Either the TPM group defends the keys against _everybody_, or else the TPM chips has little to no reason to exist.
And in my book, it's certainly the latter.
If TPM trusted the owner, all security just went out the window. Their would be little to no need for TPM. From a philosophical security perspective, I think it's good the keys cannot be accessed by the owner ("the person currently in physical control of the hardware"). And sometimes, that's who you need to defend against, the person currently in control of the hardware.
The whole thing is a bit of a double-edged sword. If I want something that would be absolutely secure against someone else who has physical access to the machine, it has to be secure against me as well. But I'm not comfortable with that. I, as the machine's owner, want to be in absolute control of it. I do not trust a system that doesn't think I can be trusted with my own computer.
Then there's people saying "if it's soldered on the motherboard, just disable it". This assumes that the chip whose inner workings we don't know and which explicitly distrusts its owner is telling the truth about whether or not it's doing anything. It might be paranoia - and just because you're paranoid doesn't necessarily mean someone isn't out to get you - but I don't trust it that far.
when you eventually want to use a software program that requires a TPM-enabled system.
I use Linux, so software that requires TPM is unlikely. But even if software that does require it comes along... I'll have to think about how much I really want to use that software, and outside of truly exceptional circumstances, the answer will most likely be "not that much".
In spite of its legendarily low budget in... well, just about all of it prior to the Christopher Ecclestone series, it's been some groundbreaking science fiction. Oh it's had its dud episodes, you might need to suspend disbelief more than you would for most other TV shows, and the special effects should be taken as a symbolic gesture rather than actually looking like something, but it does actually do some pretty interesting stuff.
That said, it's not everyone's cup of tea. Culturally, the show is very British, so Americans don't tend to "get" it as much as the British or Australians.
While I'd love for that to happen, it's not especially realistic. Laptops are currently designed with the various components wrapped very tightly around each other. To make them modular in the same kind of way a desktop computer is would make them considerably more bulky. While that might not bother some people if it means being able to buy the bits of their choice and putting them together, for others it'll be a deal-breaker.
And it's rather doubtful that enough hardware manufacturers would get on board that idea and agree on suitable standards for it to really work.
For me, it's less "doesn't sympathize enough with service providers" and more "doesn't see enough value in a webforum to think it worth paying a subscription for".
Whereas I expect that the people behind recaptcha have thought about some of the possible abuses and have some kind of checking applied to prevent that from happening.
Easily solved with an appropriate ALT tag, something like "A picture of a person holding a frankfurter in her right hand." In fact, can't all CAPTCHAS be fixed by simple use of the appropriate tag? "A picture of the characters E, Q, 3, 6, T and 9".
If by "fixed" you mean "made trivially easy for bots to answer", sure.
It seems clear that they're doing it to us non-Americans even more. While that might be no immediate problem to US representatives who only have their own electorates to worry about, the damage to the US reputation abroad has already started.
Already started? The US's reputation in the rest of the world has been taking considerable damage for years now. This recent stuff has certainly been doing a lot more damage, but their reputation being damaged isn't exactly a new development.
That's just a fact of life no matter what your retail segment is.
Not necessarily. It may depend on the size of the store and how it's managed, but in my more than a decade of working in retail the shoplifting has been by customers, not staff.
It's pretty obvious they're all just "taking the piss" at this point.
No, not really. And even if they are just taking the piss, there are certain boundaries, and instances where it's way out of proportion.
Let's say for argument's sake that a man in the public eye says that a woman who is a CEO or a Prime Minister or something shouldn't have the job. If women start bombarding him with messages about how they're going to kill him and/or sodomise him with a strap-on, we'd say that that's uncalled for.
And, bottom line, rape is not okay. Jokes about it are about as off-colour as it's possible to get, and while I won't say "Thou Shalt Not Tell Rape Jokes" should be a universal commandment, there are circumstances where they're just not okay. Outright saying to a person that they ought to be raped is one of many.
So the idea of someone walking to the curb to get their mail is crazy, but the idea of someone being out in the same weather for eight hours delivering the mail is sane?
But it's the pleb delivering the mail that has the hardship, not the consumer. And the average American consumer doesn't give even half of a rat's arse about anyone other than themselves.
