Micorosft does not produce an operating system that cannot be easily hacked quickly after a default install with no user action required. I have seen it with XP, 2000, and 2003.
Maybe it is unlike to happen through your cable modem, but try setting on up at a major university where there are CONSTANT hack attempts taking place at all hours. Your only option is to DL the service packs and hotfixes on a patched machine and burn them to disk or put them on a USB key (or something like that) and apply them before you ever plug in the ethernet cable. Or run your install behind nat but that is usually a pain if the machine is not going to be behind nat after it is fixed (and none of them are, we are usually talking about servers here).
I was watching a win 2000 install last week that was hacked before the user had a chance to log in. The current state of Windows security is not pretty.
There's always been a firewall-everything mentality on the internet, or at least as long as the net has been popular.
You do know the net existed, and was popular before the late 90s. The firewall everything mentality did not surface until Microsoft "discovered" tcpip years after the rest of the world and tried to hack their single user, poorly written OS to use it.
Why would you want the overhead of a 32bit multitasking general PC operating system fighting for cpu and ram resources when all you want is to play a game?
Schwartz is a total moron, even the most ardent Sun fanboys I know admit that.
their fake patent grant
At least it was bigger than IBM's fake patent grant. Neither actually mean jack squat for OSS though.
their Java efforts
Actually I believe the relationship with MS came about because of their Java efforts. They used their position as the "controllers" of Java to stop MS from bundling an incompatible version of Java (embrase and extend, as it were) with Windows, and got them to stop and give Sun a ton of money. Now I am no fan of Java anyway (I do mostly C), but had Java been truely open source, nobody would be able to stop MS from doing this.
their attempt to position Solaris against Linux
Sun sells both. Their stated position is that Solaris is for more mission critical or high end uses, and Linux is more mid range. Honestly I have to agree to an extent. Linux is great, but it is not quite yet there as far as Solaris and AIX (my personal high end choice) go. However I have no doubt it someday will be.
It is called multi-factor authentication and it is used virtually everywhere that security is important. RSA SecureID tokens are a more popular for of this, usually paired with a user ID and password entry.
The more authentication factors you add, the better the security becomes (assuming you are using them properly). The trade off is that it becomes more cumbersome for the end user.
Most of your rebuttals basically say that TC won't succeed in doing what it has the ability to do because not enough people will require it.
Right, technology does not do anything by itself, people make it do stuff. This is why my compiler has not built a virus that destroys the internet, my gun has not killed anyone, my car has not run anyone down, and the atom bomb has not wiped out humanity. They all have the ability to, it is just not acceptable to use them that way.
The 'media' servers I imagine would not serve media. Only decryption keys. For music, movies, and ebooks (and copyrighted immages on the internet, and copyrightes newssites, and...just about any media that you do not have the copyright on, and maby some you do ).
Creative Commons still exists. Frankly if publishers want to DRM their stuff to hell and back, that is their option. I just won't use it. Many others will decide to do the same I imagine, this is how DIVX died. I do complain loudly when fair use is interfered with and I hate that DRM doesn't account for the expiration of copyright (of course, neither does congress these days), those battles need to be fought DRM or not.
Email. TCPA only auth email servers. Think anti-spam stuff, or FBI crap. And no signed pgp binaries. So, while you could sign it, you could not send it. Likely? we covered that already.
I do not believe it is in the best interest of even the FBI to completely cut the US off from the rest of the world. That would certainly put a strain on the old economy.
Think TCPA + great firewall of china + FBI needs to track terrorists.
Terrorists were not going to use the Clipper chip, they will not use this either. And the terrorist boogyman is not the blank check to pass laws that it once was. Despite Bush's reelection, most people I know (including conservatives) hate the patroit act and the ideas behind it. Something like you describe would be WAY over the top and would not be stood for.
Or the *AA's get the common carrier status of isp's revoked, and the isp's are required by law to prevent the latest and greatest encrypted/anonymous/p2p filesharing thing.
Scary thought, TCPA has very little to do with that, it could happen just as easily without it.
That and the fact that lots of people (like me) have only one choice for broadband, competition is hard to come by.
This should change, but it is a problem in and of itself, TCPA or not.
Remote attestation is still a good thing even if the owner controls it. It says, I have not been hacked, cracked, rooted, warzed, or internet-wormed.
Remote attestation does not exist if the owner controls it. If the owner can control it, so can the virus that just told it to assure other systems it was not hacked, cracked, rooted, etc. If we are going to do this, we might as well just drop it, that would be my ideal solution.
Personally I do not predict remote attestation ever really takes off. The P3 serial number couldn't even take off and that is nothing compared to remote attestation.
Other solutions: Copyright law needs reform. Like 20 years from the first intentional publication, no exceptions extensions or refunds.[1] And anything that dissallows fair use is inelligable for copyright protection. (they can still sell it if they want, but when someone cracks it, it is now public domain!) Bye-bye DRM'ed music and movies. Without that incentive, the chance of TCP being used for evil is much less, 'cause it is that much less widespread, and has that much less money pushing it.
That's a really misleading statement. PKI in hardware would be a mere "cryptography co-processor", a minor performance boost to things that can otherwise be handled in software.
No, that is not PKI in hardware, do you even know what PKI is? Think about the "I" in that acronym for a second. What you are describing is a processor designed for specific math functions.
But TCPA is hardware enforcement of signing/"attestation", which is far different and has no plausible use except to remove control from the end-user.
Signing binaries gives more control to the end user, in that they can specify exactly what binaries to trust.
Attestation is a good "take power away from the user" argument, but that power is really only the power to falsly represent what is running. I am a huge fan of Samba, but let's face it, Samba's purpose in life is to trick a windows machine into thinking that it is talking to another Windows machine. So while I am totally against remote attestation for the reason that it kills interop (hell, it kills faking your browser string), it actually does not limit your control so much as it adds control to the other end. I'm sure a decent argument could be made that the other end is where it should be (think online games or something of that nature), but I place too high a value on interoperability to like that idea. So I am against remote attestation. Unfortunately the technology is there, so people will use it. Education of the population is probably the best recourse for this.
For that matter, I have heard a lot of arguements against TCPA (some legit, some so ignorant I have to wonder at the/. readership these days), but I have not heard a single suggestion as to what to do about it. Do we tortch IBM HQ and hope nobody ever thinks of the idea again? Lobby congress to outlaw that specific technology, and hope they never get around to outlawing other "good" computer technology while they are at it? Organize protests? What? Seriously?
