Slashdot Mirror
Trusted Computing And You
sebFlyte writes "There's an interesting look at the Trusted computing initiative running over on ZDNet UK, written by security guru Bruce Schneier. He looks at the suggestions for best practice made in a recent policy document, and Microsoft's 'Machiavellian manoeuvring' to stall said document. He posits their moves are to avoid having to enforce such best-practice when it comes to Vista's DRM and other copy-restriction technology." From the article: "This sounds great, but it's a double-edged sword. The same system that prevents worms and viruses from running on your computer might also stop you from using any legitimate software that your hardware or operating system vendor simply doesn't like. The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything."
http://it.slashdot.org/article.pl?sid=05/08/31/154 6252&tid=172&tid=109
Well, because the "staff" ignored my duplicate notification, as usual, here's a link to the previous story and here's my comment there.
Please note, just because the domain of a news site is different and someone included Schneier's URL this time doesn't mean that the story isn't a duplicate.
Thanks for helping to make Slashdot a better place.
To say I don't trust "Trusted Computing".
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Well, trusted computing should start with a trustworthy company. That means good, consistant company ethics and ethical people working and representing the company.
Evolution or ID?
We, as computer users see it coming, just like a satellite sees the storm. We just have to keep broadcasting.
I don't get it.
Is that YOU, the computer OWNER is not trusted. This is the first step towards taking actual ownership away from the owner and handing it over to the manufacturer after the fact.
Which is why I do not support Digital Restrictions Management.
Corporatism != Free Market
You're not the first. You were beaten by approximately 151 others on the last time this article was posted.
But don't worry, if you hang around long enough here on Slashdot, you may be able to post on a genuine first-run article. I believe there may be one scheduled within the next few weeks.
You only trust someone if you have good experiences with it again and again.
Like this story, for example.
can't this DRM be seen as a conspiracy and prosecuted as one ?
collusion and price fixing ?, fraud and deception ?, false advertising ?
Bravo!
You hit the nail on the head. And there were people out there who thought they wouldn't do this? They weren't planning this all along?
"Everyone is entitled to their own opinion, but not their own facts." ~The Honorable Daniel Patrick Moynihan
The people over here really have it in for Zonk and his dupes.
I didn't really get the role of editors in making these mistakes. The jihad folks figure Zonk is one of the worst offenders.
I'm agnostic in all this, of course. This is just for informational purposes.
http://www.thebricktestament.com/the_law/when_to_
Would I rather have too much security in IT or too little? I vote for too much. The first day my firm makes the news because of some breach that results in piles of data being released is also the first day that I'm looking for a new job. No thanks. Users are pretty forgiving when they understand why we do things the way we do. Nobody ever got id-thefted by this way.
Friends help you move. Real friends help you move bodies.
Never forget: 2 + 2 = 5 for extremely large values of 2.
Do I have to repost my comments posted in the other story?
/. is becoming a dupefest now.
It would seem like the thing to do since
and noone screaming DUPE!!!
Dupe!!!
DUPE!!!
Dupe!!!
DUPE!!!
Dupe!!!
put the what in the where?
It's nice to see some of the media actually speak up in an informative way about "Trusted" computing. I think awareness is the way to beat this thing from biting the Free Software/"Open Source" world in the proverbial ass.. Anyway, great article.
Freedom is strength, Ignorance is peace, War is slavery.
Microsoft could use it to revoke people's OS, forcing the people to upgrade.
Set your comment threshold to -1 and browse the comments on this thread. It's a wasted thread anyway, yet another dupe story. There's some good stuff at -1 on this thread.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Is that his name or his mental condition?
Look, morons, if you can't find an editor that can see a dupe from the previous day, get the fuck out of the business.
Aside from offering me the chance to insult morons,
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
As bruce pointed out MS might have an own agenda.
I think this is a reason:
TC faq
The second, and most important, benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as OpenOffice). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices.
Any system that is powerful and flexible enough to be useful is also powerful and flexible enough to run viruses/worms.
n/t
Linux.
printf($randomline(sigs.txt) \n "-- "$randomline(authors.txt));
-- myself
Thank you.
Trusted Computing will be DOA. It's a pipe dream, and it will never work.
Not because it's technically unfeasible, but because the market won't stand for it. Let's say that Microsoft declares that Word 2006 will only open "trusted" documents. Total lock-in. Would any sane business buy in?
