope of your license. If the license doesn't permit you to install it on an x86 computer you already own, you have engaged in copyright infringement.
Section 117 of the Copyright Act won't help you unless you are an owner of the copy you possess. But read the fine print -- you didn't buy the copy, which was retained by apple, you bought the media on which the copy is stored. Legal title to the copy remained with Apple, so Sections 117 and 109 of the Act don't apply.
Damn, that sucks, but that's the way it is. . .
And oh, by the way, if you continue to sit tight and do nothing about this sucky state of the law, it will only get worse. The 8th Circuit is now deciding whether shrink-wrap contracts can permit a waiver of fair use, a decision already made by the Federal Circuit in an earlier case.
Pretty soon, you will have nothing left..
What does it mean to have TPM support in a GPL-ed kernel?
It means a software component can securely extract keys from hardware.
Does it mean that it can securely do anything with the keys? When the kernel can (for example) wrap tpm_read() with code that copies everything it reads for later replay? Or trap to an invisible code tracer on tpm_open()? Or just start saving everything that the program write()s so the program itself becomes a cracker for whatever DRMed content you're trying to protect?
There's lots of things you can do with TPM in an open-source kernel, but DRM isn't one of them.
So? That doesn't mean that the people who aren't willing to pay for it are somehow entitled to it anyway. If the product is not worth the asking price, then say "no" and walk away.
"Apple has included with the Developer Kit DVD uses TCPA/TPM DRM. More specifically, it includes "a TCPA/Palladium implementation that uses a Infineon 1.1 chip "
Yes, but does it have Full LRF Support?
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
The United States Supreme Court struck down the Texas sodomy statutes in 2003 on privacy grounds, so fear not.
Maybe there is still a chance for technology?
but I got my first Job at 16, and they required Drug Testing, and I'm fairly sure it was a pretty standard procedure by then.
On a slightly different but related note, pre-employment/random drug testing is, essentially, a fetish unique to the United States. It's unheard of outside of the US.
Weirdly, the people who are most aghast at the idea of drug testing are people in other Anglo-Saxon nations (like New Zealand, Australia and Canada.) It remains a mystery why Americans were so milquetoast in how they dealt with drug testing, whereas other nations thought it was entirely unacceptable.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
You are Schrodinger's Cat AICM* knowledge of your position and velocity simultaneously.
*: And I Claim My
The point was that if you're a Windows user, you've got to learn the ropes of OSX just like you'd have to do with Linux. UI consistency issues aside (and I agree with you there), it's not a 5 minute or even a 5 hour task to become comfortable with the new way of doing things. Personally, I don't think a lifelong Windows user would find either Linux or OSX that much easier to learn than the other. They're both "different enough" from Windows that you'd have to spend a fair amount of time getting used to things.
Cheers,
Let me repeat OSX WILL ONLY RUN ON APPLE HARDWARE!!!
Ok? Got it? If you really wanted OSX as much as you purport you would have bought a mac mini.
Oh I know $500 for a computer costs too much, and you just want to steal OSX and run it on you klone or dell.
Honestly go back to your Linux, and fight over your KDE or GNOME nonsense, and how Linux is loosing out just as Unix did wthat that CDE vs Windows nonsense, when infact it just canabalized the unix market in the 80-90s.
As for the DRM, what did you expect? Apple would just flood the market? Since you probably have never download or installed Darwin, I guess you have never noticed just how device driver poor it is, or just how un linux it is.
So put up or shut up, go buy a mac mini, or just keep plodding along with your x86, since you are too cheap to get a named OEM peice of hardware.
Sheesh.
People just don't seem to get it. This commercial monopolistic behavior will become the demise of the commercial software industry. I can understand the need to make a living off of a trade, but this is getting out of control. As the global population becomes more tech savvy, there will be unprecedented backlash from such moves. I adamantly refuse to purchase software or hardware that will limit my rights through use of DRM. Software companies: Get over it. If you don't, your time has already come and gone.
It is funny, but not ha-ha funny. The whole reason that many people enjoy using computers so much is the feeling of control.
Each of us can choose our operating system, our programs, and our data. If so motivated, anyone sitting in front of a keyboard could learn to program, and choose the development environment they enjoy most.
But with DRM, those feelings of power and control are over. Even as the owner of a PC, you no longer control your machine. You have to ask (and receive) permission to run your own files.
Personally, I refuse to become an electronic vassal. So long as there remain alternatives that allow me complete access to my PC, then I choose those, no matter how beautiful or functional the DRM solutions are. If that means I have to abandon both Windows and OS X, then so be it.
i would like to donate to the eff, except i don't want to be put on a list of terrorists. the only way to even have a remote chance of beating this nonsense (criminal and unethical behavior) is to educate the public at a greater rate than the "mainstream media" can "educate" them.
Is it difficult to be that full of shit? Do you sometimes feel a pressure building up behind your eyeballs, threatening to fountain brownly forth from them?
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Yes, but that power is being abused... It says copyright for limited times... If I can pass retroactive copyright bills (Copyright Act of 1976, Copyright Term Extension Act) then can one really say that term is limited? (Note: the Copyright Act of 1976 had it's good parts).
Importantly, it has the clause "to promote the Progress of Science and useful Arts" - once copyright is no longer filling that role, it should not be in place...
Rebuttal: How does a software patent (amongst other things) promote science? Art? What about content which is still copyrighted, but not "profitable"? It will be locked up, and eventually age until it's destroyed. (See the story behind Eldred vs. Ashcroft).
And, to bring this post somewaht more back to the OP topic... When the media protected by DRM finally does enter the public domain, how will we access it and make it freely accessable to everyone? If the publisher doesn't create a DRM-less copy, we'll have to devise tools to crack the DRM, and if that DRM is still used by copyrighted media... WHOOPS! Just broke the DMCA!
But signed with which key ?
As the OP mentions, TPMs currently don't ship with a pre-installed key.
Whoa, sailor. The publisher of Harry's delightful Hogwarts adventures doesn't license anything. They sell a book to me. Their remedies against me if I decide to go sell my own copies have fuck-all to do with any license that exists between the publisher and the book purchaser; it's a civil wrong or, on a larger scale, a criminal offense. There was no contract.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Some how Im guessing no.
The only way to anonymously donate money is to put some paper money into an envelope and mail it to its destination.
