In a normal capitalistic society, we would be allowed to buy the 10 cent pills there and import them here and resell them for 20 cents.
But the wealth here is literally being pumped out of the country- and the jobs too.
Sure! Do you really think that the $5.00 for your medicine is sent to the exporting company in india? Rubbish! In fact, in your scenario there will be at most 8 cent sent to india for the pills while $4.92 go into the pockets of your local pharma company.
Which will pay low wages to the few americans still on their balance sheet and move the remaining money to the managers. So the wealth is not pumped outside the country - it is just moved to the wealthy.
In real capitalism that won't be a problem since you could go and open up your own pharma company and sell the pills for 30 cents, pay 15 cents to the producer in india and still have a nice margin. BUT: Neither germany (where I live) nor the U.S. is implementing capitalism. There are just too many rules to stop new contenders from entering the market. And if a big company fails, the government will keep the dead body fresh by pumping the worker's money into it.
(4) attack (unsolder, micro-probe, & so on..) the tpm itself (actually it is way more simplier than the cpu or the chipset..) I was talking about 45 um structures because I assume that the TPM will actually move into the main CPU. Wasn't AMD already talking about this stuff?
Break the underlying cryptography (AES - unlikely, SHA-1 - maybe). SHA-1's not encryption. It's a hash function. And a secure hash function is a cryptographic device. So what was your point again?
to ensure that you are not running [...] infected software unknown to you
Hmm, I don't see that. If you cannot run any code beyond that allowed by the certification authorities... what does that mean ? I can't compile and run Hello World any more ? Or do I have to certify it by hand ? Compile/Link/Certify ? (Gentoo is *so* going down...) If I still can run anything I want to, if only certain programs have to ask for permission, then the security argument is pretty much off.
Unfortunately, that is not the case. The TPM does not stop any software from executing. You can still run anything you please, gentoo or Linux from Scratch would run fine.
But: The software stack will be documented in the TPM as long as it supports the TPM (which could stop at your boot loader). So any software with TPM support can get a hash over the software stack and can report to external entities about it. In the bright TPM future, your companies network could decide that you are not running the one allowed sane system and revoke network access.
In short: The TPM does not protect your computer, but allows the outer world to check the software stack you are running.
I would place my bets on it being abused to run a virtual dictatorship
Either that, or it completely fails to take off.
TPMs are already in many systems, you could already use it in your company for enforcing the configuration you desire for your workers systems. Which is the use I would expect first from the TPM. For online stores it won't work yet, since it is to hard to maintain the hashes of all allowed software configurations.
i.e. each chip has its own key which the user cant get to, which is verified by a certificate chain (ala SSL).
if the software can't verify the chain, it will refuse. It should be obvious that this can't work. Changing the software will still work around this. Please go and read the specs if you really want to understand the idea. I did.
Allowing update by software completely defeats the whole TPM idea. Basically, the only thing that will be in ROM is the trivial code measuring the remainder of the system during boot so that a remote party can check if your system is deemed secure/acceptable by the SHA-1 hash.
It will still be possible to update about anything else, but it will be hashed during boot by the trusted computing base. That code is basically: Send flash content to TPM for hashing, jump to start of flash for booting the BIOS.
Okay, I forgot the simplest possibility: For the foreseeable future, code will need to be decoded to RAM for execution. So basically, you could start the game, probe to your RAM modules and collect their contents. Non-trivial but absolutely doable with some hardware capabilities. So crackes will still have no big problem getting around this protection...
And anyway - there has to be some code that accesses the TPM chip, and that also means that given enough time and effort it's possible to circumvent it, or even simulate the TPM chip. In fact there is already a TPM Emulator, running on Linux. Which will buy you - nothing. Because software will only run on certified TPMs.
Sure there will be some code that talks to the TPM - the so called Trusted Computing Base (TCB). This will be built into unchangeable ROM or into the CPU itself. You'll have to work at Intel or AMD to have the technology to get around this.
The game itself will be encrypted with a small wrapper doing the handshake with the manufacturer to load the decryption key into the TPM.
There are only a few options to get around this:
Break the underlying cryptography (AES - unlikely, SHA-1 - maybe).
Micro-probe to your CPU (have fun with 45 um cores!)