All those other technologies have roughly good uses. TCPA does nothing aside from enable DRM.
TCPA existed long before DRM was ever unleased on the public, IBM has had early concepts of it in thinkpads for years now. The idea of holding a public key in hardware and having an OS that only ran binaries signed by the private key is not new, nor is it a result of DRM desires.
Others have at least tried to list off some helpful uses it could have, although upon examination all of them proved to be spurious. You haven't even tried that.
Uh huh, and those are all uses for remote attestation. I don't like that, never have. TCPA is not only remote attestation.
You say it'll be appropriate to protest TCPA when it reaches the point of harming rights. Well, since that's the only thing it can do, then that point is already here.
No, I said it would be appropriate to protest the harming of rights. I don't care what technology you use to do it. Most DRM harms fair use rights, but I don't see too many people protesting x.509.
Clearly you have not read much except for some uninformed comments on this site (and possibly others). Try actually reading the spec. Look at the Linux distribution IBM put out that supports it and see the uses it has. You might be surprised. I suppose it is also possible you are confusing TCPA with Paladium, which many do. MS HATES TCPA because it gives the users the choice of what public keys to put in the hardware and trust.
You seem to be highly ignorant of the implications here, although they have been broadly discussed. Why not do a little more reading before responding again?
I've been following this topic for years, so I don't know everything but I didn't just read the TCPA specs yesterday.
They could be commercially-produced closed-source Linux apps. For example, as a rebuttal to complaints against the illegality of the DeCSS project (which allows Linux software like mplayer to view DVDs)
Illegal only under the DMCA, which I believe is where your real problem is. The math is not the problem, the hardware is not the problem, the stupid law is. Let's fight that instead of trying to shove technology worms back into a can.
No, I can't! That's the entire basis for the complaint. There might very well be an open-sourced viewer application for DRMed media on "Trusted Linux", but it will have been signed by some corporation after careful analysis.
There is no way I can turn off the DRM feature, because that above all else would red-flag the application as something that the signing authority won't approve (And of course, it would be tremendously difficult and/or expensive to submit a personally modified variant for auditing and signage)
Perhaps the solution (rather than trying to break encryption) is to just not purchase DRM media. It is not essential to life and the lack of it could very well improve your quality of life. Barring that, fight the laws that make it illegal to decrypt, not the math or the hardware that does it. That attack has not ever worked in history, and I doubt today will be any different.
Yes, and therefore I eventually won't even be able to view web pages on that system, meaning any hobbyist mods automatically cripple the box.
Firefox is getting more popular. Everyone knows how Firefox was developed. Open source is not some subervisive, unknown, secret cult anymore. It is mainstream. Putting out content that kills it is not in the best interest of web designers (well, again maybe DMCA obsessed control freaks, but are we not better off without them anyway?). The time when this kind of trickery would work has passed. Open source, firefox, linux, etc. are all too popular and mainstream to be swept away by dumb laws or bad corporate decisions. Maybe not in the US, but certainly globally. If the US content providers want to cut themselves off from the rest of the world, I don't think many would lose sleep.
You act like there will still be a platform (PCs which are general-purpose end-user programmable computers) left to run Linux on. There won't be.
You are raving, seriously. What possible evidence do you have to support such as MASSIVE and unprecidented change in the future where this could happen. I'm sure there are some nuts who have this goal, but there are also nuts who believe all cryptography should be outlawed, and all citizens should have rfid tags implanted. People will oppose this, hell computer companies will oppose this. The rest of the world will ignore it completely.
Non-treacherous computers will have a 10x cost premium, making competive CPU power cost-prohibitive
Supply and demand. Expect to see China start cranking out non-treacherous computers by the boat load. Until there is legislation enforcing TCPA computers (a totally unprecidented move), there will always be some willing to get rich by filling the void if Dell, IBM, Gateway, and everyone else decided to stop making general use PCs. And if you think this legislation is forthcoming, remember these are the same people who could not enforce the Clipper chip. And that was with the threat of massive pedophilia activity, terrorism, organised crime! What is the the boogyman enforcing DRM? piracy? please, congress cares, but not THAT much.
"The enemy has failed before. Therefore, they will always fail, and we have nothing to worry about". That's an idiotic strategy. For an exhaustive rebuttal, see "Code & Other Laws of Cyberspace" by Lessig.
That was in rebuttal to the point that TCPA must work or hollywood would never be pushing it. See "the parent post" by Finkployd.
The only way that this will not be a huge problem is if open source reaches critical mass and the media companies can (and some DO) make more money off the open source stuff than they can off of the DRM'ed stuff. What TC has the ability to do is to make open source irrelevant to anyone who wants to communicate with the world in any electronic way.
The primary methods of electronic (specifically internet) communication are based on open source products. Apache is by far the most popular web server and sendmail (and I guess lump in postfix and qmail) are the most popular email servers. Nothing is going to happen to make them irrelevent, not the open source model. It is too well know, too "mainstream" and too popular to be legislated away or technically made irrelevent.
Your 'just turn the feature off' is idiotic, because it is not possible. Sure you can turn it off, and then the program stops doing what it is supposed to do - that is the whole point of TC in this application!
Don't run products that are this restrictive. Intuit found out what happened when they tried to write to the boot sector of hard drives as a copy protection method, and quickly backpeddled. Any company that releases software that doesn't work with TCPA turned off is liable to lose a HUGE section of their customer base, both those that don't like it and those that do not have hardware to support it. The biggest issue is really things like media players not playing certain files or connecting to certain streaming servers without remote attestation turned on and everything validating correctly. This issue will be dealt with by the market. If people find it too restrictive and annoying, it will fail, and other less restrictive services will take their place. I mean, do to overwhelming popularity, MS has yet to disable mp3 playing in windows media player. It happily plays those just fine even though it also does the DRM game with it's own format. I don't see TCPA being much different. Some new functionality may require it, but the old stuff should still work. And if it doesn't more people will ditch the software for stuff that does.
And the DRM^h^h^h 'media' server will refuse to give the decryption keys to any program not written that way. And without those keys there will be (if they want) nothing that works.
