Trusted Or Treacherous Computing?

theodp writes "Just because Richard Stallman is paranoid doesn't mean Microsoft's not out to get you. For a hint about the possible end-game of Microsoft's Trusted Computing Initiative, check out the patent application published Thanksgiving Day for Trusted License Removal, in which Microsoft describes how to revoke rights to render based on 'who the user is, where the user is located, what type of computing device or other playback device the user is using, what rendering application is calling the copy protection system, the date, the time, etc.' So much for Microsoft's you-should-have-control assurances."

Hands up, everyone who DIDN'T see this coming...

[Old+Man+Kensey]

Anyone who has ever believed that Microsoft is genuinely on the consumer's side in any kind of licensing question is so naive they shouldn't be allowed out of the house without a minder.

For and against

[HomelessInLaJolla]

Since my laptop was stolen about five months ago I can appreciate the qualities of a system which could be used to at least cripple hardware which was stolen or otherwise suspect.

As a realist, though, I cannot possibly trust that a large organization could implement this properly without willingly abusing it or unwillingly fscking it up.

Re:For and against

[b0s0z0ku]

Since my laptop was stolen about five months ago I can appreciate the qualities of a system which could be used to at least cripple hardware which was stolen or otherwise suspect.

Why bother? Laptops are easily replaceable. It's the data that you have to worry about. Encrypt it and keep the keys on a device that's kept seperate from the laptop (USB key?) unless it's in use. Combine that with fingerprint scanning or other biometrics if you're really paranoid. And don't encrypt the partition or directories containing the OS and software with the same key! Having known files in encrypted *and* decrypted forms to work from will only simplify a cracker's job.

-b.

Re:For and against

Easily replaceable? You buy him a new laptop then.

Re:For and against

[arose]

If it can seriously cripple the hardware there is a chance it might bite you. And if it's easy fixed the thief will do it. Use encryption if you are woried about the data.

Re:For and against

[advocate_one]

Easily replaceable? You buy him a new laptop then.

compared to the data you idiot... it's fscking hard to replace a stolen identity

Re:For and against

[penrodyn]

>compared to the data you idiot... it's fscking hard to replace a stolen identity

Touchy touchy, someone got out of the wrong side of the bed this morning.

Re:For and against

Your laptop's gone. It's a bad thing, but it's happened and there's nothing you can do about it. If you could trace and retrieve the laptop then *that* would be useful. But disabling something that you no longer have, and can't get back, just seems pointless. Besides, what if an innocent third party down the line picks up said laptop on ebay? Do you really want to punish them for being another victim of the guy who stole your laptop? Or (and this happenned to me a few years ago), what happens if the robber tries to pawn your laptop a few months down the track, the broker smells a rat, contacts the police, and you end up getting the laptop back? Cripple it and even if you *do* somehow get it back it won't be much use to you.

Re:For and against

[rdebath]

Sorry, won't work.
We've had three laptops go missing, they all had phone home software on them (homegrown, hidden and almost undetectable) but I didn't get a peep from them. I would say that most of the people who steal these things know better than to let them anywhere near the internet intact.

Re:For and against

[Fred_A]

Unfortunately you can't do this with users...

"whine whine I've forgotten my password and can't get at my spreadsheet"
"I reset your password last week already !"
"well yes but It wouldn't let me set it to 1234 like I have on eBay and PayPal"

Re:For and against

[mrchaotica]

If this is a business setting, that user is incompetent and should be fired. Simple.

Re:For and against

[arose]

"Trusted" computing doesn't solve this problem.

Re:For and against

Good job spotting the difference between IP and personal information.

They forgot...

[Nemetroid]

...who the users father is, and what he does.

Re:Hands up, everyone who DIDN'T see this coming..

[man_of_mr_e]

I think that, like many things, the reasons behind these ideas are well intentioned, but can be used for evil if not policed.

There are a lot of good reasons to do the things Microsoft proposes. Stolen laptops, Malware, Leaked confidential information (think patient records, social security numbers, etc..). The problem is, of course, that most such technologies cut both ways.

Re:Hands up, everyone who DIDN'T see this coming..

[argoff]

I saw it comming more than two years ago ... What DRM is REALLY REALLY REALLY about

Say what?

[Score+Whore]

Or maybe it's just a way for them to manage licenses? Like you purchase a license to view a movie. They send you the .WMV and the license to view the file. You upgrade your computer and want to migrate all your purchases to the new machine. So you request to remove the license from the current system.

Maybe someone should read the patent in question?

Re:Say what?

[no+reason+to+be+here]

Uhh, if i pay to download something--a movie, to use your example--i expect that i have the right to watch it on whatever device that i own and that i shouldn't have to ask for permission to move it from my desktop to my notebook. i don't want to pay for licenses. i want to pay for the movie, and then use that movie in a anyway that i please that is legal without having to ask for permission, and if that means you have to trust me that i won't do anything illegal with that movie, well boo-fucking-hoo. i haven't committed any crimes, so i don't want to be treated like a criminal.

Re:Say what?

[Tim+C]

Maybe someone should read the patent in question?

No, this is slashdot, where we read an inaccurate, third-hand interpretation of the abstract of a patent (not the claims), then check to see who it was granted to, and rubbish or support it based on that.

Re:Say what?

[adinu79]

Mod parent up. All this scheme seems to be designed for is to facilitate what people were yelling about a couple of weeks ago: License removal and transferral. This way you could remove the Windows Licence from your old computer and transfer it to a new computer without having activation problems.

IMHO: Move along, nothing to see here.

Re:Say what?

[Dr.+Zowie]

Even if "benign" license control is all this is for, it ain't so benign. Having to ask permission before acting is the hallmark of totalitarianism. Even if the license were free of monetary charge, giving up that much control is too high a price to watch "X-Men 7" or "Police Academy 32".

Re:Say what?

Like you purchase a license to view a movie.

Oh, grow up. You buy a copy of the movie, not a license. A license is a contract which must be considered and signed by both sides. Stop eating the bullshit they're feeding you and stand up for yourself.

Re:Say what?

Yeah, I think it's a great idea that when I purchase content, I have to jump through bureaucratic hoops to view it. Since this will be the first ever DRM scheme that is unhackable, the pirates will finally be stopped. The noble content providers will finally see a profit from all of these movies and songs that they created, and all I have to do in order to view "You, Me, and Dupree" in glorious high rez is buy a new monitor, a new operating system, and a new computer, and then waste a bunch of my free time messing around with their cumbersome protections. Hallelujah!

I think I'd rather go to the library and read a freakin book, for free, before they find a way to DRM paper.

The only think lamer than M$ is an M$ apologist... I really can't understand why you'd spend any effort sticking up for them. You just enjoy having your rights restricted? You enjoy getting less for your money? You actually believe that this nonsense will slow the pirates down for even a second? It won't. It will just inconvenience millions of honest people. It's the digital equivalent of getting felt up by an airport security goon, all in the name of stopping "the terrorist".

I truly pity you, and your abject servility to a faceless and uncaring authority.

Re:Say what?

[cdrguru]

Problem is who gets to define what "legal" is?

Most people nowadays believe it is quasi-legal to download and "share" music with the rest of the Internet-using world. If they aren't on a dialup connection, they may have downloaded a movie or two as well.

Of course, all of this was illegal. Have these people been arrested? How is "Legal" supposed to be enforced? Trust? Yeah, right. Nobody since about 1830 relies on "trust" to stay in business. And I think that guy went bankrupt like he deserved.

And "trust buy verify" isn't going to work either. No, there isn't any "trust your customers" left anymore - it is easier to take, take, take and take some more. If a company produces a product where it is easy to give a copy to all your friends on the Internet then they deserve to sell one copy in Albania and never any more ever again.

Re:Say what?

Since you don't want to be treated like a criminal, I assume you don't treat others like criminals, otherwise you'd be a hypocrite. I take it you have no locks on your doors then? You don't password protect anything, and when you are forced to, your passwords are public knowledge? You don't lock your car and you leave your keys in it because, well, you don't want to treat anyone like a criminal, right?

No, DRM is more like inviting someone over for dinner, but telling them they can only sit in an approved chair, facing an approved blank wall, and chewing your food an approved number of times, without discussing the meal. God forbid you should ask for the recipe. Oh, and your right to eat can be revoked at any moment.

Re:Say what?

i don't want to pay for licenses. i want to pay for the movie

You sound like someone who buys apple juice expecting to make an apple pie, and then complains that it's unworkable. It's simple: buy from those who are selling movies and don't buy from those who are selling licenses. If you and a few more geeks are not enough to shift the market away from Microsoft's plan, well boo-fucking-hoo.

Re:Say what?

[IamTheRealMike]

if that means you have to trust me that i won't do anything illegal with that movie, well boo-fucking-hoo

That's kind of like saying nobody should ever lock their house or car, because the neighbours aren't criminals dammit and if you have to trust me not to steal your stuff, well boo-fucking-hoo.

What's that? You do lock your car? Well I can't say I blame you. There are untrustworthy people in the world, after all.

Re:Say what?

You pay for liscenses right now. Go to Best Buy and pick up a movie on DVD. You didn't just buy the movie - you bought a liscense to view a copy of movie. You can't go and copy that movie, and you can't buy a giant projector and make a theater and sell tickets to watch that movie. Your usage is already restricted in a manner that the courts have agreed with for decades.

Now your issue about wanting to be able to play it on another machine is a valid one, but you're talking about the scope of your liscense. At the same time, forcing the entire content industry to abide by one specific liscense is ultimately unfair and honestly restricts the rights of the artist. They should be able to sell their work in whatever manner they choose so long as they don't cross a certain line of consumer rights. Where that line is is certainly a matter for debate and like you, I think it needs to be moved closer to the consumers right now.

In the end, if you don't like the liscense of the movie you want to buy, you have the ultimate right of a consumer - don't buy it. If people stopped buying movies because the rights given by the content owner were too restrictive, the owners of the content would become more consumer friendly.

Re:Say what?

[arminw]

.....That's kind of like saying nobody should ever lock their house or car......

No, its like the building contractor locking my house and then telling me that unless I jump through whatever hoops he dictates to give me the keys, I should sleep under a bridge. Even after he/she gives the keys, it can be taken away again if I let the "wrong" people in.

Re:Say what?

[b0s0z0ku]

Of course, all of this was illegal. Have these people been arrested? How is "Legal" supposed to be enforced? Trust? Yeah, right. Nobody since about 1830 relies on "trust" to stay in business. And I think that guy went bankrupt like he deserved.

Too late. The barn door is open. The horse is running free, halfway across the State. Locking it now ain't gonna help any.

Content has become cheaper and easier to distribute. Just like when the printing press came out 500 years ago which removed the need for scribes - content creators will have to adapt or die. Book authors can adapt in one of several ways: release books in serial form with the understanding that if enough people don't pay for one chapter, the next one isn't coming out. Possibly a return to the idea of the literary magazine. Sure it can be pirated, but not quickly. Also it could even be free and supported with unobstusive advertising.

Movie producers can write for the theatre, and people *will* pay to see live performances. People will also go to the movie theatres to see movies, and theatres can be policed pretty well as far as respecting copyright. Maybe there'll also be fewer inane movies that are made solely for money since there'll be less easy money in production.

Musicians will still have live performances, concerts, etc. Perhaps tickets will be more expensive than today, but people will still go watch as they do now.

I'm not saying that those changes are for the better, but like it or not, mass media as it has worked for the past 75 years or so is dead. Passing obtrusive laws and locking down computers will only delay the inevitable. There are two choices: adapt or die.

-b.

Re:Say what?

[Baricom]

A license is a contract which must be considered and signed by both sides.

If that's the case, then what is the GNU General Public License?

Re:Say what?

[Faylone]

Faceless? I thought Gates of Borg was the face.

Re:Say what?

[Dunbal]

No, DRM is more like inviting someone over for dinner,

      You WISH you were invited to dinner. In reality you've paid quite a bit for this meal, in advance...

Re:Say what?

[kimvette]

That is not the right to "own" or "use" a copy, but a grant to allow the redistribution of a copyrighted work. A completely different topic altogether.

Re:Say what?

[Baricom]

That's not what Coward said. S/he said licenses are not valid unless signed by both parties.

Re:Say what?

[jrockway]

The difference between the GPL and an EULA is that the GPL gives you extra rights on top of what you have by default, whereas an EULA takes them away. If the GPL's considered invalid, that means that nobody's allowed to copy the GPL'd work. However, it's up to the person who owns the copyright to sue whomever is still copying the work. Since he GPL'd the software to begin with, he's probably not going to sue people who are distributing the software under the terms of the GPL. So even if the GPL's not "valid", it can still be valid in practice. Obviously the typical EULA is different, since no copying at all is allowed.

Taking away rights and giving away extra rights are two different issues completely. Please don't be confused by the common word "license".

Re:Say what?

I agree. If I download a piece of software, I should be able to use it as I see fit.

As one person mentioned earlier, checks and balances were put into place, because power corrupts everyone. This includes not only Microsoft, but also you and me.

Let's be fair to Microsoft:
Copies of Office, NT/2000/XP/2003, along with KEY CODES are widely available on the internet.
How can MS prevent thieves? There's nothing to stop you from using that copy of Office with the correct key-code.

Let's be fair to user X:
Before we say anything about the NEW stuff, let's talk DOS6.0, Win3X/95/98/me/2k/03/.
If you received the original disks, and installed it, you can use it.
This is fine for me, when I received an old 95 CD, when an office threw it out for Win2K.
I should be able to use this software, because the product was bought and transferred to me.

The "sharing" of Microsoft products is Microsoft's concern, so it's not surprising they're going towards a hardware solution similar to MAC. Funny, MAC is having its own issues of "sharing" of MAC on X386, since coming onboard the x86 architecture.

The ultimate solution for both Microsoft and Apple will be a proprietary X86 hardware and software solution. I won't fathom the best solution, but essentially, that hardware will be tied to a software licence that allows hardware upgrades and newer versions of Windows to be installed, but provides for a hardware-specific implementation, along with a server-side validation.

I would think an additional EPROM that ties to the BIOS and OS would be the solution.
This may not stop foreign license trolls, but it would stop the typical USA business from making a mistake of installing the same OS on different computers.

Why is MS's plan bad?
It is inconvienient for MS customers to upgrade hardware. It is also too worried about virtualization being used for nefarious reasons, like "One licence, many people".

Virtualization Paranoia:
Current virtualization takes an instance of WinXP, just say, and runs it in a "sand-box".
However, each instance still runs on the same machine. Thus, that machine running XP three-times is taxed 3x for each instance of XP. A cheating company would be using one machine for 3 people. This isn't very realistic, is it? A virtualized instance of XP sent to any one computer in a set of computers makes money-sense to the company wanting to rip-off Microsoft. This is where a Hardware/software STACK that Apple used to have makes sense. Apple could have applied multiple digital signatures, if it thought instances of its OS were being farmed to empty workstations. Now, Microsoft will disallow home users in EULA for virtualization, in fears that their top-heavy approach to a heterogeneous set of x86 computers could be forgotten with virtualization. This EULA really stopped the thieves, didn't it? What???

