Considering that, and having worked with a good number of PhDs in a prior career, I'm actually more inclined to expect Wikipedia's his first source. Ultracrepidarianism is apparently the relevant term (but I'll admit I went to the wiki to find the name).
It seems to me that it'd be fairly easy to add a slider control in the settings app that would let you choose power-saving vs. performance. When full, everything gets the CPU's full capabilities. Put it right next to the control for screen brightness, which people already go to when they want a bit more battery life.
Then you can publish any measured benchmarks you want, and claim great performance and battery life, while pitching the configurability as a feature.
It seems to me he picks his position up front, then goes to Wikipedia to find whatever concepts he thinks will back up his argument. If he can't find anything, he mocks the appearance. He also doesn't know much about the engineering lifecycle or how product development actually works.
Sometimes, his methodology works. He's pretty good at identifying the most obvious thermodynamics issues, and he does a decent job of explaining how existing systems work. If a high-school physics class could figure out why something won't work, so can Thunderf00t.
On the other hand, he doesn't seem to understand the purpose of technology demonstrators or prototypes. For large projects that aren't presented in single-page Kickstarter campaigns, he seems to have difficulty accepting that everything isn't built to its final form right from the start. Add in a bit of insufferable arrogance and a refusal to admit he might possibly be missing some key concepts, and a lot of his videos just devolve into ignorant ranting about whatever he doesn't like.
For a simple test of whether one of his videos is worth watching, keep a running tally of how many times he attacks a functional component of a design, compared to how often he attacks a cosmetic (or otherwise unimportant) detail. If his criticism stays cosmetic more than about 50% of the time, then it's a good indication that he doesn't have enough of an argument to make a solid case.
Because your argument is about as fucking pants on head retarded as saying if I change tires on my Ford its now a fake as it still has the Ford logo on the grill!
Oh, I do love a good car analogy. However, that's not a good car analogy. Let's improve it, and make it relevant to the case in point.
Let's say, hypothetically, you're selling tires to a used-car dealership. Naturally, they'll need to occasionally replace tires on a car before they can sell it. Now, you're trying to sell the dealership a set of Ford tires, to put on their Ford cars. You know they're Ford tires, because they say "Ford" right there in big letters on the sidewall, and you bought them from a vendor who said they took them off a car that rolled right out of the Ford factory.
The problem is that Ford doesn't make tires, and says they certainly didn't make those tires. Legally, you're out of luck. There's no proof that the tires are a genuine Ford product, even if you personally are absolutely certain they are. Even if you can prove that Ford has made similar tires in the past, you have to show that the ones you're selling were indeed taken off that factory-fresh Ford. If you can't prove that, you don't have any legal grounds to be (re)selling a product with a Ford trademark.
News Flash Sparky...these are REFURBS, where they take the original batteries, remove the dead cells, and replace them with new cells.
It's important to note that TFA does not say the batteries are refurbished.
If they are actually refurbished... So they completely replace the important part, leave the logo on the front, and try to sell it as being an Apple part, implying that it meets Apple's quality and design standards? That's pretty much a textbook case of counterfeiting.
They are NOT being sold as new batteries, just as that used Dell you pick up on eBay isn't being sold as a new dell product despite having a Dell logo, its a used unit that has been refurbished.
If only there was some evidence of this on the batteries, just like my refurbished laptop has a big sticker on the bottom that says "refurbished by X".
What Apple is trying to do is simple...make $3k+ hardware that is completely disposable as you simply won't be able to get any parts to make it work!
Apple can try all they want for that, but they absolutely cannot prevent anyone from making compatible replacement parts. All they can do is prevent others from using their logo.
You can't even give the "just take it to Apple" horseshit excuse, because just try that with something like a first gen Macbook Air and see what they tell ya...hint they'll tell you to throw it away as they will no longer service them at ANY price!
And that's fine. Apple has the right, like any American legal entity, to refuse service to customers for nearly any reason. Third-party shops are still able to operate, and they can use those compatible replacement parts mentioned above. Just don't stick an Apple logo on it, and it's all perfectly legal.
Otherwise Ford could stop you from selling your Mustang if you replaced the engine with an aftermarket one, since it still looks like a Ford Mustang on the outside and has the same trademarked logos.
