Slashdot Mirror
Intel PSN Boycott Planned
James Morris writes "Junkbusters in assocication with EPIC are planning a boycott in response to the proposed Intel Processor Serial Number (PSN).
Junkbusters' assessment of the PSN scheme and a FAQ about the Boycott may be found here.
"
This isn't going to change anything. People and OEMS are going to gobble up the Pentium III. The only people who switch to AMD will be those priced out of the P3.
I can't believe people are honestly complaining about this. It's a product serial number, just like that on your car, your refrigerator, or a blender. Sheesh, people can be SO paranoid sometimes.
Still having problems logging in with lynx,
sKroz
Pentium III may open up to strong sales, but you can also be sure that more buyers will now be directed towards AMD and IBM. There's no way that this can help Intel's perpetually slipping marketshare.
Do you think Intel rival will hitch on this? Will this id scare people away from Intel permanently?
It's very simple. Turn it off if you don't
like it. I personally will use it and the
cool random number generator.
This is brought to you by the same people that
think cookies are evil (any webmaster will tell
you -- cookies make it very easy to offer personalized sites in a cross-platform manner).
Sheesh...
-thomas
Ok, I'll admit I don't know everything about this, but if the ID can be turned off wouldn't it be a relatively simple matter to add an instruction to the kernel to issue the command at every boot? Or have an option when you compile the kernel to turn this on or off?
But maybe I'm an idiot.
So what? The ID doesn't tell Intel anything
:-)
either... unless the e-commerce site you're
connecting to decides to share that information.
Why does everyone think Intel is going to get
all of our info from this friggin ID?
And how do people think this ID will be transmitted?
As far as I know, your computer can't magically
transmit information contained on the motherboard
or BIOS. Thus you need a program running in your
OS to handle this. Thus you can turn it off and/or
prevent it from running. Thus you are paranoid.
-thomas
I'd love to see the stats accumulate in the marketing databases for this one really active computer user...
Intel is a company that seems to be missing a couple of vital PR genes.
When we look back on it, the Pentium bug seems like a little thing, but when it happened customers were furious, and at the begining Intel dismissed customer concerns cavalierly, taking the position that people who were upset about it were simply misinformed. In the maelstrom of criticism that followed, they caved in and did what they should have done from the start. They didn't save any money, but they did get a huge black eye.
It's important to note that when the Pentium bug fiasco occured, Intel's competition wasn't nearly as robust as it is now. Alternatives to Intel have never been as viable as they are now. Right now there's one basic reason to buy an AMD chip over a pentium, and that's price. With this policy, Intel is handing its competitors a second reason. Why?
Who wants this feature? Where's it's constituency? Is it something the major software vendors have asked for, or something the government wants? Is it the pet project of highly place Intel designers, who are too proud to admit they've made a mistake?
The notion that it's ncessary for e-commerce is puzzling, because no one's been asking for that, and it doesn't seem to make things better in a direct way. Are merchants expected to stop dealing with old pentium II's? How long will it take for non-id'd machiens to fade from the scene?
As long as merchants are obliged to do busienss with non-id'd machines, a scamster will be able to deteat the measures trivially, by simply using an older machine.
Finally, a gratuitous point about linux:
Intel's plan is another example of a large computer company trying to foist someth8ing on its customers that simply isn't in the customers' interest. Micorosoft has a history of doing this as well, as do many smaller software houses.
Linux is different. No one, not even Linus, has the ability to impose anything on linux users, because old versions are always available, and anyone can fork the code if they disagree with a design decision.
This is one of the many subtle advantages of using OSS code, an advantage that probably isn't apparent to most people when they first think about it. But it's a real advantage, and it's important.
Yes, it *could* work out this way, but there's no assurance that it will. Let us suppose that you are right and the Open Source products choose and manage to disable this feature. This gives people a reason to switch to Open Source *if they are aware of the problem*. The Intel boycott will certainly increase awareness of the problem. Therefore, even if all your postulates are correct, open source advocates should support this boycott.
how is this any different that any web site can read your ip address? actually, knowing an IP address is more dangerous...you can get more information about the person and/or computer, plus, if you want hack into someones system, an IP address is more damaging then a useless CPU serial number.
why is anyone worried about this? Is the CPU ID going to be sent directly from the CPU to NIC? no, it'll have to go through the OS. So you change your kernel (provided you're using an open source OS) to not transmit the CPU id number, in much the same way you can override the hardwired MAC address on ethernet cards...
So you decide to go along with this boycott and avoid intel...
Don't forget to check the video chipset, PCI chipset, NIC chipset, etc etc. Even using a non-x86 processor doesn't mean anything, alot of alphas have intel chips in them (PCI)
First: my Linux boxes are multi-user, both at home and at work, so I wonder what kind of data they could be collecting from me (are they going to think I'm a man, a woman and a 4 year old child?)
Second: companies are not allowed to collect and share data unless they satisfy so many legal requirements not to make it worth it. Oh: but this applies only in the EU, not in that backward country on the other side of the Big Pond? Oh well, the subject says it all...
What will the effect of a processor serial number me? Each system already has lots of unique numbers that could be used to identify you.
For example legal copies of Win95, 98, NT all have the unique product identification code.
There are also harddrives serial numbers, ethernet MAC address, and others I can't think of.
Any piece of software could pick anyone of these IDs and use it as a PIN for you and your computer. The software simply consistently picks the most useful of those IDs available.
Adding a serial number to the processor really isn't any different than what is already available, albeit with somewhat more difficulty.
So we should not be anymore alarmed at Intel's future actions that we are at 3com for putting a MAC address in my ethernet card.
What we should be alarmed about is that (to my knowledge) there is no legislation that protects YOUR information and makes clear who the ownership of said information belongs to.
In my opinion you yourself are the owner of all information about yourself, and this information is equivalent to private property. This not only includes the obvious info - medical records, SSN, financial - but also the phone numbers that you call, the URLs that you click on, your habits, the files on your computer, and of course the serial numbers of your computer hardware and software. Any piece of information which YOU create you are the owner of - and every day this property is stolen from you.
Lets not focus specifically on Intel, but enact legislation that makes clear that information about you and which you create is private property that you own.
They are not fixed in stone.
Not by a longshot.
I have 5 network cards, and am too lazy to register 4 of them with our paranoid security around here.
So i just tell the other 4 that they have the same MAC addr as the first (If you are unfortunate to use Win98, that's what the "Network address" in the advanced properties of your network adapter is), and everyone is happy.
Back in boarding school (a few years ago), they used to have a utility to map NIC addr's to locations (this was Netware, it was a filter for one of the user listing utilities), and had various rules about visitation between sexes. So to not get caught checking my email in a friends room, where that friend was of the opposite sex, used to change the NIC addr of their card to the one in my room, and voila!, now everyone thinks i'm still in my room.