Let's be fair to Sun/HP and MAC "HARDWARE-SOFTWARE" stacks.
It's funny, that we think of Microsoft as being "mature", because of the number of drivers it supports. Now, as Microsoft actually really matures to the UNIX level of maturity, one sees the need for a propietary HARDWARE-SOFTWARE stack, where the hardware and software set the bounds, and complete seperation of the hardware from the softare (EG new computer -cpu,bios,chipset,etc- ) requires validation from MS. Does this sound a lot like pre-x86-MAC or Sun, HP? Ahh, the real cost of producing a propietary OS for a specific architecture isn't in the number of drivers, but the management of your licensing agreement.

Let's be fair to Linux:
Linux is free, and has a lot of drivers, but then, may not.
If MS and HP want to compete, go back to the OLD model, and offer guarenteed hardware comptatiblility. Linux will drive down price with no guarentee that it works over time for a given hardware, but then the propietary software marches on. Linux will also be there for hardware not compliant with MS or Sun or HPUX hardware compatibility, for instance.

Let

Re:Say what?

[KDR_11k]

Yes except he told you about the key deal up front and has a more expensive option where you get the keys.

Re:Say what?

[KDR_11k]

You pay for liscenses right now. Go to Best Buy and pick up a movie on DVD. You didn't just buy the movie - you bought a liscense to view a copy of movie.

No, you bought a copy of the movie. Licenses only come into play if you want to gain rights you don't have by default. You need a license for reproducing or publicly playing the copy but not for normal private use since you can do everything with that DVD that isn't covered by copyright (or criminal law, e.g. firing it at high velocity and decapitating people). Computer programs can redefine the purchase of the copy as a licensing deal in some jurisdictions as they can force you to agree to an EULA before the program runs but in the absence of such an additional contract (or in jurisdictions where EULAs are invalid) you own the copy and have the normal user rights on it.

Re:Say what?

[mrchaotica]

Problem is who gets to define what "legal" is?

Indeed, who the fuck do these publishers think they are, to restrict what I'm allowed to see, hear, and think?

Re:Say what?

Like Bush is the face of security?

Similar to 'certificate revocation'

[quiberon2]

We have had 'certificate revocation' schemes in things like Distributed Computing Environment for a while.

If you believe your password has been compromised, or your PIN had become known to someone else, then for 'high-value' systems you need to be able to administratively indicate that any 'authority to behave as you' is not to be believed any more.

The 'personal' computing market is splitting.

If you inflict this kind of feature on a lawyer, doctor, or engineer, who is trying to go about their professional work, you cause loss and damage and you get your product thrown out post-haste as unfit for purpose. Lawyer, doctor, and engineer have plenty of money and need the top-grade service.

If you give someone a cheap deal on a Star Wars DVD because of them being willing to accept the possibility that their permission to view it might disappear unexpectedly, then that's rather like having a 'standby list' of people who might or might not be able to get on a plane at cheap prices according as whether the plane fills up with full-price passengers.

Re:Similar to 'certificate revocation'

[mrchaotica]

If you inflict this kind of feature on a lawyer, doctor, or engineer, who is trying to go about their professional work, you cause loss and damage and you get your product thrown out post-haste as unfit for purpose. Lawyer, doctor, and engineer have plenty of money and need the top-grade service.

HAH! I wish engineers (can't speak for doctors or lawyers) understood that! But unfortunately, even the most well-educated ones are functionally illiterate in terms of understanding the implications of proprietary formats (e.g., AutoCAD), DRM, and closed-source (i.e., impossible to verify as secure) operating systems.

This is innovation?

Why do the claims detail the server request but leave out all technical details? All looks obvious in any sense of the word, what is patentable here? The only reason nobody did this before was because they didn't have, need or want a TPM.

Re:Hands up, everyone who DIDN'T see this coming..

[nurb432]

Or most any other corporation.

Greed and control isnt monopolized by microsoft. Though they are one of the biggest holders by default due to their impact on most every part of society at this point.

Patenting stuff like this is a good thing

[ross.w]

It stops anyone else from trying it.

Re:Patenting stuff like this is a good thing

[ahayes_m]

It could be used to stop the license revocation of hacked HDDVD and BluRay players, MS can simply refuse to license the patent. This would be an awesome reason to have this patent.

Re:Hands up, everyone who DIDN'T see this coming..

[rbochan]

There are a lot of good reasons to do the things...

Sorry, but I happen to think that's crap. Much like the government, whenever a controversial law/license is proposed, and its supporters, when confronted with an egregious abuse it would permit, use a phrase along the lines of 'Perhaps in theory, but the law would never be applied in that way' - they're LYING. They intend to use the law that way as early and as often as possible.

Stolen laptops, Malware, Leaked confidential information (think patient records, social security numbers, etc..)

Those situations would fall under the jurisdiction of law enforcement, not Microsoft.

Richard Stallman paranoid?

[orkysoft]

Since when is Richard Stallman paranoid?

Re:Richard Stallman paranoid?

[Stormwatch]

Yeah... it's not paranoia if you're right.

Re:Richard Stallman paranoid?

Since when is Richard Stallman paranoid?

Is it paranoia if everyone really is out to get you?

This is the entire basis for Stallman's "free" software movement. It has nothing to do with price and everything to do with what each user can do with his/her/its own computing environment. This entry is just the latest in a long list of attempts by vested interests to limit what users can do with equipment/software that they legally purchased simply to guarantee a free flow of money.

Just say no!

Re:Richard Stallman paranoid?

[MichaelSmith]

More to the point, is he paranoid enough?

Re:Richard Stallman paranoid?

[Kristoffer+Lunden]

Well many or maybe most thought he was a few years back, but after just about every and all of his "paranoid" predictions has come through one way or the other, not so much anymore. Now there's just a few thinking he must be crazy because he has a beard.

Re:Hands up, everyone who DIDN'T see this coming..

[marcosdumay]

If you want to protect the user, you give the keys to the user (or let him chose them). No encription that hides the keys from you is there for your benefit.

Re:Hands up, everyone who DIDN'T see this coming..

[Stanislav_J]

Those situations would fall under the jurisdiction of law enforcement, not Microsoft.

Once Billy Boy is President, they will be one and the same....

Subscribe to Microsoft Windows in the future

[jonfr]

This just Microsoft preparing for there next phase in Windows. Next Windows and problay upgrade of Windows Vista are going to be subscribed to the user on montly basis (Note: This is just my guess!). If you don't pay up, you can kiss your computer and your data goodby.

For games I will stick with Windows XP, for everthing else, there is (insert distro of chose here) Linux.

Re:Subscribe to Microsoft Windows in the future

[RyuuzakiTetsuya]

that'll be fine until Direct X 12 or 13 when MS requires you to upgrade to Vista.

Re:Subscribe to Microsoft Windows in the future

[bckrispi]

It's coming sooner than that. Direct X 10 will be Vista only.

Re:Subscribe to Microsoft Windows in the future

[Jedi+Alec]

It's coming sooner than that. Direct X 10 will be Vista only.

Which pretty much means any game that requires 10 or higher will have to do without my money. Gotta draw a line somewhere and Vista is where the line will be. Oh well, it'll give me more time to spend on other thing...like maybe learning OpenGL.

Re:Hands up, everyone who DIDN'T see this coming..

[kimmo]

Well intentioned my ass. I think ./ should have a few new classes for moderation: blue eyed idiot, stupidicus infinentum, well intentioned and stupid looking troll etc.

Re:Hands up, everyone who DIDN'T see this coming..

[cdrguru]

Law enforcement? How? What law might you be considering?

"Malware" isn't illegal. I know of no reasonable law that defines what this might be. Certainly lots of people are inconvenienced by it, but that is hardly justification for making writing software some kind of criminal offence. And any law that purports to make "malware" illegal is utterly unenforcable - do you really believe that some teenager in Romainia is going to be dragged into court in California for a single offence of this type?

Leaking confidential information has some laws surrounding it, but again the application is unlikely to really occur. If we were serious about this kind of thing it would be a criminal act to use an outsourcing company to process medical records outside of the jurisdiction where disclosing those records is a crime. You see, every day medical records are processed in third-world countries where there are no laws about privacy of those records.

While it might be nice if the FBI investigated every malware incident, it doesn't happen. Nor would you really want it to. And while "malware" isn't really illegal, by the time the FBI gets involved, the will find some law that has been broken if they can arrest someone.

Re:Hands up, everyone who DIDN'T see this coming..

[IamTheRealMike]

Those situations would fall under the jurisdiction of law enforcement, not Microsoft.

If Microsoft can provide tools to resolve the situation faster and more effectively than law enforcement, what's wrong with that?

"Treacherous" is, of course, the answer

[epp_b]

Of course it's "treacherous", not "trusted". It's about taking control away from the owner, the user; and giving it to a remote entity. Hasn't it always been?

Clear evidence of this comes to light when you think closely about the proposed "Owner Override" feature that would effectively disable an onboard TPM chip...or maybe not, depending on whether or not we're being lied to about that.

First off, if this feature is really everything we're told it is -- that it really disables the TPM chip -- then what is the entire point of this? To have software, music and video vendors build their content around a supposedly "unbreakable" remote control scheme in their power...only to be broken by a built-in flick-of-a-switch feature?

And if we are being lied to about "owner override", then it's clear there is something they want to maintain hidden from us.

Either way, it won't work. Somewhere on the motherboard, between the keyboard and the hard drive, if you will, data must be unencrypted. You just can't keep something that is exclusively mine and in my possession, a secret from me!

Re:"Treacherous" is, of course, the answer

No... it doesn't work that way. When you disable the TPM, it really is disabled. It's just that your machine and its software can no longer remotely attest to its configuration -- meaning that it can no longer report that the hardware is intact and that you are running SPECIFIC code. In that case, the remote server will refuse to send any content. This is the essence of DRM.

In future, once the plans for these TPMs have reached fruition, you will not be able to connect to the internet (because the ISP will insist on a trusted connection) if you disable the TPM.

However... disabling it really does disable it. They have no need to cheat... the hardware and politics behind it is already murky and sinister enough as it is.

Re:"Treacherous" is, of course, the answer

[Antique+Geekmeister]

The Trusted Computing tools are already planned for inclusion in the next generation of both Intel and AMD CPU's. There's no chip to turn off: it will be a CPU feature that may or may not be de-activated on request, but getting the system booted far enough to turn the feature may require access to an authorized software tool itself. And hardware such as DVD's, CD's, USB sticks, and hard drives are clearly planned to include Trusted Computing access control. That can help prevent unauthorized users from using stolen equipment, but also will prevent use of them by non-Microsoft-signed software.

Re:"Treacherous" is, of course, the answer

Reading this stuff makes me glad I got into computers early (mid 80s). I had my fun while the area was growing fast and furious and you were positively encouraged to hack hardware, write and change software and just plain have fun with the hardware and software you owned (yep, that's right... not leased but *owned*). Sure it's starting to turn to shit now with hyper-paranoid software giants, retrograde patent and copywrite laws, DMCA, treacherous computing, DRM etc., but from my selfish vantage point... I've had my fun, and can move on to greener pastures with few regrets.

Re:"Treacherous" is, of course, the answer

[Ginger+Unicorn]

"In future, once the plans for these TPMs have reached fruition, you will not be able to connect to the internet (because the ISP will insist on a trusted connection) if you disable the TPM.

Well what if you have a DSL router that has a TPM chip but your PC doesnt? Can you get round it that way?

Re:"Treacherous" is, of course, the answer

Your PC must have a TPM to establish a trusted connection to your router, and your router has a TPM to establish a trusted connection to your ISP. If your PC does not have a TPM and is running the approved software (presumably Windows, Mac or an approved Linux kernel), then it will not be allow to send data via the router to the ISP. A manufacturer whose router software allows untrusted PCs to send data via it will not have their software approved (digitally signed) and therefore will not be trusted... and therefore not allowed to connect to the internet.

This trust mechanism is insidious. It forces a creeping centralized control over software development and deployment, and it puts in the hands of a few corporations. The code approval applies, potentially, to EVERYTHING... starting with the kernel and media subsystems (this, incidentally, is what Palladium or Window NGSB is all about).

Re:"Treacherous" is, of course, the answer

[mrchaotica]

or an approved Linux kernel

Which, by the way, is exactly the same thing as a NON-FREE Linux kernel.

Re:"Treacherous" is, of course, the answer

[Mr2001]

Then that's a pretty useless switch.

The override feature we really need is one that lets the owner--a person with physical control over the PC--lie about the software installed on his computer, that is, attest that he's running a specific configuration, whether or not he really is. That way, we get the advantages of TPM (e.g. encryption with the keys kept in hardware, and some protection against malware) without the drawbacks (remote entities being able to deny us service based on the content of our PCs, which is really none of their business).

Over their dead body...

[Yaa+101]

I am serious, but then I do not use Windows.

Re:Hands up, everyone who DIDN'T see this coming..

[timmarhy]

microsoft aren't a public institution subject to control by the people, thats what.

Paranoia is a mental illness, not a belief

[Catbeller]

Stallman is not a paranoid. He is a cynic, and an accurate one. He merely rips away all the happytalk and states the problem in stark terms. That's not paranoia, which is a loaded term come to be used by PR masters to smear opponents. That and "conspiracy theorist".

Stallman and I are old enough to remember how Microsoft has comported itself for a quarter century. They are consistent liars and cheats, and pointing this out is just a service to the yunguns who don't even remember MS criminally falsifying video evidence -- and getting caught red-handed, too -- at the monopoly trial. IF you or I had done that, we'd still be in federal prison. MS just had a president dump their criminality into the shredder, and then made even more monopoly money.

They perform no action idly. They've a plan, and it involves killing competition and keeping all the money in the world for themselves. It's a mission statement.

trusted.. just not trusting you

[timmarhy]

trusted computing means media giants and software vendors don't need to trust you, thats the whole point of it. you can provide all the security they are proposing without any lock in. MS is chosing to make this user unfriendly, it's not needed to design a secure terminal at all.

I had a terrible dream last night.

[SynapseLapse]

I had a dream that Microsoft consorted with Cisco, Sun, Comcast and Intel to REQUIRE a trusted computer to access Internet2. It was billed as the only way to bring "law and order" to the wild west of the 'net.

Silly dream? *shrugs*

Re:Hands up, everyone who DIDN'T see this coming..

[man_of_mr_e]

Those situations would fall under the jurisdiction of law enforcement, not Microsoft.

Law Enforcement almost never solves them.

Re:Hands up, everyone who DIDN'T see this coming..

[Jah-Wren+Ryel]

Sorry, but I happen to think that's crap. Much like the government, whenever a controversial law/license is proposed, and its supporters, when confronted with an egregious abuse it would permit, use a phrase along the lines of 'Perhaps in theory, but the law would never be applied in that way' - they're LYING. They intend to use the law that way as early and as often as possible.

Looks like DRM was made for you, to prevent the unauthorized copying of other people's work!

