Slashdot Mirror
Pentium III serial # soft-switchable
Juergen Kreileder was one of the many to write in about the Pentium III serial number. One of the authors over at Ct, Andreas Stiller, has succesfully written a piece of *software* that can switch the PIII's serial number on and off, not requiring the reboot that Intel formerly claimed it needed. This
piece of news is interesting in that I think I've lost count of the number of times that Intel's privacy strategy has changed now. BTW, Intel has confirmed that this feat works. I just wonder when people are going to realize that tracking individual computers is not the right way to do things.
Now it might be worth my money to get one of these evil devices...
Who the hell cares about rebooting over your serial number
I suggest that Intel keep the tracking. It is like a credit card number. As long as Intel does not sell the lists or anything, I'm fine with it. If you use a credit card for illigal purposes, you should be tracked and same with a computer.
Oh, grow up. Stop whining about the trivialities of life, and get some work done. As has been said before, this tracking thing has been done before, you just never realized it.
Many many times
They are still kicking around the idea. Sure have have their eye on this though.
This "feature" was put in at the request of large software developers, specifically M$. It is there to lock a software package to a CPU, as a lead up to renting/leasing software.
The privacy thing is just an extra added bonus for data-miners on the internet.
My bet is that intel will never remove this, nor will they ever live up to their promise to make it user controllable.
If it's soft switchable.. that means ANY random piece of software can switch it back on WITHOUT TELLING YOU. Not good, bad.. .privacy.. good.. this REALLY stinks.
Jarrod H
He supports SGI's, which have been doing similar things for quite some time now. I wish people would grow up. If you're not using silly software that makes use of this dubious feature (for, say copy protection, as has been done before), it's completely irreleviant (sp?) to you. And web sites can't "require" it without alieniating all the non-Intel cpu users in the world. No *way* are they going to give up that source of income...
mov ecx,0x119
rdmsr
or eax,0x200000
wrmsr
But what's the voodoo to turn it back on?
Perhaps it's the triple fault trick used to get the 286 to change execution mode.
Any of you guys have an ethernet card ?
A cell phone or pager ?
They all already have unique serial numbers.
Whats the big deal...
One word - Boycott!
That's it. Tell all of those people who ask you for computer advice to not buy it.
Anyways, why pay a couple hundred dollars more for a chip that offers miniscule performance increases?
the only reason Intel put out a piece of software to disable the tracking number, is because compaq's first line of PIII machines won't have the bios flags to enable, or disable the feature..
and I don't see the big deal about the #, it's great for corperate world. you can disable it in bios for those of you paranoid people out there, and as before mentioned it's not like intel just pulled this out of their ass, SGI and many others have seriel #'s on their processors, and have for years..
I just consulted a few recent slashdot polls. It seems that over 50% of its readers (and, by extension, posters) are in their 20s. If you add in the number who are in their TEENS, you see that the majority of slashdot readers are still in that cute rebellious stage that teenagers and college students are in. No wonder the maturity level is so low! Everyone's so worried about rebellion, that they don't ever stop to realize that often (not always) they're rebelling against that which could help them. Stop worrying about "the man," and do the right thing. If that means PSNs, NT workstations, intel chips, and sliced white bread, then fine. People around here tend to rebel for the sake of rebelling.
.
So I agree with the original poster... some people around here need to do some growing up.
Un unfortunate oversight. I simply forgot. ;)
How hard can it be to make some elite prog like AOHell send, whenever querried, a false serial number? Certainly it would be easier than IP spoofing, yo. What we ought to do is make one of these progz, then spread it all over the world and demonstrate the uselessness of these dumb ass PSN's. Word up?
Ethernet cards, phones, pagers, houses etc.. need unique addresses so that you can address and communicate with them.
Why should my CPU be addressable/serialized? Why should it be identifiable electronically? Does the chip run faster because of this? Intel must have something to gain from this - and I would sure like to know what! That's the big deal for me.
M$ has already announced it will be changing the EULA to forbid you from changing the machine once the product is installed.
:-)
If you want to change processor or MoBo, you will have to pay some more for a new key. It might not be as much as the rent for a year, but enough to let them recover costs for issuing a new key.
Get your vaseline ready, its going to be an interesting future
anyone care to write one of those nifty boot sector programs that turns the ser # off and copies itself to other boot sectors?
Yeah... I'm 21, in college, and I'm SUCH a rebel, nor am I in that "cute rebellious stage". Age does not define maturity.
I think I know the type you're referring to, but I definitely don't see how that applies to serial #'s in PIII's. From what I read of Intel's plans for the serial #'s, it was awful "big brotherish". That is what I object to!
Okay, I'm sick and tired of hearing the same argument presented over and over:
B.b..b.but, ethernet cards and SGIs and yaks and god knows what else already have serial numbers and this is no different
The difference is that Intel pushed it's serial number as a way to track people for online commerce. Some people think this isn't a big deal. Well, that's their opinion and it's fine for them to have one. But stop using the same old faulty logic - it's just wrong!
...that those devices, by the nature of their functionality, require uniqueness. Having a NIC with no MAC impedes its operation.
There is no functional requirement for a CPU to be specifically identifiable. And all instances that my small mind can conceive of in which a uniquely identifiable CPU could be used add no value for the user. In fact, most of them remove value for the user.
The common example, software locked to a specific CPU, is perfect. It adds no value to the user of the CPU, and in fact it removes some: upgrade the chip, and all your locked software breaks.
