You're talking about the first versions of the first gen of ZenBook. The later versions fixed the trackpad issue (and in fact, the new trackpad is arguably better than the airs). The second gens all have the improved trackpad.
It's clear that you're one of those people that think you know better than experts about security. Obviously, there's nothing I can say to educate you because you refuse to believe anything other than your own misinformed thoughts on the subject.
The TPM manufacturer does not know the key. The manufacturing process requires auditing and verification that the endorsement key generation process is secure. This is verified by an independent third party, and then verified again by an authority.
If the manufacturer kept a copy of the key, then that's a point of insecurity. If the manufacturer was compromised, it would suddenly make millions of TPM chips worthless. Governments use these chips to protect sensitive information, and they would not allow the manufacturers to destroy the integrity of the system that way.
Remote attestation is yet another tool for your own security. For instance, you could use it to verify that your server has not been compromised by an attacker. Can it be used in a bad way as well? Sure... so can any tool.
The part you keep refusing to accept is that all tools can be used for good and bad. That's no excuse not to use them for the good..
If you don't want to use software that treats you like a criminal... then here's a thought.
Don't use software that treats you like a criminal. It's that easy. Use software that gives you the power to enforce your own security. Nobody is forcing you to buy software with DRM in it. Nobody is forcing you to buy hardware that locked with DRM. If you don't buy it, it can't hurt you.
I did answer the question. Because NOBODY can know what the key is. It's a black-box secure hardware crypto processor.
Knowledge of the key, even by the owner makes it pointless. If someone can bypass it, even the owner, then it's a useless device. It's entire purpose in life is to be uncrackable (within normal means.. certainly one can forensically analyze the TPM with an electron microscope, but that's way outside the bounds of all but a few people in the world).
To put this another way, If you knew the key that would mean the manufacturer would know the key, because they would have to tell you. And that would mean any employee of the company could know the key, and the key could ten be discovered by people you don't want to know it, like an oppressive government cracking down on dissidents.
Ok, you might say.. So how about if the key could be set by you? If the key could be set, then it can be re-set. If it can be re-set, it can by bypassed, or compromised with a key someone else knows.
A TPM is secure because, and only because, nobody (not even the manufacturer) knows the endorsement key. If anyone knows it, then you've effectively destroyed the trustworthiness of the chip.
You just keep repeating the same things over and over, and think you know something. But you don't. You are just repeating what someone told you.
*NOBODY* knows what the baked in key is. It's randomly generated during the manufacturing process, and even the manufacturer of the chip doesn't know what it is. This key cannot be extracted from the chip, so Microsoft doesn't know it either.
This garbage you keep spewing about Microsoft knowing the baked in key is complete and utter rubbish.
This key is what the chip itself uses to sign the password you create. And it's why the chip doesn't allow anyone (not Microsoft, not even the manufacturer of the chip) to get at the key YOU created and put in the storage.
The whole point of the TPM is that it's a black-box hardware cryptography device. If anyone knew what the key was, then it could be bypassed. And that's why YOU can't have it either.
The TPM is designed to be an unbreakable cryptographic storage system, which keeps your computer secure from anyone other than you, the person that created the password that controls access to it's secrets.
Can a TPM be used against the owner of a device? Sure, it can. But any kind of secure hardware device can do that. Guns can kill the owner. Cars can lock out the owner. You can lock yourself out of your own home.
*ANY* kind of security can be used against the owner, that's no excuse to not have security. And if you depend on the security being crackable by yourself if that happens, then anyone else can also crack it.. so it's no security at all.
The fact is, the TPM is a tool for whoever the administrator is. If you aren't the administrator on a device you buy, then that's your fault for buying that device. Vote with you wallet and simply refuse to buy any device that uses the TPM in this way.
You are wrong. Again. You don't seem to be listening to me. YOU control the TPM, Microsoft does *NOT* take control of it. It only functions if YOU supply YOUR key to it (password, key, smartcard, etc..). Not even Microsoft can get into the TPM if you do not provide your key.
I don't know where you get these ideas from, but they're simply not true.
Oh, and I suppose that's why TrueCrypt uses a TPM if you have one, because it's so insecure. Right.