Yup, and I am guessing those media servers will not be very popular. We already tried this with DIVX and it failed. But hey, maybe they will be popular, I could care less personally.
You won't be able to open your M$ office files, 'cause they are encrypted.
If you choose to encrypt them. Although perhaps MS will enforce the encryption and TCPA with office, then you will see open office grow in popularity so fast it will make Firefox's newfound market share seem like nothing. You think other countries will stand for this? Even our own companies and universities disrtust MS so much that something like this could very well push them over the edge.
You won't be able to access your financial data, either online, or in your own files.
My bank (and many others it seems) are opening up from their previous "IE only" stance. Why would they go back on that and lock out customers? Actually I could see a system where the bank gives you a key to use with TCPA to communicate with them so that only you can access your data. Of course, they could do this today with SSL mutual auth and client certificates, but they don't. More's the pitty.
no posting to/.
Why would/. do a thing like that?
no encrypting your own email with your own pgp key
How does TCPA prevent this? You might as well accuse TCPA of raping your daughter and punching your son while you are at it. Anything else we can dream up as a negative aspect of it? Does it cause cancer too?
no IP address from the ISP, (and no routing without it!)
And that's why the technology is bad- all of the uses I can think of are wrong. There's a long list of supposed positive uses, all of which collapse as strawmen that are either fundamentally flawed, or more easily and reliably implementable without any specialized hardware.
Uh huh, bullshit. Just because YOU do not understand the positive uses does not mean they are not there.
The core of TCPA isn't the crypto, but in the tamper-proof hardware which will need to be almost universal.
The core of DRM is crypto, specifically public key crypto. Does that make pk evil? It is not tamper proof, nor does it have to be. It needs to be able to resist SOFTWARE based tamper attempts. Actually I take that back, it does need to be tamper proof to the extent that you can not hardware it to give false postives.
the only real way it can work is government-supported prohibition of reverse engineering and hobbyist computer engineering.
That exists today without TCPA, and is certainly worth exerting our efforts to fight.
Finkployd
Re:Cisco's router won't let you see that thong
on
TCPA Support in Linux
·
· Score: 1
It doesn't have to be forced by the government. People will upgrade their PCs when their old PCs become too slow to run newer 3D video games, and these new PCs will just happen to have a TPM on them.
Video gamers are a minority, gamers who play on PCs rather than dedicated consoles are moreso. Most people want a PC that can run office, web browser, and email. Which is why less and less people are upgrading. I still see a TON of sub 1GHz machines around.
Apple Computer and vendors of major commercial GNU/Linux distros have the clout to get their kernel builds signed by major ISPs. Vendors of non-commercial distros often do not.
The Linux distro that does that will suffer MASSIVE backlash from the community that writes the software that makes them money.
Doesn't a T1 cost at least an order of magnitude more than cable or DSL? How much money do you think residential users are willing to spend on their Internet access again?
The price is dropping, I imagine it will get close enough in a few years.
Certainly, I don't want to see a day where TCPA is required to log onto the internet, pull up a web site, or check my email. But that does not mean I do not want the technology behind it (pki) to vanish. There is such as concept as throwing out the baby with the bathwater.
Wrong. I also need to tell my applications it's OK too. And I can't do that, because the apps refuse to run except in the pristine x.org environment. (Maybe they'll run, but they won't display any media or even web pages because of DRM)
I doubt you will find any open source applications with that restriction, and either way you can just turn it off (remember, it is open source).
Even if I hadn't read the specs, there are only two possibilities: 1) Either TCPA will prevent me from writing a modified display driver that can run normal programs, including viewers for DRM media like web pages. 2) Or TCPA is useless, and the Entertainment Technology industry wouldn't be trying to push it on is.
You haven't read them (or understood them), that much is clearly evident to almost everyone in this thread.
You can write a custom display driver if you want, but then through the magic of remote attestation, the media server will know. Perhaps some windows applications will be written to not function in this regard as well (windows media player likely will be designed this way), all the more reason not to use windows I guess, since they could technically do this without TCPA (it would just be more easily cracked).
Also, do not be so quick to discount option 2. Given the shift key defeted "CD copy protection", weak DVD DRM, and other snake oil they constantly buy into, it is clear they do not understand the issues and will toss money at anyone claiming to have a solution to piracy. TCPA in a perfect form may go further than these other weak attempts, but the devil is in the implimintation. Microsoft has not yet figured out how to make their OS keep people from getting into PCs over this new fangled internet thing they recently discovered, I doubt their attempt to keep all systems secure for video playback will be all that steller as either.
What ISP in their right mind wants to limit the range of software users can run, to reduce the cost of support requests? (A: nearly all of them)
In my experience they are getting more permissive, many even including instructions for Linux these days. Reducing support costs is simple, "We do not support that configuration, have a nice day". That is what they do today, and it does not seem to be much of a problem. Contrast that with the problems they have support their supported platforms, and all of the viruses, malware, and such that Windows/IE bring? Most of their calls are about this, not joe student having problems with his Linux box.
Yes, that's the scary part. It's also the only part that really matters, and the only reason the entertainment/technology industries are pushing Trusted Computing. If there was no remote attestation, the TC concept wouldn't even exist.
Actually it has existed for years in the form of the "security chip" that IBM has long shipped with certain models of Thinkpad. It is quite useful on it's own, and while the recent interest by the RIAA and MPAA is exclusively due to remote attestation, that is certainly not the only application. Keep in mind, all we are talking about is PKI with the public keys in tamper proof hardware, and a OS that supports this. Any use you can think of with the technology will probably be attempted.
The scary parts of atomic bombs are the blast and radiation. The rest isn't dangerous at all!
The scary parts of public key crypto are pedophiles and terrorists. BAN SSL TODAY!
Yes, I am presenting the worst-case scenario. I do this to stir the technology and entertainment consumers around the world to resist what otherwise could be an enticing change
"Buy a hot new RIAA-subsized multimedia PC for just $299, and then get 66% off all music downloads for the next two years! Just ask for the TCPA-DRM special model!"
And I am behind you 100% on that, just remember we are not fighting the technology (which history has always proven to be a comical exercise in futility), we are fighting the misuse of it. Would the world be better off if public crypto never existed simply becasue it gives the movie studios the ability to enforce the use of an approved player to get their content?