It's for moving licenses

[SiliconEntity]

Here is the description from the patent that describes what it's for:

[0013] It is to be appreciated that from time to time the user, the computing device 14, the trusted component 18, or another entity (hereinafter, the client) may wish to remove a license 16 from use in connection therewith. For example, it may be the case that the client no longer wishes to render the corresponding content 12, or that the client wishes to transfer the license 16 to another client. Although the client could merely remove the license 16 on its own, it may be the case that the license 16 is stored in a store such as the secure store 22 and is therefore not accessible except under controlled circumstances, or it may be the case that an external entity wishes to ensure that the license 16 is in fact removed. In one envisioned scenario, where a client that purchased the license 16 from a service for value and wishes to `return` the license 16 for a refund, it is to be expected that the service would require some assurance that the returned license 16 is in fact removed from the client. In another envisioned scenario, where a client that purchased the license 16 from a service for a first computing device 14 and wishes to transfer the license 16 to a second computing device 14, it is likewise to be expected that the service would require some assurance that the transferred license 16 is in fact removed from the first computing device 14.

[0014] Accordingly, a need exists for an architecture and method that effectuates trusted removal of a license 16 from use by a client. In particular, a need exists for an architecture and method that notifies a removal service or the like in a trusted manner that the license 16 is to be removed from use by a client or the like and that in fact removes the license 16 in a trusted manner from use by the client.

So the main idea is to have a way that the client software (such as WMP) can notify the license server that the license (i.e. decryption keys, etc) is being deleted from a particular machine. This is so they can support letting people move content from one machine to another without automatically authorizing unlimited copying. It's a normal and reasonable part of an overall DRM system. I'm sure Apple's iTunes does something similar when you authorize and de-authorize machines.

It doesn't really have anything to do with Trusted Computing Group (aka TCPA) style Trusted Computing, rather they mean that the server trusts the client (just as Apple trusts iTunes).

Re:It's for moving licenses

[arminw]

.....So the main idea is to have a way that the client software (such as WMP) can notify the license server that the license (i.e. decryption keys, etc) is being deleted from a particular machine......

Could this be the real reason why MS doesn't want their VISTA to run in a virtual machine? Virtualization allows anyone to make an end run around all DRM and activation schemes.

Re:It's for moving licenses

[wild_berry]

I thought you need Vista Enterprise or Vista Ultimate to run under virtualisation as Vista Basic and Vista Business don't support it.

Re:Hands up, everyone who DIDN'T see this coming..

[man_of_mr_e]

Yes, since the user having the keys solves the problem. Not.

Surveys have shown that users are willing to give out their passwords for a piece of chocolate. Cars are Hijacked every day, and the user just gets out of the car leaving the keys to the attacker. I'm not saying that a TPM chip is the best way to solve the problem, but merely putting it in the users hands doesn't solve much of anything.

Stupid Analogy

[quanticle]

Locking your car is the equivalent of encrypting your data. This DRM crap is the equivalent of me selling you a car, but keeping the keys and making you ask permission and state your intended route every time you drive.

Re:Hands up, everyone who DIDN'T see this coming..

[foamrotreturns]

Not only are they not under control of the public, they are also not subject to any form of auditing. If MS wants to play policeman, they will need an Internal Affairs Department that can bust them for pulling stupid shite like this. "Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men."
~Lord Acton

Do read EFF article please

[Jasper__unique_dammi]

I may be redundant here, but the EFF article looks great. It is long though, but I just want to post this to encourage you reading it all. It may prevent a couple of misconceptions. (it did for me)

It is very simple

[DrJimbo]

When the user/owner controls the keys it really is trusted computing. When someone other than the user/owner controls the keys then it is treacherous computing. Unfortunately, perhaps for marketing reasons, Microsoft does not use these definitions.

And for the record, Richard Stallman is very good at foreseeing problems way before other people, but that does not make him paranoid, just foresightful.

Re:It is very simple

[macaulay805]

Yep, there is always a loss in translation between English and Marketing.

Re:Hands up, everyone who DIDN'T see this coming..

[MollyB]

Some of the mods lately match your description, only they are called Interesting or Insightful and have positive integers. How do we fix a blue-eyed idiot's up-mod of a well-intentioned stupid ramble?

But back to topic: I trust MS to separate me from my money at every turn, and to pull every legal low-down weaseling to advantage itself. That's their business. If we still use their stuff, we don't need to pretend they're being friendly...

The technical specification of "owner"

[bitspotter]

The TCPA and TCG technical specifications define what it means to be an "owner" of a device, to "take ownership" of a device. The ability to revoke features on device like this if you, the consumer who purchased the device (the "owner" in the legal sense) is not really problematic. It's a useful feature, in case, eg, your device is stolen.

The problem , of course, comes when you buy or rent a Trusted Computing device from a vendor who has previously "taken ownership" of the device before your purchase, in the technical sense put forth in the spec. If you're renting it, then it's legally the property of the vendor, and they have every right to control of their property. But if you purchase a device outright, there's no excuse for a vendor to retain ownership in the technical sense if they have ceded it to you in the legal one. This is the Crux of all the "evil" potential that Trusted Computing has. If the consumer is the owner, there's not much vendors can do to be evil with it.

The features of Trusted Computing devices work, and they are genuinely useful - but they only serve the "owner" of the device. It is our responsibility to demand full ownership of our devices (and not to settle for "rented" equipment, in the technical sense or the legal one).

Re:The technical specification of "owner"

[quentin_quayle]

You've almost got it, but not quite.

The "take ownership" feature in the TC spec only establishes a secondary digital key for the owner of the hardware. The "root of trust" or "attestation" key is embedded when the TPM (TC chip) is manufactured and it is never subject to control by the eventual owner of the hardware.

By saying that retention of ultimate control by an outside party, by means of their posession of a key mathematiclly related to the one in the chip, together with the hardware owner's inability to access, blank, or rewrite all the keys in the chip in his own hardware - this is indeed the "Crux of all the 'evil' potential that Trusted Computing has", as you state.

However, you've apparently been misled about the meaning of the so-called "take ownership" feature in the TC specification. It's true that it should not be executed until after the machine has passed to th end-purchaser and that the seller would retain an improper degree of control if it were executed before sale. In fact, the machine might not even be fully usable by anyone else. But at most this procedure establishes only a secondary key and does not affect the one installed at the factory.

And *that* fact is the true "Crux of all the 'evil' potential that Trusted Computing has". It is a feature of the whole scheme, and enables all the true purposes, including DRM, vendor lock-in and censorship.

I jsut wanted to clarify that the danger you allude to is not mitigated by anything in the spec.

Re:The technical specification of "owner"

[bitspotter]

I'll have to review the specs again, But I think the only hidden key is only used to sign an attestation that the hardware actually conforms to the TCPA/TCG spec. This is important in order to establish trust for the features the TPM provides, but, again, it isn't used to directly implement any features useful to anyone but the "owner".

The TPM's conformance to the specification requires an attestation by the manufacturer; but how those features are used and communicated depends entirely on how software calls its API. As far as I can tell, there is no potential application of that API, "evil" or not, that isn't as exploitable by a consumer "owner" of the device as by the vendor.

In other words, the only key a consumer can't change is not the one used for any "evil" application of TC that consumers are loudly resisting and complaining about. It enables them, for certain - but it also enables useful and otherwise unavailable pro-user features as well. Like most technology, it's neutral - the details of a feature being good or bad are determined by how those features are used, and by whom.

Ultimately, my point is that one shouldn't throw out the baby with the bathwater.

Re:The technical specification of "owner"

[Alsee]

Saying Trusted Computing is neutral is like saying that apples with cyanide pills inside are neutral (and they refuse to permit you to but a normal poison-free apple).

Sure a poison apple has wonderful vitamins and minerals, but that cannot be used to justify a poisoned apple when you could get *all* of the benefits for teh owner and *none* of the poison against the owner from an otherwise identical poison-free apple.

Trusted Computing is explicitly designed to secure the computer against the owner. I've read the specs and they explicitly refer to the owner as an attacker the system needs to be secured against. The Trusted Computing spec forbids the owner from knowing or controlling his PrivEK (Private Endorcement Key) or his RSK (Root of Storage Key) because knowing either of those keys would effectively give him full control over his own system. The spec imposes prohibitions against the owner acorss almost all areas of the design, to deny the owner control over his own data and system. The spec mandates that your data must be irretrivably lost if you wish to modify your security settings and in a variety of other circumstances. The simplest and shortest way to describe the general design and rule set is to say that is exactly what you would expect it would have to be in order to enforce DRM against the owner.

The fact that security against the owner also happens to provide security against attackers is almost incidental.

You could get *all* of the benefits for the owner and elimiante *all* of the potential abuse, simply by you having the option to receive a printed copy of your master key along with your system (*Technical Footnote).

The hardware would be absolutely identical, and by definition it would have absolutely identical capabilities to secure your computer for you. The mere fact that you have the option to know your key does not and cannot alter your computer's ability to protect you. However the fact that you have the option of knowing your master key means that you have the option to lock and unlock and unlock your data and system, if you so choose. You have the option to alter your security settings, if you so chose. You have the option to backup your data, if you so chose. With your master key you can control and override any atempt to lock-you-in or lock-you-out on your own computer.

All of the benefits and none of the abuses, with identical hardware. They simply refuse to permit you to buy this poison-free apple because the very purpose fo the system is to secure the system against the owner, to force people to accept the poison pill in order to get the apple.

And just to be 100% clear - I am not even suggesting that they not offer the exact current offerings. If you think there is something bad about my idea, if you don't want your computer to come with a printed copy of your key - FINE! Happy happy joy joy. If you want the current Trusted Computing system, great, you are perfectly welcom to buy exactly that. I am merely saying I want an option to be able to buy an exactly identical system that does come with a printed copy of my key. You can get what you want, and I can get what I want, and we're both happy. The only reason to FORBID me an OPTION to buy a system that comes with the printed key is for the malicious poisonous desire to try to secure my computer against me against my wishes.

*Tenchical Footnote: Having the option to get a printed copy of your PrivEK with the system is the minimum necessary to be able to ensure the option to maintain full control of your own computer, however with only the PrivEK it requires a very messy complicated solution of deliberately defeating some of the security strenth of the chip in order to maintain full control of the system. Far better is the option to get a printed copy of the PrivEK along with a new command for the chip to output the RSK encrypted to the PrivEK. Then the owner can directly use the full chip security capabilites (avoiding the need to add a software RSK-virtualisation layer on top of the chip) and still securely full control of his system.

-

Re:The technical specification of "owner"

[bitspotter]

"Saying Trusted Computing is neutral is like saying that apples with cyanide pills inside are neutral (and they refuse to permit you to but a normal poison-free apple)."

Except that TC offers a lot more useful functionality (and more ethical, even if only relatively) than cyanide.

"All of the benefits and none of the abuses, with identical hardware. "

Well, except for remote attestation. That kind of becomes as silly as trusting a self-signed SSL certificate on an ecommerce website. Although, I suppose if you consider all possible uses of remote attestation "abuses", you're still right. Others have been more imaginative as to consensual uses of it.

Re:The technical specification of "owner"

[Alsee]

>"All of the benefits and none of the abuses, with identical hardware. "
Well, except for remote attestation.

That was a restatement of my earlier, slightly more specific, statement:
You could get *all* of the benefits for the owner and elimiante *all* of the potential abuse

You are arguing that *other people* can benefit if my computer is secure against me. Well sure, I do not do not dispute that. The very suggestion of trying to secure my computer against me is absurd.

You are trying to "buy me off" to accept that absurdity by suggesting that I would benefit if I could deny people ownership and control of *their* own property and I could secure their computers against them.

An owner never benefits from not knowing his own key.

You are trying to sell me on the idea of buying deliberately defective hardware by saying "Heay, I'll give the other guy crippled hardware too! And you can ABUSE his crippled hardware against him!"

I'll take non-crippled hardware, where I do know my key. The other guy can buy whatever he wants.

And even if we do accept absurd/malicious scheme of trying to secure other people's computers against their owners, the entire security model and reliance on the Trust system is invalid anyway. The moment you try to rely on the Trust system for anything meaningfull, you actually wind up worse off than you were before. The entire model rests (and falls!) on the assumption that no one else knows their own key. If someone knows their key, the entire Trust model vanishes. The moment you try to build your security models on the assumption and expectation on the Trust system, your security disintegrates.

Why? Because at most the Trusted hardware can only make it *inconvienent* for someone to learn their own key or otherwise gain control over their own system. It is a certainty that a skilled college student with a suitably equipped college lab can and will acheive this. It is also a certaint that a business (either white-market business or black-market business) can easily buythis off-the-shelf crippled hardware and extract the master keys or otherwise "fix" them, and then resell this superior more functional hardware at premium price. As I said, a computer where you know your key provides you with all the same benefits PLUS additional functionality. It is a vastly more desireable machine. The market for Trusted computers "repaired and enhanced" in this manner would be quite substantial. I would personally pay quite a premium for such a machine. It would be a hugely profitable business.

The problem here is the very desire and expectation that the Trust system can or should work. This expectation then creates the expectation/insistance that someone is doing something wrong (and even criminal) when teh Trust system DOESn'T actually work. It produces the expectation/insistance that any business buying upgrading and reselling this hardware be criminal. It produces the expectation/insistance that any person who sticks his own property under a microscope be a criminal. It produces the expectation/insistance that there is some repairable defect in the hardware design, that the hardware design "merely" be fixed so that it actually be secure against the owner.

The initial broken idea leads to an entire string of further absurd and broken assumptions, leads to insistance of getting it to actually work. Leads to waging escalating war trying to get it to actually work.

The more people and business attempt to make use of Trusted Computing for a variety of purposes, the more they deploy and rely upon defective security models based on Trusted Computing, the greater and more damaging the impact when those security models vanish. The more and more wildly desperate the insitance will become trying to wage a war trying to get the defective idea to actually work.

We would avoid this disasterous chain of insanity and everyone would be far more secure if we simply deployed systems with VALID security models in the first place.

Re:The technical specification of "owner"

[bitspotter]

I can see some of your points. They could use some more polish and a little less fanaticism, but they make sense in the end.

The TCPA and TCG are both explicitly designed not to be robust against hardware attacks - only software. The advantage of having a separate key per device is that they prevent class breaks: just because your college hacker can get at his own key doesn't mean he can distribute a software hack that allows anyone else to do so so easily.

Of course, a system where you can get at the TPM's secret keys in your device is valuable to you - but that's only because no one else can (or does). That assumption is what make remote attestations trustworthy, and thus, valuable. The idea that handing the key over to consumers as they buy the machines defeats the entire purpose of having it, because that would be equivalent to having a PC without a TPM in it at all (which is exactly what PCs are today).

The value of a TC system is directly dependent, not on the ability of the system to resist attacks, but on the //prevalence// of successful attacks among users. Furthermore, the value of breaking one's own TPM is proportional to the trust others place in the system. The more people compromise their own secret TPM keys, the more likely it is others will also have done so, meaning the system becomes less and less trustworthy overall. On the other hand, the less trustworthy the system becomes as a result of breakages, the less valuable it becomes to actually break your own TPM. Somehwere, an equilibrium point could be reached.

TPMs certainly provide other features, but those features are not unique to TC TPMs. It's certainly possible to do bootstrap hashing with keys provided and controlled by the user, for example, but there's no reason at all you need a TC TPM to do any of that.

A Trusted Computing Trusted Platform Modules in your PC is like a public notary implemented in Hardware. You control what documents and signatures the TPM notarizes, and where and to whom you send those documents; but it's very difficult to get it to notarize something that isn't true.

Surely I'm rambling by now, but there's not much here anymore that I'm really disagreeing with you about.

Re:Hands up, everyone who DIDN'T see this coming..