By the way, it's called an Endorsement key, not a root storage key. And the point of it is that nobody has that key, it's in the black box, and it can't be forged so someone cannot emulate it.
You know how people clone cell phones? Without this black box key, people could easily do the same. Your securely encrypted hard disk is now open to whoever has the tools to use it.
The TPM requires a key to access it. YOU control that key, either a smartcard, or password, or some other device. Without YOUR key, the computer won't boot. So please save me the BS about who controls the keys. YOU do.
You really have no idea what a TPM chip is used for. It's basically a secure storage place for crypto keys, plus hardware assisted cryptography. It's what allows a computer to have an encrypted hard drive without the user having to enter their encryption key every time they boot.
There are lots of benefits to Windows 8 that end users may or may not want.
For instance, as tablets become more prevelant, and smartphones.. they will be able to run the exact same app on their SmartPhone, Tablet, and desktop, without modification or buying a new license. If you want to do that today and have an Android Phone, iPad, and a Desktop, first you have to find an app that has been ported to all three platforms, then you need to buy a separate license for each of them.
Of course there's also the fact that Windows 8's resource usage is significantly less than Windows 7. It's faster, it's uses less memory, and it works on computers that Windows 7 had trouble running on.
This isn't even getting into the advantages of specific apps that may be Windows 8 only.
Good luck running your iTunes purchased music on your Android phone or tablet. Good luck reading iTunes purchased books or watching iTunes purchased videos.
We're talking about the same kind of "ecosphere" that apple has now. Where the phone, tablet, and PC share everything. But, unlike MacOS, Windows 8 for the desktop can use the same apps as the tablet and phone.
Many of the newer desktops are coming with touch screen displays. It probably won't be long before it's the standard.
Still, the UI in Windows 8 is designed to be Touch Friendly, not that it requires touch. It's a lot easier for a non-touch user to use a system designed for touch than the other way around. Microsoft already tried that.. numerous times. And failed. Remember Origami?
I'm sorry, I don't understand your point. WIndows 8 *DOES* seamlessly deal with the switch between UI's. In fact, you can have both the desktop and Metro apps on screen simultaneously when using Metro Snap.
Apparently, you weren't around when XP was released. Everyone was complaining about the new "Fisher Price" UI, and that device drivers were buggy and in short supply, and that their 9x apps would break on it...
The point is, growing pains are called pains for a reason. But they eventually go away.
Those "touch based quasi-PC oddities" are set to sell at least 2x (some say 10x) more devices than PC's in the coming years. Apple sold more iOS devices in 2011 alone than all the Mac's they've ever sold combined.
The fact is, touch based devices WILL be the defacto way the vast majority of users will use to access a computing device, and it just makes sense to combine all those into a single OS with a single mode of operation.
It may be mathematically possible to prove there are no bugs mathematically. But for any piece of software as complex as a general purpose OS, it's practically impossible because it would take more time than the universe has left before falling into complete entropic collapse.
Not even NASA mathematically proves code to be bug free anymore. That's why you get situations like rockets blowing up on the launch pad. Still. And probes that just don't work when they get to their destination.
Except that it's not really a buggy product. I use Windows 8 every day, and I have never encountered anything that I would attribute to a bug in the OS.
Sure, some of the drivers are still a little buggy, but those are the vendors responsibility. The same was true when Vista and 7 and XP and 2000 were released. This improves drastically in the first few months.
That's not to say Windows 8 doesn't have it's problems. Some of the functionality that was previously provided (like email) are now replaced with less mature Metro apps. Again, those apps will mature over time and we'll see third parties providing solutions as well.
Much of the "hate" of Windows 8 can be attributed to 1) not liking change 2) having to relearn a new system 3) immaturity of third party drivers and apps, and 4) misinformation spread by people (which was at least 50% of Vista's problem, not that it also didn't have real problems as well at first).
Another aspect that some people dislike is the full screen nature of Metro apps, and my hope is that MS addresses this at some point in the future.
I don't buy it. He said "I don't know why they don't do that", and if that was all he said it could very well be taken as a joke. But instead, he followed it up with "It's a real problem", which indicates he was NOT in fact joking.
I'm talking about the early years of PVCS. And yes, I too admined PVCS for a number of years in the 90's. I'm as much of a dinosaur as you are, although I try to stay modern.
