Slashdot Mirror
More Info on Pentium III, /dev/random, etc.
nuxx writes "Looks
like Mr. Tom Pabst from Tom's Hardware
Guide has some more info concerning the Pentium III
including a tidbit about how the random number generator will
work. " Interesting stuff about the ID tagging and stuff too.
Maybe it's just me but is anyone else really, really tired of big corporations saying, "Oh, don't worry; we'll protect your personal privacy. We would never think of selling your personal information. You can trust us."
Good question...
We need to let e-commerce sites know that we refuse to be tracked by our CPU numbers. This is a privacy nightmare about to happen!
If we can get most people to disable the serial number, and refuse to use it in e-commerce, maybe we can get intel to rethink their plans.
In my opinion, it's a poor idea to deploy any technology which would facilitate a police state...
How do advertisers expect to "watch" my internet Porn viewing, when the ID is attached to the CPU and NOT me? I thought that idea behind these digital certificates was that it identified me. Since multiple people can use my computer, I doubt advertisers would value the idea of monitoring my CPU ID.
That is, unless we get to a point where we all carry around our own personalized CPU. If you want to use this computer, just pop your CPU into the slot (like some credit card).
Sounds like it would be very easy to write a VXD that intercepts this call and send whatever CPU ID you want.
Ids for cpus should not be a privacy concern as lond as the operating system / software does not allow it to be broadcast beyond the local system unless the user so chooses. However this means trusting that your software does what it claims it does (good argument for open source).
The real problem is if the "unique" # is used as an ID beyond your local machine (controled environment) it could easily be picked up and spoofed. There is nothing to prevent software on the computer from intercepting the hardware call and replacing the # with a user desired #. Perhaps the Linux kernel could be set to always supply a zeroed out serial # as a compile time option.
Okay folks, you want to know what Intel can do with this? Not much.
Now you want to know what Intel is selling to their favored developers? Many things.
1. When you register software online, your registration will be tied into your CPU. Imagine buying Windows software, registering it to one unique CPU. It's a quick and easy check for any software company to check your LAN for all of the copies of their software on different CPUs.
2. Windows 2000. Microsoft has been contemplating a yearly licensing for a little bit and they probably will do it. NT, as it sits now, does put some information on your hardware and moving things does can cause big problems. Imagine how IE5 (which has all sort of new undocumented goodies that MS has not released the SDK on), Win2k and their licensing will work. You get Win2k on your system, online register via IE5 and the net and MS has a complete snapshot of your system. Install Win2k on another machine and you are toast because you must register online with IE5.
I've looked at what IE5 has done to my machine in terms of the registry keys and so forth. I've also looked at some of the newer MFC stuff, there are a lot of things specific to IE5 in there.
Is it just me, or does this seem an awful lot like the "decommoditizing of protocols" that the halloween document discusses? How long will it be before buying something on the web requires an Intel Pentium III or higher?
Familiar with the LM78 chip? It can not pass its information directly to an app, it requires a kernel module, as does, as far as I am aware, anything interacting with the hardware. Remove your scsi module and then try to get a scsi volume #.
...a GOOD company would say "Well, this would cause
:(
a lot of problems for people who upgrade to newer
processors/id's, so we won't use it to validate
usage." (Actually doing it might even backfire for Intel, and make people
NOT upgrade as quickly?)
Can you imagine an HONEST company that isn't
into it 100% "for the money", but actually LIKES
it's customers enough to think about them, and
not their wallets?
this reminds me of story of id's at some college where everyone just started swapping...
...but no more intel chips for me!!
-kojak
At best is will be useless (hacking, faking, or replacements)
BTW how many times have you had to replace a CPU? OOPS sorry your software just went bust Ha Ha!
Consider this posibility: What if Intel has actually combined their random # generator w/ the CPUID? It appears random, after all, no two machines produce the same sequence. But maybe it's not so random. If you actually knew the internals and the CPUID you could predict the sequence. I bet the NSA would pay big bucks for this. It would render any encryption which uses the random device completely useless against the MIB....
/dev/random... Seems a bit safer........@#$^%&$&%^
Hmm, I think I'll stick w/ the kernel's
NO CARRIER
Would export of the PIII comply with the laws prohibiting export of encription technology outside the states?
A CPU != A User!
A CPU == A Machine!