So MAC addr's are not a good identifier, since i can be you easily.
There is a big difference between being able to turn something on and off, and being able to impersonate someone.
Not that any form of single ID number doesn't suck.
.. through DHCP, which most net endusers/consumers connect through.
can't track marketing data on an ip that changes users 3 times a day.
( Thank God )
But the NSA/CIA/FBI/unnamed doesn't care about
what software I use and where I get it from (at least they don't bother me about it). An over-zealous software co. most likely will.
I definately agree. If the spin on this story doesn't make a total 180, I'm surely getting AMD inside next time!!
It's the only way we can get these suits to listen, SPEAK TO THE BOTTOM LINE!!
The PSN can't really be used for anything more than unreliable authentication. It really won't be useful for ecommerce, security, or user ident. And as for turning it off, I'm sure windows will contain some neat-o checkbox in some control panel somewhere, that will allow users to turn it off at boot EVERY TIME. As for linux, someone will come up with something that can be run during init to shut it off, or maybe it'll be a compilable kernel option. My point is, don't worry about it.
PSNs, man. They're _SO_ establishment.
Still having problems logging on with lynx,
sKroz
No it's not harmless I'm afraid
1. How about software that requires you to have PIN turned on, during installation at least?
2. Software that turns PIN without asking.
3. This is one more thing in a Crackers arsenal
4. Even if it's unreliable we should be concerned,
M-O-D-E-M
Can you name a single service or item that you can buy online that you absolutely cannot buy offline? Anonymously? With cash? Despite what you hear in the media every day, you don't HAVE to jump on the digital bandwagon and start living your entire life online.
No it's not harmless I'm afraid
1. How about software that requires you to have PIN turned on, during installation at least?
2. Software that turns on PIN without asking.
3. This is one more thing in a Crackers arsenal
4. Even if it's unreliable we should be concerned,
a cracker assuming the identies of others, (is this really so far-fetched?)
5. The list could grow or shrink depending on how
this is implemented...
This is not paranoia, there is definately reason
for concern!!
On many cards you change your ethernet address, I know this because I work on cable modem development. Also, the MAC address is only useful from the PC to the router, it's actually the IP address that determines routing. Another note: there is no standard way for software to access your MAC address and in some instances it's not even possible (depending on manufacturer). It's really not in the same league.
Think along these lines: You order the software straight from Microsoft or from a special authorized distributor and you give them your CPUID (and all of you other personal info) in the order. Then they send you a slightly customized version that only works for your CPU. It still seems that there would be some place for a small software patch that will allow software crackers to authorize the software for any CPUID. But that's where cryptographic checksums and whatnot come into play. At any rate, it WILL open whole new areas of opportunity for the people who write software cracks. As always, the copy protection scheme will have the greatest impact on the legitimate enduser, rather than the pirates.
are limp. Anyone have a useful feedback address? There's gotta be at least one Intel staffer reading this, who do we send our warmest wishes to?
Duh hello dont you think the programmers wil think of that and make the program verify that the number is for the cpu you are using......
helllooo anyone home!
They will sell to you if you don't have the "ID Inside". If they won't, there will be plenty of others who will!
You are all hopelessly clueless..
I'm not even going to lower myself and help you out.
"Random IP Addresses"
Haha
Get a TCP/IP book.
What about the people with static IP's?
Yeah....so what happens when Microsoft builds the ability to read the CPU # into Internet Explorer? How would you feel then?????????
I haven't used BeOS yet but I know it is multi-processor capable right out of the box.
The PSN issue may give it a boost. Instead of buying the latest Intel chips with the PSN,
savvy users could build fast systems with multiple pre-PSN Intel processors. A machine with
dual or quad 450MHz processors and BeOS will be the most powerful PC available
for some time to come.
I don't know IPv6 well enough to comment. However, 4 bytes simply is not large enough for an address although I didn't know that the MAC address HAD to be used as part of the IP address; this seems to be counter intuitive since IP by design isn't necessarily tied to any hardware type and I sort of doubt they've changed this fundamental requirement although I don't know for sure. 10 digits isn't enough for a phone either.
I think you are referencing a convention, not a requirement.
I'm sure many people poo-pooed the idea that using
your Social Security Number for identification purposes could lead to problems. "Oh, you're just being paranoid, give 'em the number", they would say. Now there are plenty of documented cases of people getting screwed with "the number", as well as cradle-to-grave tracking via "the number". Nope, no problem here...
My point is do you honestly think Intel would be
stupid enough to do what all you paranoid people think they are going to do? They would be signing their own death warrant.
Intel is not going to get any info from this ID.
They are empowering people with one more thing
to secure their computer with.
This thing is just like a static IP address, and
those are used all over the web for verification,
prevention of double-posting, double-voting, and
yes even tracking users for ads. So how exactly is
this ID any different? Oh, wow they know I've got
a Pentium III now... so what?
-thomas
Your MAC address is only visible to things on the same ethernet as you (or same token ring if you are on a token ring network, etc).
Did you perhaps mean to say that we are trackable by IP address? That's closer to true, especially for those of us who have real full time Internet connections with static IP addresses or dynamic addresses that only actually change when a cable company renumbers their subnets, but most people are still using dialup, where they have a different address each time.
--Tim Smith
I am not buying or using it anyway, not much different for me. As long as AMD is not doing that.
As there are many apps available for SGI/MIPS with extremely high dollar value, MIPS started using this feature long ago to enforce software licenses.
I thought you might be bright enough to figure this out, but it's a fucking laptop.
They are PCMCIA cards.
So only one is active at any given time.
I'm not stupid. geez.
(Don't ask why i have 5 pcmcia network cards, i get them free, and i can only use some of them in certain places depending on whether the hub is 100mbps or not)
I thought you might be bright enough to figure this out, but only one is active at any given time.
They are PCMCIA cards.
I'm not stupid. geez.
(Don't ask why i have 5 pcmcia network cards, i get them free, and i can only use some of them in certain places depending on whether the hub is 100mbps or not. I also get a lot of 3com beta hardware)
Has anyone seen what access level you need to activate/disactivate this "feature" - I would be most upset if linux user mode processes could reactivate the cpu id, that would make a system wide deactivation meaningless.
This is something completely different. It would be like GM putting a transponder into every car that they make so that they can track every place that you drive.
The US government is already proposing that auto makers be required to put a transponder into every car (and even floating a trail balloon of requiring retrofit of existing cars) as part of OBD-III (On Board Diagnostics III -- part of automobile emissions systems). The excuse is that signals provided by ODB-III will be used only to track emissions violations via roadside mounted monitoring stations, however it is highly likely that other agencies will find a way to tap into this system to track people (using the old "war on drugs excuse no doubt). It is also likely that any such system will make it easy for anyone with a small bit of knowledge and some radio gear will be able to tail people (such as private detectives, deranged stalkers, etc).