Only a combination of consumer antipathy and international fear of Microsoft's global dominance gives us a chance to avoid that fate. (And personally, I have a lot more faith in the paranoia of the Chinese government than in the strong principles of American consumers)
Damn straight, but do not rule out educational institutions as well, they would be severly crippled in this vision of the future as well.
I'm glad you have come around to stopped claiming that it enforces what you run on your PC, the real evils that TCPA opens up are much more fun and informative to discuss.
The government always has plans and bills floating around to severly curb rights, or to enforce everyone use the same technology. Since the Clipper initiative, you never really hear about them because none of them ever go anywhere. Seriously, start following the technology related bills that are introduced into legislation. Most of then never even really get out of committee. Despite the occational corporate sponsored legislation, the position of the US government has long been to not get involved AT ALL in this kind of thing, and when they do it is almost always a useless token gesture (CAN-SPAM for example) with no teeth that nobody takes seriously.
The fear that since public key cryptography is now being supported in hardware, the government will usher in a new era of draconian control over networks, IPSs, and personal computers is not only unfounded, it is without precident. They failed miserably the last time they tried to enforce something on the tech market and population (Clipper), and they actually had decent arguments backing that up. What is the argument here? Protect people from viruses? They couldn't even convince people that their rules would protect them from real evils like pedophiles, terrorists, and the like.
I'm not suggesting that we turn a blind eye to these possibilities, education and vigilance are still just as important to keep things like enforced software monoculture, drm, and technology stifiling laws in check. Most everyone has heard of Firefox and Linux and a great many people (technical or not) consider these to be good, positive things. It is easy to explain that without open standards, open access, and ability for "hobby" style developement, these things would not have come about. Failing that, it is easy to argue that this kind of restriction is incredibly anti-small business and NOBODY in government wants that label applied to them.
TCPA enables stuff like this but so does PKI, so does TCP/IP, so do computers in general. The trick is to learn to fight for the good uses of technology and against the bad uses. attacking TCPA is akin to attacking nmap because it can be used by evil hackers. In either case, the technology exists, and it is impossible to close the can of worms. You might as well outlaw PKI (the REAL enabler of DRM) while you are at it.
Finkployd
Re:Cisco's router won't let you see that thong
on
TCPA Support in Linux
·
· Score: 1
The problem is this will never fly. Universities, research institution, the general public, nobody will stand for this. Simple economics show how dumb this idea would be. You think there is any force in government that will get everyone to upgrade their PC and OS? You think that OS X (who may or may not be on board with this kind of thing), Linux, etc have not reached a point yet where they cannot be ignored? Doing something this incredibly stupid would put the US so far behind the rest of the world that it would never happen for that reason alone. Not to mention the infighting and bickering between companies each trying to make "their standard" the one true way.
If it gets this bad, I'll leave the US. Most programmers and computer professionals (including companies) will probably be with me. It would be a repeat of the Clipper Chip threat all over again.
Or I will just lease my own T1 line, those are getting cheaper and have none of the restrictions that cable and dsl are starting to come with. Speaking off, cable companies are already learning that they lose customers when they get too restrictive, which is why bandwith caps have been opening up lately. Ports are still being blocked but that is primarily because of all of the idiots running "trusted MS software" that gets owned in a couple of seconds unless patched (and even then).
I believe I have the right, codified in law, to make small exerpts of copyrighted works for critical purposes. TCPA desires to specifically remove that ability from me.
It most certainly does not. DRM desires to specifically do that. And even it doesn't DRM can (and has been) made to respect fair use laws. TCPA is a tool that can aid DRM, but so is public key cryptography, so are computers in general. Your beef with not with the tools that might be mis used, it is with those who are misusing them. I can make just as strong arguement against public key cryptography as you can about TCPA (which is just PK crypto built into hardware) on the same basis.
Not so fast. When that router can request TPM attestations from the machines behind it and report to the DHCP server whether each machine is "trust"-worthy, then what do you do?
I'll get a $50 PC, run windows on it, and use windows connection sharing to get all my other PCs across it.
Honestly, why don't you start worrying about the power company making sure I attest that anything I plug into it is signed by them, or the water company making sure I do not use homebuilt faucets? Where is anyone's motivation for this horrific vision of the future you have? What has happened or is happening that leads you to believe that this is even a remote possibility? Do you really think that in a world where most users are running Windows 98 on 5+ year old hardware, ISPs are going to suddenly require that EVERY ONE of their customers purchase new hardware and software? Not a snowball's chance in hell, my friend. For what? Why the hell do they care? I have never seen any indication that ISPs give two shits about TCPA. Content providers are the ones pushing this and you can bet that they will have these restrictions.
Besides, the window of oppertunity to do this has passed. OS X and Linux are becoming to prevelent to ignore. Firefox is certainly too prevelent to ignore. The days when you could safely count on all of your customers running MS software have passed, and I do not see that trend changing unless Longhorn is a lot more impressive than it sounds like it will be.
And if you want a routable IP address, your Internet Service Provider tells you what to tell your PC to do.
Ok, seriously, enough. Go back and read my answers to you posting this point 4 times. I have not connected a PC to an ISP in over 6 years, I connect routers to ISPs. I have not seen anywhere that router manufacturers plan to support this or that ISPS want it. The fact remains that if an ISP wanted to do something like this, they could do it today by assigning each user a private key and requiring that they authenticate with it. Also in my experience ISPs are moving toward a more permissive attitude about alternative OSes and many are pushing Firefox as the browser of choice (saves their help desk calls). It is the content providers who want to know what you are running before they release movies, music, etc to you (to ensure that you are running a media player and os that supports their DRM). Honestly, the ISPs would probably prefer you to NOT be running a OS that is trusted by the content providers since that means you might be streaming a lot of movie and audio files with their connection:)
Finkployd
Re:Getting an IP? (No, not intellectual property)
on
TCPA Support in Linux
·
· Score: 1
Heh, since you are posting this question to all of my comments I'll keep posting the answer. My kernel does not request an IP address, my router does.
Any why would they not? Where is their motivation to lock out customized kernels (if they could)?
Slashdot Mirror
People have been saying this with every storage advancement to date. I remember hearing it when I bought my first 12MB hard drive.
I would have thought by now people would learn and stop saying "why would anyone ever have a use for this, it is so much more than what we have now?".
Micorosft does not produce an operating system that cannot be easily hacked quickly after a default install with no user action required. I have seen it with XP, 2000, and 2003.