Having a CPU with no PSN doesn't impede its operation.
it has always been true in the past that in that sort of situation, the vendor will ship a new personalized copy of the software with your new ID number...
remember, when you pay Microsoft, you're not buying anything-- you're just licensing it. So, yes, it's very reasonable that the license could be for a single, individual processor.
Intel may be pushing that, but that won't make it happen. Besides, Intel products are just inferior to others. Want high end fp? Get an alpha. Want cheap fun? Get an AMD. There will be others...remember, a business's worst nightmare is an educated customer.
As far as I know, most Unix hardware vendors have been using hostid's for years, which I thought are part of the CPU.
Funny that Intel is one of the few that didn't (until now) have hostid's and are now getting flamed for it...
Koert
First serial numbers on CPUs, now Colorado and South Carolina sell digitized driver's licenses, including photos and numbers to private company. It's all under the vale of some protection-from-check fraud, but I think it's unbeleivable.
Thank god I don't live in either of those states. But, if you're in the US you'd better think of moving now.
... Many NICS can alter their MAC addresses, you could probably alter your MAC address in your link driver, and routed IP packets don't care about your MAC for the most part..
Intel marketing is of no importance. They thought it would help them sell processors. Maybe they're right, and maybe they're wrong.
Only MORONS think they have any privacy in this country anyway, if you live anything like a "normal" lifestyle. It's just going to change a paper trail to a digital trail.
/. readers are like a bunch of sheep. Commander Taco sets the mood by using words like "suck." Then, like a Jerry Spring audience, the /. readers start to crow in saying the same thing, over and over. /. readers are SHEEP! I don't think most of them have had an original thought in their relatively brief lives. ;-)
$0.02
It's meept. It just is.
...be one with the meept
Was this supposed to be directed at the parent post? I don't see the connection.
I wonder whether the necessary instructions are priviledged, so that not just any user could write & run a program to switch modes?
'cause they're all out tonight!
Please write for me a java "turn on the id and lemme have it" applet Mr. Paranoid. I'd love to
see it, because last time I checked there was
this thing called a sandbox which prevents Java
from doing much at all to your computer without
your permission.
These pentium paranoids are getting annoying.
"Oh my god, John, they've got my pentium ID! Now they can somehow read my entire hard drive,
learn all my personal secrets, and even RAPE MY
CHILDREN!"
-thomas
I'd love to hear all you know about Intel's
'big brother' plans for the ID. Everything I
read indicated they weren't even tracking the
numbers (not that it would be feasible).
So, I'd love to hear their fiendish plots.
(Bring some quotes, facts, etc. to this party.)
Big Fuck, is it still far?
No my little fucks, it is not far.
Big Fuhuck, is it still far?
No, it's not far anymore.
Big Fuuuhck, is it still far?
Yes! It's very far!
Gee, you mean Intel is marketing this as a
feature? Wow, and you say they add features to
increase the number of people buying the chip?
The hell you say!
-thomas
So, are you saying it is okay for China to use the PSN to arrest/jail/execute it's citizens when they send email to dissidents living in the US?
Well duh! The point is that anything can turn it on. Even if you've already turned it off.
Most of you are missing the point here.
This is just one more security option
that can be used for e-commerce. Note
the word CAN, as in, you can turn it off.
I see big corporations using the ID's
to secure their networks a little bit
more.
-thomas
Let's think this through one more time.
1. Intel already said they will not keep a list
of the numbers. Let's pretend we're paranoid, intel is going to risk it all and keep a list of
all ID's.
2. Then what? They sell the chips to OEM's.
3. The OEM's sell direct or ship to consumer stores.
4. You go in, buy the computer (maybe even pay
cash or check for it).
Now explain to me how the FUCK intel is going
to figure out who bought what ID!
It's RIDICULOUS. You people need to put down
the coffee and your copy of National Enquirer
and get on with your lives!
-thomas
Where most of you seem to be living.
-thomas
Hmm. Strikes me that someone who presumably lives in a (at least notionally) free country and places so little importance on his/her freedom really deserves to have it taken away from them. Then let them comment on how "trivial" freedom is.
In all serious, please do not be complacent about freedom. It's something that a large proportion of the people on this planet have none of. The fact that tracking has been done before doesn't make it right or mean that we should accept it without question.
chris
Why would anyone get a PIII?
1) They suck. They're the same as the PII, plus a little extra clock speed and their sorry-ass KNI that nothing's going to support. Remember MMX?
2) They have no privacy. You all know about that.
The K6-3 is better and doesn't have the PSN, plus it's NOT INTEL.
Or, if you want to wait a while, the K7 is really really really going to kick ass.
Kyobu
(not an AC, forget my password)
I was told by a former military radio guy that he suspects that the PIII serial number could be detected using Tempest monitoring equipment. He doubts that the military will buy any desktop systems with this chip.
These libraries you are referring to are one
of two things:
1. JavaScript hacks, not Java (people confuse
these all the time)
2. Implementation problems later fixed by the
VM maker (in this case the browser maker).
I think it is pretty impossible to write that
kind of applet, at least at this stage of the
game, because it requires native code. AFAIK,
there's not a real clean way of getting that
native code to run with your browser, at least
in Java.
ActiveX is another story, and people deserve
whatever happens to them when that crap is enabled.
Regardless, there WILL be a way to permanently
disable it, I'll stake your life on it.
-thomas
ActiveX control will do the job...
To bad for Windows users
Where people speak before thinking.