With the advancements in DNA PCR technology, make sure you do not use your saliva to moisten the glue on the back of the envelope. In fact, it is better if you handled the cash and the envelope while wearing latex gloves too.
Now, let us move to the electronic realm. The parent post says that you can make an anonymous donation on the net. Sadly, no such technology exists.
There is no on-line method in which you can trade money anonymously. With paper money, the recipient gets the cash and nothing else. You disclose absolutely no personal information.
Current on-line systems are much to chatty. They also disclose your name, your account, your e-mail address, and leave a paper trail anyone could follow.
Aside from the first example, none of those are laws; they're inconveniences foisted on people who have done nothing wrong as an attempt to make criminals' lives more difficult, by making everyone else's more difficult.
So yeah, we wouldn't need colon searches at the airport if it weren't for the aforementioned morons.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Whoa, bag searches at supermarkets? What's up with that? I've never heard of such a thing. Are you talking about the occasional annoying moment when the clerk forgets to remove the tattle strip and you get the "STEP BACK, CITIZEN! YOU HAVE ACTIVATED WAL-MART'S HAPPY INVENTORY SYSTEM!" message boomed from the loudspeakers?
--grendel drago
Laws do not persuade just because they threaten. --Seneca
If OS X had to run on a gazillion different combinations, that fact would be a major point it making it less reliable and less stable. BECAUSE THE OS IS SOLD TO RUN ON ONLY A FEW HARDWARE OPTIONS, IT"S EASIER TO WRITE AND TEST AND Q/A THE DAMN THING! That is part of the success of OS X and what makes it run so geat. Of course Apple wants the hardware sales, but controling the hardware is critical too. I would not want an OS X that could run on Compaqs to Dells to A Opens to your custom PC because then I wouldn't get uptimes of 90 days (rebooting only for security updates that touch the Kernel, etc).
LOOK AT SOLARIS. Ask anyone who needs a Solaris box to stay up for critical stuff (not FTP server, talking about critical stuff at the core of a company / government / hospital) and it will be on one on Sun's servers, it will NOT be Solaris for Intel. Big metal + Tested Metal = Solaris uptimes of years if need be. Small metal + Tested Metal = OS X I know and love.
This doesn't bother me at all, as long as they are using to prevent OS X from running on other systems, not preventing linux from running on macs.
Which, from the sound of the guys who claim to have gotten Windows and linux working on the developer machines, is the case.
I don't know why everyone's freaking out about this. I have plenty of OEM discs that won't install a system other than the model they were made for.
It's just a way to check for a system's "Mac-ness" since the hardware is otherwise standard.
Please crack OSX.x86 !
Sure, it can be used to seal corporate memos and such... but I'd consider that part of "business". TPM is a tool, not a restriction. Unlike palladium, it only provides basic cryptology functions. So, while it can be used to implement TC, it's main purpose is alot less devious. It can be used to run a "trusted" operating system (e.g. the one you originally built), and thus make more static guarentees concering, say password authentication. In addition, you don't have to worry about compromising your private keys, either... They can all be stored in a safe manner on your HDD.
Concerning IBM and TPM, I'd say its ok to remove your tinfoil hat. It it were Apple or MS and TPM, different ballgame.
I think we should stop buying. I don't mean stop buying Microsoft, or Apple, etc... No, I mean we should just stop buying new software or hardware. We have all the power we need, and all the software we need. MS Office has not improved in years, and neither has any other software. Moore's Law is just an outdated general observation, and the biggest improvement in recent years on any computer is that you don't need a driver for USB storage devices! Maybe if we just stop then some worthwhile innovation MIGHT just happen for us to start buying again. Just my 2 cents worth.
Apple seems to always be focused on having a high-quality user experience.
Agreed. That is why many here on Slashdot are having a hard time with hardware DRM on Apple's Intel machines.
Really, can you think of one reason why a user would want DRM on his or her machine?
By adding the Infineon 1.1 chip to its motherboards, Apple is telling the world that it is now making machines for copyright holders, not for users.
I had the opportunity to talk with ESR a couple of years ago and asked him what he thought about Palladium, and to quote: "Palladium is Dead".
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
I imagine the Woz would be deeply disappointed by all this TCPA/TPM DRM nonsense.
Has anyone interviewed him about it yet?
PGP
or
SSH
And when the cops shoot a black man for having a candybar in his pocket or shoot an unarmed non violent black man four dozen times at close range...
Is that really what you think? Really? Even if you read a story about cops shooting an unarmed person who had a candy bar in their pocket...do you really think that is the begining and end of the story? You don't think there is any additional information missing that might explain why someone who makes a career out of law enforcement would just go murdering innocent candy bar eaters with no provocation? Do you REALLY think that?
I think the grandparent is right. Without infringers of copyrights, there would be no reason to spend R&D dollars to electronically deter infringement - it would be a waste of money.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
Alot of people are really worked up over hardware DRM. I think that if it becomes reality, people will eventually find some way around it, hardware side. Just look at all the modchips available for Xbox, PS2, etc. Those all let you get around hardware protection in some way. I don't see why or how TCA/DRM on PC's could be that hard to circumvent either. Modchips would move from consoles over to computers.
:(){
Paluminum.net
I am a small employer. The reason we have pre-employment drug screens has absolutely nothing to do with me or my company's opinion of them.
Our insurance rates are cheaper if we do them.
It is a VERY simple cost/benefit anaylysis. We save money by requiring drug tests. Not in productivity or anything like that. Just our insurance rates.
I suspect we are not the only ones who are faced with this choice.
So Apple is using the Palladium chip for DRM of their OS. Big Deal.
Before the Intel switch, the "DRM" for OS X and before was the PPC architecture. Because the kernel and OS were only compiled for those architectures, it was effectively a DRM because you could only run the software on a computer supplied by the SW vendor (Apple).
Same thing here, but because the x86 processor is more widely available, Apple is supplimenting DRM by using a "DRM chipset".
Nothing has changed from an "Access to the Apple OS" point of view.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
Absolutely. Macs are sort of the gaming consoles of the computer world.
Everyone seriously needs to calm down and carefully read what the article is saying.
The development release of OSX86 uses the features already present in the hardware to keep itself from being spread to other machines. Currently, all it does is prevent installs. It does not mean that the completed versions will use the DRM for anything (although it is certain they will expose it).
Further, it's not immediately obvious if Mac OS X can really be restrained by this kind of DRM because of tools exploiting certain aspects of Mach-O's binary structure.