It's my own damned business where I drive.
Tell that to the government. They think it is their business. Furthermore, they don't seem to care who else can get into it. Be afraid, very afraid.
If something like that instruction could be accessed by ordinary users (especially considering that it's an instruction that makes a change in the state of the machine for everyone), you have a serious operating system design flaw. Such an instruction as the one used to obtain the serial number should be trapped by the kernel and the process issuing it sent a SIGSEGV; then we don't even have to deal with the instruction to disable it, although I'd prefer to have the kernel set up both of these means of security at boot time just to be safe.
Of course, I'm not going to have to deal with this, considering that I built what's likely to be my last x86 system over three years ago, but nonetheless it needs to be addressed for the sake of the novices intel is trying to take advantage of...
- RF (dfelker@cnu.edu)
I have sent the text below in email to intel and to my friends. If you want feel free to copy and send it out. Spread the word.
===============
Dear Sirs,
I am now boycotting your products and will advise my friends and colleagues to do so as well until you announce that you will NOT include the "PSN" feature in your Pentium III chips or any other processors. This web site: http://www.junkbusters.com/ht/en/intel.html I belive adequately covers my feelings in this regard. I am intending on purchasing a new PC in the next 2 months and your position on this issue will definitely affect my decision.
Sincerely,
Jason Sallay
=============================================
To Recipient,
I ask that you check out the webpage listed above. If you agree with the boycott please forward this email to any of your friends you feel would be concerned with this issue as well as an address at Intel such as: postmaster@intel.com or info@intel.com If you are aware of any other email addresses for Intel, please feel free to add them here:
Please add your name and any comments about the issue below mine when sending this. I would also ask that you delete the "To Recipient," section before sending this message to Intel. Together, we can make a difference.
Thank you.
eh hehe gooe one.
let me grab a handful of 300A first before we talk about their stupid pentIII.
for all you cynics out there, boycotts work. just look at what happened to the tuna industry. also, tell cesar chavez that boycotts don't work and he'd laugh in your face (if he were still alive today). it's just a matter of letting them know you're boycotting them. send a copy of the receipt of their competitor and a letter telling them why you bought their competitor's product instead of theirs and they will be kissing your ass for months. believe me, i've done it.
...code the stupid ecommerce sites or whatever, not your operating system or browser, both of which should have source available and both of which should be developed by people who are not your enemies but your allies.
Sheesh, the stupidity of running untrusted code...
- RF (dfelker@cnu.edu)
One command for ya:
:p
ipchains -P forward MASQ
Do that on a few thousand high-bandwidth machines, and see anyone try to track users by ip...
- RF (dfelker@cnu.edu)
Low-level IO to the NIC is not available to user-level apps.
- RF (dfelker@cnu.edu)
When I connect to my ISP it assigns me an IP address that is effectively random from the list of IP addresses that my ISP has been assigned. This way the same IP address can be used for a large number of different users at different times. Ths ISP only needs to have 1 IP address for the 5000 (ish) modems rather than 500000 IP addresses (1 for eash user) This is certainly common in Europe.
I don't think so! It only runs as root; user-level apps have no way of getting serial numbers like that... Unless there's a kernel flaw I don't know about that lets it give out the serial number to user-level processes through /proc or something...
- RF (dfelker@cnu.edu)
An aside to all this privacy stuff - :o)
hey, they stole the bbdb icon!
http://epic.org/
http://www.jwz.org/bbdb/
I guess this was just epic using it as a one-off
but the icon merited a whole paragraph in the
wired & AP articles. Dont they use emacs
for mail???
My friend, software has been tied to hardware for many, many years. Try using any high end CAD package, like Pro/Engineer (or just about any package from PTC, for that matter.)
Changing a license over to a new hostid is as easy as sending an email, fax, or making a phone call.
Bad argument.
The average cop doesn't know how to turn on a computer, much less figure out the processor type and run the correct program to extract the PSN. The ONLY way to find a stolen CPU would be to gather the PSN of every CPU on the net, find the stolen ones, track down their IP's, POP's, and phone #'s, etc., and dispatch carloads of FBI agents to round up the users.
Some types of theft might be trackable, but identification of stolen property is much easier with a normal printed serial number. Lots of other products seem to work fine with simple engraved serial numbers.
Intel bows to pressure. The ID will be released
inactive. Anyone have details? Can software turn it on?
Announcing the Intel 80666, this amazing processor
has a unique number built right into each
individual chip. It will run at a blazing 1984mhz.
According to spokesperson Ann Tichrist, "We are
very proud of our achievement, we have been
working to get faster and faster clock speeds.
First it was 33mhz, then 66mhz, 166mhz, and
450mhz. We've finally achieved 1984."
Government officials are equally pleased at this
development, an unnamed spokesman from the Bureau
of Enterprise And Systems Technologies (BEAST)
predicted, "The wearable versions of this
technology are something we've long been waiting
for. This device is almost a perfect fit for
wearable computers. I predict that subcutaneous
deployment of the '666 in either the hand or the
forehead is imminent.
Many sites track your ass using cookies.
Althouth since it's client side only we can easily fake it.
Just gimme Bill Gates' CPUID, a quick kernel hack, and voila. Yes, I'll take 50 pink Porsches please.
Don't forget, just like software companies tried to use hard drive serial numbers, volume numbers, ethernet card MAC's they will probably try to use CPU serial numbers - see http://www.cpureview.com/art_is.html for an article on how it could be used for copy protection.
:-)
All I can say it they do this, AMD & Cyrix & IDT & Rise stock (and later Transmeta) will be good buys
--------- Webmaster, http://www.cpureview.com and
It's about authentication. Intel doesn't give a damn where you've been so long as they can set up a tollbooth which only Intel Pentium IIIs (not Cyrix, not AMD, not even Celerons!) can pass.
If you _have_ to have a PIII to get in, maybe they will sell them.
A later story seems to be saying they're backing down- fair enough, but this was never about privacy, it is about setting up an Intel Tollbooth. And why would people go along with that? Ask why the Dilbert website has a 'PII-required' Comic Explorer. Intel are quite ready to pay off people to do this sort of thing, and with a chip ID (it's really only saying 'this is a PIII!') they had a plan that would actually have forced people to not buy celerons and PPCs and what have you.
Posted by lnc:
Since you are all on the net, you are already trackable via the MAC address on your etherenet card. A number that is guaranteed unique anywhere. Are you going to boycott 3COM too?