Every house I've ever lived in there's been a mailbox at the curb. In fact, I'm not sure I've ever seen a house where the mail is delivered right to the front door... maybe that's just an American thing.
It's not exactly a hardship to swing by a box at the curb to pick up the mail when I get home from work, since it's more or less on the way from the curb to the front door anyway. Has been the case in every house I've lived in. The elderly having trouble walking to their mailboxes is not an entirely unreasonable point, but if they have that much trouble walking, they shouldn't be living on their own for a whole host of reasons.
And hell, even at rural farms around here, the mailbox being a fair distance from the house doesn't seem to be a major problem for anyone. Sure a trip out to just check the mail might involve a motorbike, but in a typical day a farmer would be all over their property anyway.
Well, I did say that it only made a lick of sense, not perfect sense.
Point taken though; just because it's in its element doesn't mean it's good. I've been saying for years that Windows is crap, and it's been in its element on desktops all that time, after all...
Unless you believe that someone would record child abuse on classified official documents.
I wouldn't bet against it ever happening, but the more likely problem is people reporting abuse internally and the people who are supposed to be responsible for dealing with it doing nothing about it. That's something that leaking official documents could bring to light.
That's basically my take on it. As it is, I don't even trust Dropbox enough to sync a single folder; there's no way in hell I'm going to put all of my not inconsiderable amount of data in their possession.
What I would like is a machine that I have exclusive control of (and for preference exclusive access to) that I can keep off-site to backup/sync certain data to. That is to a certain extent doable now, but too costly to be practical for me.
Incorrect. GNU userland utilities can theoretically be made to work with any Unix-like kernel. It's just that Linux is what it's most commonly paired with.
Slashdot Mirror
Either the TPM group defends the keys against _everybody_, or else the TPM chips has little to no reason to exist.
And in my book, it's certainly the latter.
If TPM trusted the owner, all security just went out the window. Their would be little to no need for TPM. From a philosophical security perspective, I think it's good the keys cannot be accessed by the owner ("the person currently in physical control of the hardware"). And sometimes, that's who you need to defend against, the person currently in control of the hardware.
The whole thing is a bit of a double-edged sword. If I want something that would be absolutely secure against someone else who has physical access to the machine, it has to be secure against me as well. But I'm not comfortable with that. I, as the machine's owner, want to be in absolute control of it. I do not trust a system that doesn't think I can be trusted with my own computer.
Then there's people saying "if it's soldered on the motherboard, just disable it". This assumes that the chip whose inner workings we don't know and which explicitly distrusts its owner is telling the truth about whether or not it's doing anything. It might be paranoia - and just because you're paranoid doesn't necessarily mean someone isn't out to get you - but I don't trust it that far.
when you eventually want to use a software program that requires a TPM-enabled system.
I use Linux, so software that requires TPM is unlikely. But even if software that does require it comes along... I'll have to think about how much I really want to use that software, and outside of truly exceptional circumstances, the answer will most likely be "not that much".
In spite of its legendarily low budget in... well, just about all of it prior to the Christopher Ecclestone series, it's been some groundbreaking science fiction. Oh it's had its dud episodes, you might need to suspend disbelief more than you would for most other TV shows, and the special effects should be taken as a symbolic gesture rather than actually looking like something, but it does actually do some pretty interesting stuff.
That said, it's not everyone's cup of tea. Culturally, the show is very British, so Americans don't tend to "get" it as much as the British or Australians.
While I'd love for that to happen, it's not especially realistic. Laptops are currently designed with the various components wrapped very tightly around each other. To make them modular in the same kind of way a desktop computer is would make them considerably more bulky. While that might not bother some people if it means being able to buy the bits of their choice and putting them together, for others it'll be a deal-breaker.
And it's rather doubtful that enough hardware manufacturers would get on board that idea and agree on suitable standards for it to really work.
For me, it's less "doesn't sympathize enough with service providers" and more "doesn't see enough value in a webforum to think it worth paying a subscription for".
Whereas I expect that the people behind recaptcha have thought about some of the possible abuses and have some kind of checking applied to prevent that from happening.
Easily solved with an appropriate ALT tag, something like "A picture of a person holding a frankfurter in her right hand." In fact, can't all CAPTCHAS be fixed by simple use of the appropriate tag? "A picture of the characters E, Q, 3, 6, T and 9".