Maybe it is unlike to happen through your cable modem, but try setting on up at a major university where there are CONSTANT hack attempts taking place at all hours. Your only option is to DL the service packs and hotfixes on a patched machine and burn them to disk or put them on a USB key (or something like that) and apply them before you ever plug in the ethernet cable. Or run your install behind nat but that is usually a pain if the machine is not going to be behind nat after it is fixed (and none of them are, we are usually talking about servers here).
I was watching a win 2000 install last week that was hacked before the user had a chance to log in. The current state of Windows security is not pretty.
Finkployd
There's always been a firewall-everything mentality on the internet, or at least as long as the net has been popular.
You do know the net existed, and was popular before the late 90s. The firewall everything mentality did not surface until Microsoft "discovered" tcpip years after the rest of the world and tried to hack their single user, poorly written OS to use it.
Finkployd
Then you want a game console, they are fantastic.
Why would you want the overhead of a 32bit multitasking general PC operating system fighting for cpu and ram resources when all you want is to play a game?
Finkployd
Schwartz's rantings
Schwartz is a total moron, even the most ardent Sun fanboys I know admit that.
their fake patent grant
At least it was bigger than IBM's fake patent grant. Neither actually mean jack squat for OSS though.
their Java efforts
Actually I believe the relationship with MS came about because of their Java efforts. They used their position as the "controllers" of Java to stop MS from bundling an incompatible version of Java (embrase and extend, as it were) with Windows, and got them to stop and give Sun a ton of money. Now I am no fan of Java anyway (I do mostly C), but had Java been truely open source, nobody would be able to stop MS from doing this.
their attempt to position Solaris against Linux
Sun sells both. Their stated position is that Solaris is for more mission critical or high end uses, and Linux is more mid range. Honestly I have to agree to an extent. Linux is great, but it is not quite yet there as far as Solaris and AIX (my personal high end choice) go. However I have no doubt it someday will be.
Finkployd
female users, and penetration of the older market is up
You need only read the contents of my spam box to know this. Is Nintendo the one sending out all the milf spam lately?
Finkployd
No, I suspect that is more a result of poorly thought out policies regarding frequently forced password changes and password history checking.
Finkployd
It is called multi-factor authentication and it is used virtually everywhere that security is important. RSA SecureID tokens are a more popular for of this, usually paired with a user ID and password entry.
The more authentication factors you add, the better the security becomes (assuming you are using them properly). The trade off is that it becomes more cumbersome for the end user.
Most of your rebuttals basically say that TC won't succeed in doing what it has the ability to do because not enough people will require it.
Right, technology does not do anything by itself, people make it do stuff. This is why my compiler has not built a virus that destroys the internet, my gun has not killed anyone, my car has not run anyone down, and the atom bomb has not wiped out humanity. They all have the ability to, it is just not acceptable to use them that way.
The 'media' servers I imagine would not serve media. Only decryption keys. For music, movies, and ebooks (and copyrighted immages on the internet, and copyrightes newssites, and...just about any media that you do not have the copyright on, and maby some you do ).
Creative Commons still exists. Frankly if publishers want to DRM their stuff to hell and back, that is their option. I just won't use it. Many others will decide to do the same I imagine, this is how DIVX died. I do complain loudly when fair use is interfered with and I hate that DRM doesn't account for the expiration of copyright (of course, neither does congress these days), those battles need to be fought DRM or not.
Email. TCPA only auth email servers. Think anti-spam stuff, or FBI crap. And no signed pgp binaries. So, while you could sign it, you could not send it. Likely? we covered that already.
I do not believe it is in the best interest of even the FBI to completely cut the US off from the rest of the world. That would certainly put a strain on the old economy.
Think TCPA + great firewall of china + FBI needs to track terrorists.
Terrorists were not going to use the Clipper chip, they will not use this either. And the terrorist boogyman is not the blank check to pass laws that it once was. Despite Bush's reelection, most people I know (including conservatives) hate the patroit act and the ideas behind it. Something like you describe would be WAY over the top and would not be stood for.
Or the *AA's get the common carrier status of isp's revoked, and the isp's are required by law to prevent the latest and greatest encrypted/anonymous/p2p filesharing thing.
Scary thought, TCPA has very little to do with that, it could happen just as easily without it.
That and the fact that lots of people (like me) have only one choice for broadband, competition is hard to come by.
This should change, but it is a problem in and of itself, TCPA or not.
Remote attestation is still a good thing even if the owner controls it. It says, I have not been hacked, cracked, rooted, warzed, or internet-wormed.
Remote attestation does not exist if the owner controls it. If the owner can control it, so can the virus that just told it to assure other systems it was not hacked, cracked, rooted, etc. If we are going to do this, we might as well just drop it, that would be my ideal solution.
Personally I do not predict remote attestation ever really takes off. The P3 serial number couldn't even take off and that is nothing compared to remote attestation.
Other solutions: Copyright law needs reform. Like 20 years from the first intentional publication, no exceptions extensions or refunds.[1] And anything that dissallows fair use is inelligable for copyright protection. (they can still sell it if they want, but when someone cracks it, it is now public domain!) Bye-bye DRM'ed music and movies. Without that incentive, the chance of TCP being used for evil is much less, 'cause it is that much less widespread, and has that much less money pushing it.
Hell yeah.
Finkployd
That's a really misleading statement. PKI in hardware would be a mere "cryptography co-processor", a minor performance boost to things that can otherwise be handled in software.
/. readership these days), but I have not heard a single suggestion as to what to do about it. Do we tortch IBM HQ and hope nobody ever thinks of the idea again? Lobby congress to outlaw that specific technology, and hope they never get around to outlawing other "good" computer technology while they are at it? Organize protests? What? Seriously?
No, that is not PKI in hardware, do you even know what PKI is? Think about the "I" in that acronym for a second. What you are describing is a processor designed for specific math functions.
But TCPA is hardware enforcement of signing/"attestation", which is far different and has no plausible use except to remove control from the end-user.
Signing binaries gives more control to the end user, in that they can specify exactly what binaries to trust.