Technically... they could try. Then the question would be whether there's enough indication that the engine was replaced, so a consumer would know they aren't getting exactly what's obvious on the outside. For example, having a nice big logo when you open the hood is a good sign (pun only half-intended). Listing the car as having aftermarket upgrades would also help.
Trademark law is based around fraud protection. If it's obvious that you aren't trying to defraud anyone with your sale, you'll generally be fine.
...except if these are recycled shells and interface boards with new cells, how does Apple have any say?
The shells have an Apple logo on them, but Apple says they aren't Apple parts. If there was documentation along with the batteries (like the description field on the customs paperwork) that says they're modified, reclaimed, or otherwise non-Apple parts, that'd probably be fine. If it just says "Apple batteries" (or even just "batteries" with the Apple logo prominently on the front), though, that's illegal.
You're not a lawyer, and your glib description of "illegal products" is nonsense. Even the legal expert cited in the original article wrote:
That's cute, but you don't actually know anything about my credentials, and "legal experts" are not necessarily lawyers, either. The one quoted is a professor, who doesn't seem to have been a practicing lawyer for 10 years.
Still, let's actually read the rest of his quote, written about a different (but similar) case:
“Assuming that: (1) the cable bearing the Apple mark is a genuine Apple product, (2) the cable used on these screens is the same as the one Apple uses in the U.S., and (3) the importer/seller clearly communicates that the screens are a non-Apple aftermarket product, then Apple’s case for treating these as ‘counterfeit’ goods is very weak,” Perzanowski said in an email. “Refurbished or repaired products are generally permissible under trademark law’s first sale doctrine, so long as they are clearly labeled as such.”
(emphasis mine)
The key detail is that the parts have to be labeled accurately. In the case of batteries, if the cells are replaced or anything is done that makes them not the original Apple part, they can't carry the Apple logo, making these an illegally-marked part.
You might like to cast Apple as the Big Bad Corporation, but they're the ones following the law here. The Chinese company who didn't follow American product-marking laws when exporting a product to America are the ones actually at fault for this.
As for your "hero", he's a very noisy importer who gets a lot of attention for playing the victim, when he could try just a bit harder to ensure compliance and have no problem (and no fame, either). My company imports materials (whole and parts) from other countries on a daily basis, and we rarely have any customs issues. We do have to contractually force certain suppliers to put their own logo on their parts, rather than the well-known American brand, though.
To clarify, Apple won't sell anyone the replacement parts, and that's fine. That's their right (through a rather roundabout path leading back to free speech).
However, they can't stop other companies from making similar parts (even using materials salvaged from other Apple products) and selling those parts as "compatible"... unless the part manufacturer is stupid enough to leave the Apple logo front-and-center on the parts, so it looks like Apple made them. Then Apple can claim misuse of their trademark, which is exactly what's happening here.
To be fair, there is a legal line connecting those dots, and there is a legal reason it doesn't matter.
The key is that the resale of like-new products is fine because it's not going to cause any brand confusion. The old iPhone you're selling is still an iPhone, and (assuming everyone plays by the rules) still has Apple's hardware inside the case. Legally, you're just selling an intact product (as you're entitled to under the first-sale doctrine), and you're not claiming to have changed its value in any way.
However, once you do something that changes the product's value, you have to be absolutely clear what that change was. If you replaced the battery or otherwise refurbished the product, you're supposed to declare that, so customers know exactly what they're buying. You could upgrade or overclock some components, and call it "modified", and even charge more for it. That's all fine, as long as you're making effort to say "this isn't exactly what that label might make you think".
Or you could stop buying illegal products... but that doesn't fit the "Evil Big Corporation" narrative.
An important detail about Apple batteries is that they have the Apple logo on them, and that's precisely why they were seized, as explained in the letter in TFA. They may have come from the same manufacturer as actual Apple batteries, or even been part of a batch made under an Apple contract with Apple designs, but they still have the Apple logo on them. Since Rossmann isn't buying the batteries (even indirectly) from Apple, nor is he himself allowed to use the Apple logo, it's indeed illegal to use the Apple logo on them. That's precisely the purpose of a trademark: to identify that a product came from a particular vendor.
Now, the Chinese manufacturer could have relabeled the batteries with their own logo, and said they're "compatible with Apple" (or similar wording), and everything would have been legal, and Apple would still be equally unhappy. Since they didn't actually do that, it's an illegal use of the mark.
