This is a good point, but what incentive do they have to do this? What ISP in their right mind wants to force users to use IE (and deal with all the support calls that are spyware related?) and not Firefox? Most ISPs take the position that other OSs are not supported, but they don't care if you use them, just don't call asking for help. Some even provide instructions for Linux and OSX despite not being technically supported. I don't see ISPs doing anything like this.
That's excellent exept... I don't want anyone to know what I have on my computer
No problem, just turn it off. However, be aware that some people (think MPAA and RIAA) will refuse to allow your media client to connect to their (promised but thus far fictional) media delivery services unless you let TCPA attest that you are running a trusted media client (wmp) on a trusted OS (windows).
Finkployd
Re:How would trusted code development work?
on
TCPA Support in Linux
·
· Score: 2, Interesting
Answer: Nobody said anything about a central authority. You can tell TCPA to trust any private key you want, just like any public key system, you just need the public key. You can create a keypair yourself and tell the system to trust anything signed by it (which is pretty much the only way I can see gentoo users doing it).
The problem comes in when we start talking about remote attestation. How can I tell every service I connect to to trust software signed by my personal private key. That will never scale.
Not to mention that you can expect RIAA and MPAA services to only trust client software signed by MS or other trusted parties.
No. I want do be able to reprogram my computer to do new and creative things from my own imagination.
Feel free to, however when you begin interacting with other software on other computers across the network, be advised that they may use remote attestation to enforse that only clients (or servers) they trust will communicate with them. This does not impact your rights in anyway (unless you believe you have a right to control how someone else configures their software).
Like any other technology, there are good and bad uses of it. Hardware based public key cryptography (which is all this is) exists, and those worms are not going back in the can. We might as well use it for what it is good for, and fight the uses which are not in the best interests of the customer.
The fundamental truth is that if TCPA becomes mainstrean, the ability of amateur programmers to modify the software running on their desktop computers will be greatly reduced. If I modify X.org to display windows in a translucent sphere, my web browsers will no longer run because my display system isn't "Trusted" anymore.
The fundamental truth is that you lack the understanding of any of this, despite several people trying to explain it to you. Let's try one more time since you seem to be averse to actually reading any of the specs to have an idea of what you are talking about.
Let's take your above scenerio. x.org signs a binary and ships it to you. They also ship their public key (which you then import into your hardware). Yes, if you change the binary it will not run because the signature is broken. Solution: sign it yourself with a key you generate and put that public key into your hardware.
Now let's talk about software "lying". If I have a client that wants to connect to your x.org server and I tell it to only connect to a server that has been signed by x.org, it will not work if you changed it and signed it by yourself. This a called "remote attestation". The solution to this is that I have to get your public key from you and tell my hardware that stuff signed by it is ok.
If you want to get your panties in an uproar about something, pick this issue, since unlike your other rantings it has some basis in the reality of how this stuff works. I fear a future where some websites will only work if you are using a microsoft signed browser, which is a legit concern of this technology. I do not fear a future where I can only run binaries signed by microsoft because (1) tcpa does not work this way and (2) if it were ever modified to, the countries that actually make the hardware would never go for it and neither would everyone who is not microsoft. Cisco will not even pay microsoft to sign their VPN client drivers, do you think they will accept a situation where their software will not even run without getting MS to sign it? IBM? every forign government? Nobody is going to go for that, that is why nobody has ever proposed it.
Completely wrong. The owners of machines don't get the keys needed to sign things for their own hardware. Only the builders of the hardware have those keys, and they are contractually obligated by agreements to the MPAA and RIAA not to divulge those keys to anyone (except employees in the course of their work).
Wow, you just don't have a single clue about any of this do you? You can pop whatever keys you want into the hardware. If you want to create a system where only binaries signed by you can run, go for it. If you only want to run binaries signed by debian, redhat, or joe blow down the street, you can do that too. You can also turn off this checking and allow anything to run.
