We don't seem to generally complain too much when government processes require the use of a telephone. Or postal mail. Both of which cost you money. Both of which seem to be reasonable ways of conducting business with anyone including the government.
I don't have a problem with the government conducting business on the Internet, as long as it doesn't require Windows. The government doesn't require you to use a particular brand of envelopes or paper or pen for snail mail, you are not required to use certian brands of equipment or service to use the telephone to interact with the government, thus you should not be required to use certian brands of computer, or OS.
so they could make a system to identify a video by general characteristics (obviously a digest-hash would not be appropriate across formats, but I'm sure there are other ways of doing it).
Suppose you had some kind of "hash" function which was loosly (note two oh's) based on the color of subdivided portions of an image. You then have a sequence of hashes that represents a video. Search your database index for a similar sequence of image hashes.
Now suppose you could create a hash of, say, five seconds of action which represents what colors are in the starting image, and how they change in the same area. You compute such a five second hash every one second. Now search your index for any other matching five second clip.
Of course, all this is based on some kind of way to meaningfully represent, compactly, a hash of an image or short animation.
What if one image has a "CBS" bug in the corner, but another one has an "ABC" bug?
Google is the Search King.
I believe you are mistaken. Search King was an outfit, I believe in Oklahoma, whose business was premised on gaming Google's page rank. Google sued Search King and won. I do not believe that Google acquired Search King.
If it *is* someone's job to look through some statistical sampling of videos when uploaded, to be sure that their content is
not obviously copyright infringing
representative of the meta-data that describes it
then will Google have to hire people to examine each category of uploaded video? Will they need to run strange billboard ads for pr0n inspectors, similar to their ad campaigns to find geeks? Or perhaps the geeks are already uniquely and highly qualified as pr0n inspectors?
Could modules of a lunar base each be constructed like a thermos bottle? A base would be a maze of interconnected bottles. Each module the same: four walls, four doors.
You are in a twisty little maze of lunar modules, all alike.
On a slightly different, but related thought.... can't the government establish a new government office so that US Citizens can start filing claims of ownership on parts of the moon? Claims could be evaluated in a manner similar to how patent examination is presently done.
If we can have a Patent and Copyright gold rush, then why not a Lunar gold rush? Any US Citizen could claim part of the moon*.
Displaying a secret number as a graphic is an attempt at security through obscurity.
Using that argument, a password is an attempt at security through obscurity.
The term "security through obscurity" as commonly understood (and defined in Applied Cryptography) means this. Security should not depend on keeping the algorithm secret. Only the key must be kept secret.
I would further add, that keeping the algorithm secret doesn't make things any less secure. It's just that you don't depend on the secrecy of the algorithm as your basis of security. I'm sure that the NSA has secret crypto algorithms. Why is this? Because the NSA believes in security through obscurity? I think not.
I strongly disagree that displaying a secret number is security through obscurity. Or else, you simply have a different definition of the term.
You hope that the trojan won't be clever enough to work out the number from what's sent by the server
I do hope that, yes. But it is a reasonable hope, for the moment. A software development effort that could recognize obscured graphic digits would be impressive indeed.
It really isn't suitable for online banking unless you have great confidence that no programmer could write something to OCR your graphic or read your spinning digits or solve your jigsaw puzzle or whatever.
It is only a small part of what I proposed. The important part is that the bank calls you, and you must enter the code via. your phone -- a completely different network.
The only point I'm making is that (in practice as well as in theory) it's impossible to keep any shared secret between the bank and the user if the way you communicate it is _only_ through a compromised PC. If the PC displays something so that the user can read it, then the trojan can read it too. Maybe not trivially but certainly with a little programming effort.
I take your point, and it is a good point to make.
In this thread, or another one, I had also proposed something like a "key frob" but that is a simple java midlet in your mobile phone. All phones nowdays can run have custom java midlets installed -- even the cheapo ones they give away with service activation.