Depends. As Slashdot is probably using some heavy scripting for the site, the web servers may well generate more load. Even more so as I guess that the database schema is quite simple compared to typical "enterprise" db applications.
It could well be that the performance of the DB servers are mostly I/O bound.
This reminds me of my data loss night mare back in 2004. While I was still a student, I lost both the disk of my work station and shortly afterwards the server. Of course, I had a backup of really important data, which did not include email archives at that time (silly me).
I was bothered that I had lost some ten thousand emails due to that double disk failure.
Actually, I never remembered that accident again until I read that slashdot story just now... Seems like no important data was lost.
Now that's interesting - I got some problems with Xilinx USB cables which come up only as full speed (USB 1.1) devices on Linux. The kernel even warns that the device should be connected to a USB2 controller (which it is).
Sometimes unplugging and replugging works as long as the device has its own power supply, but without it does not work.
Up to now I thought the kernel was too fast to identify the device as 1.1 - you tell me the opposite is the case? This should be fixed in the kernel then. I'll create a bug report.
[Example programs to compute 10.1 - 10.0 - 0.1 in different scripting languages]
python:
-3.6082248300317588e-16
perl:
-3.60822483003176e-16
php:
-3.6082248300318E-16
Note that the answers vary across languages too... Strikes me. You've never heard about the innovative concept called rounding, have you?
We believe that having to rewrite code that is already available, for any reason (Apart from "I can do this better", of course), is a criminal waste of resources.
Excuse me, but you have that backward: Because the BSD license allows hiding the derived code, it actually works against this goal. Worst case if most free software had the BSD license attached is that a number of proprietary solutions would be based on that code, without giving back the changes. Of course the original, BSD licensed code might still be available, but without maintenance it will be obsolete at some point.
Reinventing the wheel indeed is a criminal waste of resources. Using the GPL makes sure that more source is released, which will get closer to the goal (no reinvention) in the long term.
The BSD approach would be viable if all people had the ethical drive to give back for what they got. They haven't...
In essence I like the Artistic and the BSD license better but because humans being what they are, I prefer the GPL to make sure that I am not only giving away my work but that I also get something back.
Now, what might be a factor is that it is "easier" to sit in a single location and monitor several things remotely, than to walk rounds and check on each one. This would reduce physical fatigue so longer watches could be maintained.
Perhaps it is just me but sitting around and monitoring stuff remotely without physical movement often gets me tired earlier. I'd rather take a walk, if possible getting some fresh air. Doing boring stuff will only increase fatigue. Also relying on the automatic systems will probably have an impact on physical fitness of the crew which will also have an negative impact if they have to fix stuff manually...
The scary thing is not that a hacker group broke into the system and put the stuff online for publicity. If Joe Hacker can break that surveillance imagine what the Mafia could do with the surveillance? I mean it is scary enough that police officials have access to that data but it looks like anybody with enough motivation (or money) will be able to get access.
For me at least security is something completely different...
Being a Debian developer myself I can understand why one would put such a comment online. Back when I started working on Debian it meant to hack on software and make it work - originally mostly for myself.
But if you try to maintain a core package of the distribution things change. You don't spend most of your time on package development anymore but on fighting the flood of bug reports and inquiries.
And it is quite frustrating rolling out a new package revision with important fixes and getting a bug report with severity: grave which just tells you the package is shit because of some small oversight. Sometimes I'd really like to jump into the face of those special reporters.
This shows in an unfriendly tone of some of my emails (not sure if this is sensed by a native speaker:)) but I try not to flame. Branden used to write flame baits here and then but most of the time he had a point and was defending his position.
From what I can tell he got much more calm for some time now (which also reflects in the fact that he was only elected now and not years ago). And I think he will make a good leader since he is that kind of guy who can make changes even with opposition. You can't always suit everybody.
If RMS was needed to start the GNU project then Branden Robinson might be the person who is needed to fix Debian's problems. Good luck in that!!
I don't think it will be a problem to handle more filesystems in the kernel once they are in. The part of the work which must be done by Linus, Alan or Stephen is making the core compatible with the filesystems in question. Once the interface is there they will need to maintain that interface but IBM will hopefully take care of their filesystem as Reise will take care of Reiserfs etc.