Explain to me what the evil world will do
with your ID if they ever get it? Can anyone
here give me a completely rational explanation
(not pulling guesses out of your ass) of what
could happen?
You people act like Intel is broadcasting your
SSN or Mastercard number to the world. This is
a far cry from that!
-thomas
here here.
The US gov't will lose its case against intel. They HAVE competition, certainly aren't guilty of anti-competative pricing, and, try as they might, don't muscle out the little guy.
No, age is not a perfect measure of maturity. However, it is difficult to attain maturity without experience, something that is difficult for a younger individual to attain.
They might give it up if it was worth it. For instance, some companies, including big ones like Time Warner (a least I think that was the one, but I could be wrong) have given up pageviews, which are equivalent to income, for the sake of MSIE users & MS partnerships
Kyobu
It doesn't have to be Java that gets the ID. Imagine if you're using internet explioter with tindows (my condolences), it would be reasonable to expect microsoft to have some sort of nonstandard command or interface to tell exploiter to turn on the ID and send it out.
Now we see the benifits of interrogation, oops! I mean integration.
This ID buisiness clinched it for me. I have been a mac user since about 1985, so I've never really liked mocrosoft, started using Linux about a year ago to avoid the '$haft. Now I'm beginnig to loathe the Intel chip in my PC. Unless some major changes happen, I'll NEVER but mocrosoft or intel again. I'll resort to living in a cave and using stone tools if I have to, but I will NOT support these actions!
Suppose that you're right, thomas, I can't write such an applet today. Maybe I can't do it after ten days of trying. Is it still impossible? What if I can't ever do it, does it mean no one ever will be able?
But, Ok. Maybe not ever using this version of java, maybe never using any version of java. But there is other software that can be a concern. I don't know about activeX, but I seem to remember a very clear incident of Blizzard entertainment gathering sensitive information, like email addresses, from online gamers who were suspected of violating copyrights. It is clear that programs, such as games, that have direct hardware access can intrude in violating ways. Why endorse technology that poses additional threats?
One more point: the idea is to make this CPU id available to software vendors for use in things like copy protection, and so on. Suppose that every software vendor today is reputable and wouldn't dream of misusing this information. I can't be so sure that every software vendor in the future will be so honest-- can you? By permitting such tracking systems to be put in place is a dangerous concession to completely unknown and unforseeable organizations.
I urge you to think carefully about your flippant "Full moon" response.
That's the only reason I can see for putting this serial number in the chip. If your software is tagged to the CPU, you will never upgrade your CPU. Really stupid on Intel's part if they ever do a P-IV and no-one will buy it if they already have a P-III system because they have to buy all new software. (Well, Microsoft Software anyway)
For the same reason, no-one will sell thier old machines because they have thier commerce ID hardwired, it'd be like selling your old credit cards. If you cant sell the old machine, you'll keep it and not upgrade until the machine is really obsolete. I sell my old machines to help pay for the new ones. You wont see many used P-III's on the market.
Once again Intel puts the gun to their head because Microsoft demands it.
I find it amusing that you're dismissing a poster's concern that software will enable the PSN even if the user disables it...in the discussion launched by an article explaining that a German chip-whiz had (wait for it) written code that could turn it on behind your back. I wouldn't care to take odds on this guy and the technical staff at Intel being the only people on the planet who can do this.
As for your suggestion that an addendum code (daemon or TSR, pick your poison) be written that periodically checks and turns off the PSN, that's not terribly efficient. I have better things for my computer to do than keep banging away at a given register screeching "Off! Off, damn you! Offoffoffoffoffoffoff! Get off!"
I find it impossible to believe that anyone will actually trust a Pentium III now that this has been released. What is going to stop a piece of software from turning on the Serial #, reading it, then turning it back off again without the user even knowing? Are we actually going to trust Microsoft not to exploit and abuse this "feature" of the PIII? If people know what is good for them they will stick with AMD or any other manufacturer that respects their privacy as the top priority.
Um, Porn is not illegal......
The new slashdot poll should prove interesting...
I totally agree with you. I just wish I knew what the right this is. In this case (like most things I guess) I must just be too young to know. So, please, put a serial number on my CPU, track me closely and let me know whether you think I'm doing the right thing or not.
Yeah, and when some script kidd3z use your cpu serial number while hacking, and the Fed's kick down your door and take your computer, I'm sure you'll change your mind.
I suppose you also have no problem living in a police state either. (Afterall there's no crime when jaywalking is punishable by immediate execution)
Give me a break. I'm over 40, over educated, over worked and very concerned that about the gradual diminution of privacy that is starting to pervade our society. I get junk mail, spam, and telemarketing calls from all kinds of organizations that share / sell information they have collected about me without my express permission. My habits, preferences and lifestyle have become a common concern of a bunch of organizations I prefer not to deal with. They invade my privacy, my home and waste space in my mailbox. If you're not concerned you're a fool.
As far as I know all the other examples of system serial numbers have to be accessed through I/O.
Therefore if you trust your OS (e.g. if you have the source code) you can spoof or disable access to them.
On the other hand. the PIII serial # is implemented in a cpu instruction that cannot be spoofed (or disabled we now discover).
This makes it totally different from previous serial numbers, and much much worse.
Now this is the best way of implementing the ZOT command. Programs which will only become trojan horses on certain systems. Or on systems which you know that you dislike... hmmm has the drone in marketing pissed you off recently... oh must crash his computer on the second monday of every month an hour before the major marketing meeting.