The scary part of this is the remote attestation piece. THIS is what the riaa and mpaa want. It basically allows streaming media servers and media files to only be opened by programs signed (and verified by the hardware) by those they trust, like microsoft. A scary vision of this is that windows file sharing could disallow samba clients to connect to it even if the open the protocol, because samba was not signed by Microsoft.
If the owners of the hardware were going to be the ones having the keys needed to run on that hardware, then I wouldn't have any problem with it.
You are not going to get Microsoft's signing key and be able to sign your binaries as them, but you will certainly get their public key to verify their binaries and put that in your hardware. You can also generate your own key to sign with and put that public key in the hardware too.
Do you honestly believe that anyone, anywhere would ever go for a system where all software running on Windows has to be signed by microsoft? They couldn't even do that with signing device drivers and such (although they tried, all it does is warn you). You think microsoft is going to stop selling visual studio and all their programming tools because nobody but them can create and sign binaries? Now take this a step further, do you think overseas PC makers are going to sell PCs that can only run windows? Even US companies would never do that.
Good God man, actually take some time and learn about this stuff before you spout uninformed drivel everywhere. There are some real legit complaints about TCPA, but you seem to not understand the most basic aspects of it.
Whatever happened to the user having full control over a piece of hardware they plunked down hard earned cash on?!
Ummm, you do. You can plug in any private key you want into it and tell it to only run binaries you signed with that private key (include say, debian's private key, redhat's private key, or your own). What about TCPA leads you to believe otherwise?
As usual with slashdot, you hold strong opinions regarding tcpa with absolutely no idea what it is.
Tcpa lets you tell your machine to only run binaries signed by Microsoft. You can also tell it to only run binaries signed by IBM. Or you can tell it to only run binaries signed by debian. Or yourself. Or any combination. You tell it what you want it to do in this regard.
The only valid argument against it is the remote atestation issue, which (using digital signatures) can attest the identity of a client over the network. Think windows file sharing refusing to work with a Samba client, even if they open the protocol, because the samba client was not signed by Microsoft. Or worse, IIS only allowing IE to connect to it. Or most likely, a streaming media server only allowing windows media player.
Course, this has good and bad aspects as well. The technology exists, it has useful purposes, you cannot put the genie back in the bottle. If people use remote atestation irresponsibly as in the above scenerios, then it is not a technology problem, it is a people problem and should be dealt with accordingly. TCPA is just a logical next step to take with public key.
If it slows other people down in a game, or stops traffic at an important intersection so much the better.
Whereas I support the concept of running people down who feel that their whiny crusade is more important than anything else and feel it is their right to stop traffic;) Here is a hint, if you have to annoy other people to raise awareness for your cause then either your cause sucks or your communication skills suck. Either way you will not be recuriting fighters for the cause by pissing people off.
Actually most of the people I know who switched to OSX are hard core Linux/Unix users.
Better power management for laptops (Linux's power management is still a sad joke), a unix OS with a nice consistent GUI AND the ability to run X11 apps, and a larger selection of quality commercial software available (if or your workplace are in to that kind of thing) are all pretty good reasons to consider the switch.
I still have a Linux desktop but I will probably never go back to a Lintel laptop.
Finkployd
And thus another arms race begins
on
RSS and Weblog Ads?
·
· Score: 3, Interesting
So we start again. Next come the RSS readers that do not display the ads, then come the ads that try to get around this, etc.
What people always fail to understand is that RSS and the Web are pull technologies. My browser requests what I tell it to and displays what I want to see. If I configure it to not request images that I do not want to see, or to not pop up windows when javascript requests this, that is my business. This is not "push" where your server tells my browser what to display, my browser asks your server for specific files and if you return them to me, I am free to interpret (render) them any way I want.
Please plan your business models accordingly. If you refuse to accept this archetecture, consider delivering content on a different medium.
IBM just got outdone on their 500 patent release. Let's see them come back with 5,000! Come on, it can be a Sun/IBM "who can give away the most patents to open source" war:)
_My_ tax dollars go into those research coffers and it makes me _really_ angry that they can't be used for this research to better the survival chances of our species because of some phony pseudo-morality political pandering.