Absolutely not. My company still uses Word 2000 - and many of Microsoft's problems stem from the fact that they have to bend over backwards not to break legacy APIs and file formats. If Joe and Jane Sixpack find that they can't play their old DVDs on their new PeeCee, they're taking the thing back. If their old MP3s don't play, they'll take it back.
Look at the failure of Divx (the self-destructing DVD format). It had some major studio support, and yet it was practically stillborn. Users drive technology, and users don't like to have to deal with jumping through hoops. The only reason XP's Product Activation crap didn't result in a backlash is because 99% of users never had to deal with it since they got XP with their new PC - preinstalled and pre-activated.
That's why Trusted Computing will fail, even though parts of it are a good idea. Microsoft can't force people to accept it. The real world of economics doesn't work that way. They can't force people to upgrade, and as long as they have to support legacy data, they can't totally lock down the system.
I dislike Microsoft as much as anyone, and for all the clout they have in the market, they can't do everything. Trusted Computing will either be full of holes (likely) or a major flop depending on how much security they apply.
nobody wants his computer using up most resources to double and triple encrypt userspace data instead of using this very computing power for the productivity applications. in the last years the processing power rapidely grew but the Windows OS always catched up by using up more and more power for relatively useless tasks. so the theoretical computing power in every single ones hands grew, but the output stagnated.
free 880 megs file hosting - www.FTPZ.US - best
Maybe you could start a new internet site about mothers who like breasty children.
This effort to put hardware in front of the OS to protect the OS is mostly because Microsoft won't fix their OS to limit its crackability.
There are some cases where you absolutely must have physical security, but for the most part, this whole thing is about forcing new hardware changes, new upgrades, new $$ for Microsoft, and new restrictions on what users can do on Windows.
They, Microsoft, also get to restrict what OS/filesystem gets installed on the system too. So while the number of GNU/Linux users is still ONLY in the 10-20 Million, their voices need to be pretty loud on this one. IMO.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Having learned that, a few companies (I believe M$ was one of them) changed from "trusted" to "trustworthy"
The Raven
(the article AND this post). Mod me down, A/C so who cares?
Not Taco, that's for sure!
(this post's capcha is "bugged")
Which is why I'm looking forward to getting a Intel based Mac which can happily dual boot XP and OSX until a certain point when I'm fine with formatting the XP bit entirely off.
(assuming, of course, that Apple doesn't go into this too, in which case I'm stuffed)
Avantslash - View Slashdot cleanly on your mobile phone.
If anything will
put a stop to incessant
dupes, then sign me up!
I'm going to apologize in advance for this slightly off-topic metapost, but here goes:
Look, I understand that you don't want to waste your time reading something you already have formulated an opinion about, and that you might have some knowledge about.
But just because there has been one article published about a certain topic, does not mean that there is not valuable information and/or insight in another article covering the same topic.
You don't want to spend the time to review a related story? Fine, then don't.
But don't waste your time posting "It's a dupe" posts or "Editor sucks" posts just because you read something similar yesterday -- then you're just compounding your own problems.
Plus, you're wasting my time by posting duplicate posts to a duplicate article.
Have nothing valuable to say about an article, dupe or not? Then don't say anything. Just move on.
Knowledge of a subject is not a boolean variable. I, for one, welcome the opportunity to learn more about topics that interest me.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Trusted computing has received major objections by consumers and customers are becoming increasinly aware to ask for DRM-free computers and other products. Trusted computing is dead already and we all should be glad and relieved about that.
When OSX comes out for Intel-based PC's, Microsoft will make it impossible to install. That's what TC is for, isn't it?
"The same system that prevents worms and viruses from running on your computer might also stop you from using any legitimate software that your hardware or operating system vendor simply doesn't like. The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything.""
Well in true Slashdot fashion, I say the same thing that's said when BT and all the illegal downloading is discussed. Blame the people, not the technology. Guns don't kill people. People kill people.
'The Net' was such a ludicrous movie because no one would actually design computers to work that way. With DRM, they are.
Now, that does not have to apply to specific-purpose devices, like TV sets, or set-top boxes, even though they might permit some degree of user estensibility (the downloading to authorized code-signed new firmware, for example, where the user can select what, out of a limited selection, firmware enhancements they want).
Let the general purpose computer manage the users' data as users see fit, and let the specific purpose devices decrypt the data when it is not owned by the user. There is nothing illogical or incompatible in having different webs of trust for special and general purpose devices, so long as the user can limit the information they provide to devices that don't trust them.