If the system runs on a publicly-managed blockchain, and if the clients are entirely self-sufficient, and if there's a large enough userbase for manufacturers to support the scheme after Sony's bankruptcy, and if the chosen blockchain is still actively processing by that time... then yes, there's a chance the DRM will still function.
A simpler solution to the bankruptcy problem is to have the system fail-safe. If the DRM client gets a magic (cryptographically-signed) token, or is unable to contact the servers for a suitably-long (one year, perhaps?) time, it unlocks by default.
If trust is your problem, cryptography is your solution. There are crypto systems that allow a consensus of several parties to validate another party's claims.
Blockchain, by itself, is just a log where each entry includes all of the previous ones. It's useful when you want to have a small checksum to validate that the whole log hasn't been modified.
If a historic log being modified is your problem, blockchain is your solution... but that's usually not actually your problem.
My guess (and it is purely a guess, since TFS and TFA are so light on detail) is that transactions involving works will be logged in a blockchain. I buy a movie, and that purchase is linked to my particular account. I can then loan that movie to someone else, and the transfer gets logged. When it's returned to me, that's logged, too... Unless I happen to be disconnected from the blockchain-handling system, in which case I'd be stuck with the last-known state of property ownership.
If everything works like that, then a content owner could track their creation and see that I loaned a movie to someone... because apparently that's something Sony thinks they care about. Like many other DRM systems, it also allows Sony to revoke rights to works by authoritatively transferring them away, unless there's a crypto method to authorize a transfer (which is not indicated in TFS or TFA).
Pretty much, it provides nothing of technical value that wouldn't be served better by a central database. For marketing value, though, blockchain's an excellent choice right now.
Repeat after me, folks: Blockchain is a buzzword for a logbook.
That's it. There's no "inherent security". It's just a log with a checksum. Any can tamper with that log as much as they like, just making sure that they control enough of the verification process to authoritatively say their claims are genuine.
Seeing and verifying "who created a piece of work and when" is not really ever a problem in copyright cases. The real problems are how much of a pre-existing work was used or referenced to make a derivative work, and whether the derivative work is sufficiently creative enough to stand on its own.
With so little detail, it's difficult to speculate on precisely how Sony thinks this technology will benefit anyone (including themselves). So far, the only people who benefit from industrial use of a blockchain are the people selling a blockchain as a solution.
The natural monopoly for ISPs comes from being the first to run last-mile cable to an area. It's an expensive start-up cost, so only established companies are typically able to afford it. This expense could be absorbed by local governments, but it still has to be paid by somebody before service can start.
The problem is that they aren't just private corporations.
They're private corporations with natural and artificial monopolies on several aspects of the market, which means there is a necessity for regulation to ensure they don't abuse those monopolies to the detriment of society.
Completely neutralize the monopolies, and net neutrality isn't a problem.
The big difference between a "carrier" and "information service" is that an information service produces the information is gives to customers, even if it's produced from information other sources provide.
In other words, an "information service" is not only permitted to, but is expected to be adding to or changing the information passing through it. A related example would be a local network television station inserting its own ads in network programming. For an ISP, it means they would have full legal justification to run proxies that MITM encrypted streams and inject their own ads, or extract the data you send and resell it to advertisers. Essentially, any security effected by HTTPS is compromised, and because the CA trust model is inherently broken, that insecurity can even be made undetectable.
That wouldn't be independent verification. At most, you could verify that Yossi Appleboum claims to have seen compromised servers. That's lovely, but I can also claim to have seen Bigfoot living in my data center, and it's worth about as much (though I'm not pitching a business locating rack-dwelling cryptids).
For independent verification, we'd need a way to identify suspicious servers (like a batch of affected part or serial numbers), a real picture of the offending chip, and someone completely unaffiliated with Bloomberg to publish their analysis of the attack and how it works.
As an alternative, providing enough detail for self-identification would also be enough. Most valuable to ops teams would be a description of the traffic when the servers phone home, so it could be detected in live environments, but even having a list of the IP addresses it tries to contact would be enough to write some NIDS rules.
This is a horribly bad approach to security. You're making assumptions about the external environment, and using them to excuse system vulnerabilities. That's not realistic or intelligent. It's just lazy.
Lets not forget the anti hacking. A bullet in the head of the traitor.