It is disappointing, yes. But this is not a "Sky-Is-Falling" event. It's not even particularly surprising. We knew that Apple would use this to some extent. If all they use it for is their DVD player and their FairPlay DRM decoding module, then we know exactly who is calling the shots on the use of this kind of DRM (You have three guesses, and here's a hint, it's not Apple).
Slashdot. It's Not For Common Sense
Nice. Look who's talking. And can the tired comparison of Macs to BMWs. It's bullshit and you know it.
I too have felt the cold finger of injustice.
bag searches at supermarkets
Tell the person asking to search your bag at the supermarket that you refuse to allow this invasion. Store employees have no right to search your belongings. At best they can call the police and accuse you of shoplifting. You don't have to even stay at the store waiting for the police to arrive. The security guards have no right to hold you, either. Security guards can only act intimidatingly and yell at you. If they order you to come to some back office, just say "no" and leave. If they have an off-duty cop rented to guard the store, though, all bets are off.
Seth
$5 / month hosted VPS on linux = awesome!
When you buy a Gamecube game, you shouldn't be pissed off that it will not run on your PlayStation2. For example, if you're primarily a PS2 gamer but just can not live without playing the new Zelda game, even though it's the only Gamecube game you really want to play, you might use the same logic you should be able to play it on YOUR hardware (the PS2) because you bought it and you own it. Sorry but you'll have to crack down and buy a Gamecube to play it.
Same thing with Mac OS X. Get over it, the only point of the DRM is so it only runs on Mac hardware. Mac OS X doesn't even ask for a serial key when installing, so they're not all that concerned with pirating, just keeping their software on their hardware. There's no conspiracy to lock down your music or video (why would they make iTunes and iDVD?) and there's definitely no conspiracy to limit your freedom through DRM here. STFU and realize the Mactel DRM is not here to bring on Orwellian oppression on your cheap ass.
Mac software, Mac hardware. Gamecube software, Gamecube hardware. It's not going to run on your 1337 AMD box made out of cheap spare Dell parts from your basement. If you want Mac OS X, you're going to have to buy a G4, G5 or wait for the *real* elite computer: the Intel Mac.
You might say "well Apple would make more money if they just sold the OS for any x86 system." Well sorry, but Apple isn't going to run out of business just because they lost your sale. They already make billions a year in profit with their mere 3% market share, and it's only going to go up when the Mactels come out. Don't even pretend you were going to buy it anyway if they *did* release it for any x86 machine. You were probably going to just wait for a torrent release of it, and you'd probably come up with some valid logic why that's OK too. Please, that kind of thinking is for Microsoft OS's, Apple deserves a little better.
Not for any paranoid hating TCP reasons. But if I wanted to boot my computer off a recovery CD or something I wouldn't want to restrict myself to modern kernels/ones that I had certified trusted.
But then I don't have much valuable data so probably different situations.
The PPC->Intel shift didn't have one damn thing to do with IBM chips, and it wasn't Apple using strongarm tactics on IBM.
It was all about the likes of Sony and the other music industry players strongarming Apple.
"Protect our IP with DRM, or we'll sell our songs to your Windows competitors at half price, and kiss your pretty iPod sales good bye."
Call it "Revenge of the buggy-whip manufacturers."
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Lets see... well, then they should stop being a fucking hardware company!
This is the reality folks.
How did you explain their side of the argument?
Let's assume (perhaps falsely) that the RIAA/MPAA aren't literally Satan's spawn. They have a good reason for wanting DRM: they spend a lot of money to make music/movies. They'd like to get paid for that, and the current environment makes it easy for people to get the full benefit of their work without paying for it.
You know all this, so I'm not going to explain any further, but the question is, did you explain this to your friend? It's easy to get people angry when you explain only one side of the story. And if you want to use him as an example you have to be extra-careful to present their side as persuasively as possible, because you're obviously coming to this with a bias.
Look, I agree that the DRM they want to use is too restrictive. But the absolutely-no-DRM environment is also not completely fair to them. So the attitude of simply getting angry at them for proposing an alternative is just wrong. The proper attitude is closer to, "Gee, neither situation is tenable, let's figure out what's genuinely fair."
I switched to Mac as soon as I was able to install Mac OS X 10.1 on a Powermac 7500 with an upgraded CPU (first a 240 MHz pre-G3 processor, then a Sonnet Crescendo G3/400). I had to use XPostFacto to even get it to load, then find a third-party floppy driver, a third-party patch for the disk burning framework to get the CDROM to work, and just generally screw around on and off for over a week to get it to work.
:)
It was a lot harder than just about anything I've installed on Wintel hardware... certainly harder than anything I've gone on to actually use. And it still rocked enough to keep me using it and eventually upgrading to the first *new* computer I've bought for myself in 10 years.
I would not want an OS X that could run on Compaqs to Dells to A Opens to your custom PC because then I wouldn't get uptimes of 90 days
Here's uptimes of three of the generic Wintel boxes I run FreeBSD on:
DL360# uptime
10:57AM up 298 days, 16:10, 1 user, load averages: 0.00, 0.06, 0.06
DL320# uptime
10:57AM up 326 days, 18:33, 1 user, load averages: 0.00, 0.01, 0.00
CLONE# uptime
10:58AM up 715 days, 14:32, 11 users, load averages: 0.02, 0.02, 0.00
About the only ones that aren't this good are ones that aren't on a good UPS.
Surely Apple can do as well as a group of open-source volunteers... especially considering they've hired Jordan and are using FreeBSD code in the Mac OS X kernel.
What the fuck are you implying? My Windows XP has recorded uptimes of 5+ months... and it works in a GAZILLION hardware configurations... So what?
But I commend your sneekiness: oh, Apple has to use DRM, because to keep the OS so great it has to limit it to run on only their own optimized hardware, but Microsoft, those dirty bastards are goign to do it only for the profit$"
NICE!
Mozilla stole tabs from NetCaptor. So what? Right?
Just because Apple used DRM to protect their OS does not make them that bad... DRM itself is eeeevil and will alway be.
If DRM/Palladium becomes prevalent, the time will come where DRM must be enabled to get onto the Internet. DRM will be required to play music or show movies.
I will never buy a Windows machine, never. I like Macs and OSX, Linux is not my cup of tea. With all this supposed DRM talk, and taking into account the other facts surrounding the switch to Intel, would you buy a MAC now or wait and why?