It would be so amusing to do it on only a small percentage of systems lower than the threshold that which a software vendor would be willing to diagnose.
What percentage of advertising plays to the intellect?
Computers on the net have a software layer controlling the transmissions. I would like to know what would stop somebody from writing a program that simply reports a fake id number to the computer at the other end?
Serial numbers have ALWAYS been on Unix systems, but nobody had the gall or the stupidity to tout them as your identity for e-commerce.
That is, unless you're Intel, and own some 90% of the CPU market. Then you can DEMAND that e-commerce sites require an Intel ID, through your muscle, or your famous cash incentives.
Would you worry about alienating 10% of your customers if Intel threw big money at you to do so?
How many computer ads do you see/hear without those Intel "cash register" chimes? That's a giant ( 50 percent? ) co-payment on the ad you are hearing.
How long will it take to spoof the ID? Write or hack a browser and find out.
This was going to be the crowning moment of the WIntel monopoly -- Microsoft software licensed to a single cpu (yes, the vasaline jar was open).
Luckily, the current state of things is that they are just shooting themselves in the feet. The arrogance is incredible. Thank god for free software. Perhaps this will be the impetus for free hardware?
x
Not that anyone is rushing out to buy Pentium III's yet because the price/performance sucks, but please do not support Intel's chip ID scheme.
Buy Celerons, or better yet, go with AMD.
just because someone can write code that can re-endable the serial number, doesn't make the PSN a big problem. First of all, you'd have to RUN the program to get it to do that. Which means you have to download it and then execute it. If you don't do that, no problem. Perhaps virus scanners will even include a search for programs with such code. Maybe someone will write a hack that disables programs from doing this. Doesn't matter all that much since once it's enabled you'd still have to have software that allows transmission of the number to someplace. And then assume that SOMEHOW this happens without your knowledge (which unless you disabled security on your browser it won't execute anything that will send sensitive info). What can a (presumably illegitimate, since they're doing this) site do with your number? They don't have any personal information (unless you fill out a form or something, which isn't good practice on sites like that anyway). All they have is a number, among many other numbers, and nothing to distinguish any one CPU ID from another. Useless info.
It's not just Intel who will be tracking you -- it's much worse than that!
Once these things become a requirement for accessing a site where you reveal your identity (online shopping sites, for example), your name or other id becomes matched to your PSN in a database, so that *anybody* will then be able to track your activity simply by using the PSN together with the right lists. That of course means anyone with the money and an interest in doing these things (corporations and governments, obviously).
Think about it carefully, and you'll realise this only has to happen once! If your PSN has been matched against your name, e-mail address, or anything else that identifies you, your anonymity is gone forever (at least until you get rid of your crappy P3 and buy something from AMD).
I start to wonder if there is a pattern on their numbering shceme, for ie.
every processor which start with certain number is being sold to Compaq, etc...
would be grate if someone get the listing and figure out who gets what number.
- know how to turn the number on/off....(check)
- look for numbering scheme on the processor...(got to steal list)
- make sniffer just for ID# (prety easy)
- make spoofing warez (tough one, need to know the random number generator)
- figure out who is using this ID feature on the web and how do they use it. (to new, need more time)
- figure out if it is possible to create time bomb for targeted machine.
-be a good tool to fool, hack trace back. (make trojan horse for the innocnt victim?)
-create a small app to monitor password & ID# (figure out later what's this good for)...
Why should I move, it doesn't bother me. I've got noting to hide. I hope the state govt. gets a good deal for the info so they can cut taxes.
Every networking card has it's own unique serial number... Any software will be able to read it
and to use it for tracking you..
Place I worked at recently had these. Real neat too, until you could not hit the machine(s) that stored them. In the US and Europe and Asia, my profile roamed. They were thinking about a fingerprint reader scheme to suppliment that too. They knew/know who is logged in just fine and need no PSN to get in the way. BTW, we constantly had hardware upgrades that made associating ANY piece of hardware to a person impossible for long.
But why do you need that in the processor? You don't!
The primary applicaiton for the CPU ID is for corporations to do asset tracking or security. Apparently over 50% of the warez at the recent Intel show-n-tell were just that, asset tracking software packages.
That's right - not cryptofascism or some conspirisy to make you pay for MS Office, just good ol' fashion IT Accounting bueracracy.
(A) - Any one who thinks this is a good eCommerce solution is *really* a tard. When the big fish executive types have a desktop, a laptop, a home machine, a secretary to order things, etc, a CPU ID is worthless as a tracking device. Besides, if you have someone's credit card number, you can find out pretty much anything and everything you'd want to know.
(B) - Does anyone have any real knowlege of how this works on the Network layer? I would think that a responsible corporation or linux user would be filtering all of the special PIII packets going outbound. (Then again, it might purely be some sort of ActiveX/MS Wallet crap.)
Just think of the alternatives...Cyrix, IDT or Intel... Not an appealing choice.
;-)
Oh. You must be running something that can't run on AXP's, G3's, 68040's or MIPS'es, but does it only on IA-32 CPU's. Makes me wonder what kind of software that is
And if you choose AXP, there's always FX32.
It does identify you if you own the CPU that holds the ID. You own more CPU's? The ID still leads to you. More people use the same CPU? The ID can be tracked to a relatively small group of people. You sell the CPU? Next time Joe Sixpack buyer registers somewhere the records are updated.
Then you are a fool. Of course you will not
have to buy a new copy of Windows. You will
have to pay a "small fee" to get a new key
to unlock your software. Soon you will find
that your software is only available to "rent".