Attestation is a good "take power away from the user" argument, but that power is really only the power to falsly represent what is running. I am a huge fan of Samba, but let's face it, Samba's purpose in life is to trick a windows machine into thinking that it is talking to another Windows machine. So while I am totally against remote attestation for the reason that it kills interop (hell, it kills faking your browser string), it actually does not limit your control so much as it adds control to the other end. I'm sure a decent argument could be made that the other end is where it should be (think online games or something of that nature), but I place too high a value on interoperability to like that idea. So I am against remote attestation. Unfortunately the technology is there, so people will use it. Education of the population is probably the best recourse for this.
For that matter, I have heard a lot of arguements against TCPA (some legit, some so ignorant I have to wonder at the
All those other technologies have roughly good uses. TCPA does nothing aside from enable DRM.
TCPA existed long before DRM was ever unleased on the public, IBM has had early concepts of it in thinkpads for years now. The idea of holding a public key in hardware and having an OS that only ran binaries signed by the private key is not new, nor is it a result of DRM desires.
Others have at least tried to list off some helpful uses it could have, although upon examination all of them proved to be spurious. You haven't even tried that.
Uh huh, and those are all uses for remote attestation. I don't like that, never have. TCPA is not only remote attestation.
You say it'll be appropriate to protest TCPA when it reaches the point of harming rights. Well, since that's the only thing it can do, then that point is already here.
No, I said it would be appropriate to protest the harming of rights. I don't care what technology you use to do it. Most DRM harms fair use rights, but I don't see too many people protesting x.509.
Clearly you have not read much except for some uninformed comments on this site (and possibly others). Try actually reading the spec. Look at the Linux distribution IBM put out that supports it and see the uses it has. You might be surprised.
I suppose it is also possible you are confusing TCPA with Paladium, which many do. MS HATES TCPA because it gives the users the choice of what public keys to put in the hardware and trust.
Finkployd
You seem to be highly ignorant of the implications here, although they have been broadly discussed. Why not do a little more reading before responding again?
I've been following this topic for years, so I don't know everything but I didn't just read the TCPA specs yesterday.
They could be commercially-produced closed-source Linux apps. For example, as a rebuttal to complaints against the illegality of the DeCSS project (which allows Linux software like mplayer to view DVDs)
Illegal only under the DMCA, which I believe is where your real problem is. The math is not the problem, the hardware is not the problem, the stupid law is. Let's fight that instead of trying to shove technology worms back into a can.
No, I can't! That's the entire basis for the complaint. There might very well be an open-sourced viewer application for DRMed media on "Trusted Linux", but it will have been signed by some corporation after careful analysis.
There is no way I can turn off the DRM feature, because that above all else would red-flag the application as something that the signing authority won't approve (And of course, it would be tremendously difficult and/or expensive to submit a personally modified variant for auditing and signage)
Perhaps the solution (rather than trying to break encryption) is to just not purchase DRM media. It is not essential to life and the lack of it could very well improve your quality of life. Barring that, fight the laws that make it illegal to decrypt, not the math or the hardware that does it. That attack has not ever worked in history, and I doubt today will be any different.
Yes, and therefore I eventually won't even be able to view web pages on that system, meaning any hobbyist mods automatically cripple the box.
Firefox is getting more popular. Everyone knows how Firefox was developed. Open source is not some subervisive, unknown, secret cult anymore. It is mainstream. Putting out content that kills it is not in the best interest of web designers (well, again maybe DMCA obsessed control freaks, but are we not better off without them anyway?). The time when this kind of trickery would work has passed. Open source, firefox, linux, etc. are all too popular and mainstream to be swept away by dumb laws or bad corporate decisions. Maybe not in the US, but certainly globally. If the US content providers want to cut themselves off from the rest of the world, I don't think many would lose sleep.
You act like there will still be a platform (PCs which are general-purpose end-user programmable computers) left to run Linux on. There won't be.
You are raving, seriously. What possible evidence do you have to support such as MASSIVE and unprecidented change in the future where this could happen. I'm sure there are some nuts who have this goal, but there are also nuts who believe all cryptography should be outlawed, and all citizens should have rfid tags implanted. People will oppose this, hell computer companies will oppose this. The rest of the world will ignore it completely.
Non-treacherous computers will have a 10x cost premium, making competive CPU power cost-prohibitive
Supply and demand. Expect to see China start cranking out non-treacherous computers by the boat load. Until there is legislation enforcing TCPA computers (a totally unprecidented move), there will always be some willing to get rich by filling the void if Dell, IBM, Gateway, and everyone else decided to stop making general use PCs. And if you think this legislation is forthcoming, remember these are the same people who could not enforce the Clipper chip. And that was with the threat of massive pedophilia activity, terrorism, organised crime! What is the the boogyman enforcing DRM? piracy? please, congress cares, but not THAT much.
"The enemy has failed before. Therefore, they will always fail, and we have nothing to worry about". That's an idiotic strategy. For an exhaustive rebuttal, see "Code & Other Laws of Cyberspace" by Lessig.
That was in rebuttal to the point that TCPA must work or hollywood would never be pushing it. See "the parent post" by Finkployd.
Finkployd
The only way that this will not be a huge problem is if open source reaches critical mass and the media companies can (and some DO) make more money off the open source stuff than they can off of the DRM'ed stuff. What TC has the ability to do is to make open source irrelevant to anyone who wants to communicate with the world in any electronic way.
/.
/. do a thing like that?
The primary methods of electronic (specifically internet) communication are based on open source products. Apache is by far the most popular web server and sendmail (and I guess lump in postfix and qmail) are the most popular email servers. Nothing is going to happen to make them irrelevent, not the open source model. It is too well know, too "mainstream" and too popular to be legislated away or technically made irrelevent.
Your 'just turn the feature off' is idiotic, because it is not possible. Sure you can turn it off, and then the program stops doing what it is supposed to do - that is the whole point of TC in this application!
Don't run products that are this restrictive. Intuit found out what happened when they tried to write to the boot sector of hard drives as a copy protection method, and quickly backpeddled. Any company that releases software that doesn't work with TCPA turned off is liable to lose a HUGE section of their customer base, both those that don't like it and those that do not have hardware to support it. The biggest issue is really things like media players not playing certain files or connecting to certain streaming servers without remote attestation turned on and everything validating correctly. This issue will be dealt with by the market. If people find it too restrictive and annoying, it will fail, and other less restrictive services will take their place. I mean, do to overwhelming popularity, MS has yet to disable mp3 playing in windows media player. It happily plays those just fine even though it also does the DRM game with it's own format. I don't see TCPA being much different. Some new functionality may require it, but the old stuff should still work. And if it doesn't more people will ditch the software for stuff that does.