I found Ubuntu's install quite powerful, as it needed to be to handle my weird setup. But using LILO instead of grub is an option that was too well hidden for me, I wasn't aware grub is unwilling to boot from a former dos partition, I had to juggle things till grub booted to LILO to get to th' olde OS..
In your case, it probably should have made a backup of the boot sector, to allow restoring it. In my case, it detected the other old win OS, so Ubuntu tries to do dual boot, at least sometimes.
I wasn't even aware you could choose OS from bios.. It is not an option for people with just one HD, is it?
I'm still trying to figure out what people mean by 'social skills' here.
is that people should be a lot more pissed off about all the drm being shoved down our throats.
I know my digital rights and I don't need them managed.
DRM is just bad, bad, bad.
Basically the TPM has the following tasks:
- Monitoring the trustworthiness of the platform it is bound to.
- Providing strong authentication mechanisms for identifying the platform.
- Providing secure storage for the users keys and secrets.
- Providing additional cryptographic services to applications.
By "platform" the author means your PC.This is great news. Now our PCs will not trust us.
Actually, unless the person searching bags is an on-duty police officer, you don't have to deal with this. Just keep walking.
If the person doing the searches really thinks you're shoplifting, maybe they'll follow you out into the parking lot, tackle you, and call the police... but (a) they have to be damn sure you're stealing (to avoid lawsuits and assault charges), and (b) even if the $7/hr monkey thinks you're stealing, he doesn't get paid enough to get off his duff and follow you out the door.
Now, it may be different where you live. I have walked right past these bag-search people hundreds of times, and not once have there been any consequences (of course, I wasn't shoplifting, either).
(Disclaimer: I live in the US. This may not apply where you live. Also, I Am Not A Lawyer, nor do I play one on TV. The above is not legal advice.)
Didn't you know? Apple invented DRM, just like they invented the GUI. It's an Apple innovation. They're going to try and sue everybody else over it.
Getcha non DRM Macintoshes here!!!
http://www.sunrem.com/
obdisclaimer- I don't work for them.
I care about Apple putting DRM support in the OS X kernel because I don't see DRM support in the kernel being a good thing for the future of OS X as a general purpose desktop. If they just use it for copy protection of OS X itself, that's one thing. If they go on to use it for increasing the strength of the "honor system"-level DRM in iTunes, or for some potential "iTunes Video Store", that's another.
I don't want to play music or watch videos on my Mac enough to make it worth the kinds of restrictions that something comparable to Microsoft's IRM would require.
Microsoft has far more talented developers than Apple or Sun, because they are capable of writing an OS that stays up for more than 90 days on a wide variety of hardware from Dell, to Compaq, to shit I put together myself?
Whatever.
I've never liked Apple. This move just reconfirms why I can't stand the company and their draconian vision of hardware.
If anything its to prevent people stealing the OS. Until Steve abandons hardware (again) Im sure his duty to the stock holders to to protect that hardware investment.
Lets see... well, then they should stop being a fucking hardware company!
At which point Apple will have to worry about piracy because they are a software company.
Apple doesn't treat customers like scum the way Microsoft does.
you're right... Apple is far worse and always has been.
This isn't news and it hasn't been for some time. Just like the invention of the CD, the VCR, and the Abacus; this will neither cause nor cure piracy. It will make it harder, but it is getting pretty hard already. DRM is a reality for all of us, it isn't going away, and hopefully the implementation will be as painless as possible. I do think that Apple version will be less painful than the Windows version, but neither is going away.
Ross Winn "not just another ugly face..."
Nobody seems to have figured out that there are much more difficult things to solve before OS X can "run everywhere"
Personally, I don't care where else it runs, but I want it to run on a Thinkpad. The Thinkpad hardware is so far ahead of the 'books that it's practically a tragedy that Apple didn't continue their relationship with IBM Japan after the PB2400.
Here's the big secret: YOU GET A HEALTH INSURANCE PREMIUM DISCOUNT FOR DRUG SCREENING!!!!!!
It wasn't until that started happening that drug testing showed up. In spite of all of Nancy's commercials, it was the insurance premium break that brought on drug testing. Most companies don't care. If you show up sober, they don't care. That is why companies don't do real randoms.
That would be a real hoot. If Apple offered a solution for the home 'blessed' by "the industry" while Microsoft's languishing in the office with a whole bunch of boxes that people are scared to upgrade.
Apple, a company with its feet firmly in both camps, would finally have an advantage over a monopolist by siding with the oligopolists. (I don't have a lot of respect for the DRMers, but, they will have their way.)
Personally, I don't care about DRM as long as its the iTunes type so I can write the things to DVD's once or twice.
I've got close of 800 CDs and over 400 vynil albums. 60GBs of music files. That's a sh*t load of CDs', LPs and a couple of DVDs. (It took me over a week to RIP 'em all in. I don't want to spend my vacation RIPping CDs.)
I've also learned the importance of free air delivery around my hard disks after a bad summer when I had four of 'em seize up on me. (I've learned the importance of backups the hard way.)
I never want to go through that again.
As for DRM. I'm okay with that as long as Apple doesn't get stupid and try to region code me and my backups. (I don't download a lot of stuff.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
You don't need DVD Jon unless you want him to deliberately condone piracy by running an OS you are not licensed to run.
Jesus was a compassionate social conservative who called individuals to sin no more.
things don't break in his hands.
He's been dealing with "hard copy" all his existance (when he didn't have a choice) so he's not going to mind DRM as long as he can do what he's been doing all his existance.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
If I want to cut my own copy of something I compose, even though its 'identical' to something I just heard, as long as I don't try to make money, they don't have boo to say about it.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Soon VMs will be on the radar, 'cause you might break DRM in there!
i would like to believe this, since although i'm
...
a u.s. citizen (californian / san franciscan)
i find these other lands more progressive in
many ways, in addition to being quite enjoyable.
however, this semi-retired author underwent his first-
ever random drugtest in australia as a plain tourist,
at a roadblock in the coonawarra wine region near easter holiday.
they don't do that regularly in napa valley,
last time i checked. maybe since they are on
half-hour time there near melbourne they do funny things
yet, also, a certain major new zealand hotel has a
breathalyzer built-in for convention-goers, where they
clearly take the idea of "designated driver" seriously.
perhaps i don't stay in enough stateside hotels, but
i've never seen that setup here. here's to "when in rome..."
and all that rot!
Which one offers more choice?