[Hortensia+Patel]

Sorry, but I happen to think that's crap. Much like the government, whenever a controversial law/license is proposed, and its supporters, when confronted with an egregious abuse it would permit, use a phrase along the lines of 'Perhaps in theory, but the law would never be applied in that way' - they're LYING. They intend to use the law that way as early and as often as possible.

If you're going to quote another user's post verbatim, it's generally considered polite to include attribution.

Re:Hands up, everyone who DIDN'T see this coming..

[MadAhab]

In all honesty, this dude might be a professional paranoiac with an easily google-able catchphrase, but you are a fool, a knave, a liar, and an enemy of liberty everywhere.\

Anyone who knows jack or shit about law enforcement knows that they can, do, and will use every law and tactic available to prosecute whoever they think are the "bad guys".

And that's not a slag on law enforcement - that's called "doing their jobs". Obviously, they can get overzealous. And do. And will.

The point is that you give people power, and they will abuse it to the degree they are permitted . That's why Arlo Guthrie got busted for littering (when his real crime was being a dirty hippy), that's why Al Capone got nailed for tax evasion, that's why the Patriot act leads to waitresses on a plane thinking they can kick off breast-feeding mothers just because they feel like it, that's why we've got another 20 years of releasing the falsely convicted based on DNA evidence (too late for the wrongly executed), and it's why your flip attitude is functionally equivalent to saying "exterminate the jews? go ahead - if the authorities are against them, they must have done something!".

And so anything - a new law, a new technical system - that isn't done with an eye to how it could be abused, well, it's foolish and ignorant and entirely predictable, and predictably the people who mean to fuck over everyone ignore these things as plainly as can be.

You really need to study American history again if you don't get this shit by now. Our founding fathers understood this stuff, and that's why "checks and balances" are a part of our government (2000-2006 excepted). You know that scence in Pulp Fiction with the multi-way Mexican Standoff? That's how the US government is supposed to work; go too far, and you'll get blown away, because you can't take out all the other dudes.

Re:Hands up, everyone who DIDN'T see this coming..

[deathy_epl+ccs]

Yes, since the user having the keys solves the problem. Not.

Surveys have shown that users are willing to give out their passwords for a piece of chocolate. Cars are Hijacked every day, and the user just gets out of the car leaving the keys to the attacker. I'm not saying that a TPM chip is the best way to solve the problem, but merely putting it in the users hands doesn't solve much of anything.

I think the real problem here is the lengthening of the digital divide. The people who would benefit from these features are the people who would hand out their password for a chocolate crisp. These people might have some to lose from Treacherous Computing, but not as much as those who are smart enough to know better.

I wonder if Microsoft is aware that they are driving away the technically savvy? Most of us who use Windows and have some tech savvy are the gamer audience and even though making the move back to running a Unix-derived OS of some sort will impact my primary use for my home computer, I am still starting to seriously plan for it. I wonder how many other gamers are thinking the same thing? I wonder if Microsoft has considered how much losing a big share of the gamer market will hurt them? It is my opinion that a significant chunk of the home market is Windows because that's what the games run on, and if game developers suddenly find it economical or desirable to port their games to different platforms, that could have a pretty significant impact on Microsoft's stranglehold on PC gaming.

Of course, I'm probably just a statistical anomaly, but I like to hope I'm not... heheheheh

Re:Hands up, everyone who DIDN'T see this coming..

[Antique+Geekmeister]

It's worse than you imagine. There is no clear policy on who will obtain the master keys for Palladium or Trusted Computing signature authorities: as things stand, Microsoft will own and sell such authorities. New software signatures must be purchased. This effectively grants Microsoft tremendous access to other company's, or person's trusted keys, and makes installing your own personally created keys prohibitively difficult.

This also provides BIOS and booatable hardware DRM, in order to control over booting systems. While such is good from a security standpoint, it means that with very trivial changes in hardware such as DRM-managed CD and DVD and USB devices, nothing other than a host-designated, signed Windows operating system will be able to boot the machine enough to install new keys and install a new OS. While the designer of such technologies may not envision such abuse, it's certainly within Microsoft's history of anti-competitive behavior to do this.

could be used to control use of olderS/W versions

[hguorbray]

I can see this also being used to force 'updated' software on users who are unwilling to upgrade -to a newer version of WMP for instance. Even to the point of browser access to an IIS site.

and I can see this scenario playing out constantly as hobbysists and hackers alike start hacking the new generation of DRM enabled Vista, office, WMP etc.

as soon as someone posts an exploit to say -allow running VMs on a home version of vista microsoft or to bypass dosument security they can threaten to revoke licenses on compromised versions of the software to force an upgrade to an 'improved' version of the software.

although I can see the uses against data and device theft as other posters have pointed out -but You'll probably need to have Vista DataGuard(tm) version to be able to do this....if they would even allow users that much control over their own data.

What's the speed of Dark?

Tin foil hat

[NineNine]

Anyone who has ever believed any of Slashdot's many conspiracy theories about Microsoft is so naive they shouldn't be allowed out of the house without a minder.

Re:Hands up, everyone who DIDN'T see this coming..

[niiler]

Tell you what... If this is as innocent as some of you are making out, then let's apply it in the manner of Lojack:

Customer: My computer has just been stolen, could you please disable it?
MS Rep: What is your WGA license number, mother's maiden name, and favorite color?
Customer: THX1138etc...
MS Rep: Thank you. Your computer is now being disabled, tracked, and if not surrendered within 24 hours, it will self destruct (in the interest of security). Have a nice day!

Personally, though, I think you all are a bit hopeful if you think this scheme is going to work like that. I suspect it will be more like this:

MS Drone: Sir, we've detected another user trying to switch to Linux.
Bill: Disable the process, and then re-assimilate his computer.

Bottom line, while it may have been touted as being for the user's security, in reality, I probably is to create some sort of vendor lock-in. Just my opinion. Take it or leave it.

P.S. Lojack probably has a patent on this sort of thing so if MS wants to use it for good, they'll be paying.

Re:Hands up, everyone who DIDN'T see this coming..

[camperdave]

It is illegal for Americans to write strong encryption software (it is considered a munition). The DMCA also makes writing certain software illegal (but then again, it technically makes letter openers illegal). I can see classifying certain types of malware as "munitions".

Re:Paranoia is a mental illness, not a belief

They perform no action idly. They've a plan, and it involves killing competition and keeping all the money in the world for themselves. It's a mission statement.

Isn't this the very definition of "corporation"? The head of every single company in the world would probably sell his or her mother for dog food if it meant an uptick in their stock price.

Re:could be used to control use of olderS/W versio

[Renraku]

Microsoft's ultimate goal is to have code in their products that allows it to intelligently deal with anything Microsoft might see as a threat. For example, if it saw evidence that it was in a virtual machine (ex The Matrix) it could freak out and retaliate. Retaliation could be anything from an error dialog to a grind-to-a-halt command that can only be undone if the user upgrades.

Think about it. It would be like having a Microsoft board member sitting inside of your computer! The best part is that he can phone home whenever he wishes, to be updated.

Windows 98 was easy to pirate and hack.

Windows XP was a little more difficult to pirate, but about the same to hack. The protections in place caused a large annoyance to those that bought the software legally. And that was BEFORE the WGA shit.

Windows Vista will be more difficult to pirate/hack, but I GUARANTEE that it will be. Of course, the legal end user will suffer the most damage, as usual.

I fucking loathe the day that mod chips become necessary to actually be in control of your own computer.

Does MS want Computers to be like cell phones?

[Joe+The+Dragon]

With all of the lock down that they have?
*You can only use our phones
*You must pay for a data plan to the get discount on that phone
*You can only use apps that you buy at our store
*Our phones are locked to our network
*We force updates on to you
*We lock out things on your phone to force you to use our network to use them
aka get photos off of the phone
*We have a download limit on our unlimited data plan
and so on?

Oh, so all good then? Right....

So it's nothing to worry about that MS is patenting the method of moving licenses from one trusted computer to another? If they wanted to just be able to do this, they could simply create the software, which is then 'prior art' preventing anyone in the future patenting the method and demanding royalties from MS. The only reason to patent something like this rather than simply create it is so they have the ability to lock others out of the market. I can see the ads now - buy your digital music from the official MS music website (or sites paying MS their 10%), not some skanky sideshow like itunes - or when you upgrade, you'll lose it all.

Re:Hands up, everyone who DIDN'T see this coming..

I think that's the point.

Re:Does MS want Computers to be like cell phones?

[b0s0z0ku]

Probably they do.

But there are countermeasures against locked phones, as there will be here. Either buy a phone direct from the manufacturer and insert your SIM (only a few hundred $), buy a used unlocked phone, or use a cell phone unlocking service.

-b.

Lets see what Razor 1911 and the likes have to say

[unity100]

about this issue eh ?

BEFORE you push such hardware/software out, its remedy will be already being downloaded for hundreds of thousands via p2p.

fucking morons. you still havent been able to understand it - you cant control INFORMATION.

Ill speak rather philosophically so that some clueless b.a. graduates at microsoft maybe might be able to understand what is going on :

By the esoteric nature of it, information/knowledge WANTS and NEEDS FREE flow, and it flourishes and grows in such an environment. If the environment is not as such, it CREATES it, choosing the vessels offering it. You cant build a business on profiting from information, yet still STUPIDLY try to control it - the more you control, it, being like a fluid, will find more complicated methods to travel/propagate, the more complicated measures you take, the more complicated and unmanageable your situation will become.

Check open source community. check HOW people that are thousands of kilometers apart, with totally different agendas, can work on the same thing, and work efficiently, and create top-notch stuff, and fluorish.

check the state of microsoft - with zillions of $ and representatives/branchesin almost EVERY country, you are still unable to cope with any situation rising in any front, trying to imitate other companies (google, yahoo, others), and trying to resort to medieval-like control schemes.

HEY GATES, BALMER !!!

This is what happens when geeks, who have invented and built this information/internet revolution leaves the running of their corporations to clueless, number-minded BA graduates. You have done a big mistake by hiring crapload of yuppies with the intent to do 'business' in a totally different area, even dimension, they do not have a clue about.

check google, check yourselves. youre taking a head dive. no need to even invent such control schemes on music, video and crap, probably 3-4 years later google and the like is going to start restoring and playing them for us wherever, however we want.

make your choice - you either get on the train, or get under it.

RTFP people - this is FOR the user

[Dr.+Blue]

Come on. At least *try* to read the thing.

This patent is NOT for a remote entity to revoke a license. It's for the *client* (the USER) to revoke a patent in such a way that the remote service is assured that the license really has been removed.

If you want to "return" content that you bought or you want to transfer content to another machine, this allows you to do that.

In addition, this is standard DRM stuff. People might not like DRM (I don't particularly like DRM), but this particular patent allows a user to prove something useful in a DRM system, and in no way gives Microsoft control over your system.

Oh - and it has zip to do with TPMs and "Trusted Computing" in the sense of the Trusted Computing Group, other than the fact that TPMs might be used to make a DRM system which would use something like this. But you can make such a DRM system today, even without the hardware, just using Windows Media Player and the associated DRM.

Re:RTFP people - this is FOR the user

[mrchaotica]

This patent is NOT for a remote entity to revoke a license. It's for the *client* (the USER) to revoke a patent in such a way that the remote service is assured that the license really has been removed.

Wow, you fell for the bullshit hook, line and sinker! What you fail to realize is that it doesn't matter who does the revoking, because the entire concept of requiring a "license" for a user to access his own data is insane!

Sadly, the DRM overlords have probably already won -- they've beaten people like you by getting you to think of the issue in their terms, instead of your own. And you don't even realize it!

Re:RTFP people - this is FOR the user

[petrus4]

Sadly, the DRM overlords have probably already won -- they've beaten people like you by getting you to think of the issue in their terms, instead of your own. And you don't even realize it!

Yeah...as opposed to thinking of it in RMS' terms, which is just sooooo much better.

The entire situation with DRM is fucked all the way around...and not just because of Microsoft. I've said it before, and I'll say it again. DRM/Microsoft is to Richard Stallman what Osama bin Laden/Al Qaeda is to George W. Bush. Namely a bogeyman...a means of scaring the hell out of people to such an extent that they lose both the capacity for logic and any ability to stand up to corrupt individuals who want power over them.

Stallman IMHO has actually become *more* evil than Microsoft in my own mind for one simple reason:- Microsoft do not pretend to be anything other than what they are. Ballmer wears his sociopathy on his sleeve. That's called honesty, and while I don't respect amorality, I'm going to respect someone who is direct about what they are.

But sure...once Microsoft have been dealt with, enshrine Stallman in the position that he has long coveted. Then you will find out whether or not it is any more preferable to have him as your master.

"The creatures outside looked from pig to man, and from man to pig, and from pig to man again; but already it was impossible to say which was which."

Re:RTFP people - this is FOR the user

[mrchaotica]

Namely a bogeyman...a means of scaring the hell out of people to such an extent that they lose both the capacity for logic and any ability to stand up to corrupt individuals who want power over them.

What power, exactly, does RMS want over us?

Microsoft do not pretend to be anything other than what they are.

Do they? Alright then, let's examine some evidence. Specifically, let's see what they're claiming -- and not claiming -- about the "Remote Attestation" feature of "Trusted Computing." From this EFF article on the subject:

Our most fundamental concern is that trusted computing systems are being deliberately designed to support threat models in which the owner of a "trusted" computer is considered a threat. These models are the exception rather than the rule in the history of computer and communications security, and they are not part of the rationales for trusted computing publicly offered by its proponents [which includes Microsoft].

So, Microsoft does not claim that a purpose of "Trusted Computing" is to remove the user's control of his machine. But does that mean that it actually doesn't do so, or does it? The article explains (in great detail) that the answer is "yes, it does remove the user's control." However, the author proposes a solution, too:

A simple measure we call Owner Override could fix the problem by restoring others' inability to know for certain what software you're running -- unless you decide you would be better off if they knew. ... Owner Override works by empowering a computer owner, when physically present at the computer in question, deliberately to choose to generate an attestation which does not reflect the actual state of the software environment -- to present the picture of her choice of her computer's operating system, application software or drivers. ... Broadly, it fixes trusted computing so that it protects the computer owner and authorized users against attacks, without limiting the computer owner's authority to decide precisely which policies should be enforced. It does so without undermining any benefit claimed for the TCG architecture or showcased in Microsoft's public NGSCB demonstration. And it is consistent with TCG's and most vendors' statements about the goals of trusted computing.

Incidentally, to date neither the NGSCB nor TCG has addressed the EFF's concerns. There is no "Owner Override."

So, to recap: Microsoft does not claim "Trusted Computing" removes owners' control, yet it does. Therefore, Microsoft is failing to tell the whole truth. Furthermore, this issue could be fixed, but isn't. Therefore, Microsoft must want it to be this way. So what's the only possible conclusion? Microsoft is deliberately designing "Trusted Computing" to remove computer owners' control, and put it in the hands of whoever controls the keys -- which, incidentally, is Microsoft. This is not what they claim, therefore they are lying. QED.

enshrine Stallman in the position that he has long coveted

What position has he "long coveted?"

Then you will find out whether or not it is any more preferable to have him as your master.