That's assuming you can find a traitor. If the system logs aren't secure, or if their integrity is questionable, or if they don't uniquely identify an individual, you have no hope of identifying exactly who attacked the system.
Systems in development are not complete
So? Security isn't something to be bolted-on late in the development process. Systems should be secured first, then the functionality is applied on top of that. If that means you have to use more-costly (but more secure) solutions in your design, so be it. When functionality comes before security, management is far too justified in saying "but we've spent too much already developing this insecure system!" and refuse to reimplement it securely.
For a related example in the public sector, we're almost done implementing HTTPS, after only 10 years or so...
Systems are in very high security locations, especially when deployed
At first, maybe... then a truck gets ambushed, or a base is overrun, or we get an impulsive politician who promises an arbitrary date to get out of an unpopular conflict area. Then those systems fall into enemy hands, and you just have to hope that it's a useless pile of hardware by then.
Systems are surrounded by many soldiers
Soldiers are underpaid, overworked, and usually focused on things other than countering highly-technical intelligence techniques. If an attacker walks onto a base, steals classified data (or even whole systems), and tries to leave, they'll be saluted at the gate as long as their paperwork looks right.
There is no valid excuse for leaving a system insecure by design. Every layer of the system should be built securely, with the functionality added afterward.
The whole point if this is that if they have a chip in your infrastructure, you have no defense.
That's the defeatist attitude that is so harmful to having meaningful security discussions.
Outward blocking firewall is great, unless they have their chip in it in which case they can be running an invisible proxy, or secret port knocking activated by other chips to trigger a "please forward this traffic".
But that means they need two chips, in two appliances, from probably two vendors, with two separate supply chains. For the price of bringing in a second-source vendor, you've doubled their attack cost.
Any defense you can implement, I can undermine for 1% of the effort
I think you mean "I can trivially move the goalposts a bit further".
if I already have access to the hardware via these exploits/backdoors and vulnerabilities.
Or in other words, "If everything is already completely breached, then everything is already completely breached, so everything will always be completely breached". Never mind that new designs are always being produced, new non-corrupted supply chains are being forged, and new mitigations keep being developed. In the real world, compatibility between published protocols is rare. What makes you think that different hardware tools, built by different intelligence teams at different times, will be compatible in any meaningful way?
The government-backed attacking engineers still have bureaucracy. They have a committee dictating how their chips will work. They have software bugs. They make mistakes. It's simply not realistic to assume that developing a widespread hardware-based attack is going to be something any organization can consistently execute while maintaining the extreme precision required for secrecy.
Hell, I breached hypervisors in the Virtual PC days before and after MS bought them. The Intel IME public disclosure invalidated a lot, but not all, of my private... extra curricular... access tools. Now you can breach it as a script kiddy.
Well, that's fantastic, but you still need to get your code to the system to run it... Then you need to have an analysis of what you're running on, and an exfiltration... A breach is just a tool. To make it an attack requires tactics, which I see as more opportunities for defense.
On the contrary... I've been a government contractor, and money was often an issue, though mostly it was in terms of ROI more than actual dollars. Governments don't mind spending a lot of money as long as they know they're getting what they asked for.
...Why? Are Americans somehow incapable of being bribed to tweak a design? Does spending more on American parts mean your engineers are more likely to actually read the instruction manual and change defaults? Is an American developer going to oppose when their boss tells them to store passwords in plaintext, because the deadline's approaching and they refuse to delay for something the customer will probably never notice?
Checking the country of origin is a poor proxy for security. All it really means to have American sources is that when there's a breach, an American company has a slim hope to blame another American, and have a public trial to deflect the blame from their own mistakes.
Buy from whoever makes a quality product and shows the most interest in staying up-to-date with the latest security developments. Assume that all parts (including humans) will generally work as promised, but design your system with defense in depth, so any compromised subsystem will be blocked by other layers of protection.
Slashdot Mirror
So that's a win, right?
TFS says Trump's making 400 new jobs with this program...
I specialize in automation. I do a lot of work trying to be lazy!
Considering that, and having worked with a good number of PhDs in a prior career, I'm actually more inclined to expect Wikipedia's his first source. Ultracrepidarianism is apparently the relevant term (but I'll admit I went to the wiki to find the name).