A custom app in your phone, communicating with the bank via. a compromised PC, can still manage to correctly verify your identity. The secret is not communicated. The secret is in two places (1) the bank server, (2) your mobile phone java midlet. The only information communicated is a frob-generated key based on the current time, or some kind of challenge/response that you punch into the phone, and then take its response and re-key it back (or over the phone network). Also, a java midlet can directly communicate over the Internet directly from the phone.
your challenge still only proves that the contents of the 'good' CD are available, not that they're running. The trojan could send network requests to a third server run by the attacker,
An excellent point.
I do not think that there is any way you can compensate for the user's PC running trojaned software. If someone else is in control of the computer that the user is typing at, that's it, game over.
The question we're really dancing around here is can the bank "trust" the code on the user's PC.
I will give up online banking before I will accept trusted computing.
Also, banks may be able to achieve a reasonable level of security by using combinations of techniques we've discussed -- but short of requiring trusted computing.
It would be important for customers to be able to trust that the CD they got in the mail actually came from the bank. There may be some ways to solve this problem. Maybe requiring some kind of "activation" procedure. That CD you get in the mail has a sticker on it. The user must call a troll-free number to "activate" the CD. In so doing, the user enters a n
If a number is displayed in the browser window then it can be read by the trojan software.
It could be displayed as a graphic, or even a flash animation of spinning, but then settling down 3D rendered digits.
But still, the fact that the trojan can't read your mobile phone keystrokes is irrelevant if you're typing in something that is plainly displayed on screen anyway. You'd get the same level of security by asking the customer to type today's date into the mobile phone.
I must be missing your point.
if the PC is trojaned then the game is lost. For example if you log in successfully and then ask to transfer $100 to account X, the trojan can alter the outgoing message to send the money to account Y instead.
I get that point, and it is an excellent point. Even on a trojaned CD, the trojan might not interfere with the login process -- just wait until you complete it.
I suppose the CD could be designed so that the bank sends down some executable code, which then answers a selected checksum of the CD-ROM. For instance, the CD must download an executable that is dynamically generated by the bank. That executable does a checksum of some portion of the CD, such as sectors 3482783 thru 5686874, and then report back the MD5 sum. Every time, a different executable comes down. It might use a different technique to checksum, or a modified checksum routine, or a different standard routine such as SHA2. The only way that the trojan can be sure to successfully produce the right result of the EXE to pass back to the server, is to have all of the bytes of the genuine CD available. Even if the CD's software, kernel, userspace and browser takes up, say, 100 MB, the CD needs to be filled to capacity with random data so that the checksum of the CD could always be of the software and some of the random data. That way, you must have the entire original CD available for checksumming.
I agree with you that it's better to keep freedom even at the cost of some loss of security
I'd rather keep both my freedom AND security, and give up some convenience.
I don't understand how your solution defends against someone sending out a fake banking CD that has trojans on it. Such a CD could still connect to the bank's server as normal and do everything the real one would, while at the same time logging the user's keystrokes and sending them via UDP packets to Kazakhstan or Kentucky or wherever.
Re-read my suggestion. The trojan CD, even if it connects to the real bank, cannot log the keystrokes you type into your mobile phone. You read a number from your browser window, and punch that number into your mobile phone keypad.
That still doesn't defend against an attacker sending out a new CD together with a letter saying 'For this release, we have changed the upgrade procedure - there is no longer any need to generate an authentication code [ie, check the signature]' or sneakier still, 'The authentication code for this version is 12345'.
If the user expects a procedure where they have to punch an authentication code (that changes each time) into their mobile phone, then this mailing would fail.
If the user receives a mail that suggests that the procedure changes to something less secure, they should be suspicious. The only real way to guard against that is to educate the users.
Years ago, AOL and CompuServe, for example, had to educate users that nobody from their service would ever ask for your password. If someone asks for your password, they are an imposter. I suppose banks would have to have a way to educate users that the login procedure should not change, unless they have gotten a mailing at least 30 days in advance. If they have any concerns, they should contact the bank themselves.