I actually get more angry that our tax dollars go to support medical research that is then patented and sold back to us a insane rates.
I wish people would top being "technically correct" and discuss the real issue at hand . . stem cell research outside of the current lines of embyronic stem cells. was seriously hindered by the actions of this government
Are you under the impression that the federal government EVER funded embryotic stem cell research? It didn't.
I don't know, the issue deals (in a remote and indirect way) with firearms, the ACLU might want nothing to do with it. They are quite selective about the aspects of the bill of rights they support.
It is not often that I read a position paper in which I am nearly 100% in opposition to every idea expressed.
One of my professional pet peeves is people who feel it is better to identify a problem, then keep redefining the problem until it matches a prepackaged solution. The "if all you have is a hammer" syndrome at its worst.
They are not fighting hard enough. They have huge resources. Trust me, what you've seen is either lazyness or they are holding back for a reason.
My question still is not answered, what are they not doing that they would be doing if they were "serious"?
Finkployd
Re:"threat" to MS?
on
Linux, Inc.
·
· Score: 2, Informative
They are very capable of squashing serious deployment of Linux out there, and putting it back to the realm of hobbiest-only.
And how do you propose they would do that? If they were capable of this and not doing it, they would be held to the fire by their stock holders for not exercising due dilligence with regard to competition.
But for now...they're letting us get any gains we have.
Are you suggesting that they are NOT actively fighting Linux adoption in forign governments, domestic corporations, and domestic Universities? Have you been following any of the news related to this in recent years?
Slashdot Mirror
But will your ISP's DHCP server trust that public key and give you a routable IP address?
You mean will they trust my router, and the answer there is yes since they sold it to me (well, not true but they do sell the same model).
This is a good point, but what incentive do they have to do this? What ISP in their right mind wants to force users to use IE (and deal with all the support calls that are spyware related?) and not Firefox? Most ISPs take the position that other OSs are not supported, but they don't care if you use them, just don't call asking for help. Some even provide instructions for Linux and OSX despite not being technically supported. I don't see ISPs doing anything like this.
Content providers on the other hand....
That's excellent exept... I don't want anyone to know what I have on my computer
No problem, just turn it off. However, be aware that some people (think MPAA and RIAA) will refuse to allow your media client to connect to their (promised but thus far fictional) media delivery services unless you let TCPA attest that you are running a trusted media client (wmp) on a trusted OS (windows).
Finkployd
Answer: Nobody said anything about a central authority. You can tell TCPA to trust any private key you want, just like any public key system, you just need the public key. You can create a keypair yourself and tell the system to trust anything signed by it (which is pretty much the only way I can see gentoo users doing it).
The problem comes in when we start talking about remote attestation. How can I tell every service I connect to to trust software signed by my personal private key. That will never scale.
Not to mention that you can expect RIAA and MPAA services to only trust client software signed by MS or other trusted parties.
Finkployd
No. I want do be able to reprogram my computer to do new and creative things from my own imagination.
Feel free to, however when you begin interacting with other software on other computers across the network, be advised that they may use remote attestation to enforse that only clients (or servers) they trust will communicate with them. This does not impact your rights in anyway (unless you believe you have a right to control how someone else configures their software).
Finkployd
Like any other technology, there are good and bad uses of it. Hardware based public key cryptography (which is all this is) exists, and those worms are not going back in the can. We might as well use it for what it is good for, and fight the uses which are not in the best interests of the customer.
Finkployd
The fundamental truth is that if TCPA becomes mainstrean, the ability of amateur programmers to modify the software running on their desktop computers will be greatly reduced. If I modify X.org to display windows in a translucent sphere, my web browsers will no longer run because my display system isn't "Trusted" anymore.
The fundamental truth is that you lack the understanding of any of this, despite several people trying to explain it to you. Let's try one more time since you seem to be averse to actually reading any of the specs to have an idea of what you are talking about.