The fact is, any file-based vcs can suffer from corruption because it's at the mercy of the clients. If the client crashes, if the network share it's hosted on drops, etc.. all can cause corrupted files. And some VCS's (particularly SCCS) did not contain enough metadata to recover properly if that happened.
Guess you haven't used that many source control tools then. RCS and SCCS both had various problems. PVCS and had problems as well at various points in it's life.
All these systems essentially had the exact same problem as SourceSafe. They were file based systems, rather than client/server based systems. The clients modified the files directly, and if you had multiple users modifying them at the same time, problems ensued.
In fact, CVS was an early attempt to fix RCS.
SourceSafe is a 20+ year old version control system, and it does it's job quite well, considering. But problems happen when the clients modify the files directly. A crash her or there causes files to become corrupted. Network glitches can also cause problems. God help you if you're updating over a dial-up link and it drops on you.
But, since 2005 SourceSafe has had a client/server version of the tool.. but nobody cares.. By then SVN was in common use, and TFS was first released.
The point is, the problem was not SourceSafe, but rather that it suffered from the same problems as many contemporary tools, but SourceSafe was in use for a lot longer.
I'm not sure what your point is. The CVE is merely evidence of the MINIMUM amount of time the flaw has been known by the vendor. I only gave examples of vendor acknowledge flaws, so they're valid CVE's.
I didn't go trolling the CVE database, I went trolling the vendor acknowledged security bulletin database, then used the CVE they acknowledge to back up the claim.
It seems in your rush to call me an idiot, you were looking in the mirror.
Slashdot Mirror
You're talking about the first versions of the first gen of ZenBook. The later versions fixed the trackpad issue (and in fact, the new trackpad is arguably better than the airs). The second gens all have the improved trackpad.
It's clear that you're one of those people that think you know better than experts about security. Obviously, there's nothing I can say to educate you because you refuse to believe anything other than your own misinformed thoughts on the subject.
The TPM manufacturer does not know the key. The manufacturing process requires auditing and verification that the endorsement key generation process is secure. This is verified by an independent third party, and then verified again by an authority.
If the manufacturer kept a copy of the key, then that's a point of insecurity. If the manufacturer was compromised, it would suddenly make millions of TPM chips worthless. Governments use these chips to protect sensitive information, and they would not allow the manufacturers to destroy the integrity of the system that way.
Remote attestation is yet another tool for your own security. For instance, you could use it to verify that your server has not been compromised by an attacker. Can it be used in a bad way as well? Sure... so can any tool.
The part you keep refusing to accept is that all tools can be used for good and bad. That's no excuse not to use them for the good..
If you don't want to use software that treats you like a criminal... then here's a thought.
Don't use software that treats you like a criminal. It's that easy. Use software that gives you the power to enforce your own security. Nobody is forcing you to buy software with DRM in it. Nobody is forcing you to buy hardware that locked with DRM. If you don't buy it, it can't hurt you.
I did answer the question. Because NOBODY can know what the key is. It's a black-box secure hardware crypto processor.
Knowledge of the key, even by the owner makes it pointless. If someone can bypass it, even the owner, then it's a useless device. It's entire purpose in life is to be uncrackable (within normal means.. certainly one can forensically analyze the TPM with an electron microscope, but that's way outside the bounds of all but a few people in the world).
To put this another way, If you knew the key that would mean the manufacturer would know the key, because they would have to tell you. And that would mean any employee of the company could know the key, and the key could ten be discovered by people you don't want to know it, like an oppressive government cracking down on dissidents.
Ok, you might say.. So how about if the key could be set by you? If the key could be set, then it can be re-set. If it can be re-set, it can by bypassed, or compromised with a key someone else knows.
A TPM is secure because, and only because, nobody (not even the manufacturer) knows the endorsement key. If anyone knows it, then you've effectively destroyed the trustworthiness of the chip.
You just keep repeating the same things over and over, and think you know something. But you don't. You are just repeating what someone told you.
*NOBODY* knows what the baked in key is. It's randomly generated during the manufacturing process, and even the manufacturer of the chip doesn't know what it is. This key cannot be extracted from the chip, so Microsoft doesn't know it either.