It seems to me that it'd be fairly easy to add a slider control in the settings app that would let you choose power-saving vs. performance. When full, everything gets the CPU's full capabilities. Put it right next to the control for screen brightness, which people already go to when they want a bit more battery life.
Then you can publish any measured benchmarks you want, and claim great performance and battery life, while pitching the configurability as a feature.
It seems to me he picks his position up front, then goes to Wikipedia to find whatever concepts he thinks will back up his argument. If he can't find anything, he mocks the appearance. He also doesn't know much about the engineering lifecycle or how product development actually works.
Sometimes, his methodology works. He's pretty good at identifying the most obvious thermodynamics issues, and he does a decent job of explaining how existing systems work. If a high-school physics class could figure out why something won't work, so can Thunderf00t.
On the other hand, he doesn't seem to understand the purpose of technology demonstrators or prototypes. For large projects that aren't presented in single-page Kickstarter campaigns, he seems to have difficulty accepting that everything isn't built to its final form right from the start. Add in a bit of insufferable arrogance and a refusal to admit he might possibly be missing some key concepts, and a lot of his videos just devolve into ignorant ranting about whatever he doesn't like.
For a simple test of whether one of his videos is worth watching, keep a running tally of how many times he attacks a functional component of a design, compared to how often he attacks a cosmetic (or otherwise unimportant) detail. If his criticism stays cosmetic more than about 50% of the time, then it's a good indication that he doesn't have enough of an argument to make a solid case.
Because your argument is about as fucking pants on head retarded as saying if I change tires on my Ford its now a fake as it still has the Ford logo on the grill!
Oh, I do love a good car analogy. However, that's not a good car analogy. Let's improve it, and make it relevant to the case in point.
Let's say, hypothetically, you're selling tires to a used-car dealership. Naturally, they'll need to occasionally replace tires on a car before they can sell it. Now, you're trying to sell the dealership a set of Ford tires, to put on their Ford cars. You know they're Ford tires, because they say "Ford" right there in big letters on the sidewall, and you bought them from a vendor who said they took them off a car that rolled right out of the Ford factory.
The problem is that Ford doesn't make tires, and says they certainly didn't make those tires. Legally, you're out of luck. There's no proof that the tires are a genuine Ford product, even if you personally are absolutely certain they are. Even if you can prove that Ford has made similar tires in the past, you have to show that the ones you're selling were indeed taken off that factory-fresh Ford. If you can't prove that, you don't have any legal grounds to be (re)selling a product with a Ford trademark.
News Flash Sparky...these are REFURBS, where they take the original batteries, remove the dead cells, and replace them with new cells.
It's important to note that TFA does not say the batteries are refurbished.
If they are actually refurbished... So they completely replace the important part, leave the logo on the front, and try to sell it as being an Apple part, implying that it meets Apple's quality and design standards? That's pretty much a textbook case of counterfeiting.
They are NOT being sold as new batteries, just as that used Dell you pick up on eBay isn't being sold as a new dell product despite having a Dell logo, its a used unit that has been refurbished.
If only there was some evidence of this on the batteries, just like my refurbished laptop has a big sticker on the bottom that says "refurbished by X".
What Apple is trying to do is simple...make $3k+ hardware that is completely disposable as you simply won't be able to get any parts to make it work!
Apple can try all they want for that, but they absolutely cannot prevent anyone from making compatible replacement parts. All they can do is prevent others from using their logo.
You can't even give the "just take it to Apple" horseshit excuse, because just try that with something like a first gen Macbook Air and see what they tell ya...hint they'll tell you to throw it away as they will no longer service them at ANY price!
And that's fine. Apple has the right, like any American legal entity, to refuse service to customers for nearly any reason. Third-party shops are still able to operate, and they can use those compatible replacement parts mentioned above. Just don't stick an Apple logo on it, and it's all perfectly legal.
Otherwise Ford could stop you from selling your Mustang if you replaced the engine with an aftermarket one, since it still looks like a Ford Mustang on the outside and has the same trademarked logos.
Technically... they could try. Then the question would be whether there's enough indication that the engine was replaced, so a consumer would know they aren't getting exactly what's obvious on the outside. For example, having a nice big logo when you open the hood is a good sign (pun only half-intended). Listing the car as having aftermarket upgrades would also help.