If by "fixed" you mean "made trivially easy for bots to answer", sure.
Still discriminatory. "The entire human race can go fuck themselves" would be acceptable, though.
Those are not effective solutions. At best, you'd be shifting the problem slightly, and those services present other problems.
I can't say I like the idea of having to buy into something I don't trust to get the privelege of using certain websites.
It seems clear that they're doing it to us non-Americans even more. While that might be no immediate problem to US representatives who only have their own electorates to worry about, the damage to the US reputation abroad has already started.
Already started? The US's reputation in the rest of the world has been taking considerable damage for years now. This recent stuff has certainly been doing a lot more damage, but their reputation being damaged isn't exactly a new development.
Most loss in retail is employee theft.
That's just a fact of life no matter what your retail segment is.
Not necessarily. It may depend on the size of the store and how it's managed, but in my more than a decade of working in retail the shoplifting has been by customers, not staff.
It's pretty obvious they're all just "taking the piss" at this point.
No, not really. And even if they are just taking the piss, there are certain boundaries, and instances where it's way out of proportion.
Let's say for argument's sake that a man in the public eye says that a woman who is a CEO or a Prime Minister or something shouldn't have the job. If women start bombarding him with messages about how they're going to kill him and/or sodomise him with a strap-on, we'd say that that's uncalled for.
And, bottom line, rape is not okay. Jokes about it are about as off-colour as it's possible to get, and while I won't say "Thou Shalt Not Tell Rape Jokes" should be a universal commandment, there are circumstances where they're just not okay. Outright saying to a person that they ought to be raped is one of many.
Rape and death threats over pushing for a woman's face on a banknote? Even if you're not fond of feminism, that's overreacting quite a lot.
Do they not have "no junk mail" signs where you live?
So the idea of someone walking to the curb to get their mail is crazy, but the idea of someone being out in the same weather for eight hours delivering the mail is sane?
But it's the pleb delivering the mail that has the hardship, not the consumer. And the average American consumer doesn't give even half of a rat's arse about anyone other than themselves.
Every house I've ever lived in there's been a mailbox at the curb. In fact, I'm not sure I've ever seen a house where the mail is delivered right to the front door... maybe that's just an American thing.
It's not exactly a hardship to swing by a box at the curb to pick up the mail when I get home from work, since it's more or less on the way from the curb to the front door anyway. Has been the case in every house I've lived in. The elderly having trouble walking to their mailboxes is not an entirely unreasonable point, but if they have that much trouble walking, they shouldn't be living on their own for a whole host of reasons.
And hell, even at rural farms around here, the mailbox being a fair distance from the house doesn't seem to be a major problem for anyone. Sure a trip out to just check the mail might involve a motorbike, but in a typical day a farmer would be all over their property anyway.
Well, I did say that it only made a lick of sense, not perfect sense.
Point taken though; just because it's in its element doesn't mean it's good. I've been saying for years that Windows is crap, and it's been in its element on desktops all that time, after all...
Everyone got their chance to see Win 8 in action and saw what a pile of crap that was. Why would they buy it on a tablet?
Maybe because that's the only platform where the Metro interface makes a lick of sense.
Indeed. The Vatican is opposed to leaks to protect someone, but it's not child victims.
Unless you believe that someone would record child abuse on classified official documents.
I wouldn't bet against it ever happening, but the more likely problem is people reporting abuse internally and the people who are supposed to be responsible for dealing with it doing nothing about it. That's something that leaking official documents could bring to light.
That's basically my take on it. As it is, I don't even trust Dropbox enough to sync a single folder; there's no way in hell I'm going to put all of my not inconsiderable amount of data in their possession.
What I would like is a machine that I have exclusive control of (and for preference exclusive access to) that I can keep off-site to backup/sync certain data to. That is to a certain extent doable now, but too costly to be practical for me.
The US is one thing, but did he do things of any benefit to anyone else? The US isn't the only place that matters.
Incorrect. GNU userland utilities can theoretically be made to work with any Unix-like kernel. It's just that Linux is what it's most commonly paired with.
Not as far as I know, but Debian do actually do GNU/FreeBSD and GNU/NetBSD distros in addition to their usual GNNU/Linux.