Maybe Trusted Computing could help with this - don't boot any OS unless it is signed by the bank - but so would creating a boot floppy (which checks a signature and boots the CD) and supergluing it into the floppy drive so it can't be removed. Essentially, any 100% solution to the malware problem must involve consumers giving up the freedom to run software of their choice...
Maybe this is the new thing and I am just old fashioned. I don't want to give up Freedom in exchange for convenience or "security". Haven't you ever read the famous quote about what you end up with when you trade freedom for security?
This is not unconventional copyright arrangements, it is unconventional licensing arrangements.
The copyright is just the same as everyone else's copyright. Nothing unconventional to see here. Move along.
What is, perhaps, unconventional is how the works are licensed.
Perhaps just as unconventional is slashdot, where in this thread alone, we will probably see both of the non-words "copywrite" and "copywritten" before the end of the day.
What if during login, the bank's server displays a special five digit number. The bank's server then calls your mobile phone. You listen to the prompt, then punch in the five digit number you see on your browser.
If you're using a fake CD, the phisher probably doesn't know your cell number. Even if so, they would have to call it, probably leaving records with the phone company.
Customer requirements:
mobile phone (or landline phone, but would limit the locations where you can do online banking)
PC that can boot a special CD
Internet connection (NOT WinModem)
If your phone has caller ID, you should be able to see that your incomming phone call is comming from the bank's server.
Multiple factor authentication.
Something you have: CD.
Something you have: mobile phone or landline.
Something you know to be securely taped to your monitor: account number, password, pin, etc.
It's very simple. It's a PR stunt. Very few people will actually use the CD. And most that do will pop it in, play around, then reboot into Windows. This is just a stupid PR stunt.
Linux and open source are just a fad. Very few people will actually use open source. Most people will download it and never use it. Some will try it, and then never use it again. This is just a passing fad that will soon disappear. Nobody takes it seriously.
I'm sure that even the people putting out open source don't really take it seriously. Just as banks don't take seriously their security or using a Knoppix/FireFox cd.
Now that we've all been properly informed, can we just start thinking only "right" thoughts, get back to using our closed software, and get back to consuming.
Great idea. The EU should halt the sales of MS products.
You seem to forget that MS is a monopoly. They are violating antitrust laws. The court has ordered them to do certian things for interoperability. MS has flagrantly defied the court order.
You seem to hold to LAW as you capitalize it. So why don't you think that Microsoft should have to obey the law? Should Microsoft get to disregard a court order with impunity?
You missed my point- the tyranny part comes in when it is suggested that the state take from one party to give to another. I know that in this case the aggrieved party is Microsoft so you agree with the scenario but in the future the tyranny may not be one that you agree with
It is done all the time. When a court imposes a fine, the money goes somewhere. It may be "damages" rather than a fine. The damages go to the victim, in this case, EU computer users who are harmed by Microsoft's improper behavior. It would be completely proper for the government to help create alternative software for its citizens who were harmed by the behavior and defiance of a court order by a powerful foriegn company.
Nobody is suggesting arbitrarily taking money from party A and giving it to B. If the government were to use some of its extra money to "bid" on open source projects to accomplish certian national goals, what is tyrannical about that?
Or is it only tyrannical because it affects Microsoft? But it is not tyrannical that other companies are routinely fined for flagrantly violating court orders -- while at the same time the government uses money in ways that are unhelpful to the same company.
Or not. If not, then maybe the EU is best served by not allowing in, or heavily taxing non-interoperable products. If not, then the court must have been in error trying to enforce interoperability.
I really don't understand. Microsoft created a product. They're under no obligation to release any information about that product to anyone.
Microsoft is a monopoly. Something that Joe Blow is not.
But I could also answer that, similarly, the EU is under no obligation to allow duty free import of Microsoft's non-interoperable products, or for that matter, to even allow the sale of those products at all.
Simply halt the sales of all non-interoperable Microsoft software products in the EU.