Posted by Lord Kano-The Gangster Of Love:
Intel Processors already have serial numbers etched into them. This is something completely different. It would be like GM putting a transponder into every car that they make so that they can track every place that you drive.
It's my own damned business where I drive.
It's my own damned business which web sites I go to. What happenes if I buy a used machine and it's former own used to DL kiddie porn or pirate software, or sent a death threat to the president? I'll have the same processor, will that get me a visit from my local feds? (not a pleasant experience, trust me)
Does GE put a little camera & transmitter into my refrigerator so that they can tell how much food I have, how often I eat, or if I posess more beer than they think is necessary?
It's my own damned business how much beer I have.
Our privacy is too important to just lie down and hand it over to anyone. Every day I become more and more happy that I use Macs as well as Wintel.
While we're at it, let's have all newborns implanted with camera's & microphones. After all it's no big deal. If they're not doing anything wrong what difference will it make? It'll allow us to find out who is committing all of the unsolved crimes. In a generation we will be able to weed out ALL of the criminals. So that the peaceable will be safer from them.
This is where this type of thinking is headed. If you give an inch, they take a light year.
LK
Posted by Lord Kano-The Gangster Of Love:
So what if they're rounding up the Jews? Of course they're just expatrioting them. What do you mean death camp? You're paranoid.
It's this type of apathy that has lead to every great transgression of human rights, in this case however it's privacy.
With this technology as a viable option how long do you think it'll be until web sites of ALL types require the ID mechanism to be turned on before you can access them? How many web sites require you to enable cookies?
How long before computers come qith thumb print scanners or retinal scanners just to make sure you are who you say you are.
What do you mean you don't want one? You must be planning to do something illegal then.
Wake up.
LK
Posted by Lord Kano-The Gangster Of Love:
You mean the way that sites *have to ask* if they can set cookies on your machine? 90% of people buying new computers are morons who are just keeping up with the Jones'.
These people don't know what an "autoexec.bat" or an "INIT" is. You really expect these people to be able to enable or disable PSN checks?
We're talking about assholes who send in checks to ISPs payable to "the internet".
LK
Posted by Lord Kano-The Gangster Of Love:
Have you ever tried to use Yahoo Mail, or any M$ site without cookies enabled?
It's not possible. When it's possible to collect HUGE amounts of marketting date and SELL IT how long do you think it'll be until you can't use the internet without it.
AST has been building a unique code into the BIOS of their machines and a way to monitor their connections to the internet for over a year. Image what will happen when every PC has that capability.
LK
This one-user-per-PC myth is the sort of thing MS's networking 'solutions' have been promoting for ages. (Anyone who has tried to set up Samba in a secure fashion knows what I mean.)
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
What about people who don't use an Intel PC? Will they be shunned for not submitting to the monopoly, because they lack the ID? Will cloners like AMD end up being forced to implement the IDs as well so as to not cut off their users from those sites? Will there be ID clashes between AMD, Cyrix, and Intel using the same ID numbers? (Intel certainly wouldn't want to divvy up the numberspace for the benefit of their competitors.)
How will software transmit this ID information to other sites? Can you be easily defamed by someone else spoofing your ID and engaging in illicit activity?
The problem here is not that the ID exists, but that it is intended to be used in an insecure, unreliable way by people who are going to falsely assume it is accurate and reliable. Good people will be hurt by this, and anyone not using an Intel-branded CPU will be assumed to be an evil little criminal by the software because they won't have the proper ID.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
I can tell you this: I will not buy a Pentium III if it has this crap.
Hey, Intel: You want a serial number? Stamp it on the outside.
I can tell you this: I will not buy a Pentium III if it has this crap.
Hey, Intel: You want a serial number? Stamp it on the outside.
And this is nothing whatsoever like cookies.
I made a banner at DaBuzz.net that anyone can use (steal) if they want.
Enjoy.
If you can read this message, your threshold is too low.
1. Who are you trying to kid? It's turned on by default and even though you can turn it off, it gets turned back on every time you reboot.
2. Yeah, they probably worked that stuff out well in advance.
3. Not necessarily, but it is definitely possible. Intel may even push for this because it might require you to leave the PSN feature turned on in order to use software that requires it. Nobody cares about high end Unix stuff because it's not mass-market.
4. Shrug. They'll work this out too.
5. It's more than a few thousand geeks that are overclocking. Even mainstream PC magazines tell you how to overclock in 3 easy steps. I don't think tracking it would help Intel much except to let them know how widespread it is and decide if it's worth it to them to devote resources to making the chips un-overclockable.
It's not FUD. There are legitimate concerns here. You are ignorant if you think something like this won't be abused to the fullest extent possible by people seeking money. It won't just be e-commerce sites tracking you. It will be every idiot and company with a web site who hope to earn some cash by selling your browsing habits to anyone who will pay.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
This struck me as paranoid conspiracy theory at first, but it looks like it's true. Seems though that it's just being proposed in California however. I have a feeling that if something like this actually gets implemented someone is going to make a lot of money selling devices that transmit static at whatever frequency these things use.
This shit is so old it stinks. Another example of Intel finally catching up to what's been out for YEARS (er, decades).
I was going to setup a new Intel box, but the hell with 'em. I bought an SGI instaed, and my next computer will be a Sun or Sparc based...
As for the SGI I bought, it's MIPS powered, thank you... :)
My next computer is probably going to be a G3 for other reasons, but this pretty much seals it shut.
;)
I realised that the only things keeping me from doing it sooner was my own hardware bias which I have no excuse for (as a former Amiga owner) and worrying where LinuxPPC would go. At this point I'm looking at my options and I've pre-ordered LinuxPPC 5.0 with a T-Shirt
Honestly I have no good reason to fund the Intel/Microsoft crap-factory anymore... Anything I can or want to do on any platform I can pretty much do in Linux, on a PPC, and if not on the tiny MacOS partition I have planned.
If anyone has any valid arguments against this plan that DON'T have to do with the ammount of software available for PPC, please pass them along as I'd like to hear them.
-- The unsig...
Actually most disk drives have had a software viewable serial number for over 8 years. Both of my seagate IDE disk drives have a serial number that hdparm can view. One disk is from 1991, and the other one is from 1994.
Hal Duston
Perhaps, but I cannot see how the CPU is going to broadcast the serial number all over the place ALL BY ITSELF. My CPU doesn't even know if I have a modem, NIC or anything else, it only knows about memory and interrupt controllers. In otherwords, it will need help from the software. Even if some sites will not let you in without a serial number, if you are using linux or probably even free mozilla, you cannot be prevented from LYING about the number and the CPU will not have to be altered. The only way this would ever work, would be for the DOJ to mandate the use of Windows, AND forbid the use of free mozilla. I don't see that happening.