Most of the /.'s who oppose this seem, like good nerds, to be seeking a technical workaround. Pressuring Intel's competitors not to go for this and then buying their CPU's is a much better approach. If 15% of the PIII buyers disable or workaround this feature, that means Intel has gotten away with tagging 85% of its users at little cost. If those same 15% buy AMD, Cyrix, PPC, StrongArm, etc., Intel loses market share and the stockholders piss themselves.
As for the argument that vendors cannot rely on this for commerce since there are potential customers using other CPU's, sure, at first the CPUID won't be required, it will just make things *easier*. You can open a website credit account instead of having to max out your credit card (or you will be able to engage in online commerce without having a credit card). You'll get special membership offers. C'mon we've all seen these games by now. Remember when ATM's were free.
Damn...I guess I'm gonna have to stop downloading and pirating my Pentium(TM) processors now...
What will the Hotline servers do?!?
What possile good will this be?
sometimes i wonder just what the hell he's talking about.. I mean he just goes off and talk on and on about the same thing .. maybe he wants to fill up his articles with stuff so that they look big and pretty technical..
duh..
Who the heck is Intel trying to fool?
Windows 2000 crashes because it doesn't know which processor id to send ;-).
Even now 2-4 CPUs are not as uncommon for desctops as it used to be. Which CPU-ID will be used for software? I guess each of them will have to have unique IDs.
This is obviously a crap idea, but do you think they really stupid to suggest crap idea? No, they ARE PROBING us now, our reaction to later suggest something real big=brothered. Maybe they won't even borther telling us what exactly new CPU does.
They claim they do it to stop pirates. They also say the prices of software are high because of them. I give my 2 cents that even if they manage to make all people get legal software, they won't marginally decrease prices.
bastards!
OK, the whole idea of "Them" identifying me by my processor's CPU ID is stupid. I control my system, I control what bits go down the wire, "They" won't know who I am unless I tell them, and "They" can't force me to tell the truth about who I am. Even if "They" pass a law about it, they can't enforce it any more than they could enforce crypto key lengths. And if the mooing masses can't follow where I go, and so get their privacy invaded, fine, that's their problem. The mooing masses have a chance to become clueful, and that's all that I owe them.
It's true that CPU IDs are obviously for copy protection, but who cares? They aren't any stronger than the old 8-bit copy protection schemes (some of which got *truly* kinky), and yet all of those were routinely cracked. People will still pirate commercial software. If anything, it could be a Good Thing because it will raise the bar for being an elite warez d00d (you'll actually have to know something to be one) and then warez d00dz might once again become a pool of future true hackers, as they once were.
And even though all my software is open source and doesn't care how many copies I make, there are other uses for CPU IDs: parallel processing. I want to build machines with lots of CPUs in them. I don't want the CPUs to clobber each other. That means they have to have ways of telling each other apart. There are many ways I can give them that, I don't need CPU IDs... but CPU IDs make it easier. I think CPU IDs have a small but nonzero and positive dollar value.
And the overclocking "true speed database" thing was good, I'm sorry that Intel is denying it now. I want to be able to overclock my chip if I want to, but I don't want to do it except deliberately.
Just wait until I sneak into your house and replace all your dice with WEIGHTED ONES!@! MUAWAWHAHAHAH
As far as web browsing and privacy issues are concerned, lets hope that Netscape is wise enough to give users the option to disable transmission of CPU information.
Yea shut the hell up monkey wank. Stop flaming Tom fuckwat
So if you turn off this feature, then decide (for some strange reason) that you want to use it again, you have to reboot? What's up with that?
...or something of the sort. (Needless to say, I haven't done any win32 programming in quite a while, and even then I didn't do much/any lowlevel stuff).
Unique processor IDs give us two things:
1) Intel can write software which will be able to tell for sure what MHz a chip is supposed to be running at. This will allow them to easily detect chips relabelled by vendors. This is IMHO a good thing, because while a hobbyist might want to overclock his or her chip, he or she doesn't want to pay a 400 MHz price for a chip rated at 350 MHz.
2) Software licenses can be locked to specific machines. This is commonplace on systems like Suns where each machine has a unique hardware-accessible ID (in the NVRAM in Sun's case). In the future, expect Microsoft's license manager to work a lot more like flexlm.