First of all, this is just stupid -- RMS has never been a "master" of anything, and never will be. Second, even if I assumed he was the "master" of something (deciding the content of the GPL, I suppose), that still doesn't give him any control whatsoever over anyone, users or developers. If people like the GPL, they'll use it; if they don't like it, they won't; if they like some parts of it but not others, they'll rewrite and rename it, and use that. RMS has no power over the matter.

In contrast, Microsoft really is the master.

Re:RTFP people - this is FOR the user

[petrus4]

What position has he "long coveted?"

http://interviews.slashdot.org/article.pl?sid=01/0 8/16/2056252

The answer to that question is here, in Bradley Kuhn's own words. Namely, the authority to deny anyone the right to use any license other than the GPL itself...including more liberal licenses such as the BSD license.

I don't care whether you personally have swallowed Stallman's bullshit about *why* the GPL should be the only license in existence. That itself is irrelevant. The point is that the FSF's perspective is that they should be the ones to arbitrarily make the decision, and not programmers themselves. IMHO, there is no defense or justification for that...it's control, pure and simple. Microsoft on the one hand want to use DRM to control how you use applications...Stallman and the FSF want to control which licenses you can or can't use in order to write them. The only difference is the point at which said control is applied. The result is the same; namely that as either the author or user of a program, you're denied the right to decide how it is to be used. I consider the GPL itself to be a form of *legal* "digital rights management," as far as programmers themselves are concerned.

Perhaps you're sufficiently naive as to believe that that in itself is still justifiable. After all, the GPL itself gives people a lot of rights, even if the FSF has enshrined itself as the arbiter/definer of them, right?

The problem with that idea is that there also is no guarantee that the GPL itself would remain the same, either...GPL v3 proves that. Again, you're going to argue that in protesting DRM in the license, Stallman isn't doing anything wrong...but again, you would be missing the point.

The point is that it is the FSF or Stallman himself who is making moral and legal choices for vast numbers of other people. I don't care how desirable said choices themselves might seem to be...in wanting to make them, he is wanting to deny me a couple of extremely basic rights. The first is the right to choose my own moral/philosophical framework, at least as far as socioeconomics and computer software is concerned. The second is far worse...he seeks to deny people the right to determine how the product of their own minds is used, which includes denying people whose sole or primary skillset is programming related to earn a living (that is, basically the economic ability to feed themselves) through the use of their abilities. I'm not misguided on this last point, either. Go here.

In response to that, you're then going to say that if I don't use Linux, he can't actually deny me anything at all. To which I'd reply, Not yet. Although it's true that he doesn't have the legal framework to enforce the above yet, the link I just gave describes the scenario that would exist if/when he actually manages to get it. If it got to that point, it'd no longer be optional or consentual, or based on whether you were using Linux or something else. Nobody would be able to write software for any environment or any platform without being subjected to the legal manifestation of his will. If you want to know what I believe he wants, then that is it...More than anything else, he wants *everyone* who either uses or develops software in any form to be legally or morally answerable to him. Microsoft want and have wanted an economic monopoly on software; Stallman now wants a moral, ideological, and legal one.

Stallman and his camp have gone rogue. There are some of us who think he probably was to begin with, although I'm not necessarily one of them. I believe his original intent was quite probably to do genuine good. Unfortunately, human nature has been shown historically to be an extremely morally frail thing. You prob

Re:RTFP people - this is FOR the user

[mrchaotica]

The answer to that question is here, in Bradley Kuhn's own words. Namely, the authority to deny anyone the right to use any license other than the GPL itself...including more liberal licenses such as the BSD license.

That's bullshit spin, and you know it! In his own words, the FSF thinks that users should have control, and that someone -- Kuhn does not say the FSF -- should ensure it. And nowhere does it preclude using the BSD license; the FSF only has problems with proprietary licenses. Seriously, how do you read this: "however, programmers don't deserve any "rights" that infringe on the freedoms of others," and construe it to imply some sort of power grab on the part of the FSF? Their entire goal -- as developers themselves -- is reducing developers' power!

Microsoft on the one hand want to use DRM to control how you use applications...Stallman and the FSF want to control which licenses you can or can't use in order to write them. The only difference is the point at which said control is applied. The result is the same; namely that as either the author or user of a program, you're denied the right to decide how it is to be used.

The result is most emphatically not the same! In fact, in one respect they're exactly the opposite: by reducing the rights of the authors, the FSF increases the rights of the users. Also, even having read the article you mention, the GPL still has nothing to do with "decid[ing] how it is to be used." Once the user has the program he can do whatever he wants with it, and the one and only reason the developer is restricted is to ensure that end.

In contrast, Microsoft really does want to control both users and developers (I'll omit discussion of the former, since it's obvious). For example, you want API documentation (for all the APIs)? Too bad, it's secret. Or sure, but you've got to pay for it. Or sure, you can have it, but it doesn't do you any good if you want your code to be cross-platform. What do you call that, if not "control?"

And just think how much worse it'll get with Treacherous Computing! You can see how it would be now: look at development for the Xbox. So you want to develop for the platform? Sure, pay Microsoft $$$ for a development kit, then pay Microsoft some more $$$ to get the rights to actually release for the platform (including using the trademarked Xbox logo, etc.) And say you want to let users download your program? Well, then the only way to do that is to get on Xbox Live, which means giving Microsoft some % of each sale. Oh, by the way: don't forget that all this requires Microsoft's permission. If they don't like your program -- or you -- for any reason at all, they simply don't give the permission and you're SOL. Are you seriously telling me that that's preferable to merely having the option of using the GPL, or any other license you want?

IMHO, there is no defense or justification for that...it's control, pure and simple.

"Indeed, who do those abolitionists think they are, to tell me I can't own slaves? IMHO, there is no defense or justification for that...it's control, pure and simple."

Yes, that's exactly how you sound -- you're confusing your oppression of users via restrictive licenses with your own freedom. You need to realize that your rights end where the users' rights begin!

I consider the GPL itself to be a form of *legal* "digital rights management," as far as programmers themselves are concerned.

That's impossible -- DRM can only be imposed, which is what makes it wrong. The GPL can only be chosen voluntarily.

The problem with that idea is that there also is no guarantee that the GPL itself would remain the same, either...GPL v3 proves that. Again, you're going to argue that in protesting DRM in t

Re:RTFP people - this is FOR the user

[Dr.+Blue]

So, Microsoft does not claim that a purpose of "Trusted Computing" is to remove the user's control of his machine.

"Trusted Computing" cannot remove the user's control of his machine. It can remove control over some specific software if you choose to run that software, but the choice of whether or not to run the software is up to you. You don't have to run Windows at all if you don't want to, and all the "Trusted Computing" hardware in the world can't take that choice away from you - your machine will still work just as well using Linux as it does now.

Potentially, Microsoft COULD put code in Windows that would disable playing any media files except through their approved player (Windows Media Player, for example). That wouldn't be terribly hard to do - even without TC hardware they could make it require horrendous hacks in order to get any other player to run, and yet they don't do that. Why? Two reasons: first, they'd alienate a whole lot of people if the did so - bad business move. Second, the anti-trust people would be back down their throats in a second. So I don't think that's going to change, TC hardware or not. People will still be able to use WinAmp (or whatever it is people use these days - I don't use Windows, so I don't know...).

As for the OwnerOverride "feature": As much as I like the EFF on some things, their report on Trusted Computing really missed the mark. This "feature" is simply ridiculous - the whole point of attestation is to convince a remote entity of something. If you allow a "feature" that allows the owner/machine to lie, then attestation is completely pointless. The owner has the option of performing a correct/honest attestation, or refusing to do so - just not to give a forged attestation. There would be no "trust" left in "trusted computing" if this were possible...

With WGA, and especially with "Trusted Computing," Microsoft has or will have total control over those people's computers: the ability to decide what software they run, what software they don't run, what documents they access, etc.

Do you have any evidence that Microsoft wants to have "total control over" what software people run or don't run, or are you just letting your paranoia take control of you here? Microsoft has a clear business argument for not letting people run unpaid-for copies of Windows. They also have a clear business case for supporting people running whatever 3rd party, homebrew, or whatever other software that their customers want to run. That other software may or may not require a trusted environment in order to run. If it does, and you don't want to do that, then don't run the software. But it's your choice. If that means that you can't interoperate with their music store (because, after all, the Zune looks like it will be such a success... cough, cough...), then don't give their store any business. It really is that simple.

Don't underestimate the power of market forces and your power as a consumer - look at what happened to Sony with the rootkit fiasco or Intel with their "serial numbers" in Pentium-III processors. Both were pulled back after consumers (loudly) complained. By far the most successful online music store is iTunes - it is also has one of the least restrictive licensing and DRM components. Don't think that people in business don't see that and understand what it means.

On the other hand, if you're going to take an extremist stance like RMS, then don't expect market forces to help you out much. When a lot of people make noise, companies listen. When 4 ragged-looking people stand on a corner with some signs and look like loons, it probably won't have much impact.

Re:RTFP people - this is FOR the user

[mrchaotica]

"Trusted Computing" cannot remove the user's control of his machine. It can remove control over some specific software if you choose to run that software, but the choice of whether or not to run the software is up to you.

Yes, I agree -- you do indeed have a "choice," in exactly the same way a person drafted to serve in Vietnam had a "choice." Why? Because if you "choose" not to be "Trusted [sic]," sooner or later that will become the same thing as "choosing" not to view media. Sooner or later that will become the same thing as "choosing" not to connect to the Internet. Sooner or later that will become the same thing as "choosing" not to be able to interoperate with anything else, ever again.

Potentially, Microsoft COULD put code in Windows that would disable playing any media files except through their approved player (Windows Media Player, for example). That wouldn't be terribly hard to do - even without TC hardware they could make it require horrendous hacks in order to get any other player to run, and yet they don't do that.

Fine. Show me how to play "PlaysForSure[sic]" songs without any Microsoft DLLs (without violating the DMCA)!

Why? Two reasons: first, they'd alienate a whole lot of people if the did so - bad business move.

Yes, just like how nobody uses any of these "PlaysForSure[sic]" online music stores (or as a better example, like how nobody uses iTMS).

Second, the anti-trust people would be back down their throats in a second.

Yeah, didn't you hear just the other day the DoJ forced Microsoft to open the "PlaysForSure[sic]" DRM, disable WGA, and stop requiring activation of Windows and Office! Oh wait...

If you allow a "feature" that allows the owner/machine to lie, then attestation is completely pointless.

Err, yes, that's rather the point! Remote attestation is inherently evil, for reasons the EFF article made abundantly clear, and the only way to "fix" it is to destroy it completely!

The owner has the option of performing a correct/honest attestation, or refusing to do so - just not to give a forged attestation.

...which is exactly the problem.

There would be no "trust" left in "trusted computing" if this were possible...

On the contrary, it would be the only way to restore "trust" to "trusted computing" -- it would allow the owner to trust his own property again!

Oh wait, were you talking about the ability of the likes of Microsoft and the RIAA to be able to "trust" the computer to disobey its rightful owner? Well, you must be very confused, because they don't deserve that "trust!"

Do you have any evidence that Microsoft wants to have "total control over" what software people run or don't run...

You seem to have the mistaken belief that I need evidence. Perhaps you've never heard the saying "power corrupts, and absolute power corrupts absolutely." Maybe Microsoft would want totalitarian control over me, and maybe it wouldn't. But regardless, it's fucking stupid to give it the opportunity!

They also have a clear business case for supporting people running whatever 3rd party, homebrew, or whatever other software that their customers want to run.

...which explains why the Xbox isn't a closed platform, obviously.

Oh, and before you say "but it's a game console! it's entirely different," no, it's not. There's a reason consoles are closed: they're more profitable that way, and the companies can get away with it. It's obvious that Microsoft would have a "clear business case" for closing the PC also, if it could, and the very existence of Treacherous Computing is proof that that's exactly what it wants to do!

Re:RTFP people - this is FOR the user

[Dr.+Blue]

Well, I don't agree with your position. I don't like DRM, and hence don't have any content that is DRM-protected (unless you count DVDs with CSS). I have that choice, and nothing about trusted computing is going to change that.

I also think it's simply off the deep end to say that "remote attestation is inherently evil". Being able to trust the configuration and software on another machine on the network is an incredibly useful thing. It might have some bad uses, but so does a lot of technology. I just get amazed when the same group of people who complain about judgements against Kazaa and P2P networks say "don't blame the technology for how some people use it" then turn around and say that the technology in TC is evil.

As for trust, I have 3 different systems that have TC hardware in them (a laptop and 2 desktop/server machines). Despite what you say, it does "allow the owner [me] to trust his [my] own property". Absolutely nothing in trusted computing means that my computer will disobey me - on the contrary, I am quite confident that these systems will do exactly what I ask them to do, and nothing more. And none of the things I'm interested in using trusted computing for require me to trust Microsoft or the RIAA or any other evil boogeyman. But I am interested in remote attestation.

So anyway, to wrap all this up, I think you're more than a little paranoid, and have delusions that the computing world is headed toward some centrally controlled and non-free destiny. I think that's silly, and nothing in what is happening now or in history leads me to believe that your worst-case scenario is even remotely likely. And so there you have our basic difference of opinion.

Re:RTFP people - this is FOR the user

[mrchaotica]

I just get amazed when the same group of people who complain about judgements against Kazaa and P2P networks say "don't blame the technology for how some people use it" then turn around and say that the technology in TC is evil.

Although it seems hypocritical on the surface (and in a way, it is), it makes sense when you look at it from a different perspective: in both cases, that group of people is arguing in favor of openness and freedom. Apparently, they simply care more about the end result than whether the means is consistent.

So anyway, to wrap all this up, I think you're more than a little paranoid, and have delusions that the computing world is headed toward some centrally controlled and non-free destiny.

Fine. But just remember that I'm not the only one with these kinds of concerns -- others, most prominently including RMS, share them too. And keep in mind that RMS has been warning us of various things including this for quite a while now, and hasn't been wrong yet.

It's not paranoia if they really are out to get you, you know! ; )

Re:RTFP people - this is FOR the user

[AME]

And keep in mind that RMS has been warning us of various things including this [Trusted Computing] for quite a while now, and hasn't been wrong yet.

I happen to know the person with whom you are sparring (you may just have to take my word for it, since you apparently have no way to confirm its verity). And I can say for certain that there are perhaps a dozen people in the world with as much understanding of Trusted Computing as "Dr. Blue."

Stallman is a pretty bright guy, but in a debate about this particular subject, I'd take Dr. Blue's opinion over that of RMS by default. I think that RMS needs to do a much better job if he wants to speak with authority about TC.

Re:RTFP people - this is FOR the user

[mrchaotica]

Having a great understanding of Treacherous Computing is great, but it doesn't necessarily mean that he would be entirely candid when discussing it. If we first posit that the people making Treacherous Computing have the ulterior motive of enforcing DRM, then it's reasonable to assume that they'd want to mislead the general public -- including Slashdot geeks -- into believing it was actually something helpful instead so that they don't reject it. And if Dr. Blue has the level of understanding that you claim, it's reasonable to assume that he's likely to be one of those people making it, with the ulterior motive.

In other words, because I do believe the thing I posited above, your claim only makes me more suspicious of him. Unless you care to assert that he's (at least) a neutral party...?