Trademark law is based around fraud protection. If it's obvious that you aren't trying to defraud anyone with your sale, you'll generally be fine.
...except if these are recycled shells and interface boards with new cells, how does Apple have any say?
The shells have an Apple logo on them, but Apple says they aren't Apple parts. If there was documentation along with the batteries (like the description field on the customs paperwork) that says they're modified, reclaimed, or otherwise non-Apple parts, that'd probably be fine. If it just says "Apple batteries" (or even just "batteries" with the Apple logo prominently on the front), though, that's illegal.
You're not a lawyer, and your glib description of "illegal products" is nonsense. Even the legal expert cited in the original article wrote:
That's cute, but you don't actually know anything about my credentials, and "legal experts" are not necessarily lawyers, either. The one quoted is a professor, who doesn't seem to have been a practicing lawyer for 10 years.
Still, let's actually read the rest of his quote, written about a different (but similar) case:
“Assuming that: (1) the cable bearing the Apple mark is a genuine Apple product, (2) the cable used on these screens is the same as the one Apple uses in the U.S., and (3) the importer/seller clearly communicates that the screens are a non-Apple aftermarket product, then Apple’s case for treating these as ‘counterfeit’ goods is very weak,” Perzanowski said in an email. “Refurbished or repaired products are generally permissible under trademark law’s first sale doctrine, so long as they are clearly labeled as such.”
(emphasis mine)
The key detail is that the parts have to be labeled accurately. In the case of batteries, if the cells are replaced or anything is done that makes them not the original Apple part, they can't carry the Apple logo, making these an illegally-marked part.
You might like to cast Apple as the Big Bad Corporation, but they're the ones following the law here. The Chinese company who didn't follow American product-marking laws when exporting a product to America are the ones actually at fault for this.
As for your "hero", he's a very noisy importer who gets a lot of attention for playing the victim, when he could try just a bit harder to ensure compliance and have no problem (and no fame, either). My company imports materials (whole and parts) from other countries on a daily basis, and we rarely have any customs issues. We do have to contractually force certain suppliers to put their own logo on their parts, rather than the well-known American brand, though.
To clarify, Apple won't sell anyone the replacement parts, and that's fine. That's their right (through a rather roundabout path leading back to free speech).
However, they can't stop other companies from making similar parts (even using materials salvaged from other Apple products) and selling those parts as "compatible"... unless the part manufacturer is stupid enough to leave the Apple logo front-and-center on the parts, so it looks like Apple made them. Then Apple can claim misuse of their trademark, which is exactly what's happening here.
To be fair, there is a legal line connecting those dots, and there is a legal reason it doesn't matter.
The key is that the resale of like-new products is fine because it's not going to cause any brand confusion. The old iPhone you're selling is still an iPhone, and (assuming everyone plays by the rules) still has Apple's hardware inside the case. Legally, you're just selling an intact product (as you're entitled to under the first-sale doctrine), and you're not claiming to have changed its value in any way.
However, once you do something that changes the product's value, you have to be absolutely clear what that change was. If you replaced the battery or otherwise refurbished the product, you're supposed to declare that, so customers know exactly what they're buying. You could upgrade or overclock some components, and call it "modified", and even charge more for it. That's all fine, as long as you're making effort to say "this isn't exactly what that label might make you think".
Or you could stop buying illegal products... but that doesn't fit the "Evil Big Corporation" narrative.
An important detail about Apple batteries is that they have the Apple logo on them, and that's precisely why they were seized, as explained in the letter in TFA. They may have come from the same manufacturer as actual Apple batteries, or even been part of a batch made under an Apple contract with Apple designs, but they still have the Apple logo on them. Since Rossmann isn't buying the batteries (even indirectly) from Apple, nor is he himself allowed to use the Apple logo, it's indeed illegal to use the Apple logo on them. That's precisely the purpose of a trademark: to identify that a product came from a particular vendor.
Now, the Chinese manufacturer could have relabeled the batteries with their own logo, and said they're "compatible with Apple" (or similar wording), and everything would have been legal, and Apple would still be equally unhappy. Since they didn't actually do that, it's an illegal use of the mark.
If the system runs on a publicly-managed blockchain, and if the clients are entirely self-sufficient, and if there's a large enough userbase for manufacturers to support the scheme after Sony's bankruptcy, and if the chosen blockchain is still actively processing by that time... then yes, there's a chance the DRM will still function.