Now you will be forced to upgrade because your
software will stop working on some set date.
This is just plain evil and needs to be stopped.
Who are you going to buy your ethernet card from?
Ethernet cards all have unique IDs.
So basically, any 'TRUSTED' party could toggle the
ID in their apps without saying anything, and the
consumer would be falsely secure in the thought that
it would require a reboot to switch modes.
To me, this is a real personal trust-buster.
Oh grow up, be a man, accept that you have
no rights, give in to the greater good.
You are the one needs to be jailed for
wanting to give up on your own rights.
I think it is probably all about tracking down
stolen PIII chips.
See two things happen here: 1) SGI and SUN don't "track" the serial numbers they "register" them with the OS and OS-related software. They are not broadcast over the network nor are they filed away in some big-brother database. The Intel CPU serial numbers are the exact opposite. Intel tracks all the serial numbers and makes a big brother database out of them. 2) It is TOTALLY possible for MS and intel to hook up to require the turning on of the "serial" number, thus alienating non-Intel CPU users, which is exactly what Intel wants, and exactly opposite of what this person posted! This way you need MS and/or Intel or NO WEB SITE! Get it?
I think this whole thing is silly.. It's stupid to use this chip ID as a person ID.. People change processors and systems and everything else.. Even cookies are more reliable.
I don't mind the ID being there, since it's a good way of verifying the intended clockspeed of the chip (since you can't alter the chip ID, it will prevent resellers from putting out overclocked chips.. (A side note -- I think Intel's clockspeed locking strategy is dumb, but hey...) OEMs could add in a simple routine to any testing they do to check the chip ID, verify it with a database that Intel has.. (of course, many OEMs don't test their machines any more..)
Oh well, I guess I'm just weird (since everyone else seems to think it's a bad idea -- I just think it's media hype..)
If a few web sites start asking users to switch it on and run software that uses it, you'll be left with two choices. Be identified or not.
Of course, the issue here is that we now see that the serial number can be turned on and off at will, and by extension without the user's knowledge. This makes the option of turning it off meaningless.
Previously you still had the option of not running an OS, software, etc that doesn't access the feature. You the consumer still have the freedom to decide.
Not while Microsoft has an effective monopoly on the desktop.
Lets say if you were buy or download Quake3 shareware version at the store or off the internet. If you like this game, they could send you a set of binaries customized around your id#.
That's fine, but there is no evidence that any company that sells such software would make any provision for handling situations such as machine upgrades or selling the software to somebody else. Historically, with dongle-based software copy protection, it's been very hard to get companies to address issues such as destroyed dongles.
Microsoft has shown every evidence of trying to tie their software to a particular desktop, and charging for the priviledge of moving the software to a different machine. (In fact, the current Microsoft EULA says that you cannot transfer the software to a different computer - you have to purchase another copy. This is a provision that I think many people find unfair. A CPU PSN provides a method to police this, thus immortalizing the unfairness.)
The bottom line is this: Intel has put this feature in with little or no indication as to what the advantage is to the consumer. All the benefits appear to be on the side of corporations who want to sell things to or otherwise track the consumer. Do you have any compelling reason why a CPU PSN is an advantage to the consumer?
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
You do have a choice. Granted MS is a monopoly, but that does not mean that you personally have to run their crap. It just means that MS has the ability to push things over on OEMs and the like, it is not the same thing as having a gun pointed at your head.
/. propaganda.
Well, I personally may have a choice, but the unwashed masses do not. That's what "effective monopoly" means. Linux is just beginning to enter their radar, and both you and I know it's not ready for prime time.
In the mean time, it might open up internet software distribution to more companies. Bringing new software titles with the improved security. That is a benefit to the consumer.
"Might"?? That's awful slim pickings, given all the disadvantages being discussed.
Quit your damn whining, get a job, and stop getting caught up in the
You, sir, are a moron. I'm in the 40+ category of the latest Slashdot poll, and I've been gainfully employed in the computer business for 20+ of those years. Being concerned about privacy issues is not onlyt the arena of people in college. You've let your mental stereotype blind you.
{copy emailed - I wouldn't want you to miss it.}
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Yeah, and sign your CPU so that it is BillG's cpu!
Large print giveth, and the small print taketh away
I read enough people saying "This is not new, everyone can track you using your MAC address".
...
1/ Not everyone is using an ethernet card
2/ I can change the MAC address on mine
Now try to run a computer without a CPU, or try to change the P3 serial ID
The P3 PSN _IS_ an issue unless you are successful with one (or both) of theese solutions.
Yup. Multi-processor machines require multiple licenses for some software, such as some database packages.
I don't understand what use they will have for these numbers. The ones I read here is
1. e-commerse
There would still be ordinary software sending the number wouldn't it? Then it can easily be faked and would be useless for reliably identifying someone.
2. Prevent illegal copying.
Most protected software gets cracked within days of release. Why not programs using this number?
So, what is the real difference between this and intel sending pIII buyers a paper with a number and the text "Please read this nuber to anyone who asks for it"?
Pentium III serial # soft-programmable would be interesting. :->
Regards, Ralph.
In a way, it does have some benefits.
But for thoes of you who do not want to be tracked, you might have to build your own hardware and software from the ground up. The way technology is going, there will be no way to buy products without a unique serial number. Its only time.
Resistance is futile.
You will be assimalated.
Yours truly :-)
6 of 9...
Mike of Borg
People have been tracking computers for decades.