The fine is the bribe. But it all looks nice and legal. You pay me (indirectly) by paying a big, ongoing fine. It's big to me, but not to you. In exchange, you get to continue not complying with the court order. But wait! There's more! In addition, you get software patents shoved down the EU's throat so fast that they won't even have time to gag! Now how much would you pay! Hurry. Offer ends soon. Only $1.99 Billion per year. Order today!
You see nothing wrong with using the tyrannical force of the state to take money from one party to give to another?
I'll remember that argumenet the next time I have a speeding ticket.
The local government uses its tyrannical power to fine me and then give that money to the local school system or some other party.
Microsoft has defied a court order here. They should be fined. Or maybe you believe that all global megacorps or indeed anyone should be able to defy court orders with impunity?
Since most slashdotters probably grew up with computers, and never dabbled in electronics, they probably don't know which end of a soldering iron to pick up.
If we can convince the TPM chip that our emulator is "the motherboard"
Therein, I think, lies the problem. How do you convince it that you are the BIOS/motherboard. What if the TPM is only in a hardware mode to accept this convincing when the processor first boots from the ROM? What if the ROM's checksum must be signed by someone that the TPM itself trusts? (i.e. the TPM will only trust a ROM, whose checksum is signed by, let's suppose, Dell or Pheonix.)
Nevermind that the TPM is not in the right hardware mode to verify trust of the ROM right now.
Consider: don't you think that the "trusted" computing forces and their minions have thought of this? "Oh, duh! We were too stoopid to think of emulation. Dang!"
(I'm not saying that it might not be impossible to defeat, but it is not just going to be by using an emulator.)
Slashdot Mirror
We don't seem to generally complain too much when government processes require the use of a telephone. Or postal mail. Both of which cost you money. Both of which seem to be reasonable ways of conducting business with anyone including the government.
I don't have a problem with the government conducting business on the Internet, as long as it doesn't require Windows. The government doesn't require you to use a particular brand of envelopes or paper or pen for snail mail, you are not required to use certian brands of equipment or service to use the telephone to interact with the government, thus you should not be required to use certian brands of computer, or OS.
Okay. Sorry. "Losely" then.
so they could make a system to identify a video by general characteristics (obviously a digest-hash would not be appropriate across formats, but I'm sure there are other ways of doing it).
Suppose you had some kind of "hash" function which was loosly (note two oh's) based on the color of subdivided portions of an image. You then have a sequence of hashes that represents a video. Search your database index for a similar sequence of image hashes.
Now suppose you could create a hash of, say, five seconds of action which represents what colors are in the starting image, and how they change in the same area. You compute such a five second hash every one second. Now search your index for any other matching five second clip.
Of course, all this is based on some kind of way to meaningfully represent, compactly, a hash of an image or short animation.
What if one image has a "CBS" bug in the corner, but another one has an "ABC" bug?
Google is the Search King.
I believe you are mistaken. Search King was an outfit, I believe in Oklahoma, whose business was premised on gaming Google's page rank. Google sued Search King and won. I do not believe that Google acquired Search King.
- not obviously copyright infringing
- representative of the meta-data that describes it
then will Google have to hire people to examine each category of uploaded video? Will they need to run strange billboard ads for pr0n inspectors, similar to their ad campaigns to find geeks? Or perhaps the geeks are already uniquely and highly qualified as pr0n inspectors?Could modules of a lunar base each be constructed like a thermos bottle? A base would be a maze of interconnected bottles. Each module the same: four walls, four doors.
You are in a twisty little maze of lunar modules, all alike.
"Gol-darned claim-jumpin' bushwackin' astro-nots!"
Dem gubmit foaks shore is ignert.
On a slightly different, but related thought.... can't the government establish a new government office so that US Citizens can start filing claims of ownership on parts of the moon? Claims could be evaluated in a manner similar to how patent examination is presently done.
If we can have a Patent and Copyright gold rush, then why not a Lunar gold rush? Any US Citizen could claim part of the moon*.