Re:RTFP people - this is FOR the user

[AME]

Neutral as regards possible uses and misuses of this technology -- yes, I'll assert that. His specialty is cryptography. He's not an industry guy, and has no profit or benefit motive for advancing DRM.

Listen. All you (and your kin) seem to be saying is that TC could be used by, e.g. Microsoft to enforce licence terms that we don't like. That's like arguing that faster processors allow Microsoft to make newer, more bloated operating systems that won't run on the older processors. Ok, is that a reason to not advance the technology?

In fact, TC will allow us to do things that were not beforehand possible. For example, how does a game server know that a game client connecting over the internet is really a genuine client, and not a cleverly crafted trojan that will cheat at the game? The answer is that it's not possible. The trojan, if methodically made, can appear to be exactly the client it's claiming to be.

With TC, the veracity of the other end of the connection can be confirmed by hardware. Software can't circumvent the system and pretend to be something that it's not. The only way to fool the system is to replace silicon, and the workaround might be intractible even then.

Now, my specialty is networking, and I can definately see the value of TCP. It solves problems that can't otherwise be solved. And just like government could use padlocks to keep citizens out of public libraries, I can use the same technology to keep thieves out of my tool shed. Possible abuse is not a good argument against an otherwise useful technology.

I could go on and on. But I'll sum up by saying that TC is not something that only Microsoft and the RIAA can use. We can use it, too. Your stated suspicion about the technology and about anybody that might say something good about it only confirms that you don't understood what the technology really is. This is the very definition of FUD. (And I don't think that Stallman is himself so objectively-minded that he's beyond spreading FUD.)

Re:RTFP people - this is FOR the user

[mrchaotica]

Listen. All you (and your kin) seem to be saying is that TC could be used by, e.g. Microsoft to enforce licence terms that we don't like. That's like arguing that faster processors allow Microsoft to make newer, more bloated operating systems that won't run on the older processors. Ok, is that a reason to not advance the technology?

Not exactly. A faster processor can be used for many things, but what I've been (trying) to say is that Treacherous Computing seems explicitly designed for the purpose of DRM, and "security" (for people other than the copyright cartel) is a mere afterthought. And why do I say this? Because everything Treacherous Computing supposedly enables except DRM can be done now, with software!

In fact, TC will allow us to do things that were not beforehand possible. For example, how does a game server know that a game client connecting over the internet is really a genuine client, and not a cleverly crafted trojan that will cheat at the game? The answer is that it's not possible. The trojan, if methodically made, can appear to be exactly the client it's claiming to be.

You know what? I'm starting to get really tired of this example, because in every situation other than games being able to infallibly verify the client is a bad thing! Personally, I'd much rather retain the ability to spoof my web browser ID (or use an anonymous proxy, or pretend my Linux box running WINE is actually running Windows, or any number of other things) than play a "hacker-proof" game. World of Warcraft is simply not as important as freedom!

With TC, the veracity of the other end of the connection can be confirmed by hardware. Software can't circumvent the system and pretend to be something that it's not. The only way to fool the system is to replace silicon, and the workaround might be intractible even then.

To reiterate: I like not being able to be verified, and if the cost of that is not being able to verify anybody else either, then so be it.

Possible abuse is not a good argument against an otherwise useful technology.

Except for gaming, all uses are abusive.

Re:RTFP people - this is FOR the user

[Dr.+Blue]

No, I have no ulterior motive. I do research, pure and simple, and don't have a horse in this race other than seeing what kinds of things this technology enables. And it does enable many things other than DRM. I know it seems to many people that the technology is all about DRM, but it really isn't. It can make a very tight DRM system, that's true - and if you don't like DRM you won't like that. But as I've said before, if you don't like DRM, don't use systems that have DRM - don't blame the technology that's enabling it, but which also has other uses.

As for thinking about other uses of trusted computing, you have to think about where it comes from and what it's really designed to do (and it's not DRM). Just think about the name for that matter: "Trusted Computing". Where has that kind of name been used before? In highly secure operating systems - the kind that the military uses are generically called "trusted systems" or "trusted operating systems". The Department of Defense standards for secure systems for many years was the TCSEC - Trusted Computing System Evaluation Criteria (known more commonly as the Orange Book). This dates back to the early 80's (with ideas from the late 70's) - long before DRM was even dreamed of. One of the key properties of these systems, that isn't in more standard operating systems, was the use of mandatory access controls - a security policy determined what was allowed and not allowed according to the owner of the system. So a user cannot take a "top secret" file and make it world readable, including to users that only have secret level clearance. This is enforcable if all your computing is taking place on a mainframe locked in a room somewhere, and people connect over dumb terminals. However, when we move to modern systems in a distributed environment, the data is processed outside of your managed secure enclave, and on a standard PC you have no way of control over what happens to it then. What if a user on a PC works with top secret data, but is running inside a VM? So they can copy the data over to someone with only secret clearance by, for example, taking a memory dump. The only way you can sensibly enforce security policies in a distributed environment is if you can trust the software environment on the other side of your network connection, and the only way to do that is to have hardware that allows you to do that - thus TPMs and remote attestation.

Incidentally, this past summer the Army said that all PC-class purchases by the Army had to include trusted computing hardware. You don't suppose they have something like this in mind, rather than keeping people from violating copyright, do you?

So, yes, you can also use this to make a very secure DRM system. You don't like DRM. I get that. But there are a huge number of other uses for the technology that are actually very useful.

Incidentally, the security policy that's enforced doesn't have to be centrally defined, as it would be in a military setting. It can be based on agreements between users - peer-to-peer security policies. This could keep the RIAA *out* of pulling some of the tricks that they do with P2P networks (disrupting with fake clients and the like). I imagine you'd think that's a pretty good thing, don't you?

Re:RTFP people - this is FOR the user

[Dr.+Blue]

Thanks for the vote of confidence. However, I'd clarify that by saying there are very few people outside of the involved industries that know a lot about trusted computing, but part of that is the uncommunicative way that this was developed rather than a lack of talent outside those companies (and the TCG). There are certainly people inside these companies, and well over a dozen, who know more about this than I do. On the other hand, there are only a handful of academics who have really jumped into this and understand it - partially that's because the only real information is in several hundred pages of very dry (and poorly explained) specifications, and in one pretty bad book. I've read the specs, and I've got to say that it wasn't a lot of fun - I've been thinking about writing a book to explain this more clearly, but don't think I have the time for that kind of project right now...

Re:RTFP people - this is FOR the user

[AME]

Except for gaming, all uses are abusive.

You must be exceedingly unimaginative if you can't think of any uses for remote attestation besides gaming and DRM.

I only presented the hacker-proof game as an example off the top of my own head because I thought it was easy to understand. I don't even play online games. I honestly had no idea it was a an old overworked example; but I can see why: it pretty clearly illustrates a decent use in an uncomplicated way. It's by no means the only thing that can be done.

I don't really see any reason to continue this, as it is apparently a religious issue for you. Like most religionists, you've gotten most of your facts wrong, and wrong conclusions have followed. Also like most religionists, it doesn't matter to you that the facts are wrong; it only matters that the conclusions were what you wanted them to be.

Re:RTFP people - this is FOR the user

[mrchaotica]

Like most religionists, you've gotten most of your facts wrong, and wrong conclusions have followed.

What facts have I gotten wrong? Am I wrong in saying that there is no "owner override?" Am I wrong in saying that Treacherous Computing requires a Certificate Authority (disallowing self-signed keys)? Am I wrong in concluding that, because of these two things, the ability to use it in ways that are in the owner's best interest but contrary to the CA's is greatly diminished?

Re:RTFP people - this is FOR the user

[mrchaotica]

But as I've said before, if you don't like DRM, don't use systems that have DRM - don't blame the technology that's enabling it, but which also has other uses.

See, that's the problem: sooner or later I don't think I'm going to have a choice not to use DRM-enforcing systems! If the technology exists, it will sooner or later be abused by the likes of Microsoft, the RIAA, the US Government, etc. I don't want that to happen, and it seems as though the only way to prevent it is to prevent the technology -- regardless of how otherwise useful it might be. It's just too big a risk.

However, when we move to modern systems in a distributed environment, the data is processed outside of your managed secure enclave, and on a standard PC you have no way of control over what happens to it then. What if a user on a PC works with top secret data, but is running inside a VM? So they can copy the data over to someone with only secret clearance by, for example, taking a memory dump. The only way you can sensibly enforce security policies in a distributed environment is if you can trust the software environment on the other side of your network connection, and the only way to do that is to have hardware that allows you to do that - thus TPMs and remote attestation.

If you think Treacherous Computing will solve this problem, you're dangerously misguided. The bottom line is this: you have to either trust the user, or not. If you can trust the user then you can be assured that he won't view the top secret data in a VM. If you can't trust the user, then the only sensible thing is to not let him see the data at all because even with Treacherous Computing he can still do things like take photographs of the screen. In other words, normal cryptographic technology like PGP is sufficient for making a secure system; everything beyond that needs a social (rather than technological) solution. Treacherous Computing can only provide a false sense of security.

Re:RTFP people - this is FOR the user

[Dr.+Blue]

Wow - you know of a facility where people have access to top secret data and allow in cameras where people can do things "like take photographs of the screen"? Stunning.

Dealing with classified data is taken very seriously by the government, and they take a layered approach. (1) Do what you can to make sure the people are trustworthy (security clearances and background checks); (2) completely control what technology they have access to when dealing with classified data; (3) for the devices that you do give them access to, limit what those devices can do in accordance to the security policy. Trusted computing hits point 3. Not allowing cameras hits point 2. To ignore points 2 and 3 and say it all depends on the trust in people, so you just need to consider point 1 is not even remotely a solution in the classified arena.

The last straw

[leeosenton]

This whole saga has been the final straw for me. I have kept a working install of Linux or BSD for several years, but always needed Windows for something. No more. I have rebuilt my system and shifted to Linux for all home computing. I have always wanted to switch, but never got around to solving each of the minor speed bumps that came along. It was just easier to boot Windows and do what I needed to do. When I wanted to play, I would boot Linux and tinker away. No more. I am completely switched and have remained Windows free for a month. Learning to use Linux and the accompanying applications takes time, not because it is hard, because it is different.

Thank you, Microsoft. You have scared me with the latest blatant attempt to derail open source by dividing the community. The increased presence of DRM in Windows gives me chills, I don't think I can control my own data when you keep the keys to my computer. I don't call Chevrolet for permission to drive to work, I'll be damned if I need your permission to access my own data. Here is the summary, you are fired! Don't worry about pirate protection, trust me, I won't bother. I think I can find the energy (and community support) to solve my remaining migration issues.

Re:The last straw

[StarfishOne]

I hear you!

I switched about 3 years ago, thinking that it would be better to start learning an alternative before the whole thing really starts to go downhill very very fast.

Yes it takes time to adjust to Linux/BSD if one has never worked with it before. Is it difficult? Sometimes, but in my early DOS/Windows days I too needed more time to find the solution for problems.

Happy? Definitely! I encountered a few serious potholes in the road to learning this alternative, but overall I'm so happy that I've switched. Next to that, I found that I simply cannot really go back to Windows again. I can work with it if I have to, sure... but having it permantely on my workstation would be very frustrating for me as a software developer. Just the Win32 commandline, which I believe is crippled, is driving me nuts now..

If I cannot control my own computer and my own data anymore, I'll probably serious consider becoming a Buddhist monk somewhere far away from all technology. *g* ;)

Re:The last straw

[zachsandberg]

I too have been Windows free for over a month now. Free BSD has really surprised me with it's functionality over Windows, and has really made computing "fun" for me again. Sure there are things I don't understand yet about the inner workings of BSD, but then there are things about Windows that unfortunately I understand all too well...

Re:Hands up, everyone who DIDN'T see this coming..

[Penguin+Programmer]

There are a lot of good reasons to do the things Microsoft proposes. Stolen laptops, Malware, Leaked confidential information (think patient records, social security numbers, etc..). The problem is, of course, that most such technologies cut both ways.

To quote a co-worker, "technical solutions to non technical problems will only lead to insanity."

Malware, stolen laptops and confidential information being leaked are not technical problems. They're social problems. Stop keeping confidential information in places where it can be leaked (i.e. on employees' laptops) and these problems go away. A technical solution is not called for.

Stupid Terminology

[ScrewMaster]

There is no such thing as "Trusted Computing". There are only degrees of untrusted computing.

Paranoid?

[BCW2]

"Just because Richard Stallman is paranoid doesn't mean Microsoft's not out to get you."

When it comes to Microsoft - I know I'm being paranoid, the question is, Am I being paranoid enough?

Re:Hands up, everyone who DIDN'T see this coming..

I wonder if Microsoft is aware that they are driving away the technically savvy?

Er. Yes, of course they are. But they're also trying to criminalize us, so not to worry.

Their ideal situation is all technically savvy people who don't work for microsoft are incarcerated well away from accessible computers.

I already have security without Microsoft

I already have safeguards to protect my data from theft. It's called "running Linux" and "encryption".

And on a side note, this plus a few related recent stories about Microsoft are making me uncomfortable in a new way; Microsoft doing the job that should be done by law enforcement appointed by an elected government. Who here hasn't considered that Microsoft could simply hire it's own army and take over? Think they can't afford it? Think they haven't considered it? Think the citizens would even notice? That's the next step in a corporatocracy (which the United States currently is), is to simply replace the government with a corporation and be done with it.

Re:Hands up, everyone who DIDN'T see this coming..

Yeah, because enterprise customers should have no say in how their data is handled in their organization. It should all be free as in stolen beer, because if God wanted it anyother way he would have magiced locks for electrons.

Don't be a dipshit. If these are unacceptable for the home user (they're not acceptable to me) the technologies will fail in that market place and take the companies that back them (RIAA MPAA members) out behind the woodshed. But that doesn't mean they still don't have or won't find a place. Microsoft is supplying an option (likely flawed) for both end-users and people who make content to make their bread. This is inherently good. This is choice. The wise will prosper and the foolish suffer from it.

Re:Hands up, everyone who DIDN'T see this coming..

er. What is "blue eyed idiot" supposed to mean? I mean, I know what it naively means, but you seem to be using "blue eyed" as some sort of qualification for a particular kind of idiot.

As I (and millions of others of my racial background) have blue eyes, I just want to know, is this just some racist thing like "black skinned idiot" or what?

Re:Hands up, everyone who DIDN'T see this coming..

[IamTheRealMike]

Whoa, dude, chill out! The guy pointed out that the parent comment was apparently copied from somewhere else without attribution. How does that make him an enemy of liberty who needs to study American history?

Re:Hands up, everyone who DIDN'T see this coming..

[PopeRatzo]

>>I think that, like many things, the reasons behind these ideas are well intentioned, but can be used for evil if not policed.

I don't mean to pile on, but we're talking about Microsoft's WGA and other "friendly" technologies here. What part of it do you think is "well-intentioned"?

And as far as "..can be used for evil if not policed." Just who do you think is doing the policing? As my parent put so aptly put it, using technical jargon, this is a "load of crap".

Re:Hands up, everyone who DIDN'T see this coming..

[Petrushka]

Surveys have shown that users are willing to give out their passwords for a piece of chocolate.

Point of order: that is false. Surveys have shown that users were willing to give out things that they claimed were their passwords for a piece of chocolate.