It seems to me that this thing is super unreliable. What happens if someone makes a little app that gives out the wrong number over the web? With Mozilla being free now, I'm sure someone could alter it quite easily to give out a fake number.
The fact that it is unreliable is a cause for serious concern even among those who are not concerned about their actions being tracked. If some unscrupulious type running a website gets hold of your number, he could use it for some real bad stuff.
Putting a unique ID in each chip is not such a bad idea, but I don't think Intel should be pushing this as some form of identification. It should only be used as a means of identifying the authenticity of your chip as well as finding stolen/remarked chips.
If i want to verify my ID, I'll use a PGP.
--
-- Knowledge shared is power lost. -- Aleister Crowley
Harken back before the days of the Celeron 300A, and send ye mind to the age of the first of the Celeron Fiefs. It was an age of darkness for Ye Olde Processor Lords, for one need search far and wide for a townsfolk that had not heard from the Town Berst about the Daemon of L2 Castration that had possessed the Meadows of Celeron. YEOM(Ye Olde, etceterth) tapped its vast reserves of marketing and engineering black magicks, and slayed the Daemon mightily, but prophecy would fortell of another, more sinister creature, summoned once again by the misguided lords...a creature so hideous that even one of Kings Men would demand on behalf of the lowly serfs that this creature be sent to the silicon bit bucket from whence it came. The time hath come once again, Fellow Slashers of the Order Dot, for us to stand as an army of Knightly Geeks against those Daemons that would possess the identities of all it touched. Tis the Celeron Effect that has once again plagued the conjurers of Intel, and as we have done once, we must again do battle to save the land.
[I need to sleep more. I need to sleep more. I need to sleep more.]
Once you pull the pin, Mr. Grenade is no longer your friend.
Besides, many people on the internet don't even have ethernet cards. Ever heard of modems?
I don't need to comment on why Intel CPU ID is bad--see Anne Observer's comments below
I cannot see the impact other people do. A PSN is not worse than the 48 Bit Ethernet adresses that every network cards has. When you are using HTTP, no one can read your PSN (or Ethernet address) unless you allow him to execute native code on your computer. Before a browser sends your PSN to a server, it has to ask you. It's the same thing like sending your email address.
What's so great about PSN is that is prohibits software theft. I don't like closed-source software, but I also hate pirated software, because it really hurts software developers (and I am one of them). And when people suddenly really have to pay for their software, they will start to use more free software.
So we would have the option of disabling it. But, how would I know there is not some kind of hidden back door to reactivate it? Should I take Intel's word on privacy? Didn't Microsoft do something like this to Ceaser's Palace with an SPA raid a few years back?
I can just picture some warez user or some executive opening an trojaned email. An exploit written by insiders to bypass the chip's protection and sneak the ID out onto the ethernet.
Those who say that the Pentium III will catch on anyway are correct. Just wait until the first big privacy screw-up and people find out that the only way to be safe is to use code you can inspect yourself...
- The problem is that Intel plans to make the computer broadcast these serial numbers over the internet.
It's comments like this that are making me start to wonder how much a lot of people who read slashdot really know about computers!Intel makes CPUs. They don't make a single operating system or any network software that I'm aware of. How, exactly, is Intel going to "broadcast" my serial number over the Internet without any assitance from Linux, my software, or my corporate firewall, for that matter?
When you get a new computer to replace the one that was stolen, you are going to find your software or your ISP does not work unless you mail the police report about your stolen computer (including it's ID) and your new computers ID to the software company. Then it is rather trivial for the databases to move the information from the old ID to the new one.
I believe the PID will be far more reliable than the SSN. Sometimes people mistype the SSN...
No, it's immensly trivial. To run your new copy of MSQuicken you have to register at the MS web site. This will pop up a form for your name, address, phone number, where you bought the software, who recommended it, your hobbies, and all that. Most likely you dont *have* to fill it in but I figure a lot of people will. Submitting of the form will also transmit your CPU ID, and it will send back a cookie with a encrypted version of your cpu id (and perhaps everything you typed into the form encrypted as well).
MSQuicken will read the cookie file (I don't think they will even bother to put it somewhere else!) and decrypt it and refuse to run unless it results in the same CPU ID as the machine.
And the end user will be happy because their 1040 form comes up already filled in with their name and SSN and perhaps even their income...
Oh, so this is just like my refirgerator: I can't use it unless I send the serial number to Kenmore and keep them updated on what food I have 'installed'.
The wheel is turning but the hamster is dead.
The wheel is turning, but the hamster is dead.
ok - so now are computers have an extra id tag..
all dells and compaqs come with S/N - this is no different..
What I don't understand is, why are so many linux users complaining? If the kernel adds an API function for it, then we can use it for our own systems management - at the same time it could be a kernel config option. If a rogue program trys to access it through i/o means - oh well - thats what you get for running pre-compiled bins.
even in the event that microsoft and linux both give full access to this number, if the browser doesn't allow it to be transfered - you are still safe.. again the only problem being that some rogue program may transfer the number to some site without consent - but again, thats what you get...
Marques Johansson
That's fine if you never buy anything over the internet. Make just one purchase and your CPU ID will be tied to your credit card number which is tied to your name, SSN, etc. Companies buy marketing lists all the time. It's very easy to buy a bunch of lists with CPU IDs, names, and SSNs in them and match up lists from various sources to build a comprehensive picture of your activities. If you don't mind that any minimum wage clerk in any marketing company can pull up a list of all your web interests and activities then go ahead an broadcast. I'd also suggest you stop wasting money on envelopes for snail mail and cc your email to a few global mailing lists.
Data warehousing is not a small privacy problem. Economic incentives for commercial entities to know every aspect of consumers, and share that information with other commercial entities, are strong. The problem this "feature" creates is that it provides an easily-used, hard to avoid means of identifying individuals over the 'net.
I think the thermal random number generator is a neat idea. The processor serial number is a disaster, by contrast.
Kythe
(Remove "x"'s from
Kythe
As people don't tend to buy new computers daily (or even monthly), the PSN will effectively be tied to you, the person, as well.
Kythe
(Remove "x"'s from
Kythe
Why do I believe this? Simple -- companies are motivated by economic incentives. The incentives of massive "know your customer" programs are too good to pass up.
Kythe
(Remove "x"'s from
Kythe
How often do you buy a new processor?
Kythe
(Remove "x"'s from
Kythe
But unless the OS or some boot program does it automatically, most people probably won't.
Why do you think Internet Explorer has gained so much market share? Because of high program quality? I'd submit it's because most people running Windows don't bother to install anything else. Same situation, IMHO. Noone forces you to use it. But the average soul either doesn't know enough not to, or simply doesn't want to be troubled to make the change.