Did anyone take away your choice of hardware platform? No, you still have it.
Jesus was a compassionate social conservative who called individuals to sin no more.
relax. the bad guys will continue to do with drm h/w what they did with copywrited s/w, in one way or another, provided the Mac carrot is really good. They will not do that only if there is no real value behind the new OS. Just the new bad market of s/w emulators of h/w components will be involved somethow in one way or another. More importantly, LInux will catch up pretty soon, especially in the most essentual killer features of new Mac OS X. There is a chance that Linux distros will implemented some key features even better than Tiger does now. What is the most yammie now, will be everywhere in the whole versatility, it's not locked inside one OS or another, or even could be cross-OSed some via Open Source code. The single menace is very generic patents ONLY! But you cannot kill new idea built on the shoulder of the oversaturated old one. Bottomline, we definitely gonna see all great features of Tiger in free OSes. Why we should cry like babies if our favourite things are not wrapped into one particular brand (Mac, or whatever). Again, cross-applications on the OS level, or over this level will do the trick pretty soon, if the DESIRED feature(s) is/are in REAL DEMAND. Just wait. Don't negate the value of time and persistence. It's just impossible to have something really good in one spot in in the hands of one particular company/brand. It's not how the world works. Linux-based .MONO could be even more widespread than .NET in Microsoft world in the not very distant future, earlier or later, and even more enriched etc.
Again, patens could be real menace. BUT NOT FOR THE LONG RUN!
Nobody is locked into somebody's good/evil will, even if it's really big production group of suppliers and/or brain factories.
Demand is the key. So, if you desire something now and cannot get it in the way you want now, just wait you will get something ever better and in the better way. If it's not free now, it will be tomorrow (not necessarily literally).
Mac had almost died in the past because of the way she acted. Remember, she was the best, at least much better and stronger than M$. Now the history can repeat itself. Who knows, may be there is some intentional hole left by Apple to avoid repeating the history this time.
Whatever, if we're not focused on some particular brand name, idea, or combinations of ideas in one or another market package, everything gonna be just fine for the long run. Everything gonna be in the way, the majority of customers wants.
But there is some inertia in this process.
Just be patient, and all gonna be just fine.
The freedom of DIY? That was never a guaranteed freedom in the first place and one that I have no interest in exercising.
Jesus was a compassionate social conservative who called individuals to sin no more.
I always assumed they had sarcasm in Europe, but now I know otherwise. Or perhaps you're actually from a small planet in the vicinity of Betelgeuse?
Joking aside, kudos for the insightful post.
Software support is hard enough just in a niche (for example, imagine Dantz's headaches supporting Retrospect and the endless combinations of host/adapter/drive!)
It would have been better for Apple to support the standard UNIX tape interface instead. Then we wouldn't need to use Retrospect... we could use existing UNIX backup software from "dump" and "tar" up through "Amanda" and "BRU".
I see no evidence of either coming from Apple at least.
I see a lot of FUD being spread around here.
Jesus was a compassionate social conservative who called individuals to sin no more.
Apple has always supported SCSI, so those options are all available, AFAIK. Including Amanda. From comments on that page, the inconvenience with traditional UNIX archive tools on OS X is generally that they haven't handled resource forks and Finder info - which is where Retrospect comes in (not to mention Retrospect's searching interface is good for nontechnical users).
you had me at #!
No, I think your analogy is flawed.
If I buy a book, I can set fire to it, write in it, read it backwards, or whatever. By analogy, I can do what I want with software, within certain limits, because I signed no gorram license. Just as "within certain limits" with books doesn't extend to include copying and distributing, neither does it include copying and distributing the software. Funny how that works, isn't it?
Once I have bought a piece of software, I am well within my rights to reverse-engineer it, or use it for purposes for which it was not designed.
It's kinda funny how you assumed that my crowing about the right of first-sale was some sort of defense of copyright violation. 'Cause it wasn't.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Oh no---they'll be looking through all of our clauses which are grammatically, but not logically, complete!
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Virtualization cannot defeat remote attestation, but Rosetta isn't using that.
Virtualization cannot defeat sealing either. Sealing is usually used with data, but you could also seal code (it's not clear how the code would get installed). However, if the system allows a kernel debugger, then you can probably dump the code after it has been unsealed.
Virtualization can easily defeat "is the TPM there?" kind of checks, which may be what Rosetta is doing. In fact, it would be even easier to just write a different kext that exposes the same API, but always reports that the TPM is there.
The majority of the PC market which is capable of running modern OSes like XP or Linux with Gnome/KDE with any degree of usability is hardware from the Pentium 3 and newer. Nobody is going to bother to support pre-PCI based technology anyway and drivers for the old creaky hardware is not the cause of 99.9% of stability issues anyway.
Most stability issues are caused by poorly written and tested bleeding edge drivers for "new" hardware.
Anything older than a Pentium 3 is irrelevent for any of the current OSes anyway and Anything below a Pentium 4 or Athlon are irrelevent for any new OSes emerging today.
If you look at the hardware landscape of today, there is very little diversity out there compare with the Pre-Pentium 3 era.
Now compare that with the diverse set of motherboards Apple has to support if you look at the G3 iBooks, G3 Towers, G4 towers, the older G4 Titanium Powerbooks all the way through to the various revisions of the Aluminum powerbooks and the G5 machines. That is a lot of different configurations to support there folks not to mention the various third-party gfx and sound cards.
The reason why Apple's OS is stable is because all drivers including third-party supplied drivers undergo rigorous tests for memory leaks and race conditions using the robust testing tools Apple provides every developer in the Developer tools. Now look at the anemic debugging tools MSFT supplies with Visual Studio.
I remember downloading drivers for my NVidia card when I was a PC user and they were buggy as hell.
Jesus was a compassionate social conservative who called individuals to sin no more.
I posted a long time ago that they would add hardware DRM and put the software keys at the core of the OS. Intel provides this with a chip that makes a software crack almost impossible. This will lock content to the machine(s), probably the iMovie store and other products coming will use this. Apple uses a lot of open standards stuff but they are moving farther and farther away from open source! Anyone who thinks differently is kidding themselves. Apple is the most closed company in computing. Especially to their developers in terms of notice of changes or new features.
If you want to program... you should get a job as a waiter and program in your off work hours.
Just like any other, they will do whatever they have to do ot make maximum profits.