This garbage you keep spewing about Microsoft knowing the baked in key is complete and utter rubbish.
This key is what the chip itself uses to sign the password you create. And it's why the chip doesn't allow anyone (not Microsoft, not even the manufacturer of the chip) to get at the key YOU created and put in the storage.
The whole point of the TPM is that it's a black-box hardware cryptography device. If anyone knew what the key was, then it could be bypassed. And that's why YOU can't have it either.
The TPM is designed to be an unbreakable cryptographic storage system, which keeps your computer secure from anyone other than you, the person that created the password that controls access to it's secrets.
Can a TPM be used against the owner of a device? Sure, it can. But any kind of secure hardware device can do that. Guns can kill the owner. Cars can lock out the owner. You can lock yourself out of your own home.
*ANY* kind of security can be used against the owner, that's no excuse to not have security. And if you depend on the security being crackable by yourself if that happens, then anyone else can also crack it.. so it's no security at all.
The fact is, the TPM is a tool for whoever the administrator is. If you aren't the administrator on a device you buy, then that's your fault for buying that device. Vote with you wallet and simply refuse to buy any device that uses the TPM in this way.
Really? So you're saying it's been less than 10 years since the last time Microsoft removed the start menu?
You're saying it's been less than 10 years since the last time Microsoft created a whole new subsystem for new app development?
You're saying it's been less than 10 years since the last time Microsoft attempted to unify Tablet, Phone and Desktop OS's?
Almost everything MS is doing that people are complaining about are things they have NEVER done before.
You are wrong. Again. You don't seem to be listening to me. YOU control the TPM, Microsoft does *NOT* take control of it. It only functions if YOU supply YOUR key to it (password, key, smartcard, etc..). Not even Microsoft can get into the TPM if you do not provide your key.
I don't know where you get these ideas from, but they're simply not true.
Oh, and I suppose that's why TrueCrypt uses a TPM if you have one, because it's so insecure. Right.
By the way, it's called an Endorsement key, not a root storage key. And the point of it is that nobody has that key, it's in the black box, and it can't be forged so someone cannot emulate it.
You know how people clone cell phones? Without this black box key, people could easily do the same. Your securely encrypted hard disk is now open to whoever has the tools to use it.
The TPM requires a key to access it. YOU control that key, either a smartcard, or password, or some other device. Without YOUR key, the computer won't boot. So please save me the BS about who controls the keys. YOU do.
You really have no idea what a TPM chip is used for. It's basically a secure storage place for crypto keys, plus hardware assisted cryptography. It's what allows a computer to have an encrypted hard drive without the user having to enter their encryption key every time they boot.
Barack Obama? Obviously, you're a Fox viewer ;)
There are lots of benefits to Windows 8 that end users may or may not want.
For instance, as tablets become more prevelant, and smartphones.. they will be able to run the exact same app on their SmartPhone, Tablet, and desktop, without modification or buying a new license. If you want to do that today and have an Android Phone, iPad, and a Desktop, first you have to find an app that has been ported to all three platforms, then you need to buy a separate license for each of them.
Of course there's also the fact that Windows 8's resource usage is significantly less than Windows 7. It's faster, it's uses less memory, and it works on computers that Windows 7 had trouble running on.
This isn't even getting into the advantages of specific apps that may be Windows 8 only.
Good luck running your iTunes purchased music on your Android phone or tablet. Good luck reading iTunes purchased books or watching iTunes purchased videos.
We're talking about the same kind of "ecosphere" that apple has now. Where the phone, tablet, and PC share everything. But, unlike MacOS, Windows 8 for the desktop can use the same apps as the tablet and phone.
Many of the newer desktops are coming with touch screen displays. It probably won't be long before it's the standard.
Still, the UI in Windows 8 is designed to be Touch Friendly, not that it requires touch. It's a lot easier for a non-touch user to use a system designed for touch than the other way around. Microsoft already tried that.. numerous times. And failed. Remember Origami?
That doesn't change the fact that Microsoft is not responsible for vendors drivers. They can only be responsible for drivers they include.
FYI, you can close Metro apps by moving the mouse to the top of the screen, "grabbing" the app and dragging it down to the bottom.
Poof.