- Ken
Even if it means I have to live for the rest of my life in a shack deep in the wilderness with nothing but a set of rusty weasel traps and my Powerbook, it will be a -very- cold day in hell before I allow myself to be tagged, branded, and monitored via my deck.
If IBM and Motorola jump on this bandwagon, I'm moving to Alpha. If Alpha Inc. goes over to the darkside, I'll go Sun. If all the chip manufacturers decide to make themselves complicit in foisting this orwellian nightmare on the world, I'll stockpile old PowerMac clones and toss on another node to the Beowolf cluster when it looks like I'm lagging behind the performance curve.
Never. Ever. Will I submit to being branded like cattle because I use a computer.
If you hate Apple, buy AMD peecees. Buy Alphas. Buy Netwinders. Screw Intel.
SoupIsGood Food
Has anyone thought about how this would work for those who own SMP boxes? Supposedly SMP is the way of the future, so you'd think they'd have thought about this.
sigs are a waste of space
SPARCs have 'The NSA Instruction'.
Now Intels will have 'The MS Instruction'.
The only possible use of this stupid hardware ID is tracking or software copy 'protection'.
The random number source is nice, but I sure hope it is _random_. Wouldn't suprise me if it is actually pseudo-random and based on the ID.
If people start believing that the Intel CPU ID is the only way to get true security on the Internet, it won't be long until sites say, "I'm sorry, but unless you provide you Intel CPU ID, we cannot provide you with secure access. Please buy a new Intel CPU now." Well, not those exact words, of course...
There's already a lot of sites that are so hardware-intensive that you can't use them without having a relatively powerful system, but at least they don't require that you purchase that system from a certain company.
Whether or not this CPU ID actually makes anything more secure is quite debatable. But reality often doesn't matter if marketing is powerful enough.
I hope this is just paranoid delusional rambling...
Like to have Telepathically controlled Linux box?h tml
http://slashdot.org/articles/98/11/04/2341226.s
What happens when you upgrade your system and buy a new cpu? Do you have to go to all these e-commerce sites and update your key?...and will you be able to? Same goes for if software manuf. use it as a key....wtf??!
The OS can probably find a way to not send the ID number right? Actually I can't see a way to keep the OS from doing that. The processor doesn't know which piece of data is a network packet. So, since we have the sources to our OS, what is that we're so worried about?
Intel has given two arguments in favor of CPU ID. The first is that software licenses can be tied to CPUs. The second is that e-commerce sites can use it to identify customers. Both arguments are bogus.
Tying software licenses to CPU ID would prevent software vendors from selling to owners of AMD chips, Cyrix chips, or the existing installed Intel Pentium I/II base. No software vendor would ever go for that.
If e-commerce sites required CPU ID for transactions, they would in effect be limiting their customer base to Intel Pentium III based PCs running Microsoft Windows. Well, guess what? Not all internet clients are PCs. Of the PCs, not all of them are Intel. Of the Intel ones, not all of them are Pentium IIIs. And not all the Intel Pentium IIIs run Windows.
So are e-commerce sites going to require CPU ID? Not unless they want to royally piss off Mac users, Linux users, and anyone who already owns a 486, Pentium, or Pentium II today.
This reminds me the early days of Be Inc, the BeOS and the bebox (when the only supported Hardware was the bebox : les beaux jours chez Be, nostalgie, nostalgie quand tu nous tiens).
.....
They said they would endebed an ID on each machine so that dev could sell licenses depending on those IDs - great, but then they started supporting the mac and the idea was thrown in the garbage.
NOw ok if intel goes for it but then you'll just have to switch to other chip maker like AMD - software dev could'nt rely on that kind of argument because ALL chips would not support such feature.
If you don't want such feature in a proc then mail intel saying you'll go see elsewhere if the don't stop now
ludo
none Yet.
True Authentication would require that Intel implement an authentication protocol in hardware, such as a zero-knowledge proof mechanism. If they can write unique serial numbers into the chips, then they could compute moduli and key pairs and store them in the chip. They could provide instructions to read the modulus, read the public key info (but never the private!), and calculate a response to a challenge number. This would effectively eliminate remote replay attacks. By making the instructions privileged, the kernel could attempt to limit access to them from malicious userland code, like buffer overflow exploits and ActiveX controls.