The idealism that the Steves showed in the 70's and 80's went away. Those young hippy throwbacks grew up, cut their hair and now have children and families to care about. (Except Woz of course, he is still and will always be the man because he understand that you can be both successful and idealistic) They can't risk losing it all anymore.
Apple is just another corporation (Albeit one with some pretty cool technology), it's not Heaven's embassy on earth.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
I recall when the intel announcement was made the Apple contact said that they would take steps to make sure that OS X only runs on genuine Macs. Could this facility be part of that?
ERROR 1802 Unauthorized network card is plugged in -Power off and remove the miniPCI card.
I ended up having to upgrade the BIOS (which wasn't indicated ANYWHERE), and I found out I had lucked out, because if the network cards hadn't been on that list supported with the BIOS update, I would have had to resort to trying hacks to the BIOS.
Moral of the story:
Short: Problem with DRM is that it is evil. Long: DRM that is unnecessarily inflexible will ultimately restrict users to the point that they will begin to hate technology.
This was never a "classic Slashdot joke," even though some iterations of it have been funny, by referring to the troll. But it began as a pure troll, copied from somebody's weblog from 1998 and posted anonymously to every Mac-related discussion. Its posting became pervasive enough that people posted jokes about it -- e.g. comments about the time it takes to copy a 17M file. I'm not sure just updating the reference points in the troll are enough to make this funny, that's certainly debatable, but in any case the grandparent above (who wrrote "worst troll ever) was accurate, whether or not the post counts as "funny."
For mac users this is both expected, and good news. It's always been easy to back up a mac drive and make your own startup disc. The last thing we want is some diabolical "authentication" procedure like winXP has to make it harder for ordinary users, while still not stopping ye leet hakerz. Apple said when announcing macintel that the OS would only run on mac hardware, whether it's done with custom components or DRM makes no difference. Keep your right to make and use lots of copies of your OS!
Apple doesn't cover user stupidity in Apple care.
I once had a guy bring in a PowerBook 180c for repairs, the power systems were fried, it was 2 weeks old. He wanted it replacedunder warranty. Then he showed me the power cable. He'd considered the transformer on the end of the cable too bulky, so he'd cut it off and fitted a standard 3-pin plug to the end. 240v straight into the PB, no filtering.
I had an extremely difficult time explaining that there was no way Apple would cover this under warranty, regardless of the fact that it was 2 weeks old.
Sara
Designer, Gamer, Macgrrl in an XP World
> Uh, dude, it's not 1999. Most respectable distros do all for you
> now anyhow....
No, it's worse now. Lets take RHEL4, RedHat's latest and shinest stable release. Other distributions have different bugs, but all stable releases seem to have about the same quantity it seems. Unstable releases like Fedora are even worse of course.
Download something to the desktop with Firefox. Bet you don't see it do you. Now navigate to the Desktop directory with Nautilus and do a refresh. Oh, there it is, in both places now.
Now try attaching an external drive. Firewire isn't supported at all and if you build it yourself are as likely to lock the machine as get a drive to work. USB is documented NOT to work but I sometimes get lucky.
Printing has been random ever since Cups appeared in the Linux world. Sometimes things print, then they stop, start working again. No rhyme or reason. Some print jobs just disappear into thin air.
Launch gnomemeeting. Watch it hang when you test audio. OSS or ALSA, doesn't matter. Video works for me if you build a custom kernel. Guess after all these years the bttv driver is still not 'enterprise ready'. xmms, mplayer and such work just fine btw.
Of course you don't get 3D because the X.org drivers for ATI hardware still cause random lockups (not just X, push the reset button time because ssh doesn't work) so that support is wisely compiled out since I know I have been seeing this bug since at least 2000.
The reason I say things are worse than they were in 1999 is that before most stuff was primitive but once you wrestled it into shape it Just Works. Now we have fscking registries and stuff that are opaque blobs. Now you install an app and accept it as normal to have to log out and back in before it will run.
Democrat delenda est
actually that line of thinking is very disasterous in the long run for the end users (they used to be called customers but people who read too quickly might think i've used the repugnant "word" consumer) because even when something is in your hands, after having paid for it, it is still THEIRS (the manufacturer).
when i buy a piece of software (which is not going to happen forever, i'm getting sick of the way i'm being treated) i expect that that copy is now mine. the manufacturer only has the rights which copyright grants them, in other words they have zero above and beyond that.
people who own xboxs/ps2/gc's/other computers wrongfully think that the machines still belong to the manufacturer. they forget that they paid for the hardware, the cpus, video, sound, drives. they think it is illegal and immoral to access the hardware for which they paid. the "console" manufacturers have brainwashed people into thinking that after the sale, the manufacturer still has a say over what i do with my machine. this is clearly immoral and illegal (for all decent definitions of illegal). so long as i don't violate copyright, they have zero, read that again, ZERO rights/say in what i do with it.
let me repeat that since speed readers might have missed it the first time, ZERO, NONE, NADA, ZIP, (running out of synonyms).
this is disgusting. just sell the damn stuff and let end-users buy them. if the business model doesn't work, try another. yeah commerce is hard but if you get it right, you are rewarded with many billions of dollars.
the quote that people sometimes use, forgive me if i paraphrase it wrongly "it's not the government's job to enact laws to help you continue making money ". it's a mess i know but i couldn't find the exact quote.
it's just so damn depressing trying to get people to stand up for themselves. these are things which you bought and are your right to use in any way you see fit and those who obstruct your path to that freedom, well... you can finish this sentence in your own minds.
Science : Proprietary , Knowledge : Open Source
Hot damn. That may well be the funniest AC post I've seen on Slashdot in over a year. There may be hope for us all yet.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
I will agree with you the moment IBM permits me to know my key. If you are familiar with the technical details, I want at a minimum to know my PrivEK (Private Endorcement Key). Knowing your PrivEK is the minimum sufficient to maintain full control of your computer, however including a mechanism for the owner wo securely obtain his RSK (Root Storage Key) as well would be a huge help. That sort of secure RSK mechanism is trivial to accomplish, just encrypt the RSK using the PubEK before exporting it from the chip.