Try typing 'hostid' on your unix/linux machines.
Started long long long ago.. will never go away..
Big Brother has always been watching.....
sum fine
At work we use Intel, mainly because that is what was supplied with the box.
At home I use (and have uses since the 486) AMD because I could do so.
I have upgraded my CPU several times and if they had all had these serial numbers then I would have been stuffed because none of my software would have worked after the CPU change.
Intel can go take a long walk of a short pier as far as I am concerned. AMD does the same job for half the cost. And they don't try nasty little things like this.
Don't take life too seriously. It is only a temporary situation. Usual disclaimers apply.
Unfortunately, it does not logically follow (as you implied) that rebellion against the idea of CPU ID's is wrong-headed.
You're making two separate points, and your allegory linking the two contains a logical fallacy.
As a representative of an age group outside the two you've damned (as well as someone who considers himself rational and mature enough to have an opinion on the matter), I find Intel's action deeply disturbing. Processor serial numbers are too easily abused, and one of the truly valuable aspects of the 'net is anonymity. Interestingly, I see you making free use of its virtues in your own post.
Additionally, as another person here (or was it you?) pointed out, corporations are not motivated by what's good for consumers. Rather, they are motivated by the bottom line. This fact makes occasional consumer rebellion a good thing, IMHO.
My own concerns regarding PSN's run along the lines of out-of-control commercial (and possibly governmental data-gathering), the silencing of opinions for fear of retribution, and the enabling of unfair and one-sided licensing arrangements for software. Further, this particular system is wholly flawed, leaving doors open for fraud and abuse.
I don't believe it takes a genius to recognize the potential problems with the "feature" we're discussing here. The possible impact on consumer privacy (especially given the current sorry state of privacy in general) is quite serious. I fail to see, therefore, how not expressing concern over them is "doing the right thing".
Kythe
(Remove "x"'s from
Kythe
Ok Thomas. Pop quiz. I buy 4 P3 boxes with CPUIDs. I have 6 people at my house (including myself) who may be using any one of these boxes at any given time. That is not counting friends who may come over to use a PC.
Or, in a more normal case, 1 household PC, 4.3 average ppl/household. At least 2 are adults and may or may not have credit cards/do online shopping.
How can the CPUID be used to make eCommerce more secure in a world where you cannot track an individual user by their CPU?
"What do you mean, invalid parameters? 9000Gigs of RAM and it can't answer a simple question!" -- Earthworm Jim
It's not a question of what they will do WITH it, it's what WON'T they do without it. Remember the days of, "This site is best viewed with Internet Explorer"? How about going to a site and receiving, "This site cannot be accessed without an Intel Pentium 3 CPU-ID." That would ruin the day for those of us who run non-Intel based machines.
Or, as has been mentioned before, software locked to a single CPUID. That would make life quite difficult. What happens with an SMP box? What happens when I upgrade my CPU?
The question I pose to you is what benefit may be derived from utilizing a CPUID? Please feel free to email me if you wish to discuss this at greater length.
"What do you mean, invalid parameters? 9000Gigs of RAM and it can't answer a simple question!" -- Earthworm Jim
Maybe it's a processor reset via the keyboard controller. AFAIK some MSDOS memory manager used this trick to leave the protected mode on 286s again since Intel forgot(!) to implement a proper CPU instruction.
The CPU-ID would then probably be active until the BIOS turns it off again at the next reboot.
With your basic Java applet, you can't accomplish it unless there is a bug in the JVM or someone discovers a hole in the security model.
...and this is a simple example.
However, you can write a trusted Java applet that has full reign just like a regular program, so it CAN be done with a Java applet in combination with native code.
Whether someone may acutally get your PIII ID may or may not be a big deal, it's things like this that lead toward a slippery slope of things to come. What's the next 'minor' invasion of privacy that we'll 'accept' because it's no big deal? I can just see it now: A leagally purchased program records the PIII ID and checks the ID every time it is run. But due to oversight on the programmer's part I upgrade my chip to a faster version and, whoops, the program won't run because it thinks it's on another machine.
Wouldn't a changeable serial number eliminate all the benefits Intel is claiming the number will provide? Processors would no be longer uniqe. They could be cloned at will.
Next up..... Serial Number Spoofing !
Oh, grow up. Stop whining about the trivialities of life, and get some work done. As has been said before, this tracking thing has been done before, you just never realized it.
Oh, grow up. Stop whining about your life, and get back to work. As has been said before, this freedom thing has been compromised and eroded before, you just never realized it.
When are people going to realize that you can write an applet that will do the same thing from a website and defeat TURNING IT OFF.
...Because if not, I know whom I'm buying my
next processor from...
Finding God in a Dog
So ... I go to a web site and it remembers my details by checking my ID number and I don't have to remember a 100 passwords. Unless you're in the black market for processors why would you care that your machine has a unique ID ? Scared you can be banned from IRC by processor ID ? Terrified that software manufacturers may use it with online registration ! (Note to self, this gives me an idea). Worried that hackers won't be able to spoof it about 3ns after the PII is released.
Big Deal.
Whats going to stop someone from turning it on?
I am quite sure that would be the latest trick for the virus boys or if someone could find a way to do over the web (activex?)
.
. * Did aliens forget to remove your anal probe?
who's to say that someone won't be able to come up with some interactive web applet or something that can turn the thing back on?
It happens all the time. People who have a few years in seniority, have been at their jobs for a while, and who have sunken into a repugnant form of complacency, sit back and claim that there's nothing wrong with any commercial interest posing an even GREATER threat to personal privacy.