You could've hired me.
all it takes is to built in the rules that before playing/openning any file, the file has to be converted from a DRMless format into the DRM supported format. The conversion operation can be implemented as part of the application that needs to play the file or it can be a webservice for example and the app in question will simply use the MSN for example to convert from one format to another. This does not solve all DRM adoptation problems for MS and CO, but it is a simple natural step in the direction that they want.
You can't handle the truth.
The Electronic Frontier Foundation (EFF) has posted numerous articles concerning the subject of DRM and trusted computing which carefully and thoroughly explain to the user the promises and potential problems with these technologies. There is one article in particular which suggests "Owner Override" as a solution to the problem of policies being enforced against the owner of the computer as if the owner was an adversary. The article is linked below:
Trusted Computing: Promise and Risk
Not to be a troll, but there is no difference between "licensing" something and "buying" it. When you walk into a store and purchase something, you are agreeing to an implicit license. Usually this is along the lines of, "return it here for up to 30 days. If anything goes wrong after that, the manufacture will fix it up to a year. Beyond that, do whatever you want but we're not repsonsible."
When people refer to "licensing" they usually mean signing some other contract that does not include the "do whatever you want" clause implicit in "buying."
When "YOU BUY" something today, more often then not their is an explicit license agreement. If you don't like the limitations, it's your own damn fault for spending money on it. You should have found a license that allowed you to own the product.
Don't get me wrong, I hate M$ and the **AA's as much as anyone and despise their licensing schemes. You must realize, however, that you do not have any rights that are not given in the contract that you agreed to in purchasing something. Where as in the past licenses were implicit and you could claim that the store owner/manufacturer is responsible for "X", now the contracts are explicit.
Until we get around to changing the law (in America), it's perfectly legal for companies to take your "rights" away, but only if you're dumb enough to let them.
There is no belief, however foolish, that will not gather its faithful adherents who will defend it to the death.-Asimov
Without this hardware changeover, the content sellers are stuck. They might make offerings only in some new format, but it will limit their market terribly. Their cost of sales lots to illicit copying is much smaller than the sales lost because customers don't have hardware.
Where's the "Trust buster" when you need him?
Partial Credit: The Engineer's Best friend
"Well, the bridge didn't fall all the way down!"
Just don't try to load someone else's savegame. Vista includes the new "Trusted Minesweeper(TM)." Minesweeper savegame content owners will finally get the protection that they deserve.
Hit the nail on the head, TCO $ MS numbers should then skyrocket for infecting ones business with Microsoft products.
It doesn't just affect documents, its affects motherboard and card imbedded DRM pseudo safe storage areas.
It will be interesting to see how MS DRM screws Old hardware which can't speak to new DRM software.
Switch-hitting Hardware conponents which can speak both DRM and non DRM OS'es and software.
And the New DRM hardware Agents which can only speak the new MS DRM.
In case anyone has doubts, New DRM MB's will not be able to run any current Linux distro, and new linux distros will have to USE ms DRM or as Microsoft hopes, die on the vine.
Apparently MS can't see the forest through the trees.
I fervently hope, that when people consider migration from 2000, 2003 and XP to Vista, they consider the parent TCO implications on all the DRM'd documents. Not to mention having to low level format all their drives and Bios chips to remove MS infection.
Your whole argument is based on the assumption that Windows would only allow use of locked formats.
Of course it won't work that way, it'd be corporate/product suicide.
However, only Windows will be able to use these locked formats. Which means that once locked formats come into circulation, you will always forever after have to use the Microsoft-mandated access method. Your old DVDs will still play on your new PC, and your new DVDs will still play on your new PC, but they won't play on your Linux box or your OS X box and so on.
Locked formats will be rare for years to come. It has to wait for market uptake. You won't see locked DVDs released right away, because that means that all existing electronics will be broken, which again would be corporate/product suicide. It'll be years after DRM is already integrated into those electronics, when a large quantity of the user base has those DRM-capable electronics, that you'll see locked formats released on a large scale. Years after people have seen no detriment form DRM and have already accepted their DRM-capable electronics has standard. Years after, for the vast majority of the populace, the DRM actually doesn't hurt them in any way, because it only stops the real thieves and the Free Software nerds.
It never ceases to amaze me how utterly offended ./'ers get when yet another story runs about DRM.
/.'ers) has towards their OS.