Let's take your above scenerio. x.org signs a binary and ships it to you. They also ship their public key (which you then import into your hardware). Yes, if you change the binary it will not run because the signature is broken. Solution: sign it yourself with a key you generate and put that public key into your hardware.
Now let's talk about software "lying". If I have a client that wants to connect to your x.org server and I tell it to only connect to a server that has been signed by x.org, it will not work if you changed it and signed it by yourself. This a called "remote attestation". The solution to this is that I have to get your public key from you and tell my hardware that stuff signed by it is ok.
If you want to get your panties in an uproar about something, pick this issue, since unlike your other rantings it has some basis in the reality of how this stuff works. I fear a future where some websites will only work if you are using a microsoft signed browser, which is a legit concern of this technology. I do not fear a future where I can only run binaries signed by microsoft because (1) tcpa does not work this way and (2) if it were ever modified to, the countries that actually make the hardware would never go for it and neither would everyone who is not microsoft. Cisco will not even pay microsoft to sign their VPN client drivers, do you think they will accept a situation where their software will not even run without getting MS to sign it? IBM? every forign government? Nobody is going to go for that, that is why nobody has ever proposed it.
Finkployd
You must be heavily against public key cryptography as well, following this reasoning.
Finkployd
Completely wrong. The owners of machines don't get the keys needed to sign things for their own hardware. Only the builders of the hardware have those keys, and they are contractually obligated by agreements to the MPAA and RIAA not to divulge those keys to anyone (except employees in the course of their work).
Wow, you just don't have a single clue about any of this do you? You can pop whatever keys you want into the hardware. If you want to create a system where only binaries signed by you can run, go for it. If you only want to run binaries signed by debian, redhat, or joe blow down the street, you can do that too. You can also turn off this checking and allow anything to run.
The scary part of this is the remote attestation piece. THIS is what the riaa and mpaa want. It basically allows streaming media servers and media files to only be opened by programs signed (and verified by the hardware) by those they trust, like microsoft. A scary vision of this is that windows file sharing could disallow samba clients to connect to it even if the open the protocol, because samba was not signed by Microsoft.
If the owners of the hardware were going to be the ones having the keys needed to run on that hardware, then I wouldn't have any problem with it.
You are not going to get Microsoft's signing key and be able to sign your binaries as them, but you will certainly get their public key to verify their binaries and put that in your hardware. You can also generate your own key to sign with and put that public key in the hardware too.
Do you honestly believe that anyone, anywhere would ever go for a system where all software running on Windows has to be signed by microsoft? They couldn't even do that with signing device drivers and such (although they tried, all it does is warn you). You think microsoft is going to stop selling visual studio and all their programming tools because nobody but them can create and sign binaries? Now take this a step further, do you think overseas PC makers are going to sell PCs that can only run windows? Even US companies would never do that.
Good God man, actually take some time and learn about this stuff before you spout uninformed drivel everywhere. There are some real legit complaints about TCPA, but you seem to not understand the most basic aspects of it.
Finkployd
So how do you propose we put hardware based public key cryptography back in the box?
Finkployd
Whatever happened to the user having full control over a piece of hardware they plunked down hard earned cash on?!
Ummm, you do. You can plug in any private key you want into it and tell it to only run binaries you signed with that private key (include say, debian's private key, redhat's private key, or your own). What about TCPA leads you to believe otherwise?
As usual with slashdot, you hold strong opinions regarding tcpa with absolutely no idea what it is.
Tcpa lets you tell your machine to only run binaries signed by Microsoft. You can also tell it to only run binaries signed by IBM. Or you can tell it to only run binaries signed by debian. Or yourself. Or any combination. You tell it what you want it to do in this regard.
The only valid argument against it is the remote atestation issue, which (using digital signatures) can attest the identity of a client over the network. Think windows file sharing refusing to work with a Samba client, even if they open the protocol, because the samba client was not signed by Microsoft. Or worse, IIS only allowing IE to connect to it. Or most likely, a streaming media server only allowing windows media player.