Slashdotters always point out the bad stuff, especially if big brother is anywhere in sight. I've read and agreed with most of the concerns posted here, but would like to point out some good thing that can come of this:
If I write software for a certain target group, it is now a hell of a lot easier for me to make it a hell of a lot harder for people to use the software without paying for it.
(This target group is naturally confined to owners of P3's or later, and quite possibly excludes open-source os users.)
Sure, it's not enough to do something dumb like
if (cpuid()!=get_cpuid_embedded_in_executable()) {
exit_and_report_pirate_to_global_police();
};
but with the cpuid, you have something to build on. Problems such as those with cpu upgrades and mass installation aren't necessarily insurmountable.
The cpuid also makes it potentially very easy to see if the chip you're about to buy is legit (not remarked or stolen).
--
Fuck the system? Nah, you might catch something.
I think they're basically lying. This thing (the unique ID) is USELESS and NOT ANY MORE SECURE THAN HAVING A RANDOM NUMBER-FILLED FILE ON YOUR HARD DISK.
Whoever (hacker?) has access to your hard disk can as well have access to your processor, and it would be trivial to alter whatever "e-commerce" program to return a fake (someone else's?) ID instead of the hardware one!
I'm not a "conspiracy theory" fan, and by a huge margin, but who are they trying to kid???
This story is amazing. Don't people have any memories? CPUID's have
existed a looooong time. Sun SPARC's have them for s/w licensing purposes
(as far as I've seen them used at least). A quick search on dejanews or
some similar usenet archiving system will turn up questions on getting
an id on a computer, again for licensing systems. In my mind that's
what Intel's CPUID is most useful for. Using it as some unique customer
ID is just goofy, and denies the realities of upgrades, people sharing
computers, and a rapidly changing industry.
In your article someone mentioned using ethernet card (NIC) MAC's to seed
random number generators and to provide a unique ID. Awful. First,
computers can have zero to many NIC's, so which MAC (if available) do
you pick? MAC's only need to be unique on a LAN and most cards let you
set them. MAC's *are* published on a LAN - it's their whole point - so
they certainly aren't private. In general software developers looking
to MAC's for a unique ID for licensing have been told it won't work for
those and other reasons.
If there's one thing USENET and the 'net in general are good info resorces
for, it's technical info. I wish to god journalists would ***DO SOME
RESEARCH FIRST***!!!!
US Citizen living abroad? Register to vote!
... At the "Samovar awrds" page:9 9/January.html
http://www.ecsl.cs.sunysb.edu/~andrew/awards/19
Take fun!
Andrew
I've long held that a quantum-noise RNG should be on-chip. It should be possible to read a *real* RN from a register every clock.
I'd also love there to be a UTC register so gettimeofday() would be trivial and no longer the performance monster in Motif etc. that it currently is.
The unique ID has no detractors, the press is being groundlessly alarmist. If it's used by OS's and software we write, we trust and we want to use it's fine, even potentially useful. If not, then it won't be used at all.
I'd love to know if it'll push the price of the chips up a few pence though - after all uniqueness is anathema to mass production.
I'd also like to know if there's any hardware included in the RNG to test for the characteristics of randomness - just in case Intel make mistakes, or there are manufacturing flaws, we need to know we can depend on the RNG, or it too will become a costly waste of space and time.
Altogether though, this stuff makes me happy that Intel have done something genuinely useful and relatively innovative.
...an Englishman in London.
If Virtual PC (mac) ever releases an update with Pentium III emulation, it wouldn't be difficult to be able to set the Processor ID to whatever you like... If the ID is used by any soft for authentification, you can just fake being anyone with just a click, if you know their ID!
-- Slef
I don't see at all how a CPU ID can provide any
type of Internet security. Does anybody know
of how they plan to implement this, or where I
can find a white paper or other document on it?
My Web Page
They claim they do it to stop pirates. They also say the prices of software are high because of them.
Ah, but don't forget, Microsoft insists that piracy actually keeps the prices lower for their products...
(Which, to me, actually makes more sense. I know that I'm less likely to buy a program if they raise the price with no evident benefit...)
Jay (=
Cool. I wonder if it's possible to access it other than through the encrypt ID BS. Alan Turing's idea about RNG hardware device for computers becomes reality.