A simpler solution to the bankruptcy problem is to have the system fail-safe. If the DRM client gets a magic (cryptographically-signed) token, or is unable to contact the servers for a suitably-long (one year, perhaps?) time, it unlocks by default.
this method can work to achieve a transaction history of who owns what with what stipulations, and it's wickedly difficult to game.
Rather, this is transactional integrity for the lawyers and apps that will be used to assert "rights".
So it's a normal collection of license contracts, but now with dependencies on a processing network. Lovely.
If trust is your problem, cryptography is your solution. There are crypto systems that allow a consensus of several parties to validate another party's claims.
Blockchain, by itself, is just a log where each entry includes all of the previous ones. It's useful when you want to have a small checksum to validate that the whole log hasn't been modified.
If a historic log being modified is your problem, blockchain is your solution... but that's usually not actually your problem.
My guess (and it is purely a guess, since TFS and TFA are so light on detail) is that transactions involving works will be logged in a blockchain. I buy a movie, and that purchase is linked to my particular account. I can then loan that movie to someone else, and the transfer gets logged. When it's returned to me, that's logged, too... Unless I happen to be disconnected from the blockchain-handling system, in which case I'd be stuck with the last-known state of property ownership.
If everything works like that, then a content owner could track their creation and see that I loaned a movie to someone... because apparently that's something Sony thinks they care about. Like many other DRM systems, it also allows Sony to revoke rights to works by authoritatively transferring them away, unless there's a crypto method to authorize a transfer (which is not indicated in TFS or TFA).
Pretty much, it provides nothing of technical value that wouldn't be served better by a central database. For marketing value, though, blockchain's an excellent choice right now.
Repeat after me, folks: Blockchain is a buzzword for a logbook.
That's it. There's no "inherent security". It's just a log with a checksum. Any can tamper with that log as much as they like, just making sure that they control enough of the verification process to authoritatively say their claims are genuine.
Seeing and verifying "who created a piece of work and when" is not really ever a problem in copyright cases. The real problems are how much of a pre-existing work was used or referenced to make a derivative work, and whether the derivative work is sufficiently creative enough to stand on its own.
With so little detail, it's difficult to speculate on precisely how Sony thinks this technology will benefit anyone (including themselves). So far, the only people who benefit from industrial use of a blockchain are the people selling a blockchain as a solution.
The natural monopoly for ISPs comes from being the first to run last-mile cable to an area. It's an expensive start-up cost, so only established companies are typically able to afford it. This expense could be absorbed by local governments, but it still has to be paid by somebody before service can start.
The problem is that they aren't just private corporations.
They're private corporations with natural and artificial monopolies on several aspects of the market, which means there is a necessity for regulation to ensure they don't abuse those monopolies to the detriment of society.
Completely neutralize the monopolies, and net neutrality isn't a problem.
The big difference between a "carrier" and "information service" is that an information service produces the information is gives to customers, even if it's produced from information other sources provide.
In other words, an "information service" is not only permitted to, but is expected to be adding to or changing the information passing through it. A related example would be a local network television station inserting its own ads in network programming. For an ISP, it means they would have full legal justification to run proxies that MITM encrypted streams and inject their own ads, or extract the data you send and resell it to advertisers. Essentially, any security effected by HTTPS is compromised, and because the CA trust model is inherently broken, that insecurity can even be made undetectable.
That wouldn't be independent verification. At most, you could verify that Yossi Appleboum claims to have seen compromised servers. That's lovely, but I can also claim to have seen Bigfoot living in my data center, and it's worth about as much (though I'm not pitching a business locating rack-dwelling cryptids).
For independent verification, we'd need a way to identify suspicious servers (like a batch of affected part or serial numbers), a real picture of the offending chip, and someone completely unaffiliated with Bloomberg to publish their analysis of the attack and how it works.
As an alternative, providing enough detail for self-identification would also be enough. Most valuable to ops teams would be a description of the traffic when the servers phone home, so it could be detected in live environments, but even having a list of the IP addresses it tries to contact would be enough to write some NIDS rules.
No, no, fuck you, and no.
This is a horribly bad approach to security. You're making assumptions about the external environment, and using them to excuse system vulnerabilities. That's not realistic or intelligent. It's just lazy.