Course, this has good and bad aspects as well. The technology exists, it has useful purposes, you cannot put the genie back in the bottle. If people use remote atestation irresponsibly as in the above scenerios, then it is not a technology problem, it is a people problem and should be dealt with accordingly. TCPA is just a logical next step to take with public key.
Finkployd
If it slows other people down in a game, or stops traffic at an important intersection so much the better.
;)
Whereas I support the concept of running people down who feel that their whiny crusade is more important than anything else and feel it is their right to stop traffic
Here is a hint, if you have to annoy other people to raise awareness for your cause then either your cause sucks or your communication skills suck. Either way you will not be recuriting fighters for the cause by pissing people off.
Finkployd
Actually most of the people I know who switched to OSX are hard core Linux/Unix users.
Better power management for laptops (Linux's power management is still a sad joke), a unix OS with a nice consistent GUI AND the ability to run X11 apps, and a larger selection of quality commercial software available (if or your workplace are in to that kind of thing) are all pretty good reasons to consider the switch.
I still have a Linux desktop but I will probably never go back to a Lintel laptop.
Finkployd
So we start again. Next come the RSS readers that do not display the ads, then come the ads that try to get around this, etc.
What people always fail to understand is that RSS and the Web are pull technologies. My browser requests what I tell it to and displays what I want to see. If I configure it to not request images that I do not want to see, or to not pop up windows when javascript requests this, that is my business. This is not "push" where your server tells my browser what to display, my browser asks your server for specific files and if you return them to me, I am free to interpret (render) them any way I want.
Please plan your business models accordingly. If you refuse to accept this archetecture, consider delivering content on a different medium.
Finkployd
If you want to stay clean for Linux, I would not even read about OpenSolaris.
And your rational for this would be?
Finkployd
It's only an expression, you should really just relax :)
Finkployd
Part of this release is the opening of more than 1,600 patents to the open source community.
:)
link
IBM just got outdone on their 500 patent release. Let's see them come back with 5,000! Come on, it can be a Sun/IBM "who can give away the most patents to open source" war
Finkployd
_My_ tax dollars go into those research coffers and it makes me _really_ angry that they can't be used for this research to better the survival chances of our species because of some phony pseudo-morality political pandering.
I actually get more angry that our tax dollars go to support medical research that is then patented and sold back to us a insane rates.
I wish people would top being "technically correct" and discuss the real issue at hand . . stem cell research outside of the current lines of embyronic stem cells. was seriously hindered by the actions of this government
Are you under the impression that the federal government EVER funded embryotic stem cell research? It didn't.
Finkployd
Finkployd
I don't know, the issue deals (in a remote and indirect way) with firearms, the ACLU might want nothing to do with it. They are quite selective about the aspects of the bill of rights they support.
Finkployd
How much of a geek genius does it take to do this
Slightly more than it takes to whine about it.
Finkployd
It is not often that I read a position paper in which I am nearly 100% in opposition to every idea expressed.
One of my professional pet peeves is people who feel it is better to identify a problem, then keep redefining the problem until it matches a prepackaged solution. The "if all you have is a hammer" syndrome at its worst.
Finkployd
It is a long read, but this is probably the best explination of the issue (focus on technical aspects) that I have found.
Finkployd
They are not fighting hard enough. They have huge resources. Trust me, what you've seen is either lazyness or they are holding back for a reason.
My question still is not answered, what are they not doing that they would be doing if they were "serious"?
Finkployd
They are very capable of squashing serious deployment of Linux out there, and putting it back to the realm of hobbiest-only.
And how do you propose they would do that? If they were capable of this and not doing it, they would be held to the fire by their stock holders for not exercising due dilligence with regard to competition.
But for now...they're letting us get any gains we have.
Are you suggesting that they are NOT actively fighting Linux adoption in forign governments, domestic corporations, and domestic Universities? Have you been following any of the news related to this in recent years?
Finkployd