/.'ers included, have been buying DVD's under the similar draconian conditions. It doesn't seem to bother anyone too much because DVD sales are the Studio's 600 lb. cash cow these days.
1. Microsoft OS users don't -own- their operating system. They bought a license to USE it according to Microsoft's terms. Crying about it now because they are monetizing content just reflects indifference nearly everyone (including
2. All consumers, I'm guessing most
3. In exchange for still more entertainment, nearly all consumers are more than happy to give away some priveledge that was theirs.
4. If a corporation can't be assured they remain in total ownership/control of their (now) digital product, then they aren't going to distribute it to you. This benefits entertainment corporations, so it's a good thing. Please remember that the most important role of American government is to make it safe to collect profits.
5. "Freedom" is only allowed inside a system where the choices are privatized/owned by others. So if it didn't come from a corporation, it's not okay to run on your new improved PC. Americans like it that way. So how is what Microsoft is doing so bad?
I'm glad that Mr. Schneir(sp?) is bringing up the issue, but the DRM horse left the barn a long time ago.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
I think we could trust banks, we already trust them
with our money, so maybe we should trust them
with our computers too.
--skyhigh
to research TCPA/TPM on your own? God damn this is pathetic. Do you know what that TPM in your computer would be? It's NOT Microsoft taking over your computer! Hell, buy an IBM ThinkPad, and you'll find that there is already a module in there!
The TPM (as designed by the TCPA) is to perform the following:
PKI functions
Trusted Boot (what's on there is what was supposed to be on there)
Encryption/Decryption
There, I said it. Microsoft can do whatever the hell they want, but it is STILL in the hands of... wait for it... wait for it... guess who?... YOU, the USER.
Perhaps you guys might want to actually READ the spec at www.trustedcomputinggroup.org and maybe then you'll see the real purpose of it.
Sure, people will slant it any way they want, but the fact of the matter is: The TPM will NOT PUT MICROSOFT IN CONTROL. It will NOT PUT BIG BUSINESS IN CONTROL.
Repeat after me kiddies: TPM IS NOT THE EVIL. TCPA IS NOT THE EVIL. THE USES OF THE TPM, AND OTHER SPECS PRODUCED BY THE TCPA, ARE NOT EVIL UNLESS USED IN A LARGER APPLICATION THAT IS EVIL.
Example: A myth: TCPA will take over your computer, with that "Fritz chip" that Ross Anderson is so obsessed with.
The corresponding fact: There is no "Fritz chip", All the TPM can do is the functions outlined above.
Another myth: You can't watch pirated movies with a TPM-enabled computer
Fact: Umm... what's to stop you? Linux runs on TPM-enabled machines, Windows XP does too, so does OpenBSD! All of which have support for as many file formats as you can dream of.
Dude, u r dum. LOL
1337 = leet = 'leet = eleet = elite
- SpelingTroll
Why would Linux not run on a TCPA machine? The Linux distribution could simply ignore the fact that there is even a TCPA chip in the computer as it can ignore any other piece of hardware if you tell it to just by not configuring it. Unless there is a TCPA-bootable-disk-key-checker the BIOS runs, but why? They would stand nothing from that- the applications, data, and even the hard drive partition are encrypted and not visible to to other OSes from what I have heard. This would be an additional expense and have no benefit.
Just "gittin-r-done," day after day.
I did in fact make that mistake. I am dumb. I apparently am so breasty. You don't want to know why mom is proud.
I'll think about the internet site for mothers who like breasty children.
I will now crawl back under my bridge...
-- SpelingTroll
That MS may restrict what can be run under their OS might be problematic enough, though possibly within their rights. Just look at their X-box. Of course, what will happen is that the developers will start using and advocating other platforms to an even larger degree.
And we can expect that MS forcing the production of Windows-only non-MS "PC" hardware (the Xbox is an MS loss-leader, and their baby) will go over like a lead balloon. Though I see the movements in that direction. Closed hardware is already endemic, all sorts of non-open specs apply to wireless network cards and screen cards. The extension to closing the rest of the machine is a reasonable extrapolation.
However, here is where someone will cry foul... what with MS being already a monopoly and using their operating system to entrench this? Yeah right, that is going to go really well with the courts, in either the US or Europe or the Far East.
And then consider also Massachusetts who just decided to go with all open-standard documents and open standard only -- this could already turn into a quite complicated issue for Microsoft, and if MS decide to make things difficult for the alternate operating systems, anything might happen, from them becoming just irrelevant for business use, to the re-opening of the monopoly case.