Kythe
(Remove "x"'s from
Kythe
this is insane. at best, it's a copy protection device (good). people who support free software should loudly praise, promote, and support intel's psn. why? simple:
/dev/cmos may be a step towards solving it. at the very least it should be simple enough to write a util to skim executables that have a PSN extraction code (unless it's cleverly hidden in data segments of the like).
1. it really doesn't affect free software, it's not useful since free software doesn't need a per-processor license.
2. it does affect closed software. it helps enforce their licensing schemes. If companies had to pay the full amount for their Microsoft Office software, maybe they'd look around for alternatives.
look kids, i really doubt the free version of mozilla will spew PSN's to every web site that requests it. i suspect the Linux kernel will either have a way to disable it, munge it, or warn that it exists. the new
PSN's help free software in my mind. it's just one more bit of advocacy for linux and the *bsd's. free software offers platform independence, and it offers the ability to not let companies leak info about you.
so go intel. implement a psn just like sparc's and other workstation class cpu's have done before you. make deals with companies who think they'll get more demographic info. and then let eric raymond, robert young, netscape/mozilla, and all the others involved in free (and open) software explain to the people that their privacy is still quite safe. with linux/*bsd.
US Citizen living abroad? Register to vote!
Since when did your disk drive serial numbers get broadcast over the net, eh?
--- "The problem is not that the world is full of fools, it's that lightning isn't being distributed correctly." -- Mar
Getting some national exposure already - whatever the outcome, I'm glad to see that the issue has been raised in the traditional press as well...
How do you know that some Java applet wont be able to grab the CPU id from your computer? Im not sure how insulated Java is from the hardware, but maybe someone will be able to do that.
just a thought.
And I don't care too much about Winblows lusers.
People that use OSS, GNU and Linux are in
complete control of what their system is
sending over the Internet. Therefore it's not
a problem for them.
Linux would actually benefit from such a
move by Intel, since we can impose FUD tactics
on Microsoft - anybody can look into Linux
sources, would Bill Gates allow that for his
sh*t?
Vassili Leonov
No one is doubting that serial number on chips might reduce theft - the transmission of that number on the other hand, is a clear provacy risk.
This and the various incarnations of the CDA, it appears we are entering a age of surveillance. What isn't clear is who is watching, why they are watching, or how the watchers are governed and held accountable.
In the past I would have written off privacy advocates and users of PGP as slightly paranoid. I no longer do. The tragedy is that most common users have no idea that this is taking place, and cannot take the appropriate measures to counter the increasing surveillance of their private lives.
I hear the Pentium III being mentioned; anyone know about lower-generation chips like the Pentium II? Furthermore, does anyone know whether AMD or IBM will include this "feature" in their chips?
Finding God in a Dog
now, we also have to understand, that the world is not only made of techies, and that it's a nice thing when the non-nerds can have privacy too... so it's a good thing to oppose things that would make the average user easier to track. the ID won't be magically transmitted, but if some future version of windoze+IE sends it by default, much damage is done.
i find /. works just great with lynx... I'm running 2.8.1 with a couple patches that shouldn't make a difference for this. it's so much faster than netscape at displaying the /. pages that it's scary. in fact, I'll read /. with lynx even when I'm running X and already have a netscape running.
you don't seem to get the fact that there are different perspectives on these things. cookies, javascript and DHTML are GREAT for the programmer of web-based applications. they let you do many things more easily, more quickly, etc. the problem is that, from the point of view of the consumer who does not trust all the sites he goes to, these things can also be abused, using cookies to track your viewing habits in detail, or javascript to open more browser windows on their site or with ads or whatever, or making it hard to leave their site. this is the basic design problem that these technologies have: they get the trust model completely wrong, by assuming that you trust the content provider to "do the right thing", when in practice you know that many won't. if you need to trust a site just to see it, something is very, very screwed up.
1. Most BigCorps want as much info on you as they can get. I think this'll count. They won't _require_ it but they'll gladly accept it.
2. My belief is MS already has the hooks for this built in to their bugware.
3. Yes you are. You already admitted as much by talking about high-end Unix stuff. Oh yeah, high-end - vertical markets tend to support much higher costs since they don't have the volume. And with high-end s/w you have support contracts that require turn-arounds for new licence numbers in real-time (read: a phone call). This can only happen with lower-volume sales.
4. Who indeed?
5. When people talk about "catching overclockers" they mean the folks who _sell_ 300Mhz o/c'ed chips running at 400Mhz, at 400Mhz prices. Not Joe Geek sitting in his basement with the fire extinguisher handy.
Why is it that many people who claim to support standards have such atrocious spelling and grammar?
1. Only an option if you know how. Or even that you can.
2. So what?
3. Dongles don't tie to a particular machine, they tie to a particular dongle. Move the dongle to a new machine, hey presto the software still works. Buy a new CPU? Hey presto the software still works. Buy a new dongle = buying a new copy of the software anyway.
4. Omitted since nothing new has been said.
5. What you've seen is irrelevant, since who Intel say they want to catch are the unethical resellers. If their intent was to catch overclocking geeks, unless the CPU broadcasts its speed AS WELL AS ITS ID, the scheme is hardly going to work, now is it? However since they have also said they won't be keeping a database of ID vs Speed, this whole point is moot.
Why is it that many people who claim to support standards have such atrocious spelling and grammar?
Once again, someone hits a hot button issue, and everyone gets blinded to the realities of the proposal.
People, we should really be much more concerned with the SID in NT. Now, there's a unique ID that can get tied to you, and there's no way to change it without mucking up alot of your NT domain stuff. Then again, considering how often I re-install NT, maybe it's not such a problem.
Wake Up People! The problem isn't the hardware folks, it's the software folks. One of the big advantages of Open Source is that we can see what the programmers are doing - them proprietary folks can pull any high-jinks they want, since we can't see (well, I do hate binary crawling...).
This whole thing is just an Intel marketing fuckup. they're implimenting a feature that really isn't too useful, and doing a lousy job of thinking up reasons it should be useful. Bad Intel PR, Bad Intel PR, go get yourself another job.
There are always four sides to every story: your side, their side, the truth, and what really happened.
Folks,
I hate to break out the bad news, but Intel's biggest rival--AMD--is also seriously considering implementing serial ID's on their CPU's. Don't be surprised if the upcoming K6-3 and K7 CPU's have a similar coding scheme.
Now how will the privacy groups react if both Intel and AMD are putting on such serial numbers?
Raymond in Mountain View, CA
But some ECommerce sites already make their pages only available if you use cookies, frames, IE4 or netscape. I don't know WHY they close their doors to potential customers, but they DO.