No, IMB's chips are exactly compliant with the Trusted Computing Group's specification and explicitly designed to be secure against the owner. The chips are explicitly boobytrapped to self destruct if you attempt to get at your keys. Hell, the IBM ThinkPad "Man in Black" TV commercial explicitly cites the self destruct nature of the chips! If you want I could probably dig up a link to the commercial online.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
"Copied from somebody's weblog in 1998" . . . Did this thing originally come from Kottke, or was he copying it too in that post?
it can help deflect hack attempts as well
But you have to have physical access to the box to insert a CD and reboot it. Some highly secure operating systems don't allow the CD tray to be opened on a running system by a non-privileged user, so they'd better have a lot of time if they don't want someone to notice....
Then, if the box needs the recovery CD because it crashed, your only choice may be to wip the entire disk and reinstall. Also, if someone's cheap DVD drive ate your only signed install CD, you may succeed in locking yourself out. :)
This is similar to the hard disk password that most people didn't set, because they were more afraid of themselves, that they would forget the password and lose their data than the off-chance that someone would try to steal their lame computer.
If you are familliar with the details, you would know that no one will know your private key. It is destroyed after being burned into the ROM. IBM does not store the private keys. They store public certificates to validate that key, and even then, only upon customer request.
One of the fundamental caveats within the TPM spec is that no one should know your key. Not even you. Why? Because if it is known, then it can be comprimised. And if it can be comprimised, then it is insecure. One might argue that this is security through obscurity, but it's also the foundation of asymmetrical crypto (well, that and hard math).
According to the documentation, the PrivEK is used solely for attestation. This is important for several things, for example "trusted SSL/TLS" & single-sign on validation. Basically, you want to make sure that you are communicating with an uncompromised box before giving it control.
Pretend, for a moment, that I am an unscrupulus person. If IBM were to give me my PrivEK (or if I were to obtain yours), couldn't I leverage my knowledge of cryptology & the TPM spec to create a TPM emulator? It would pretend to be the chip, and then expose the information which was trying to be protected. E.g. Attestation becomes useless.
This happens somewhat frequently with certificates even now. That is why we have CRLs... Keys become compromised, particularly when machines containing secure information are hacked. It is much harder to steal a key that you can't possibly have access to.
Knowing your PrivEK is the minimum sufficient to maintain full control of your computer, however including a mechanism for the owner wo securely obtain his RSK (Root Storage Key) as well would be a huge help
First, since PrivEK is only used to validate the TPM chip to other computers, you are surely misinformed. In a distopian future, the most PrivEK could do is prevent you from connecting to the Internet.
Second, the storage root key has no reason to leave the chip, encrypted or not. It is stored in non-volatile memory, and can be regenerated at will. Any place where it can be read by the CPU is less secure than its tamper-resistant case.
Finally, if you want to "maintain full control of your computer", all you have to do is disable the chip. (The laptop I am posting this from has a disabled TPM chip in it.)
It does bring up an interesting point, however... How do you transfer keys between computers? I'm guessing some mutation of the lockbox problem. I'll have to spend some time looking at the docs to figure that one out.
No, IMB's chips are exactly compliant with the Trusted Computing Group's specification and explicitly designed to be secure against the owner. The chips are explicitly boobytrapped to self destruct if you attempt to get at your keys.
Really? The way I like to think of it is that the chip will self destruct if someone else tries to get at my keys. I don't need to see them, so long as they exist and work. Hell, from a security perspective, it's better if I don't know them, or have them stored elsewhere, as I have already shown above.
And what, become a software company? Compete with Red Hat, Microsoft, Amiga, Debian, Fedora, IBM and God knows who else?
No, let Apple stay the way it is. Do you want BMW to just sell engines?
I believe that is the original iteration; I could be wrong though....
Most bios's now support choosing boot device order, some also support choosing it without having to go into the bios setup.
My last two mb's have a list of hotkeys that include one to choose boot device. That was my intent, install everything on one hdd and press TWO keys to cause the bios to goto the ubuntu drive when I wanted to boot into that.
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
Nice to see a desktop OS built mostly on Open Source use DRM to protect its code.
Those Intel chips are great for virus writers to obfuscate then execute code. Superb! I can now have the full Macindows experience!
This may come as a surprise to you, but there's not much you can do to stop someone from twiddling if they have physical access to the system. It is up to you to make sure that your server room or home is storing your computer in a secure manner.
TPM is not designed to prevent a physical compromise. However, it is designed with a tamper-resistent casing. Any attempts to retrieve the restricted keys from within the chip will usually result in its destruction.
Something else to consider: most hacking attempts don't have physical access to the server or computer in question. This is where the TPM can work successfully. And yet another thing: You don't need a CD to transfer data to a computer.
Then, if the box needs the recovery CD because it crashed, your only choice may be to wip the entire disk and reinstall. Also, if someone's cheap DVD drive ate your only signed install CD, you may succeed in locking yourself out. :)
If the box needs a recovery CD, then you can assign PCR checksums and store those locally on the recovery disk itself. If you are running a secure system, then you should be wise enough to keep several copies (and probably a few images) of recoverly CDs. You should also be wise enough to keep backups of your entire filesystem. Hence, such things shouldn't matter in the long run.
Assuming that something catastrphic occurs, and you no longer have any signed install disks, you can always disable TPM in the bios, install the new system, then re-enable the bios. Also, because TPM uses a "chain of trust" to validate everything during the boot sequence, you could disable the checks in the bootloader and do the same thing... or don't load/turn off the kernel driver.
It would also lose Micrsoft a lot of money through not having a lock on the platform. If they let Apple get away with it then others will dare.
Does a Christian soccer team even need a goalkeeper?
It would be nice (and cheaper) if Apple would bundle the MightyMouse with wired or bluetooth keyboard.
A rebellion is always legal in the first person, such as "our rebellion." Is it only in the third person - "their rebellion" - that it becomes illegal.
Yes, some of these are completely contrary to what makes sense for the computer. But a conversation can be made partialy ephemeral. Have a look at this "off the record" plugin for gaim : http://www.cypherpunks.ca/otr/ . You can have a conversation where:
Having the actual data be removed from your computer, however, does require DRM. So he cannot be completely satisfied.
This post written under Gentoo-linux with an SCO IP license.
After two days of flames SOMEONE finally asks a productive question!
That is the point I am trying desperately to convey: we already trust people of OUR choosing. When you run linux who are you trusting? It starts at the kernel team and branches all the way to the packager of the distribution. There are hundreds of people we are trusting when we run a binary distribution of linux OR EVEN compile it ourselves from source. This is a point that was made repeatedly in the early days but most seem to have overlooked as the community has grown to include a great many who are not inspired by the technical issues but more by an anti-corporatist zeal.