So integration is quite hard but maintaining that beast is not a big deal.
> And finally, YES, f--ing 10000 is way too high for maxreq.
Hmm. I installed the apache sources and took a look at the interesting things and I found the following in conf/highperformance.conf-dist: MaxRequestsPerChild 10000000
Slashdot Mirror
Drugs-- $5.00 here, $0.10 there
In a normal capitalistic society, we would be allowed to buy the 10 cent pills there and import them here and resell them for 20 cents.
But the wealth here is literally being pumped out of the country- and the jobs too.
Sure! Do you really think that the $5.00 for your medicine is sent to the exporting company in india? Rubbish! In fact, in your scenario there will be at most 8 cent sent to india for the pills while $4.92 go into the pockets of your local pharma company.
Which will pay low wages to the few americans still on their balance sheet and move the remaining money to the managers. So the wealth is not pumped outside the country - it is just moved to the wealthy.
In real capitalism that won't be a problem since you could go and open up your own pharma company and sell the pills for 30 cents, pay 15 cents to the producer in india and still have a nice margin. BUT: Neither germany (where I live) nor the U.S. is implementing capitalism. There are just too many rules to stop new contenders from entering the market. And if a big company fails, the government will keep the dead body fresh by pumping the worker's money into it.
Please mod parent up, as it sums up the TPM approach nicely. I was unable to explain it as well, I'm afraid.
Hmm, I don't see that. If you cannot run any code beyond that allowed by the certification authorities... what does that mean ? I can't compile and run Hello World any more ? Or do I have to certify it by hand ? Compile/Link/Certify ? (Gentoo is *so* going down...) If I still can run anything I want to, if only certain programs have to ask for permission, then the security argument is pretty much off.
Unfortunately, that is not the case. The TPM does not stop any software from executing. You can still run anything you please, gentoo or Linux from Scratch would run fine.
But: The software stack will be documented in the TPM as long as it supports the TPM (which could stop at your boot loader). So any software with TPM support can get a hash over the software stack and can report to external entities about it. In the bright TPM future, your companies network could decide that you are not running the one allowed sane system and revoke network access.
In short: The TPM does not protect your computer, but allows the outer world to check the software stack you are running. I would place my bets on it being abused to run a virtual dictatorship
Either that, or it completely fails to take off.
TPMs are already in many systems, you could already use it in your company for enforcing the configuration you desire for your workers systems. Which is the use I would expect first from the TPM. For online stores it won't work yet, since it is to hard to maintain the hashes of all allowed software configurations.if the software can't verify the chain, it will refuse. It should be obvious that this can't work. Changing the software will still work around this. Please go and read the specs if you really want to understand the idea. I did.
Allowing update by software completely defeats the whole TPM idea. Basically, the only thing that will be in ROM is the trivial code measuring the remainder of the system during boot so that a remote party can check if your system is deemed secure/acceptable by the SHA-1 hash.
It will still be possible to update about anything else, but it will be hashed during boot by the trusted computing base. That code is basically: Send flash content to TPM for hashing, jump to start of flash for booting the BIOS.
Okay, I forgot the simplest possibility: For the foreseeable future, code will need to be decoded to RAM for execution. So basically, you could start the game, probe to your RAM modules and collect their contents. Non-trivial but absolutely doable with some hardware capabilities. So crackes will still have no big problem getting around this protection...
Sure there will be some code that talks to the TPM - the so called Trusted Computing Base (TCB). This will be built into unchangeable ROM or into the CPU itself. You'll have to work at Intel or AMD to have the technology to get around this.
The game itself will be encrypted with a small wrapper doing the handshake with the manufacturer to load the decryption key into the TPM.
There are only a few options to get around this:
I'll go for (3), that's for sure.
Depends. As Slashdot is probably using some heavy scripting for the site, the web servers may well generate more load. Even more so as I guess that the database schema is quite simple compared to typical "enterprise" db applications.
It could well be that the performance of the DB servers are mostly I/O bound.
This reminds me of my data loss night mare back in 2004. While I was still a student, I lost both the disk of my work station and shortly afterwards the server. Of course, I had a backup of really important data, which did not include email archives at that time (silly me).