*$10 million filing fee required.
Displaying a secret number as a graphic is an attempt at security through obscurity.
Using that argument, a password is an attempt at security through obscurity.
The term "security through obscurity" as commonly understood (and defined in Applied Cryptography) means this. Security should not depend on keeping the algorithm secret. Only the key must be kept secret.
I would further add, that keeping the algorithm secret doesn't make things any less secure. It's just that you don't depend on the secrecy of the algorithm as your basis of security. I'm sure that the NSA has secret crypto algorithms. Why is this? Because the NSA believes in security through obscurity? I think not.
I strongly disagree that displaying a secret number is security through obscurity. Or else, you simply have a different definition of the term.
You hope that the trojan won't be clever enough to work out the number from what's sent by the server
I do hope that, yes. But it is a reasonable hope, for the moment. A software development effort that could recognize obscured graphic digits would be impressive indeed.
It really isn't suitable for online banking unless you have great confidence that no programmer could write something to OCR your graphic or read your spinning digits or solve your jigsaw puzzle or whatever.
It is only a small part of what I proposed. The important part is that the bank calls you, and you must enter the code via. your phone -- a completely different network.
The only point I'm making is that (in practice as well as in theory) it's impossible to keep any shared secret between the bank and the user if the way you communicate it is _only_ through a compromised PC. If the PC displays something so that the user can read it, then the trojan can read it too. Maybe not trivially but certainly with a little programming effort.
I take your point, and it is a good point to make.
In this thread, or another one, I had also proposed something like a "key frob" but that is a simple java midlet in your mobile phone. All phones nowdays can run have custom java midlets installed -- even the cheapo ones they give away with service activation.
A custom app in your phone, communicating with the bank via. a compromised PC, can still manage to correctly verify your identity. The secret is not communicated. The secret is in two places (1) the bank server, (2) your mobile phone java midlet. The only information communicated is a frob-generated key based on the current time, or some kind of challenge/response that you punch into the phone, and then take its response and re-key it back (or over the phone network). Also, a java midlet can directly communicate over the Internet directly from the phone.
your challenge still only proves that the contents of the 'good' CD are available, not that they're running. The trojan could send network requests to a third server run by the attacker,
An excellent point.
I do not think that there is any way you can compensate for the user's PC running trojaned software. If someone else is in control of the computer that the user is typing at, that's it, game over.
The question we're really dancing around here is can the bank "trust" the code on the user's PC.
I will give up online banking before I will accept trusted computing.
Also, banks may be able to achieve a reasonable level of security by using combinations of techniques we've discussed -- but short of requiring trusted computing.
It would be important for customers to be able to trust that the CD they got in the mail actually came from the bank. There may be some ways to solve this problem. Maybe requiring some kind of "activation" procedure. That CD you get in the mail has a sticker on it. The user must call a troll-free number to "activate" the CD. In so doing, the user enters a n
If a number is displayed in the browser window then it can be read by the trojan software.
It could be displayed as a graphic, or even a flash animation of spinning, but then settling down 3D rendered digits.
But still, the fact that the trojan can't read your mobile phone keystrokes is irrelevant if you're typing in something that is plainly displayed on screen anyway. You'd get the same level of security by asking the customer to type today's date into the mobile phone.
I must be missing your point.
if the PC is trojaned then the game is lost. For example if you log in successfully and then ask to transfer $100 to account X, the trojan can alter the outgoing message to send the money to account Y instead.
I get that point, and it is an excellent point. Even on a trojaned CD, the trojan might not interfere with the login process -- just wait until you complete it.
I suppose the CD could be designed so that the bank sends down some executable code, which then answers a selected checksum of the CD-ROM. For instance, the CD must download an executable that is dynamically generated by the bank. That executable does a checksum of some portion of the CD, such as sectors 3482783 thru 5686874, and then report back the MD5 sum. Every time, a different executable comes down. It might use a different technique to checksum, or a modified checksum routine, or a different standard routine such as SHA2. The only way that the trojan can be sure to successfully produce the right result of the EXE to pass back to the server, is to have all of the bytes of the genuine CD available. Even if the CD's software, kernel, userspace and browser takes up, say, 100 MB, the CD needs to be filled to capacity with random data so that the checksum of the CD could always be of the software and some of the random data. That way, you must have the entire original CD available for checksumming.