Lets not forget the anti hacking. A bullet in the head of the traitor.
That's assuming you can find a traitor. If the system logs aren't secure, or if their integrity is questionable, or if they don't uniquely identify an individual, you have no hope of identifying exactly who attacked the system.
Systems in development are not complete
So? Security isn't something to be bolted-on late in the development process. Systems should be secured first, then the functionality is applied on top of that. If that means you have to use more-costly (but more secure) solutions in your design, so be it. When functionality comes before security, management is far too justified in saying "but we've spent too much already developing this insecure system!" and refuse to reimplement it securely.
For a related example in the public sector, we're almost done implementing HTTPS, after only 10 years or so...
Systems are in very high security locations, especially when deployed
At first, maybe... then a truck gets ambushed, or a base is overrun, or we get an impulsive politician who promises an arbitrary date to get out of an unpopular conflict area. Then those systems fall into enemy hands, and you just have to hope that it's a useless pile of hardware by then.
Systems are surrounded by many soldiers
Soldiers are underpaid, overworked, and usually focused on things other than countering highly-technical intelligence techniques. If an attacker walks onto a base, steals classified data (or even whole systems), and tries to leave, they'll be saluted at the gate as long as their paperwork looks right.
There is no valid excuse for leaving a system insecure by design. Every layer of the system should be built securely, with the functionality added afterward.
The whole point if this is that if they have a chip in your infrastructure, you have no defense.
That's the defeatist attitude that is so harmful to having meaningful security discussions.
Outward blocking firewall is great, unless they have their chip in it in which case they can be running an invisible proxy, or secret port knocking activated by other chips to trigger a "please forward this traffic".
But that means they need two chips, in two appliances, from probably two vendors, with two separate supply chains. For the price of bringing in a second-source vendor, you've doubled their attack cost.
Any defense you can implement, I can undermine for 1% of the effort
I think you mean "I can trivially move the goalposts a bit further".
if I already have access to the hardware via these exploits/backdoors and vulnerabilities.
Or in other words, "If everything is already completely breached, then everything is already completely breached, so everything will always be completely breached". Never mind that new designs are always being produced, new non-corrupted supply chains are being forged, and new mitigations keep being developed. In the real world, compatibility between published protocols is rare. What makes you think that different hardware tools, built by different intelligence teams at different times, will be compatible in any meaningful way?
The government-backed attacking engineers still have bureaucracy. They have a committee dictating how their chips will work. They have software bugs. They make mistakes. It's simply not realistic to assume that developing a widespread hardware-based attack is going to be something any organization can consistently execute while maintaining the extreme precision required for secrecy.
Hell, I breached hypervisors in the Virtual PC days before and after MS bought them. The Intel IME public disclosure invalidated a lot, but not all, of my private... extra curricular... access tools. Now you can breach it as a script kiddy.
Well, that's fantastic, but you still need to get your code to the system to run it... Then you need to have an analysis of what you're running on, and an exfiltration... A breach is just a tool. To make it an attack requires tactics, which I see as more opportunities for defense.
Put in a tightly-configured firewall so your data doesn't get sent anywhere without your approval.
Keep management systems isolated so the data-holding servers can't modify that firewall.
Don't rely on tightly-integrated single-source solutions, so one vendor being compromised won't leave that firewall ineffectual.
Maintain independent layers of security that protect in case of another layer's failure.
That's defense in depth.
On the contrary... I've been a government contractor, and money was often an issue, though mostly it was in terms of ROI more than actual dollars. Governments don't mind spending a lot of money as long as they know they're getting what they asked for.
...Why? Are Americans somehow incapable of being bribed to tweak a design? Does spending more on American parts mean your engineers are more likely to actually read the instruction manual and change defaults? Is an American developer going to oppose when their boss tells them to store passwords in plaintext, because the deadline's approaching and they refuse to delay for something the customer will probably never notice?
Checking the country of origin is a poor proxy for security. All it really means to have American sources is that when there's a breach, an American company has a slim hope to blame another American, and have a public trial to deflect the blame from their own mistakes.
Buy from whoever makes a quality product and shows the most interest in staying up-to-date with the latest security developments. Assume that all parts (including humans) will generally work as promised, but design your system with defense in depth, so any compromised subsystem will be blocked by other layers of protection.