I use ubuntu. I trust Mark Shuttleworth to build an organization of trustworthy people because he appears to me as someone who shares my ideals. I do not think twice of inserting the latest ubuntu distribution, booting and installing it.
There is no reason at all we cannot have an "open and trusted" method of creating and distributing *open source* software. Just as you are free to hack your kernel to your heart's content so too could you be this free with a DRM enabled distribution - just so long as the core "engine of trust" remains untainted. If you want to hack the engine you could be free to do that as well, but only in a sandbox - beyond that your system would be denied a signature of trust until your changes are made part of a "trusted" kernel and updated from a mutually trusted source. That "engine of trust" could as well be distributed by Mark Shuttleworth as Microsoft, and we could all play a role in its evolution just as we do today with the countless other open source programs. If you want to submit changes, then submit them and they will be peer reviewed just as linux does now with the kernel - in fact it would make sense to put it there. Allow ubuntu and redhat and anyone else with the desire and the means to foster a 'trusted platform" and we can ALL enjoy cake and ice cream at that party.
Thanks for asking such a great question. You have renewed my faith in (ahem) "this community."
> DRM could be put to valid uses, such as stopping first posters...
Digital Retard Mitigation, yes...
the most PrivEK could do is prevent you from connecting to the Internet.
Snicker.
The most Sarin gas can do is prevent you from breathing.
Especially if software reqires an internet connection for a Trusted Installation process.
And if you doubt it could actually happen, I answered someone else on that exact issue here. It is a very serious possibility. The Trusted Computing Group has the Trusted Network Connect specification on their front page and Microsoft has issued a press release that they are implementing it.
If you are familliar with the details
Yes. I am a programmer and I have read the TCPA Main TCG Architecture v1_1b.pdf spec from cover to cover, all 1604k of it. I've also read countless other documents and info.
private key. It is destroyed after being burned into the ROM.
I am 99.44% certain the PrivEK is stored in flash.
It does bring up an interesting point, however... How do you transfer keys between computers?
The spec permits an optional Maintanence procedure, so there may or may not be an option to do it depending upon the chip itself.
If the option exists, the spec prohibits this process except to move to an identical model of chip from the identical manufacturer. If the manufacturer goes out of business then your data is irretrievably lost along with your computer when you upgrade to a new syste. If they cease offering that model of TPM chip in new computers then your data is irretrievably lost along with your computer when you upgrade to a new system.
If the option exists, the spec requires that you MUST go through the manufacturer. You contact the manufacturer with a special encrypted blob from the source chip and the identity of the destination chip. The manufacturer has to enforce all sorts of restrictions. The encrypted data gets exported from the source chip and the source chip is (digitally)destroyed. The data is uploaded to the new chip with the manufacturer crypto and activated.
If the process is allowed at all, the primary consideration is to prohibit the owner from having both computers active. The initial computer must be (digitally) destroyed before the the new computer can be activated. The design priority is to ensure that the system always "fail-safes" to total and irretrivable data destruction.
It is very easy to follow all of the priorities and requirements and implications throughout the TPM spec if you just keep one thing in mind... Just imagine the number one design priority is to enforce DRM on a music file and to ensure that there can never be two usable copies of it. They are being generous in allowing you some possibility to MAYBE migrate your music and stuff to a new computer when you upgrade... maybe.
There's actually a funny point along these lines. Trusted Computing will not prevent a computer from being infected by a virus, and it will prevent that virus from copying your music files... but the DRM music software will probably have some feature to move that music to another computer and deactivate it on this one... so what the Trust system enforces is that if a virus "steals" your music that it really does "steal" it and destroy the copy on your computer as it gets moved to the hacker's computer. You see it's ok if your music files get stolen, but we have to ensure that no one can steal from the RIAA. If you want your music back then you have to buy a new copy... then it's ok because you've paid for your copy and you've paid for the copy the hacker stole... all of the copies are paid for and everything is okey-dokey. Just a hysterical aspect of Trusted Computing. It ensures that if your files are stolen that they really are stolen and gone. It protects the DRM and the corporate DRM interests above the owner of the computer and owner of the files.
One of the fundamental caveats within the TPM spec is that no one should know your key. Not even you. Why? Because if it
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Assuming that something catastrphic occurs, and you no longer have any signed install disks, you can always disable TPM in the bios, install the new system, then re-enable the bios.
If your BIOS allows the TPM to be disabled, how does an untrusted installer program retrieve the trusted key that signs the OS that is to be installed?
I don't know if manufacturers are shipping certificates yet, but I am almost 100% sure that the chips are shipping with keys... the PrivEK (Private Endorcement Key). The computers being shiped say they have chips compliant with the TPM spec, and according to the spec such chips have to come a PrivEK. Do not mistake the PrivEK with the RSK (Root Storage Key). The chips do not ship with RSK's, nor are they supposed to. The RSK keys are generated when you first activate the chip. The RSK is then effectively bound to the PrivEK that came with the chip.
Remote Attestation relies on the PrivEK.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Interesting. But if I understand correctly, the PrivEK is useless without the matching PubEK.
So if manufacturers are not providing the endorsement certificates either to the user or directly to the media companies, it doesn't matter if there is a PrivEK. The only thing you can do with the chip is reset it to generate a new PubEK/PrivEK pair. That's still useful for securing your own computer, or for a corporate security infrastructure, but not for DRM.
AC
Oh wait, the TPM spec version 1.2 says:
So we are screwed.
Any chip with a PrivEK by definition has a PubEK (Public Endorsement Key). They are really two halves of a single key. I usually neglect addressing the PubEK becuase the chip does not keep your PubEK secret from you. The PubEK is effectively the unique ID number for tracking you and your computer.
:/
The PubEK and PrivEK are tied together by some deep mathematics. If you know the PrivEK you can immediately calculate the PubEK. If you know the PubEK it would take you thousands or millions of years to figure out the PrivEK.
It is this link that enforces the Remote Attestation system. The PubEK is public information and you can send it to someone else. The PrivEK is locked inside the chip. Anyone with the PubEK can send a message that only the chip can read, secure against the owner. The chip then proves that it did read that message. That secret message then becomes a foundation for the rest of the security and for reporting exactly what hardware you have and reporting exactly what software you're running.
So we are screwed.
Yep, unless the mainstream news starts picking up on the story and the public rebells against it. I am not very optimistic, but I'm trying.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.