I agree with you that it's better to keep freedom even at the cost of some loss of security
I'd rather keep both my freedom AND security, and give up some convenience.
I don't understand how your solution defends against someone sending out a fake banking CD that has trojans on it. Such a CD could still connect to the bank's server as normal and do everything the real one would, while at the same time logging the user's keystrokes and sending them via UDP packets to Kazakhstan or Kentucky or wherever.
Re-read my suggestion. The trojan CD, even if it connects to the real bank, cannot log the keystrokes you type into your mobile phone. You read a number from your browser window, and punch that number into your mobile phone keypad.
That still doesn't defend against an attacker sending out a new CD together with a letter saying 'For this release, we have changed the upgrade procedure - there is no longer any need to generate an authentication code [ie, check the signature]' or sneakier still, 'The authentication code for this version is 12345'.
If the user expects a procedure where they have to punch an authentication code (that changes each time) into their mobile phone, then this mailing would fail.
If the user receives a mail that suggests that the procedure changes to something less secure, they should be suspicious. The only real way to guard against that is to educate the users.
Years ago, AOL and CompuServe, for example, had to educate users that nobody from their service would ever ask for your password. If someone asks for your password, they are an imposter. I suppose banks would have to have a way to educate users that the login procedure should not change, unless they have gotten a mailing at least 30 days in advance. If they have any concerns, they should contact the bank themselves.
Maybe Trusted Computing could help with this - don't boot any OS unless it is signed by the bank - but so would creating a boot floppy (which checks a signature and boots the CD) and supergluing it into the floppy drive so it can't be removed. Essentially, any 100% solution to the malware problem must involve consumers giving up the freedom to run software of their choice...
Maybe this is the new thing and I am just old fashioned. I don't want to give up Freedom in exchange for convenience or "security". Haven't you ever read the famous quote about what you end up with when you trade freedom for security?
This is not unconventional copyright arrangements, it is unconventional licensing arrangements.
The copyright is just the same as everyone else's copyright. Nothing unconventional to see here. Move along.
What is, perhaps, unconventional is how the works are licensed.
Perhaps just as unconventional is slashdot, where in this thread alone, we will probably see both of the non-words "copywrite" and "copywritten" before the end of the day.
If you're using a fake CD, the phisher probably doesn't know your cell number. Even if so, they would have to call it, probably leaving records with the phone company.
Customer requirements:
- mobile phone (or landline phone, but would limit the locations where you can do online banking)
- PC that can boot a special CD
- Internet connection (NOT WinModem)
If your phone has caller ID, you should be able to see that your incomming phone call is comming from the bank's server.Multiple factor authentication.
It's very simple. It's a PR stunt. Very few people will actually use the CD. And most that do will pop it in, play around, then reboot into Windows. This is just a stupid PR stunt.
Linux and open source are just a fad. Very few people will actually use open source. Most people will download it and never use it. Some will try it, and then never use it again. This is just a passing fad that will soon disappear. Nobody takes it seriously.
I'm sure that even the people putting out open source don't really take it seriously. Just as banks don't take seriously their security or using a Knoppix/FireFox cd.
Now that we've all been properly informed, can we just start thinking only "right" thoughts, get back to using our closed software, and get back to consuming.
Don't use it if you don't like it.
Great idea. The EU should halt the sales of MS products.
You seem to forget that MS is a monopoly. They are violating antitrust laws. The court has ordered them to do certian things for interoperability. MS has flagrantly defied the court order.
You seem to hold to LAW as you capitalize it. So why don't you think that Microsoft should have to obey the law? Should Microsoft get to disregard a court order with impunity?