Younger people sometimes lack perspective, but the ones who are intent on making something of themselves have a level of energy and curiosity, and the intelligence to question stuff that's thrown in their face.
If it's necessary to brand ANYONE as sheep, give credit where credit is due...how about the corporations who lap up what ever Intel and M$ dish out.
Assume the standard almighty front page driving moron designing ASPs, CFMs or other crap without understanding it. And assume that the web authoring tools have told the moron (or even skipped telling him/her) to have this crap requirement in the page.
In other words, you are underestimating the power of human stupidity. Take a look around and ask yourself: "What is that percentage of US web sites that are designed to be viewed only with Winhose?"
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
You forget one major moment:
How often have you met a windows user that thinks that there is nothing else but windows. How often have you met a XX-OS user that thinks that there is nothing, but his XX-OS.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
First off, a CPU with a built in id# is not in and of itself a way to track you. You need to run software which utilizes this. If you run linux and what not I hardly imagine this is going to be an issue for you.
Secondly, the fact that it is turned off by default makes no difference. If a few web sites start asking users to switch it on and run software that uses it, you'll be left with two choices. Be identified or not. The effect is still the same. Previously you still had the option of not running an OS, software, etc that doesn't access the feature. You the consumer still have the freedom to decide. I can see some concerns with the abuse of tracking and what not. But this is still a free country. If you don't like the PIII feature, buy AMD. If enough of you care, there will be a market for non-marked chips.
Thirdly, there are some COMMERCIAL applications (God forbid saying this on
At least if a reboot was required, you'd know that it's been turned on or off. This way, what's to prevent a software product to just toggle it without the users knowledge?
I know, I know, there's bound to be a freebie utility to monitor it's state, and keep it off, but still..
-- What you do today will cost you a day of your life.
I'm pretty certain that AMD has publicly stated that they will not pull this kind of crap.
-matt
No kidding! IMHO, The number one thing that put Microsoft on top is piracy. If people COULDN'T pirate Windows and Office, do you really think they'd drop so much money on it? Office in particular would never have become the de facto standard for business communications without rampant pirating.
Personally, I always felt terrible pirating software. I know lots of people who feel the same. That's why I made the Free Software switch: Now I can have all the latest cool stuff for free without being a loser pirate. I wouldn't be able to afford something as cool as Linux, Enlightenment, and GIMP if they were commercial products!
This is the best way to work (switchable).
If you want privacy, good, dont use it.
If you want to use M$/commercial products, you wont have privacy.
(unless only the installation requires the ID)
Better yet,
These pirates (and there are many of them) will be screwed.
(I dont understand why people use windows at all, but I REALLY CANT IMAGINE people paying for it)
---
---
I'm going to live forever, or die in the attempt.
Finally a bit of intelligence is added to the debate! In addition to NICs and cellphones, what about hard drives, some motherboards and even a few display adaptors? Lots of things have serial numbers, most of which people don't even know about.
Besides, it's up to the software to send this ID. If Intel provides an ID and no-one bothers to write software that makes use of it, the whole issue is moot.
On the other hand, I doubt it will be very difficult for someone to write software that sends whatever ID you tell it to. With Netscape now open source, it'll only take one hacker to add code that will do either of these.
maybe someone should have taught you critical analysis in your rise to wisdom. before you go name-calling, why don't you stop and consider the fact that maybe, just MAYBE, intel does not have your best interests in mind here.
my two cents
"All that glitters is not gold"
i can dithc my cell phone and beeper, and i can change the MAC address of my ethernet card.
"All that glitters is not gold"
Forget the current trial and the other antitrust lawsuits, this will sink MS for good.
This will lead to subcutaneaous (sp?) serialized tracking implants.
Ok, maybe not, but every time you give up a little of your privacy, you make it easier for the next guy to ask you to give up more.
Yeh, and if we all quit watching subtile events such as this we may find ourselves in the pages of 1984 by Orwell. Fool.
Well, who needs them anyway? Scary thought is imho that I BET that even if it could be turned off for good, how long do you think it would be required by commercial software (windows) to use the serial for copy protection? Customer is in a lose-lose situation. This feature never should have been inmplemented in the first place.
Yes, I know they probably won't remove it.. They know that after a while, nobody will care anymore anyway. They managed to calm down the first wave of protest, and silently continue their crap.
Let's just hope AMD won't jump on this bandwagon.
Since MS Windows runs on 90% or so of the PCs, you can bet that once Windows2001 or whatever won't work on AMD chips because they lack the serial number thing, it'll hurt AMD a heck of a lot more than Microsoft. So, while I do not know anything about them actually announcing to change the EULA, I seriously doubt there would be much that could stop them.
Okay, so if you don't care about your privacy, your civil and human rights, why don't you all just move to china, iraq, iran, or one of the other places on the earth just like those?
/. message board again :-)
Just don't come crying to us then when you get gunned down because you don't agree with the party line.
If you allow them to start to take away too much of your freedom, you will eventually have to fight to regain it, and it'll be a very tough uphill battle.
I am not advocating "total freedom", I don't like anarchy at all, but I certainly like not having to worry about getting caught by the secret police because I've been hanging out on that subversive
The difference is, how many people have sun or sgi at home? Not many I hear you say? Damn right. How many people have ethernet cards? More, but most "ordinary people" don't have them. And last but not least, while ethernet cards etc are numbered, the idea is not to track and identify people. intel though has said the idea behind their serial is just that. And since the whole serial# idea is nonsense anyway, I think everybody would be better off without them.