And the DRM^h^h^h 'media' server will refuse to give the decryption keys to any program not written that way. And without those keys there will be (if they want) nothing that works.
Yup, and I am guessing those media servers will not be very popular. We already tried this with DIVX and it failed. But hey, maybe they will be popular, I could care less personally.
You won't be able to open your M$ office files, 'cause they are encrypted.
If you choose to encrypt them. Although perhaps MS will enforce the encryption and TCPA with office, then you will see open office grow in popularity so fast it will make Firefox's newfound market share seem like nothing. You think other countries will stand for this? Even our own companies and universities disrtust MS so much that something like this could very well push them over the edge.
You won't be able to access your financial data, either online, or in your own files.
My bank (and many others it seems) are opening up from their previous "IE only" stance. Why would they go back on that and lock out customers? Actually I could see a system where the bank gives you a key to use with TCPA to communicate with them so that only you can access your data. Of course, they could do this today with SSL mutual auth and client certificates, but they don't. More's the pitty.
no posting to
Why would
no encrypting your own email with your own pgp key
How does TCPA prevent this? You might as well accuse TCPA of raping your daughter and punching your son while you are at it. Anything else we can dream up as a negative aspect of it? Does it cause cancer too?
no IP address from the ISP, (and no routing without it!)
I imagine my router will be able to get and
And that's why the technology is bad- all of the uses I can think of are wrong. There's a long list of supposed positive uses, all of which collapse as strawmen that are either fundamentally flawed, or more easily and reliably implementable without any specialized hardware.
Uh huh, bullshit. Just because YOU do not understand the positive uses does not mean they are not there.
The core of TCPA isn't the crypto, but in the tamper-proof hardware which will need to be almost universal.
The core of DRM is crypto, specifically public key crypto. Does that make pk evil?
It is not tamper proof, nor does it have to be. It needs to be able to resist SOFTWARE based tamper attempts. Actually I take that back, it does need to be tamper proof to the extent that you can not hardware it to give false postives.
the only real way it can work is government-supported prohibition of reverse engineering and hobbyist computer engineering.
That exists today without TCPA, and is certainly worth exerting our efforts to fight.
Finkployd
It doesn't have to be forced by the government. People will upgrade their PCs when their old PCs become too slow to run newer 3D video games, and these new PCs will just happen to have a TPM on them.
Video gamers are a minority, gamers who play on PCs rather than dedicated consoles are moreso. Most people want a PC that can run office, web browser, and email. Which is why less and less people are upgrading. I still see a TON of sub 1GHz machines around.
Apple Computer and vendors of major commercial GNU/Linux distros have the clout to get their kernel builds signed by major ISPs. Vendors of non-commercial distros often do not.
The Linux distro that does that will suffer MASSIVE backlash from the community that writes the software that makes them money.
Doesn't a T1 cost at least an order of magnitude more than cable or DSL? How much money do you think residential users are willing to spend on their Internet access again?
The price is dropping, I imagine it will get close enough in a few years.
Finkployd
We can't but we can fight to have it optional.
Certainly, I don't want to see a day where TCPA is required to log onto the internet, pull up a web site, or check my email. But that does not mean I do not want the technology behind it (pki) to vanish. There is such as concept as throwing out the baby with the bathwater.
Wrong. I also need to tell my applications it's OK too. And I can't do that, because the apps refuse to run except in the pristine x.org environment. (Maybe they'll run, but they won't display any media or even web pages because of DRM)
I doubt you will find any open source applications with that restriction, and either way you can just turn it off (remember, it is open source).
Even if I hadn't read the specs, there are only two possibilities:
1) Either TCPA will prevent me from writing a modified display driver that can run normal programs, including viewers for DRM media like web pages.
2) Or TCPA is useless, and the Entertainment Technology industry wouldn't be trying to push it on is.
You haven't read them (or understood them), that much is clearly evident to almost everyone in this thread.
You can write a custom display driver if you want, but then through the magic of remote attestation, the media server will know. Perhaps some windows applications will be written to not function in this regard as well (windows media player likely will be designed this way), all the more reason not to use windows I guess, since they could technically do this without TCPA (it would just be more easily cracked).
Also, do not be so quick to discount option 2. Given the shift key defeted "CD copy protection", weak DVD DRM, and other snake oil they constantly buy into, it is clear they do not understand the issues and will toss money at anyone claiming to have a solution to piracy. TCPA in a perfect form may go further than these other weak attempts, but the devil is in the implimintation. Microsoft has not yet figured out how to make their OS keep people from getting into PCs over this new fangled internet thing they recently discovered, I doubt their attempt to keep all systems secure for video playback will be all that steller as either.
Finkployd
What ISP in their right mind wants to limit the range of software users can run, to reduce the cost of support requests? (A: nearly all of them)
In my experience they are getting more permissive, many even including instructions for Linux these days. Reducing support costs is simple, "We do not support that configuration, have a nice day". That is what they do today, and it does not seem to be much of a problem. Contrast that with the problems they have support their supported platforms, and all of the viruses, malware, and such that Windows/IE bring? Most of their calls are about this, not joe student having problems with his Linux box.
Finkployd
Yes, that's the scary part. It's also the only part that really matters, and the only reason the entertainment/technology industries are pushing Trusted Computing. If there was no remote attestation, the TC concept wouldn't even exist.
Actually it has existed for years in the form of the "security chip" that IBM has long shipped with certain models of Thinkpad. It is quite useful on it's own, and while the recent interest by the RIAA and MPAA is exclusively due to remote attestation, that is certainly not the only application. Keep in mind, all we are talking about is PKI with the public keys in tamper proof hardware, and a OS that supports this. Any use you can think of with the technology will probably be attempted.
The scary parts of atomic bombs are the blast and radiation. The rest isn't dangerous at all!
The scary parts of public key crypto are pedophiles and terrorists. BAN SSL TODAY!
Yes, I am presenting the worst-case scenario. I do this to stir the technology and entertainment consumers around the world to resist what otherwise could be an enticing change
"Buy a hot new RIAA-subsized multimedia PC for just $299, and then get 66% off all music downloads for the next two years! Just ask for the TCPA-DRM special model!"