Too bad it doesn't work

[HangingChad]

Since my laptop was stolen about five months ago I can appreciate the qualities of a system which could be used to at least cripple hardware which was stolen or otherwise suspect.

And what makes you think MSFT would actually do that? How many stolen iPods do you think are out there? Apple can identify them uniquely but they won't shut them off or trace them as long as the new owners keep buying music. That's a little cynical, I'm sure that's not the only reason. But turning off hardware is a pretty aggressive move, especially if it's not your hardware. Bad juju, mon.

Re:Does MS want Computers to be like cell phones?

[Joe+The+Dragon]

But what with the system you buy direct from the manufacturer like dell will only run m$ windows and apps from the dell store?

Re:Hands up, everyone who DIDN'T see this coming..

[mabhatter654]

Yes, that is what the new enterprise encryption is for. They (MS) say you can encrypt email to be self destructing as well as put encryption on documents with many of the restrictions in the patent. So Yes, there is a valid reason and I'm sure plenty of businesses that would love this tech.. then documents could not only be encrypted on disk but critical ones could self destruct if the laptop wasn't connected within a timeframe to the authenticating domain... pretty cool stuff. MS has their own reasons for course.. how many leaked emails or docs get to the press? think Halloween Documents... never again!!! But it also has purpose for DRM... once you create the tech doesn't mean it's not in WMP11 also! what better way to test it out... imagine being able to disable content based on IP... take your laptop overseas and it could "know" from the IP address at the airport wireless your in an invalid region and disable your movies until you return to "safer" shores.... that's REALLY scary.. but it's what they're selling on the enterprise side...

Perhaps this law

[ArielMT]

Law enforcement? How? What law might you be considering?

"Malware" isn't illegal. I know of no reasonable law that defines what this might be.

Perhaps a little-known law called the Computer Fraud and Abuse Act of 1986 (18 USC 1030), reasonable or not, defines malware as illegal.

And any law that purports to make "malware" illegal is utterly unenforcable - do you really believe that some teenager in Romainia is going to be dragged into court in California for a single offence of this type?

Granted, the enforcability of this law, just like any U.S. law, tends to stop at the border, so no a Romanian script-kiddie isn't going to be dragged into a California courtroom, and he won't be dragged into any Romanian courtroom either unless writing malware's a crime in Romania as well.

Re:Perhaps this law

[Dunbal]

"Malware" isn't illegal.... ...Perhaps a little-known law called the Computer Fraud and Abuse Act of 1986 (18 USC 1030), reasona...

      Damn, I heard the sound of the smack from here. I say - good show, old chap!

This is another reason they don't allow VMs

[Myria]

Tell the server that you're no longer authorized so you can move your license, then hit the rewind button in VMWare =)

Melissa

Re:This is another reason they don't allow VMs

[Dr.+Blue]

Now *that* is where the trusted computing stuff can come in. With a system that correctly uses a TPM, the system can tell whether it's running in a VM or not - can't do that with any sort of assurance without hardware support...

No doubt that if "trusted computing" takes off, Microsoft will not allow DRM-protected media to be played inside a VM - whether you have the "ultimate" license that allows VMs for the basic system or not.

Re:This is another reason they don't allow VMs

[mrchaotica]

No doubt that if "trusted computing" takes off, Microsoft will not allow DRM-protected media to be played inside a VM - whether you have the "ultimate" license that allows VMs for the basic system or not.

Which, again, is entirely missing the point: it's not about whether Microsoft will or will not allow something; it's that Microsoft has no right do dictate the decision!

Re:Lets see what Razor 1911 and the likes have to

Google has Google DRM. Please don't paint them as saints. They're the same as any other company out there that has any kind of copyrighted media to manage: hopelessly stuck on the belief that DRM is worth something, when the only people it screws are paying, technically incompetent customers.

Further, let companies try to DRM things. Just let them keep doing it. Stop worrying about making them quit it. Worry about helping the EFF and other organizations draft laws to repeal the force of law put behind DRM systems. The law already enforces copyright, so there's no need for laws enforcing DRM. Worry about cracking DRM systems. If you don't believe in it, destroy it. That's called civil disobedience, and it's not your right. It's your responsibility.

Microsoft have this covered...

You accept that Microsoft provides to you the software covered by this license, as is, including with
all the faults, errors, omissions, bugs and flaws.
but not limited to, any (if any) implied warranties, duties or conditions of merchantability, of
fitness for a particular purpose, of reliability or availability, of accuracy or completeness of
responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence, all with
regard to the Product, and the provision of or failure to provide support or other services,
information, software, and related content through the Product or otherwise arising out of the use
of the Product.

Re:Hands up, everyone who DIDN'T see this coming..

Damn! Take the stick of your butt and replace it with a sense of irony! It is ironic that the guy is all pro-freedom and at the same time is abusing that freedom and thus making a case for the anti-freedom crowd. Mindless zealotry isn't that great of an advocacy tactic, especially when you turn it on the people who support you.

Re:Hands up, everyone who DIDN'T see this coming..

Sorry, but I happen to think that's crap. Much like the government, whenever a controversial law/license is proposed, and its supporters, when confronted with an egregious abuse it would permit, use a phrase along the lines of 'Perhaps in theory, but the law would never be applied in that way' - they're LYING. They intend to use the law that way as early and as often as possible.
 
If you're going to quote another user's post verbatim, it's generally considered polite to include attribution.

Re:Hands up, everyone who DIDN'T see this coming..

[russ1337]

Encryption was moved from the Munitions list to the Commerce list in 1996 "because of the increasingly widespread use of encryption products for the legitimate protection of the privacy of data and communications in nonmilitary contexts"

"November 15, 1996: Encryption products that presently are or would be designated in Category XIII of the United States Munitions List and regulated by the Department of State pursuant to the Arms Export Control Act (22 U.S.C. 2778 et seq.) shall be transferred to the Commerce Control List,"

http://www.fas.org/irp/offdocs/eo_crypt_9611_memo. htm

Re:Hands up, everyone who DIDN'T see this coming..

[El+Cubano]

Oh man, you were doing great right up until this part.

You really need to study American history again if you don't get this @#$% by now. Our founding fathers understood this stuff, and that's why "checks and balances" are a part of our government

Then you finish up with this:

(2000-2006 excepted).

You seriously think that getting around checks and balances is a new occurrence in the last six years? Let me say that you need to go back and study your American history.

Let me refresh your memory on a few things:

• A little program called Carnivore was setup to basically allow wholesale wiretapping of email conversations. This program began in 1997, under the watch of the ultra-right wing fascist Clinton (being facetious). It was abandoned in 2001 in favor of commercial tools that do the same thing.
• Back in 1998, President Clinton ordered missile strikes on a phramaceutical factory as part of Operation Infinite Reach. This was in retaliation for attacks on US embassies. Later, it came out that the evidence to support the attack was basically false. Hmmm, a commander in chief orders military action where people get killed, all based on bad intelligence. I'm certain he was lying to the American people about it so that he could help bring about a fascist police state where everyone feared the boogey-man. Or maybe he was trying to get people's attention off of the Lewinski scandal.
• Another beauty from Clinton administration is the sale of satellite and ballistic missile technology to the Chinese. There is a picture of how checks and balances should work.
• Of course, if we look further back in history, we see that President Kennedy was so concerned about checks and balances that he unilaterally ordered a military blockade and risked nuclear war with the USSR during the Cuban Missile Crisis

There are dozens of other examples in just the last fifty years, including the secret overflights of Soviet territory by US reconnaissance aircraft, CIA testing of drugs (LSD, IIRC) on members of the populations of several metropolitan areas.

Needed: DRM Constitutional Amendment

It looks like what is needed is a Constitutional garentee that protects us from these technology abuses. First off, when a consumer buy a license to something that license must be trasferable as the consumer see fit, as long as the transfer does not cost (not the same as not making additional money, as they would have you believe) the content provider any money.

Example: you have the lo-def Start Wars DVD but you want the latest Star Wars HD DVD (physical or downloaded from provider) you must pay. After you pay, you must be allowed to, at your own expense convert, retransmit or duplicate said content to any device proven to be yours, with out exception. You must not be allowed to transfer to a device that is not yours with out the content creator/owners permission. It is their content if it copyrighted, but it is YOUR license - this is what everybobdy MUST understand if there is going to be any viable solution. Both sides must be protected, both sides must give a little.

It is unfair to consumers when they must continue to pay for content that they have already purchaed when there is NO cost to the original provider when they simply want to make the best use of the technology they posess, and this is only possible because of the absolute monopoly that a content provider has- they are THE only one that has the content. There is NO choice of where to get Star Wars from. The monopoly they have makes the whole Microsoft thing look silly, but no one says a word.

Although to be fair to content providers, any license that cannot be enforced in such a system must be exempt- that is, your old Star Wars DVD cannot be converted to a HI-DEF version.

The second part of the amendment is really just the First Amendment re-worded- just replace the words Congress, Government, State with Corporate Entity or Special Interest Group. These people cannot be allowed to dictate policy anymore.

The third part of the Amendment is that this sort of technology must not be used in a manner that has no direct consumer/end user benifit - that mean no approved spyware and no lock-in/out. The extent of DRM and Trusted Computing should be to provide a reasonable framework to allow fair business- for both proprietary and free solutions.

We need to make this a 2008 political hot button issue people. We cannot allow matters like this to be decided by people who can only relate the Internet to plumbing to decide who, how, when, where and why we can use technology - it is bad for business, it is bad for society, it is bad any way you look at it.

Re:Needed: DRM Constitutional Amendment

[Technician]

It is their content if it copyrighted, but it is YOUR license - this is what everybobdy MUST understand if there is going to be any viable solution. Both sides must be protected, both sides must give a little.

The sour point I have always had with the content industry is the total lack of anyway to replace the damaged media the content came on without buying a new license.

Want an unscratched LP, buy a new one. Want to replace the cassette tape which warped in the car on a hot day, buy a new one. Want to move the content from your RCA video disks to a new format such as DVD?, buy a new one. Want to replace that broken VHS tape?, buy a new one. Where can I send my copy of Ventures Gold on 8 track for a replacement on CD without paying for a new lisence. This is one of the reasons the old Napster was accepted and justified by many who would never steal anything out of a store. Much of the Napster use was replacing lost and damaged media for content which the user had bought a valid lisence. Other things were then downloaded simply because the industry had been so shortsighted in replacing damaged or outdated medial Even today, they still have this fault. I have used the sneaker net in copyright violations in about the same measure the industry has failed to provide a way to enjoy my licenses for content on media that no longer functions. Am I a thief? Am I expecting too much for my media dollars?

Time to end my rant. Remember DRM is supposed to prevent you from media shifting you content so you can play it in the future on new devices you may purchase. Take a lesson from your library of Plays for Sure content when you buy a Zune.

Content of the future is DRM free. You Plays for Sure content will die like the content on my 8 track tapes. Your MP3 collection will transfer onto your new computer and devices.

Re:I had the same dream!

[mpapet]

What a coincidence.....

I bet there's a number of other people that have had the same dream. I just wish there was a way to make it stop. Because I keep having it over and over again. Each time a little further along then the last.

Too bad, because it (your fellow citizen's freedom) will be sold for the right price.

Today's lesson: Freedom is for sale for about $2 less than the going price.

Re:Hands up, everyone who DIDN'T see this coming..

[camperdave]

While that may be, it was (until Jan 2000) still illegal to import or export strong encryption software. I'm not sure where it stands now. Anyone?

Or like a moving company

the kind that sells their service to load your goods into their truck and transport them to your new home, then ransoms your personal possessions for additional fees.

Bernard Swiss

A tight Vista will do nicely.

[fuego451]

I hope Microsoft locks Vista down tighter than a bedbugs arsehole with lots of user restrictions, DRM, **AA protections and many other inconveniences. That should send another 5-10% of their users over to the FOSS community.

Re:A tight Vista will do nicely.

[pandrijeczko]

Don't be a jerk.

I'm primarily a FOSS user, probably like yourself, but the last thing I want to see is all my media locked down with DRM to the point where I can't play any movies or music on my Linux systems.

If people want to run Windows, then that's their choice. Those of us that use FOSS should be making Windows users aware of Firefox, OpenOffice, etc. and if they start running FOSS applications in Windows then that too is a very good thing.

Likewise, those of us who fully understand the potential evils of DRM should be educating those that don't about what will happen to *ALL* of our freedoms if the movie/record companies get their way. As far as I am concerned, if Joe Public pushes back on DRM, then Microsoft will have no reason to build it into Windows and we all get that one step closer to having open file formats that anyone can make use of, no matter what OS they run.

So please divert your energies to positive education against DRM rather than just being a zealot.

Re:A tight Vista will do nicely.

It should send every corporate to Linux etc.

Think Sarbases-Oxley, are you being fiscally prudent if someone else can disable the software your corporation relies on to function ?.

What's wrong with that?

[NotQuiteReal]

...inaccurate, third-hand interpretation of the abstract...

That's the same basis most Americans (who do) vote, base their vote on...

I don't get it. Why is there a moderation called "Funny", but no moderation called "Sad"?

Re:Hands up, everyone who DIDN'T see this coming..

I think that you're thinking of Reservoir Dogs, not Pulp Fiction.

Re:Hands up, everyone who DIDN'T see this coming..

[UnxMully]

It took me a while to get it, but it's the diner scene at the finish.

Re:Hands up, everyone who DIDN'T see this coming..

[grahammm]

There is nothing actually wrong with Microsoft producing the tools. What is wrong is for Microsoft to use the tools. They should be producing the tools for use by law enforcement. Other companies and industries design and make tools for law enforcement to use, and do not use them themselves to enforce the law. So why should Microsoft not do the same rather than acting as vigilantes and taking the law into their own hands?

Moving licenses is useless.

[rdebath]

This is worthless; moving licenses between machines is only any use in a perfect world. A world where you get twenty four hours notice before lighting fries your computer. In the real world the license (and the rest of the data) has to be recovered from a backup tape or a flash drive.

Re:Hands up, everyone who DIDN'T see this coming..

The point is that you give people power, and they will abuse it to the degree they are permitted

What is the TCM? Control. The Trusted Computing Module is a computer-generated cryptographic cage, built to keep us under control in order to change a human being into this...

[holds up eyeballs]

Re:Paranoia is a mental illness, not a belief

[UncleOwl]

I completely agree with the parent. I am that old too - but it took some time. Actually I remained a cluelessly happy MS user until having to compile and teach a course on various IT issues including its history (was back in 2000). Digging into the books and websites for course materials, I unearthed so much stinky stuff about a certain corporation and their typical practices that it made me sick. Thankfully, in those days Stardivision released their StarOffice 5.1 and 5.2 which along with Mandrake (6.1?) gave me a mostly working platform for academic office needs. Since then it has been Linux for me.

But the real problem is IMHO still the champignon syndrome (kept in dark, fed on shit) of normal, ordinary people (not to say this is unique to IT - happens elsewhere too). As long as the typical Joe/Jane Sixpack does not care, things like this will go on. This is universal - people who are well-educated and smart otherwise are equally clueless in this matter (e.g. it has been a big news for many of them that you should not use your XP without password and in admin mode).

Quoting a popular movie: blue or red pill?