SIGBUS @ NO-07.308
2. DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS 2.1 Digital Rights Management. Content providers are using the digital rights management technology contained in this Software ("DRM") to protect the integrity of their content ( "Secure Content") so that their intellectual property, including copyright, in such content is not misappropriated. Portions of this Software and third party applications such as media players use DRM to play Secure Content ("DRM Software"). If the DRM Software's security has been compromised, owners of Secure Content ("Secure Content Owners") may request that Microsoft revoke the DRM Software's right to copy, display and/or play Secure Content. Revocation does not alter the DRM Software's ability to play unprotected content. A list of revoked DRM Software is sent to your computer whenever you download a license for Secure Content from the Internet. You therefore agree that Microsoft may, in conjunction with such license, also download revocation lists onto your computer on behalf of Secure Content Owners. Microsoft will not retrieve any personally identifiable information, or any other information, from your computer by downloading such revocation lists. Secure Content Owners may also require you to upgrade some of the DRM components in this Software ("DRM Upgrades") before accessing their content. When you attempt to play such content, Microsoft DRM Software will notify you that a DRM Upgrade is required and then ask for your consent before the DRM Upgrade is downloaded. Third party DRM Software may do the same. If you decline the upgrade, you will not be able to access content that requires the DRM Upgrade; however, you will still be able to access unprotected content and Secure Content that does not require the upgrade.
Now if I, the user, have a complaint that the IP owner is violating my Fair Use, do I get to ask Microsoft to change the policy? And would this put them in the position as acting as a referee on legal issues if I could? But considering Microsoft, by reading their EULA, doesn't like the Fair Use Act either, I guess the consumer is screwed.Along that line, I highly recommend reading the new EFF essay on DRM limitations in popular music services (iTunes music store, Microsoft's music store, Napster, and RealNetworks' music store). I forsee this page becoming a reference on why it is a bad idea to do business with these music stores. The license terms on the songs are sufficiently restrictive that I'll never buy anything from them, but to know that I'd have to overcome some technological hurdle to regain a sliver of the rights I have with records, tapes, and audio CDs, I'm sure to recommend to my friends that they avoid these places entirely.
Digital Citizen
How does an artist's decision to publish via a DRMed medium force you to compensate them for their work, if you don't want to buy it?
If I can't buy a mother board without trusted computing then I have no choice but to buy artists that only use DRM.
This means that I could not play any media of artists that refuse to use DRM or sell non-DRM media.
Don't you understand. DRM is not about stopping piracy. It's about controlling content. What happens when the organizations that control DRM don't like your art and refuse to let you DRM it? Its censorship by proxy.
If all tvs, computer, and portable audio can only play DRM then only content that will be allowed to play is those which are liscensed for DRM and if those giving out the DRM codes don't like what you have to say may not let you DRM it.
Would you trust these corporations with your freedom of speach?
Look. I don't mind DRM on DVD's and WMA files becuase I'll buy them... But when I have no choice to what other media I play especially if it's media content that non-corporate artist plays on my computer then I'm hostile toward the idea.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
>Unless there is a TCPA-bootable-disk-key-checker the BIOS runs, but why?
d f
It's the way security protocols normally change.
First generation will support the old way.
Second generation will support old and new way. aka (switch hitting).
Third generation ONLY supports the new way.
This by the way means the machine wont boot without DRM at the trusted root hardware level
When we get third gen hardware, it is the full intent of the TCP to eliminate old and switch hitting implementations, which means without DRM, your OS can not, WILL NOT boot.
This is what Microsoft and Intel think of, when they think of DRM, this is not what the public believes DRM is at all.
To give you an example, SHA-1 is a crypto hashing routine which will require extensive mods to several existing implemented encryption protocols.
They can't just remove SHA-1 and come out with version 2 they have to transition it.
When the new crypto protocols come in they also will HAVE to support the transition in stages as described above.
For more Crypto-Babble( all be it, excellent) on
transitions for old, switch hitting and new.
See "Deploying a New Hash Algorithm", Steven M. Bellovin and Eric K. Rescorla.
http://www.cs.columbia.edu/~smb/papers/new-hash.p
I gurantee you, 3rd gen DRM at the hardware level WILL abosolutly require a full DRM TCP Linux implimentation or Linux my friend, wont run.