And what's to keep CDA v.3 of requiring all sites that offer "adult information" (i.e. anything other than Sesame Street) to keep and track CPU ids ("to protect the children").
3. Licensing software to a particular CPU is just stupid....what happens when you upgrade? You have to get a new licence.... HOW ANNOYING
Annoying to us, yes. Profitable to them? For sure. MicroSoft will be an early adopter and yes, if you upgrade your CPU, they will want you to buy a new license. From my reading of the EULA in recent days, it seems that MicroSoft already requires that you buy a new "license" if you upgrade your computer. They haven't been able to enforce that yet, but I'm sure they'd love to. They might even make a "cpu-upgrade license" package available for the low-low cost of $50.
-- Don't Tase me, bro!
This is quite correct. The SSN was originally developed for the sole purpose of distributing social security benefits. The Privacy Act of 1974 (a misnomer if I've ever seen one) was designed to govern the use of the SSN by other government agencies as well. Today, it's used by any number of entities as a means of identification, including credit bureaus, insurance companies, hospitals and doctors' offices, schools, etc. If people are skeptical about just what can happen, check out this site, which exists for the sole purpose of providing information about people. Since there doesn't seem to be any laws protecting citizens against the use of their personal information as a commodity, tracking a user's processor ID will add but one more means of invasion.
There's also an interesting article in this month's issue of Scientific American that compares the laws passed by European nations (the European privacy directive), with what (little) is in place to protect Americans. Ironically, some very big names (America Online, Bank of America, Bell Atlantic, IBM, EDS, Equifax, and Direct Marketing Association) all oppose specific legislation to protect the use of personal information (and why not - they've got a lot to lose). The whole notion of an embedded processor ID just raises the stakes a little higher.
here
It seems from reading about PSNs that Intel is marketing this as a security "feature". Ok, maybe it will help with authentication on some level (the masses that never bother with such anal details as this), but the more I think about it the more I realize, there are no security benifits. From what I understand, the CPU will be sending PSNs across the network, but what is there to keep me from spoofing a PSN? There has to be some low level driver that sends the PSN across the databus to the network device (modem, NIC, etc). So couldn't someone write their own driver that creates a false PSN? Or maybe the PSN is only accessed by a special instruction (as if x86 didn't have enough already!) or memory location. If this is the case, then it is even more insecure as the former because any user application could be written to create it's own PSN (ie you could hack mozilla). So really I don't see how this is going to improve anything. If you ask me, the whole thing smells of a copy protection scheme - a company could create an install program that grabbed the PSN, send that PSN to their web server along with the users name and credit info (the product would be purchased over the net), the web server would use the PSN and the users registration info to create a digital sig. and it would send this sig. back to the install script. Then, every time the program starts, it compairs the sig. with the PSN to make sure the program is not pirated. If an illegal copy shows up on the net (allong with the sig that is required to run), its a simple matter of looking that sig. up in the database and pressing charges.
\forall code \in C, \frac{\Delta readability(code)}{\Delta t} < 0
It seems to me that you are still requiring the software to report the proper CPU identification number. One thing that people are worried about is the ID number being given out to random pages for tracking purposes. Couldn't you build a page to ask for the ID numbers, then cashe those numbers in a file that can be downloaded and used by modified browsers and such to hand out while browsing the web?
Once you get a persons ID number, you would technically be that person to all the web pages you visited, and there would be virtually no way to track you down. Any server side software designed to defeat this would have to be made public, or even if it wasn't people would still get ahold of it, and cracked. It seems to me that a software program that can update the key and is specific to each users would be worth alot more security wise then a hard coded number that cannot be changed.
Oh yea, what happens when you sell the machine?
I seen a lot of talk and speculation as to whether or not this is a legitimate privacy concern, whether or not it will help the SPA/BSA combat piracy, if it could force identification in e-commerce...
But when is it ever a direct benefit to the consumer?
I've come up with no examples of how this would provide a unique benefit to the end user not available via any other (less compromising) means.
Nor have I seen anyone else cite any examples. Are people skeptical? Hell yes. And why not? "Hi, we're going to track everything you do on the net, and provide no discernable benefit to you for doing so. Have a nice day!"
Don't tell me about turning it off. Tell me why I, the consumer and end user, would ever want it on. Unless it provides a benefit that can't otherwise be made available, then it will never be seen as anything but a tool of surveillance.
Guess what, people don't like having anyone, including website operators of every stripe, looking over their shoulders any more than necessary. Without a clear benefit to consumers, it's in their natural interests to resist this.
I reject your proposition that the PSN makes a new and previously unattainable level of e-commerce security. There are two main flaws with this reasoning:
1) This identifies a machine, and not a user.
2) Superior means already exist, and they are less intrusive. PGP keys are already available and do a better job of identifying a user, as opposed to a machine. In addition, the key is part of a system that protects privacy, rather than skewering it by default.
>It might not matter to you, or a lot of other
>consumers, but corporations like security.
Bogus argument. Read the original message and it's title again. "When is this ever in the consumer's interest?" It is the consumers that are going to be footing the bill for this. How will it help them? What new and previously unavailable benefits will consumers be buying when they pay their own money to give up their privacy?
Your message has failed to illuminate anything previously unavailable that this sacrifice of privacy would provide to the people paying for it.
Don't think I'm attacking you. I'm challenging your arguments, not your character. Please take this message in that spirit.
I agree with your statement.
It will help opensource (and|or) free software.
This will be nice as people will be forced to buy copies for each CPU.
However I cannot understand how will a company enforce a software on a single CPU-ID only.
Not all copies of software are sold with the computer and the CD is burnt with the CPUID somewhere.
(They can't Microsoft refund action are in the way to stop it, hopefully they will)
If I decided one one day to buy Wincrash and I have used Linux before (unrational, I know),
then how can M$ make me use it on one CPU?
they dont know the CPUID and cant burn it on the CDROM after installation!
So I dont see the real use of it (except for our paranoid nightmares,
such as internet sites and software that requires you to send your CPUID)
If thats the case, OSS won't be helpful, because you will have to compile the CPUID modules/functions
if you want to connect to the internet security sites etc.)
---
I'm going to live forever, or die in the attempt.
1. Well, when the first 586 introduced, everybody said that it wont catch because an 486 is fast enough for home use. Today most software require 586, games require PII sometimes.
:-)
2. MS will, dont worry, its their cash, you know.
4. I think I do.
Microsoft liscence will enable you to use CPUs which you have paid for. that is, if you got 2 CPUs, you need to copies, if you bought only one, you will be able to use one CPU only. (per CPU license, its pretty obvious, no?)
5. They will make a feature that burns the CPU, sometimes the entire motherboard if you overclock.
Wait! they already did...