Meept is either insane, or pretending to be. If you don't understand its posts, be glad. And that's all the explanation you're gonna get.
Weblogging Considered Harmful:
The difference, IMHO, is that this can bring digital [node] identification into the mainstream. Sure, SGIs, Suns, NICs, etc. all numbered, but how many advertisers/data miners/consumer-level programs (read: Windows apps) have made use of those? If the PIII does catch on, it stands to change the rules of the game.
I really wonder what AMD et. al. are going to do. It could go one way ("we don't make insecure CPUs") or the other ("AMD: Because We're Not Your Big Brother(tm)"). It could be a big opportunity, esp. with the PIII's unimpressive performance specs.
More importantly, it would mean no major software vendor (hint: Redmond) could explicitly require a CPUID for their products to run, without (quoting some poster above) alienating a large portion of the market. As long as we have the choice, ah?
iSKUNK!
ElecMoHwk
ElecMoHwk
CEO / Founder Dashin.org
ElecMoHwk
ElecMoHwk
CEO / Founder Dashin.org
Yep, the original game "castles" used a similar method. They code a formula into the program. Then the program comes up with a random number. You call the company which has the formula on file, then gives a response number. If the response number doesn't match the number the formula thinks you should get, it doesn't work. In some cases, it's a CMOS checksum, or it could be keyed to some other values in the machine, perhaps a BIOS revision, or the seed number for the original number the program comes from a combination of other values in the BIOS that can be captured.
Now, on the problem here, Microsoft has been makeing a huge ammount of money from Intel's chip sales for a long time now. Because of this, I wonder if Intel made a deal with Microsoft on this issue. Perhaps Intel, not being able to shut AMD out by themselves, has figured out a way to get MICROSOFT to shut down AMD and other Intel competitors? This sounds like something both companies are known for. Anti-competitive behavior. First, Intel tries to kill AMD by going to Slot 1. It didn't work, AMD came up with chips that did so much more with socket 7 that AMD managed to gain market share. Now AMD is about to release the K7 in another few months. Intel is scared, so had to figure out another strategy to shut down AMD. They talk to Microsoft, and get CPU serial numbers that can be read by software. I wonder if the DOJ has enough of a clue to figure out that this happened?
The glorious meept for whom the speed of light in a vacuum would slowly change since the begining of the universe (but not be noticed) would like to point out to his sleeping past midday student friends the following:
[cut to a Buddhist temple]
Buddhist monk: Oum mane padme om
George Lucas:mmm "padme" I like it. You don't mind if I borrow that word do you?
Buddhist monk: [something something] Jedi [something]
George Lucas:mmm "Jedi" I like it. You don't mind if I borrow that word do you?
Buddhist monk: Fuck sake. Do you want to borrow the philosophies of our culture and some of our myths and legends as well?
George Lucas:What do you call the force which you believe permeates everything?
Buddhist monk: the force? Wha...
George Lucas:Hang on, let me write that down t-h-e- f-o-r-c-e
Buddhist monk: Ah fuck off.
MEEPT!!
surely someone (not me) could write an interception that would return a user-assignable id number when queried, right?
Get off my launchpad!
Good points. The processor ID can only be used for online identification by going through software. As soon as some web site starts requiring them for access, somebody will write a patch to Mozilla that will spew out any random number you care to enter.
Intel's brain-damaged comments about this increasing security for online commerce are just hot air. The web site is only going to hear what your browser tells it. Worse, there's no way of changing a compromised serial number, so that "honest" consumers are screwed if that's the basis of authentication.
The only effective use would appear to be software licensing, which I don't oppose quite as much.
(And tracking stolen chips, which Intel has said they aren't going to do....)
Funny that this should be posted by an Anonymous Coward...
Absolutely. I don't know the semantics of the
instructions for PID, but if a user-space
(ring 3/VM) instruction is used, then presumably
the ID number is being returned in a register.
(Well, maybe not - could be hard coded 'special register' I suppose) but the copy-protected
program has got to issue getpid (equivalent) and
then perform some kind of register to register compare.
A multitasking OS is constantly interrupting
the stream of instructions to do something
else (that's how 387 emulation is done)
so the instruction is issued, a user ISV is
called, clobbers the register with a new fake
number, and back to the program with the program none the wiser.
That would be good in the end, because it would
be a single point of failure for copy-protection.
No copying numbers off of other people, no losing
the number...just use one number on every machine.
Easy to use piracy. Easy to use identity spoofing!
I get the sense that Intel is going to 'rue the day' with the P3.
Instead of just turning the serial numbers off, it would probably be better to undermine their attempts to track CPU's by writing a piece of software that produces a different random serial numbers each time it is requested.
Would this be possible?
-Jack
Well look at it this way. If you don't pay cash for all of this computer equipment then there is a paper trail a mile long that anyone (with enough time) can track you. This ID code will just make it easier.
If AMD doesn't put serials on their chips, it'll make me all the more liklier to switch to them hardcore.
And if I'm anything like an average /. reader, that's quite a few people. If I say "Intel is garbage, go AMD," my non-techie friends listen. *grin*
People, /real/ problem I see here is that because each chip is unique, the price will reflect that.
I just don't see what the big deal is. I mean, you naturally don't want everything you do tracked and logged, however, If people REALLY wanted to monitor you, they can track you by MAC address. The only