And I am behind you 100% on that, just remember we are not fighting the technology (which history has always proven to be a comical exercise in futility), we are fighting the misuse of it. Would the world be better off if public crypto never existed simply becasue it gives the movie studios the ability to enforce the use of an approved player to get their content?
Only a combination of consumer antipathy and international fear of Microsoft's global dominance gives us a chance to avoid that fate. (And personally, I have a lot more faith in the paranoia of the Chinese government than in the strong principles of American consumers)
Damn straight, but do not rule out educational institutions as well, they would be severly crippled in this vision of the future as well.
I'm glad you have come around to stopped claiming that it enforces what you run on your PC, the real evils that TCPA opens up are much more fun and informative to discuss.
Finkployd
The government always has plans and bills floating around to severly curb rights, or to enforce everyone use the same technology. Since the Clipper initiative, you never really hear about them because none of them ever go anywhere. Seriously, start following the technology related bills that are introduced into legislation. Most of then never even really get out of committee. Despite the occational corporate sponsored legislation, the position of the US government has long been to not get involved AT ALL in this kind of thing, and when they do it is almost always a useless token gesture (CAN-SPAM for example) with no teeth that nobody takes seriously.
The fear that since public key cryptography is now being supported in hardware, the government will usher in a new era of draconian control over networks, IPSs, and personal computers is not only unfounded, it is without precident. They failed miserably the last time they tried to enforce something on the tech market and population (Clipper), and they actually had decent arguments backing that up. What is the argument here? Protect people from viruses? They couldn't even convince people that their rules would protect them from real evils like pedophiles, terrorists, and the like.
I'm not suggesting that we turn a blind eye to these possibilities, education and vigilance are still just as important to keep things like enforced software monoculture, drm, and technology stifiling laws in check. Most everyone has heard of Firefox and Linux and a great many people (technical or not) consider these to be good, positive things. It is easy to explain that without open standards, open access, and ability for "hobby" style developement, these things would not have come about. Failing that, it is easy to argue that this kind of restriction is incredibly anti-small business and NOBODY in government wants that label applied to them.
TCPA enables stuff like this but so does PKI, so does TCP/IP, so do computers in general. The trick is to learn to fight for the good uses of technology and against the bad uses. attacking TCPA is akin to attacking nmap because it can be used by evil hackers. In either case, the technology exists, and it is impossible to close the can of worms. You might as well outlaw PKI (the REAL enabler of DRM) while you are at it.
Finkployd
The problem is this will never fly. Universities, research institution, the general public, nobody will stand for this. Simple economics show how dumb this idea would be. You think there is any force in government that will get everyone to upgrade their PC and OS? You think that OS X (who may or may not be on board with this kind of thing), Linux, etc have not reached a point yet where they cannot be ignored? Doing something this incredibly stupid would put the US so far behind the rest of the world that it would never happen for that reason alone. Not to mention the infighting and bickering between companies each trying to make "their standard" the one true way.
If it gets this bad, I'll leave the US. Most programmers and computer professionals (including companies) will probably be with me. It would be a repeat of the Clipper Chip threat all over again.
Or I will just lease my own T1 line, those are getting cheaper and have none of the restrictions that cable and dsl are starting to come with. Speaking off, cable companies are already learning that they lose customers when they get too restrictive, which is why bandwith caps have been opening up lately. Ports are still being blocked but that is primarily because of all of the idiots running "trusted MS software" that gets owned in a couple of seconds unless patched (and even then).
Finkployd
I believe I have the right, codified in law, to make small exerpts of copyrighted works for critical purposes. TCPA desires to specifically remove that ability from me.
It most certainly does not. DRM desires to specifically do that. And even it doesn't DRM can (and has been) made to respect fair use laws. TCPA is a tool that can aid DRM, but so is public key cryptography, so are computers in general. Your beef with not with the tools that might be mis used, it is with those who are misusing them. I can make just as strong arguement against public key cryptography as you can about TCPA (which is just PK crypto built into hardware) on the same basis.
Finkployd
HCF
I don't get it...
The opcode for Halt and Catch Fire? Is that what that is?
Finkployd
Not so fast. When that router can request TPM attestations from the machines behind it and report to the DHCP server whether each machine is "trust"-worthy, then what do you do?
I'll get a $50 PC, run windows on it, and use windows connection sharing to get all my other PCs across it.
Honestly, why don't you start worrying about the power company making sure I attest that anything I plug into it is signed by them, or the water company making sure I do not use homebuilt faucets? Where is anyone's motivation for this horrific vision of the future you have? What has happened or is happening that leads you to believe that this is even a remote possibility? Do you really think that in a world where most users are running Windows 98 on 5+ year old hardware, ISPs are going to suddenly require that EVERY ONE of their customers purchase new hardware and software? Not a snowball's chance in hell, my friend. For what? Why the hell do they care? I have never seen any indication that ISPs give two shits about TCPA. Content providers are the ones pushing this and you can bet that they will have these restrictions.
Besides, the window of oppertunity to do this has passed. OS X and Linux are becoming to prevelent to ignore. Firefox is certainly too prevelent to ignore. The days when you could safely count on all of your customers running MS software have passed, and I do not see that trend changing unless Longhorn is a lot more impressive than it sounds like it will be.
Finkployd
And if you want a routable IP address, your Internet Service Provider tells you what to tell your PC to do.
:)
Ok, seriously, enough. Go back and read my answers to you posting this point 4 times. I have not connected a PC to an ISP in over 6 years, I connect routers to ISPs. I have not seen anywhere that router manufacturers plan to support this or that ISPS want it. The fact remains that if an ISP wanted to do something like this, they could do it today by assigning each user a private key and requiring that they authenticate with it. Also in my experience ISPs are moving toward a more permissive attitude about alternative OSes and many are pushing Firefox as the browser of choice (saves their help desk calls). It is the content providers who want to know what you are running before they release movies, music, etc to you (to ensure that you are running a media player and os that supports their DRM). Honestly, the ISPs would probably prefer you to NOT be running a OS that is trusted by the content providers since that means you might be streaming a lot of movie and audio files with their connection
Finkployd
Heh, since you are posting this question to all of my comments I'll keep posting the answer. My kernel does not request an IP address, my router does.
Any why would they not? Where is their motivation to lock out customized kernels (if they could)?