;)
I was bothered that I had lost some ten thousand emails due to that double disk failure.
Actually, I never remembered that accident again until I read that slashdot story just now... Seems like no important data was lost.
Anyway, my backups now include email
Now that's interesting - I got some problems with Xilinx USB cables which come up only as full speed (USB 1.1) devices on Linux. The kernel even warns that the device should be connected to a USB2 controller (which it is).
Sometimes unplugging and replugging works as long as the device has its own power supply, but without it does not work.
Up to now I thought the kernel was too fast to identify the device as 1.1 - you tell me the opposite is the case? This should be fixed in the kernel then. I'll create a bug report.
Thanks and greetings, Torsten
Excuse me, but you have that backward: Because the BSD license allows hiding the derived code, it actually works against this goal. Worst case if most free software had the BSD license attached is that a number of proprietary solutions would be based on that code, without giving back the changes. Of course the original, BSD licensed code might still be available, but without maintenance it will be obsolete at some point.
Reinventing the wheel indeed is a criminal waste of resources. Using the GPL makes sure that more source is released, which will get closer to the goal (no reinvention) in the long term.
The BSD approach would be viable if all people had the ethical drive to give back for what they got. They haven't...
In essence I like the Artistic and the BSD license better but because humans being what they are, I prefer the GPL to make sure that I am not only giving away my work but that I also get something back.
Now, what might be a factor is that it is "easier" to sit in a single location and monitor several things remotely, than to walk rounds and check on each one. This would reduce physical fatigue so longer watches could be maintained.
Perhaps it is just me but sitting around and monitoring stuff remotely without physical movement often gets me tired earlier. I'd rather take a walk, if possible getting some fresh air. Doing boring stuff will only increase fatigue. Also relying on the automatic systems will probably have an impact on physical fitness of the crew which will also have an negative impact if they have to fix stuff manually...
The scary thing is not that a hacker group broke into the system and put the stuff online for publicity. If Joe Hacker can break that surveillance imagine what the Mafia could do with the surveillance? I mean it is scary enough that police officials have access to that data but it looks like anybody with enough motivation (or money) will be able to get access.
For me at least security is something completely different...
You'll need harder stuff to stand using MS Word anyway...
Being a Debian developer myself I can understand why one would put such a comment online. Back when I started working on Debian it meant to hack on software and make it work - originally mostly for myself.
:)) but I try not to flame. Branden used to write flame baits here and then but most of the time he had a point and was defending his position.
But if you try to maintain a core package of the distribution things change. You don't spend most of your time on package development anymore but on fighting the flood of bug reports and inquiries.
And it is quite frustrating rolling out a new package revision with important fixes and getting a bug report with severity: grave which just tells you the package is shit because of some small oversight. Sometimes I'd really like to jump into the face of those special reporters.
This shows in an unfriendly tone of some of my emails (not sure if this is sensed by a native speaker
From what I can tell he got much more calm for some time now (which also reflects in the fact that he was only elected now and not years ago). And I think he will make a good leader since he is that kind of guy who can make changes even with opposition. You can't always suit everybody.
If RMS was needed to start the GNU project then Branden Robinson might be the person who is needed to fix Debian's problems. Good luck in that!!
Now that CorelDRAW for Linux is there - does anybody know if it is a native Linux app or just the good old Windows app running in Wine?
Seriously, if I were product manager for Microsoft I would have Linux port of M$ Office around. Just in case you need it someday.
This might be the case now so, let's wait and see what M$ will release on October 13th...
I don't think it will be a problem to handle more
filesystems in the kernel once they are in. The part of the
work which must be done by Linus, Alan or Stephen is making
the core compatible with the filesystems in question. Once
the interface is there they will need to maintain
that interface but IBM will hopefully take care of their
filesystem as Reise will take care of Reiserfs etc.
So integration is quite hard but maintaining that
beast is not a big deal.
Where is the problem? Mozilla also is a great undertaking.
Let them release the original code and the community
will take care of the implementation.
I would bet the result would be better than the
original implementation.
Hmm. I installed the apache sources and took a look at the interesting things and I found the following in conf/highperformance.conf-dist: MaxRequestsPerChild 10000000