Informative: My post was also a joke.
You missed my point- the tyranny part comes in when it is suggested that the state take from one party to give to another. I know that in this case the aggrieved party is Microsoft so you agree with the scenario but in the future the tyranny may not be one that you agree with
It is done all the time. When a court imposes a fine, the money goes somewhere. It may be "damages" rather than a fine. The damages go to the victim, in this case, EU computer users who are harmed by Microsoft's improper behavior. It would be completely proper for the government to help create alternative software for its citizens who were harmed by the behavior and defiance of a court order by a powerful foriegn company.
Nobody is suggesting arbitrarily taking money from party A and giving it to B. If the government were to use some of its extra money to "bid" on open source projects to accomplish certian national goals, what is tyrannical about that?
Or is it only tyrannical because it affects Microsoft? But it is not tyrannical that other companies are routinely fined for flagrantly violating court orders -- while at the same time the government uses money in ways that are unhelpful to the same company.
Or, Microsoft would comply with the court order.
Or not. If not, then maybe the EU is best served by not allowing in, or heavily taxing non-interoperable products. If not, then the court must have been in error trying to enforce interoperability.
The point of this article is that you no longer need to use the "we own your soul" closed source BK client just to download the kernel
I hope you are not in violation of the license, or that you have not agreed to the license.
$5 Billion a day would be steep.
$5 Million a day is chump change. Cheapo. A cost of doing business.
I really don't understand. Microsoft created a product. They're under no obligation to release any information about that product to anyone.
Microsoft is a monopoly. Something that Joe Blow is not.
But I could also answer that, similarly, the EU is under no obligation to allow duty free import of Microsoft's non-interoperable products, or for that matter, to even allow the sale of those products at all.
Simply halt the sales of all non-interoperable Microsoft software products in the EU.
The fine is the bribe. But it all looks nice and legal. You pay me (indirectly) by paying a big, ongoing fine. It's big to me, but not to you. In exchange, you get to continue not complying with the court order. But wait! There's more! In addition, you get software patents shoved down the EU's throat so fast that they won't even have time to gag! Now how much would you pay! Hurry. Offer ends soon. Only $1.99 Billion per year. Order today!
Microsoft should be allowed to not open interoperable protocols on products. Those products should just not be for sale in the EU.
Halt all sales of servers or desktop PC's that have non-interoperable Microsoft software.
You see nothing wrong with using the tyrannical force of the state to take money from one party to give to another?
I'll remember that argumenet the next time I have a speeding ticket.
The local government uses its tyrannical power to fine me and then give that money to the local school system or some other party.
Microsoft has defied a court order here. They should be fined. Or maybe you believe that all global megacorps or indeed anyone should be able to defy court orders with impunity?
Soldering?
Since most slashdotters probably grew up with computers, and never dabbled in electronics, they probably don't know which end of a soldering iron to pick up.
only Microsoft Linux has the stability, quality, and security that you've come to expect from the Microsoft name.
A very true statement.
ONLY Microsoft Linux...
has the STABILITY that I would expect from Microsoft.
Other Linuxes have great stability.
ONLY Microsoft Linux...
has the QUALITY and SECURITY that I would expect from Microsoft.
Other Linuxes have great quality and security.
If we can convince the TPM chip that our emulator is "the motherboard"
Therein, I think, lies the problem. How do you convince it that you are the BIOS/motherboard. What if the TPM is only in a hardware mode to accept this convincing when the processor first boots from the ROM? What if the ROM's checksum must be signed by someone that the TPM itself trusts? (i.e. the TPM will only trust a ROM, whose checksum is signed by, let's suppose, Dell or Pheonix.)
Nevermind that the TPM is not in the right hardware mode to verify trust of the ROM right now.
Consider: don't you think that the "trusted" computing forces and their minions have thought of this? "Oh, duh! We were too stoopid to think of emulation. Dang!"
(I'm not saying that it might not be impossible to defeat, but it is not just going to be by using an emulator.)