---
I'm going to live forever, or die in the attempt.
(By that I mean the IDing, not the boycot)
1. Software manafacturers and ECommerce sites will never be able to REQUIRE the use of the ID - there will still be computers around for many years to come that don't have the ID, and also many new CPUs that don't use IDs.
2. It will be a long time before software support is in place for this, at least for the OS (how long does it take M$ to add a new feature?), and even if it is included in Linux (which I doubt), anyone can modify it to remove/disable it. And for non-open source OSs and applications, I'm sure there will be plenty of hacks written. In the case of FLASH-updatable BIOSes, some may even be able to hack the BIOS to prevent it )(hey, it's been done with Creative DVD drives)
3. Licensing software to a particular CPU is just stupid....what happens when you upgrade? You have to get a new licence.... HOW ANNOYING
4. What if you have multiple CPUs? What ID do you use?
5. Using the ID to find out what your real CPU speed is to detect overclocking? What a poor excuse. Instead of embedding the ID number, they should just embed the correct speed value it's self. And also, maybe new motherboards could then detect the correct speed.
Surely if Intel allow people to disable this up until the next reboot then someone will just provide a freeware 'disable-psn-at-boot' utility which would install itself in the AUTOEXEC.BAT for Win/DOS types. Heck you could even put something in the MBR if you really wanted to be sure.
:)
I guess that some Windoze apps might insist that you have PSN on to work properly but if this happens I'm sure someone will find a way of faking it (have everyone appear to be Bill G. for example
Or am I missing something?
David.
the long term effect of hardcoding chips with so-called security features could reduce our precious anonymity in the future. why? because, each chip now becomes unique; thus, very trackable. imagine the government knowing the "random-noise" profile of each chip, and then, linking that with our email address, so that evey time we fire up ou computer online, they get a hit. eventually, they could figure out where we are at any given time, even on the road, because, the unique chip signature will tattle. this is intel + bigbrother.
The ones not requiring an ID may incur greater costs due to fraud (not that that's inhibiting any current e-commerce companies), but the ones that do require it will have to raise prices by a much greater factor because with fewer customers, they have to get more profit per unit.
What's wrong with you guys? Intel comes along and offers to shoot themselves in the foot to encourag the rapid adoption of OSS, and you criticize them for it! I say we do everything we can think to encourage Intel to proceed with this self-destructive behaviour! The greatest wound to the Wintel monster could turn out to be this self-inflicted one! This should appeal to all of you with a sense of irony and poetic justice. Beg them to ship processor IDs in ALL their processors, then start a campaign to remind people that "Big Brother Barrett is watching YOU!" Stand back, and watch Wintel sales plummet! Thank you, thank you, thank you, Intel, for sacrificing yourself for the greater good in order to speed Linux on it's way to Total World Domination!
;-)
"Freedom means freedom for everybody" -- Dick Cheney
hardware random seed
The random number generator is way cool, however, I doubt that anybody with a clue would use it just as a seed. The problem with software-generated "random" numbers is that they are NOT random, they are pseudo-random, and if you know the algorithm and current number, you can predict future numbers...
Also, I fail to see how adding a processor ID which can be easily spoofed adds appreciably to the security of my transactions. If this were true, sites would already be using the disk driver serial numbers, etc.
You've done nothing to demonstrate any real value to consumers of this "feature".
"Freedom means freedom for everybody" -- Dick Cheney
http://www.techserver.com/story/0,1643,11131-18983 -137390-0,00.html
"Freedom means freedom for everybody" -- Dick Cheney
"Why does everyone think Intel is going to get all of our info from this friggin ID?"
:)
That's easy -- because they can.
Given this extremely easy way of gathering demographics based on every type of computer usage related to the Internet, Intel folks (and maybe others that license their technology) will quickly jump at the ability to find out just what everyone owns and what they're doing with it, in order to make the Internet a "better place".
As for being paranoid, well, I for one will admit that I am on the healthy side of paranoia, yes -- but give me a reason why I shouldn't be in this age.
(of course, Intel will quickly find that the only thing their ID is causing is a massive upsurge in AMD chip sales...)
Green's Law of Debate: Anything is possible if you don't know what you're talking about.
Sure, how about this:
CPU: Intel Pentium III stepping 00
Kernel panic: unable to find suitable processor
:)
Green's Law of Debate: Anything is possible if you don't know what you're talking about.
> 2. It will be a long time before software support is in place for this, at least for the OS (how long does it take M$ to add a new feature?), and even if it is included in Linux (which I doubt)
hmm... this is a dubious assumption. How long do you think it would take to port FlexLM to Linux or NT? And, if a software company that already uses some sort of licensing key to unlock its software on other OS's, how long is it going to take for them to put that code -back in- the code theyve ported to OS's that dont support good ID scheme's?
> 3. Licensing software to a particular CPU is just stupid....what happens when you upgrade? You have to get a new licence.... HOW ANNOYING
Im just guessing here, but youved never worked in the world of commercial Unix (or mainframe, even) environments. If you did, youd know this was common practice. Hell, some software packages, such as Oracle, charge you licensing fees based on the NUMBER of CPU's and tie the license to a system ID. Move the aplication, relicense the software. Add or Subtract CPUs, relicense the software.
> 4. What if you have multiple CPUs? What ID do you use?
probably, you would use some equivalent of the output of `hostid` or `sysinfo` or `lmhostid` (these are just ones that come to mind).
> However I cannot understand how will a company enforce a software on a single CPU-ID only.
> Not all copies of software are sold with the computer and the CD is burnt with the CPUID somewhere. (They can't Microsoft refund action are in the way to stop it, hopefully they will)
> If I decided one one day to buy Wincrash and I have used Linux before (unrational, I know), then how can M$ make me use it on one CPU? they dont know the CPUID and cant burn it on the CDROM after installation!
hmmm... seems that it would be fairly easy to mass produce CDs that werent locked to a specific CPU at the factory, but upon install became so.
Simply embed some form of license database check function that relies on the presence of two keys/codes: one being the CPU-ID of the chip, the other being some form of mathematical complement of the CPU-ID issued by the software vendor. Upon receipt and installation of the vendor issued complement, an unlocking key is formed and the full featured OS is available. Until the full key is there, only functions minimally necessary to get that key installed are enabled.
and, as a check against crackers who figure out what the complement generating formula is, release the software in coded lots, such that each lot uses a slightly different algorithm to generate the functionaly license components.
such a scheme would also allow you to install the same media on multiple machines, and only have the vendor charge you on a 'per key' basis. you want to upgrade or move your instance of the OS, contact the vendor, and they generate you a new key (for a "small" fee, of course).
then again, im not a licensing expert, so this might be either impossible or impractical to implement.
-tom