About the ID thing: I don't know. I really don't trust Intel on this. Of course, that's a natural reaction when someone says "Trust me..."
Does this mean all Macs are evil now, cause I think they all have networking built into the board anymore. There was something one one of the apple boards today about figuring out ones mac address on der mac. Anyone with any networking knowledge would be able to figure this out in a minute, but then again these computers weren't meant for geeks with time on their hand to learn every OS out there.
:)
Hmmm...next program I write, I might have to see if I can use this in the licencing function just to be a dick
clif
1) I wonder if this is really a concrete plan or if it is just being 'floated' to gauge user and IT reaction. Washington politicians do this sort of thing all the time.
2) Having a machine-based CPU ID seems to run counter to the MS-backed Smart Card initiative, which associates the unique ID to the user, not the computer. MS's "Intellimirror" app distribution system is based on user credentials rather than computers, for example.
3) Anyone who thinks they can re-introduce copy protection in general market software has really been smoking lots of crack. Copy protection only kinda-sorta worked in the early 80s, when the computer market was much much smaller. (Or for very low volume apps, like those on Sun.) Imagine if even 1% of Windows XX users had some sort of copy protection problem due to to a CPU UID problem. That would be enough support calls to drive MS out of business.
Business. Numbers. Money. People. Computer World.
The only real advantage (which Intel fails to mention) is to enable software license managers to work and to prevent software from running on systems that do not match the license key. This has been the holy grail of the commercial software industry for years.
Even worse, many commercial software products will require its use and you will be forced to run with it enabled all the time. So much for privacy.
My Computer. My Way. Linux.
--
Howard Roark, Architect
Howard Roark, Architect
I believe in a Man's right to exist for his own sake.
This is just another ploy by Intel to get people to stop using their processors altogether and switch to AMD. What more reasons do we need?
K7 = Faster + Better - CPUIDS
K6 = Almost as Fast + lots cheaper - CPUIDS
INTEL = Intel Knows Totally, Everyones Lives
Go AMD!
Welcome to meept's second comment on the page, however, you only get to see this one, because for the protection of your privacy the moderators, who haven't had sex for over a month now, have erected an edit which means that you can't see the other one.
MEEPT!!
Just another reason to use only Open Source software... Open Source Software is completely immune to any abuse of the processor id. With Open Source software you are free to choose what you're going to send down the wire.
Gee whiz! Now everytime you have to upgrade your processor you'd have to reinstall/reconfigure software. CPU IDs don't work with Operating System software either so expect to see Windoze [whatever] and other commercial operating systems to be pirated by warez kiddies.
Most companies use some kind of disk imaging software to copy hard drives to do corporate-wide deployment of workstations. Now they will have to register each piece of software on every machine. Although this could be avoided by implementing the network computing concept it is still going to be a problem for alot of companies who don't have enough networking power to provide such capabilities
Yanno, to me this sounds a alot like the whole
"we want a copy of everyone's private encryption
key so we (government) can protect you (suckers)
from wrongdoing...and we *promise* not to use
your key without a court order (or unless we're
really bored)..."
I'm sick to death of companies claiming to be
protecting users' information (while selling
the info to spammers) and denying the last breakin
to their mainframe where the crackers made off
with all our "safe" information.
Long live encryption...screw CPUIDs
"All that glitters is not gold"
It's quite simple, really. Live by my motto:
Don't trust anybody.
Do the obvious to e-mail me.
Simple way to stop the OS from modifying the hardware's value: convince the stupid legislators/voters that changing the hardware ID of the CPU is illegal (immoral, wrong, bad for the ozone, etc...).
Once that's outlawed, sw & hw companies (and the govt.) can have their way with you.
I have been watching this, and I believe the uses Intel have devised for this sucks. That number should not be available over the net. Between the spammers, and malicious crackers it could be abused real quickly. Any form of personal identification will get misused and abused unless it is kept secret and never used as a public identifier (e.g.-social security numbers for those of us in the US).
On the other hand, if I wanted a system to be secure, especially the data on it, I could use that number as part of an encryption scheme. That way, even if I pulled the harddrive out, and moved it over to another system, when I tried to access it, I wouldn't be able to. Sure there will be ways to hack it, but that's just one more obstacle. I could even see a firmware driver that adds additional support.
Maybe someone should add this into Linux as part of an encrypted-journal file system.