I'm sorry, I don't understand your point. WIndows 8 *DOES* seamlessly deal with the switch between UI's. In fact, you can have both the desktop and Metro apps on screen simultaneously when using Metro Snap.
Apparently, you weren't around when XP was released. Everyone was complaining about the new "Fisher Price" UI, and that device drivers were buggy and in short supply, and that their 9x apps would break on it...
The point is, growing pains are called pains for a reason. But they eventually go away.
Those "touch based quasi-PC oddities" are set to sell at least 2x (some say 10x) more devices than PC's in the coming years. Apple sold more iOS devices in 2011 alone than all the Mac's they've ever sold combined.
The fact is, touch based devices WILL be the defacto way the vast majority of users will use to access a computing device, and it just makes sense to combine all those into a single OS with a single mode of operation.
It may be mathematically possible to prove there are no bugs mathematically. But for any piece of software as complex as a general purpose OS, it's practically impossible because it would take more time than the universe has left before falling into complete entropic collapse.
Not even NASA mathematically proves code to be bug free anymore. That's why you get situations like rockets blowing up on the launch pad. Still. And probes that just don't work when they get to their destination.
Except that it's not really a buggy product. I use Windows 8 every day, and I have never encountered anything that I would attribute to a bug in the OS.
Sure, some of the drivers are still a little buggy, but those are the vendors responsibility. The same was true when Vista and 7 and XP and 2000 were released. This improves drastically in the first few months.
That's not to say Windows 8 doesn't have it's problems. Some of the functionality that was previously provided (like email) are now replaced with less mature Metro apps. Again, those apps will mature over time and we'll see third parties providing solutions as well.
Much of the "hate" of Windows 8 can be attributed to 1) not liking change 2) having to relearn a new system 3) immaturity of third party drivers and apps, and 4) misinformation spread by people (which was at least 50% of Vista's problem, not that it also didn't have real problems as well at first).
Another aspect that some people dislike is the full screen nature of Metro apps, and my hope is that MS addresses this at some point in the future.
I don't buy it. He said "I don't know why they don't do that", and if that was all he said it could very well be taken as a joke. But instead, he followed it up with "It's a real problem", which indicates he was NOT in fact joking.
I'm talking about the early years of PVCS. And yes, I too admined PVCS for a number of years in the 90's. I'm as much of a dinosaur as you are, although I try to stay modern.
The fact is, any file-based vcs can suffer from corruption because it's at the mercy of the clients. If the client crashes, if the network share it's hosted on drops, etc.. all can cause corrupted files. And some VCS's (particularly SCCS) did not contain enough metadata to recover properly if that happened.
Wikipedia has a very good description and definition of Revision Control.
However, I just typically explain it like this: It's like Apple's Time Machine for source code.
Guess you haven't used that many source control tools then. RCS and SCCS both had various problems. PVCS and had problems as well at various points in it's life.
All these systems essentially had the exact same problem as SourceSafe. They were file based systems, rather than client/server based systems. The clients modified the files directly, and if you had multiple users modifying them at the same time, problems ensued.
In fact, CVS was an early attempt to fix RCS.
SourceSafe is a 20+ year old version control system, and it does it's job quite well, considering. But problems happen when the clients modify the files directly. A crash her or there causes files to become corrupted. Network glitches can also cause problems. God help you if you're updating over a dial-up link and it drops on you.
But, since 2005 SourceSafe has had a client/server version of the tool.. but nobody cares.. By then SVN was in common use, and TFS was first released.
The point is, the problem was not SourceSafe, but rather that it suffered from the same problems as many contemporary tools, but SourceSafe was in use for a lot longer.
I'm not sure what your point is. The CVE is merely evidence of the MINIMUM amount of time the flaw has been known by the vendor. I only gave examples of vendor acknowledge flaws, so they're valid CVE's.
I didn't go trolling the CVE database, I went trolling the vendor acknowledged security bulletin database, then used the CVE they acknowledge to back up the claim.
It seems in your rush to call me an idiot, you were looking in the mirror.
I'm aware of such people. But my point still stands. Just because YOU don't think you like it anymore, doesn't mean the computers life is over.
Nice of you to quote that part, but leave off the part that answers the question you're asking. That's seriously fucked up, dude.
Do it yourself. I told you how to prove it. It's very easy.