Re:could be used to control use of olderS/W versio

[hguorbray]

the difference between win98-xp and Vista and beyond is that Vista and beyond will be regulated via mandatory upgrades which will hold your existing content hostage against ongoing upgrades to the curent MS windows while gradually breaking binary compatibility with older MS programs.

Cheers,
PY

Re:I had the same dream!

[StarfishOne]

Theoretically it would be possible for a large group of consumers to start building their own (rogue?) internet. With the availability of wireless products (e.g. WiFi), it has become possible to build a (mesh) network without having to dig cables into the ground.

But creating anything that comes close to the current size of the internet with just WiFi nodes is difficult to say the least, how to cross the Atlantic for example? :)

Perhaps we would need to start an Open Source Satellite program... ;)

Let me just say that there are enough skilled people on this planet who might be able to come up with some sort of an alternative option.
(but they need the internet to effectively work together, gheh)

Well then it's...

[paniq]

Hello from Seattle!

Re:Hands up, everyone who DIDN'T see this coming..

[TheVelvetFlamebait]

Those situations would fall under the jurisdiction of law enforcement, not Microsoft.

However, law enforcement don't have the resources to protect people against such crimes. Microsoft, if you think about it, is really in the best position to deal with those situations, like it or not.

I realise that Microsoft is far from trustworthy, but the problem of computer security needs to be solved. There needs to be an option like trusted computing for those who can't afford major computer problems.

Patenting challenge-response?

Quite apart from the "revoking license" parts, is there really anything to this than a standard application of challenge-response, which if not already patented at least has gazillions of prior arts?

-LArs

Re:Hands up, everyone who DIDN'T see this coming..

[howlingmadhowie]

eben moglen already said it: the world has changed from a place where behaviour was governed by law to a place where behaviour is governed by switches. earlier it was possible to commit a crime, and the law would deal with you. now, your rights determine what you can do, and law becomes less important. the question is, who decides what rights you have?

RMS bashing is the new cool

WTF! Why can't I mod TFA down as troll!?

What's with the rms bashing? THis guy realizes he is right, and was right way before he saw it coming and instead of apologizingg he dissmised this with a condecending --but still insulting-- joke?

Whats so wrong about ethics?

Re:Hands up, everyone who DIDN'T see this coming..

[mrchaotica]

What you are advocating is the digital equivalent of jailing the user "for his own protection." This is not appropriate, no matter what your intentions are! Don't you see that?

The only reasonable method of security is to give the user the lock and the key, and let him use them as he sees fit. Anything else cannot ever serve the user's best interests, and anyone who claims otherwise is very likely a totalitarian fascist (in an empirical, rather than derogatory, sense).

Re:Hands up, everyone who DIDN'T see this coming..

[mrchaotica]

So Yes, there is a valid reason and I'm sure plenty of businesses that would love this tech.. then documents could not only be encrypted on disk but critical ones could self destruct if the laptop wasn't connected within a timeframe to the authenticating domain... pretty cool stuff.

So you think implementing Orwell's Ministry of Truth is a good thing?!

...is actually only an argument AGAINST!

[mrchaotica]

Let me make this perfectly clear to you: you DON'T NEED Treacherous Computing to do this! Every single thing you, as a user, could possibly want to do to protect your data is possible -- and easy, even -- with normal encryption, such as PGP.

There is exactly one and only one thing that Treacherous Computing allows that other technologies do not: the ability to withhold your information from you. Does that sound like something you need or want? It doesn't to me!

It's for enforcing DRM

[mrchaotica]

It's a normal and reasonable part of an overall DRM system.

A "normal and reasonable part" of an inherently unreasonable system? I'd say that makes it unreasonable itself!

It doesn't really have anything to do with Trusted Computing Group (aka TCPA) style Trusted Computing, rather they mean that the server trusts the client (just as Apple trusts iTunes).

Well, except that Treacherous Computing is the mechanism to authenticate the machine and make the whole system "work," that is...

Beating a dead horse.

[fuego451]

You incorrectly assume that I have not done the things you suggest, I have and was called a zealot for that as well.

We both know that Microsoft has a long and glorious history of absolutely refusing to listen to reason, even from their own user base. Though I didn't state it, my thought was that if Microsoft lost a goodly portion of their users to the FOSS community, perhaps they might come to the realization that OS usability/control for the customer and interoperability with other OS's are good and DRM plus other restrictions hurt everyone. Microsoft's stubbornness on these issues is mindbogglingly stupid and I don't expect them to change strategy any time soon.

I have had two or more Debian machines on my home LAN coexisting with my wife's Windows machine for over nine years and the only problems I ever had were with Microsoft changing SMB in an attempt to thwart Samba. I have never been a Windows user, used Mac's for about fifteen years prior to Deb, but I will say that, with careful administration, XP has played nicely on our LAN and has been relatively trouble free. I just wish MS were honest in their talk of interoperability.

Re:Does MS want Computers to be like cell phones?

[mrchaotica]

Of course, those "countermeasures" certainly haven't made the industry any less fucked up! I don't know about you, but I'd rather prevent these assholes from trying to enslave me in the first place. Talking about "countermeasures" is counterproductive.

I WISH it were stupid!

[mrchaotica]

...but it's not. It's deliberate, calculated, evil terminology designed to mislead the computer using masses into giving up their rights. It's doublespeak, and it's the best example of it I've seen in the last decade (and that includes things like "homeland security"). It's a damn shame that not enough people have read 1984 (or at least The Right to Read ) in order to recognize it as such and have society reject it wholesale!

Re:I WISH it were stupid!

[ScrewMaster]

It's deliberate, calculated, evil terminology designed to mislead the computer using masses into giving up their rights.

And what organization is better suited to the task than Microsoft ... not that the current Administration is any better.

Re:Hands up, everyone who DIDN'T see this coming..

[operagost]

Well, your original assertion that "it is illegal for Americans to write strong encryption software (it is considered a munition)" was proven flat wrong. As for the exports, see here.

Re:Hands up, everyone who DIDN'T see this coming..

[operagost]

You really need to study American history again if you don't get this shit by now. Our founding fathers understood this stuff, and that's why "checks and balances" are a part of our government (2000-2006 excepted).

I didn't realize that one of the branches of the federal government had been abolished. Which one is it, pray tell?

You know that scence in Pulp Fiction with the multi-way Mexican Standoff? That's how the US government is supposed to work; go too far, and you'll get blown away, because you can't take out all the other dudes.

Wow... that would make one hell of a classroom demonstration!

Re:Hands up, everyone who DIDN'T see this coming..

[operagost]

Naturally, you were modded offtopic while the gp poster (who is also OT) is still at +5.

Re:Paranoia is a mental illness, not a belief

[petrus4]

Rather an emotive, sweeping generalisation there, comrade. ;)

Re:Hands up, everyone who DIDN'T see this coming..

[dangitman]

Most of us who use Windows and have some tech savvy are the gamer audience

WTF? Most typical gamers have little tech savvy. The programmers, scientific users, and Computer Science professionals would be the more savvy audience.

Next Frontier

Time to ditch x86 and go open hardware with OpenSPARC. Throw in a leapfrogging of inet2 with a user-created
net of some sort, and the treacherous computing group (including pocket legislators) can go to hell.

Re:Does MS want Computers to be like cell phones?

[Technician]

With all of the lock down that they have?
*You can only use our phones
*You must pay for a data plan to the get discount on that phone
*You can only use apps that you buy at our store

The cell phone has competition and a high churn rate. People abandon the hardware to go to another carrier. Microsoft is at risk of the same thing. Abandonment of the platform to churn to the competition such as Apple.

There best hope is the platform will not be abandoned entirely but used alongside other services. This would be like using my cell phone for phone calls only and using my PC for internet, games, music, IM, and email instead of the cell plan. The first thing I did on my cell plan was to have internet blocked so the kids could not download any pay per item junk such as ringtones and IM. This has kept the extras billing under control.

Re:Hands up, everyone who DIDN'T see this coming..

[Alsee]

You mean your password isn't really "GiveMeTheChocolate"?!?

-

There's already a "dead man's switch" in Vista

[knorthern+knight]

Used to be you could get Windows and keep it reasonably safe from viruses/cracking/licence-revocation by not connecting to the internet. That option will no longer exist as of Vista.

The term dead man's switch originated in the train industry. The idea is that a switch has to be kept contuously pressed for the train to continue operating. If the engineer suffers a stroke or heart attack, he can't keep the switch pressed, releasing the switch triggers a circuit that causes the train's brakes to be applied, bringing it to a halt. A helluva lot safer than the alternative.

In software, it has a more sinister meaning. Your software must contact the mothership, be inspected by it, and receive authorization to continue operating. If it can't cantact the mothership, it stops functioning. Go to http://www.microsoft.com/about/legal/useterms/ and select
Product Name: Windows Vista
Version: Home Basic
Language: English
and download the PDF that it points to. On Page 2 of that pdf, paragraph 4 talks about mandatory activation. If it was a one-shot deal, I wouldn't have a problem. ***BUT*** paragraph 5 on that same page states (and I quote)
  5. VALIDATION.
a. The software will from time to time validate the software, update or require download of the validation feature of the software. Validation verifies that the software has been activated and is properly licensed. [...deletia...]

b. During a validation check, the software will send information about the software and the device to Microsoft. This information includes the version and product key of the software, and the Internet protocol address of the device. Microsoft does not use the information to identify or contact you. By using the software, you consent to the transmission of this information. [...deletia...]

c. If, after a validation check, the software is found not to be properly licensed, the functionality of the software may be affected. For example, you may
* need to reactivate the software, or
* receive reminders to obtain a properly licensed copy of the software,
or you may not be able to
* use or continue to use some of the features of the software

The sections I bolded basically state...
1) Vista may, from time to time, decide that it wants to call the mothership and download/install/run additional software
2) By using Vista, you agree to item 1)
3) If the validation doesn't work, e.g. no internet connection to the mothership, Vista may partially or completely stop working.
Fills me with confidence... NOT!

Re:Hands up, everyone who DIDN'T see this coming..

[ShakaUVM]

>>we've got another 20 years of releasing the falsely convicted based on DNA evidence (too late for the wrongly executed)

If you think all the people released were actually innocent, you should probably research it a bit more. A lot of times people are released simply because no matching DNA samples were found. This doesn't (in the slightest) mean they didn't actually do it. The "set em free if we don't have a matching sample" movement is based on communist principles of trying to undermine the judicial system, and is turning loose convicted murderers and rapists on the streets.

I like sticking it to the man as much as anyone, but I'm not insane. The current "turn 'em loose" program IS insane.

What is a TPM

[cachimaster]

Ok, I gonna give some specs, so we can know what are we talking about:
A TPM is a microcontroller that can do RSA and some hashing functions (SHA1).
Its installed on most new notebooks, like all the Apple Macbooks. My HP Laptop has one, the Infineon SLB 9635. It has all kind of tampering protections, like an active random number signal shielding, etc. Specs are Here .
It is not a Crypto accelerator. Typically a TPM chip is *slower* than a equivalent cipher operation realized on the CPU.
Linux has drivers for It. Interestingly, my chip, the SLB9635, is flasheable...
All TPM 1.2 Microcontollers have a unique internal RSA 2048 bit private key, (This is the key being hidden to the user) that inserts on the trust chain, whose root is MS, (Not sure about this).
You can tamper with it, flash it, etc. If the chip detect some anomaly, it wont stop working, but only flag it with one bit.
One of many things that can be done with it, is to hash all the software installed and sign it with the private key. Then some vendor can check if you have approved software with valid licenses.
Sure you can put linux and forget about it, but, like the number of the beast, soon you gonna need one to buy and see things.

Alfred

Re:Hands up, everyone who DIDN'T see this coming..

[deathy_epl+ccs]

The programmers, scientific users, and Computer Science professionals would be the more savvy audience.

These are the people that have less reason to use Windows, though. In addition to gaming, I am also a coder but I use Windows only because I'm not really up to fighting with the Linux gaming experience. If all I did was code, then I'd see no reason at all to use Windows and I'd switch in a heartbeat.

However, I will not tolerate Vista.

Re:Hands up, everyone who DIDN'T see this coming..

[dangitman]

Why would programmers have less reason to use Windows? It's a very profitable platform for programmers, with perhaps the greatest number of applications of any platform.

Also, saying that most gamers use Windows (whether they are technical or not) is very different from saying that gamers are mostly technically savvy. Most gamers are just consumers. Sure, there are some gamers who are also technically savvy, but it's not the factor that defines them.

Re: Sadly, No.

[mpapet]

there are enough skilled people on this planet who might be able to come up with some sort of an alternative option.

There are. No question about it.

However they pale in comparison to the institutions driving the need for a computer you don't control. The DMCA is one example of their efforts. Another is the RIAA filesharing media perp walk.

Finally, even *if* a group started something, maybe like an anonymous Internets v 3.0, the party line is used by the elite: "Only criminals/terrests would use an anonymous Internet 3.0 for their evil deeds." And then dredge up a couple of the worst abusers and make them do the media perp walk.

If developers -still- insist on pursuing the project, a swift character assassination of a couple of the top devs by dragging them through the local legal system is all that is required. Not the first choice, but a reliable tool to maintain control.

It was fun while it lasted.

Of course, this was all in a dream I had last night and in no way reflects reality.

Re:Hands up, everyone who DIDN'T see this coming..

[deathy_epl+ccs]

It's a very profitable platform for programmers

The key word there is profitable. If I'm not looking to charge for projects I create in my free time, then it really doesn't matter, does it? Professionally, I'll continue to use whatever OS the person signing my check decides to put on my desk, but at home the choice is not profit motivated, it is purely gaming motivated. My unwillingness to switch to Vista is going to impact my gaming no matter what I do...

Most gamers are just consumers.

You must be young. In the computing era I grew up in, an interest in video games is what drew you into computing in the first place. That's not to say you are right or wrong, but we obviously have a very different perspective on things because of it. Most of the folks I know who are capable of gaming on a PC are technically savvy, but maybe that has more to do with the people I tend to know. *shrug*

Here..here, let me shed a tear for you...

I don't see what the problem is and what everybody is bitching about? The only reason you're all upset must be because you use something from M$?..and since all you idiots keep putting money into Bill Gayes pockets, you deserve nothing less. Did you stop buying computers that come with windows? Demand M$-free computers from you local dealer (and I don't mean the guy selling you pot)? Demand that they stop using M$ crap at work? My guess is that none of you probably has, and now you can lie sleepless in the bed you have help Bill Gayes make for you.

I for one don't even buy a cell phone if I suspect it can contain some trace of M$ crap. //TiredS

Re:Hands up, everyone who DIDN'T see this coming..

[dangitman]

You must be young. In the computing era I grew up in, an interest in video games is what drew you into computing in the first place.

Depends on what you call "young." I grew up playing Space Invaders and Pac Man at the arcades, when there were very few decent gaming options for home computers (and hardly anybody had a home computer, anyway). This doesn't change the fact that most gamers today are consumers. My generation is only a miniscule proportion of the market, and many of us have retired from gaming. Heck, most games are aimed at the young - and the ethos is totally different today. We used to program our own games. How many gamers do that today, versus the number who just consume games as a product?

Today, there's no real correlation between gaming and geekiness. Games are "cool," and a mass-consumer product.