These ventures require money. Who will want to risk money on a venture that has a high likelyhood of getting smashed?
No they don't. These networks are entirely self supporting, and could well be supported by free software projects.
As always, the free projects are taking longer to mature then the proprietary once, but they are coming along. Look at EMule and DC++ for instance.
I think that they could possibly kill the "global" P2P systems if they managed to effectively attack and fine people who are sharing data. As it is, the worst thing that can happen if you share is that you get told to stop - if there was a substantial chance that sharing files meant a $100 ticket, they would dry out pretty fast.
(I wrote "global" because I think in such a case people would start trading in closed circles, relying on the six degrees of seperation for files to get around.)
Now I've got an application that will run under my emulator, and I've got the data, encrypted with the TCPA chip which is under my control, so I can decrypt it, and I would seem to be happy as a clam.
Am I missing something?
Yes, that the TCPA chip is NOT under your control. That is the entire purpose of it - it will not decrypt the DRM data unless running under the same operating system where it was created, and because this operating system is "trusted" it will make sure that only the unmodified DRM app (or any that it specifically allows) can read the data.
IBM claim that their TCPA chips are not resistant to hardware tampering, so it might be possible to bring the TCPA chip under your control (the easiest way would probably be to disrupt the point at startup where the TCPA chip reads the boot loader and feed it false values). This isn't really that surprising however: NSA level tamper resistance is expensive (see how easy it has been to build mod chips for the consoles even though the makers hate them). Most probably they are counting on the DMCA: as toothless as the DMCA is against software cracks, as effective it against the distribution of hardware cracks - they figure most people will bend over obediently rather than start soldering their motherboards.
They mean reading the public key part of the "endorsement" keypair. The reason this is considered sensitive that it serves as a unique identifier of your hardware - privacy is probably the least of our concerns if using these systems, but it is something that has mainstream attention.
The private key part of the "endorsement" key cannot be read. If you read the whole document at the IBM page the guy says quite clearly that the "endorsement" key cannot be changed, but that that would serve no purpose because it's purpose is exactly to get the vendors "endorsement" that it has not been tampered with (flatly ignoring that the only application of this is the DRM he claims TCPA was not designed for.)
TCPA is more like pgp than like ssl, i.e. there are no "root certificates". The chip contains a key, and can store signatures. So, when you install a system, you sign it, and install the signature in the chip. The boot loader only has to be trusted by you.
Not quite, you should have read the documents you linked to more carefully. What TCPA does is that it hashes the boot sector, and stores that hash. It can then provide that hash, signed if need be, later. And that the TCPA chip only contains the keys you generate is in fact not true: it contains a pair of hardwired keys called the "endorsement" keys that are set by the vendor. What the DRM applications will require is the boot sector hash of "trusted" operating system, signed by an "endorsement key" from a vendor that it trusts. It can then be sure you are running an OS that will not let you control your machine.
To repeat myself, here is a paste from something I posted yesterday:
The trick is that you cannot modify the OS software, because each layer of it that is loaded verifies the next, down to the boot loader, which the TCPA chip takes the hash of. So a modified OS means a modified boot loader, and the DRM service will ask for the current boot loader hash signed by the TCPA chips "endorsement key" (which is set by the vendor.) If the hash is not one recognized as a "trusted" OS (ie, one on which the user can't have root) then no go. Nor can you open files you downloaded previously, exactly because the TCPA chip won't decrypt stuff if the boot loader hash is different (boot viruses my ass).
Of course, this might prevent you from dual-booting Linux and MS, since MS might make their system refuse to install unless you put their signature into the chip, but I have an easy solution to that. I just install Linux, and don't run anything from MS.:)
You are right that we will probably be able to simply ignore this by running Linux for the forseeable future - but we will not be able to ignore it if user hostile clients become the norm. I figure we can all live without whatever annoying overpriced services the record companies are thinking up, but what happens when M$ has the bright idea of making a "trusted" version of IE that respects a "do not display source" tag in the HTTP reply? All it would take is the simple addition of a field containing the signed boot loader hash to the HTTP request to prove that the data is going to a "trusted" browser and not "untrusted" mozilla which should be locked out (until it implements the same "feature".)
Yes, it is a good thing that those of us who understand that user hostile applications are pestilence can simply choose to turn them off - but we also need to be vocal in our opposition, because a LOT of people are being LIED TO regarding the purpose and function of these technologies in order to lead them down a path they may not have chosen had they been told the truth.
The application is happily encrypting its audio, however, in the background you're running an application that acts as a virtual soundcard and you're capturing open, unencrypted audio and saving THAT to your hard drive as well. So much for TCPA.
This is true, but making the operating system only use signed drivers requires only a software modification - one that I think recent versions of windows already implements. What TCPA allows is for services to require that you are running a operating system on which you do not have root access (it does this by making it possible to prove you are running an operating system on which no user is allowed root access) - once such an OS is booted, everything else can be implemented in software.
The trick is that you cannot modify the OS software, because each layer of it that is loaded verifies the next, down to the boot loader, which the TCPA chip takes the hash of. So a modified OS means a modified boot loader, and the DRM service will ask for the current boot loader hash signed by the TCPA chips "endorsement key" (which is set by the vendor.) If the hash is not one recognized as a "trusted" OS (ie, one on which the user can't have root) then no go. Nor can you open files you downloaded previously, exactly because the TCPA chip won't decrypt stuff if the boot loader hash is different (boot viruses my ass).
With incredible dishonesty, the linked article claims that such a system is not practical because it would be impossible for all services to keep lists of all "trusted" operating system versions. This is just silly: In fact, any "trusted" OS would be distributed with a signature of boot loader hash using a key belonging to the vendor (read Microsoft.) So the service would just require that the boot hash is also signed by a recognized vendor (in fact, it probably wouldn't even do this - there would be some other authority that signed vendors keys).
This article is misinformation just like most others on this topic. TCPA provides the only necessary element for software secure DRM (ie, DRM that requires hardware modification to change), and that is it's main purpose, it's other uses are marginally interesting at best. I challenge anyone who claims otherwise to explain what the purpose of the "endorsement key".
Which I will do, and which is why, in the hope that others will as well, I respond forcefully to posts that falsely portray it as something benign.
It is worth wondering for how long, and for how many, this will be the case however. I suppose as an exclusive linux user my platform will be safe for the forseeable future, but many people are, for whatever reasons, tied to M$ software - how many future versions of windows will run without TCPA? How many corporations will buy the filthy lie that is about security and start forcing it on their employees and customers? How long before the content industry starts threatening ISPs who allow connecting without it with lawsuits for allowing free users? How strong will the resitance be to laws making it mandatory if it accepted by users?
How long until they start realizing exactly what you said, that this does not stop the downloading and copying of files, and that their overpriced annoying services are being ignored? How strong will the temptation be at that point to use the power they have over peoples computers to restrict completely what people may do with them? And, at that point, how long will direct communication between these computers be tolerated at all?
What will happen to the Internet that we love when PCs are turned into locked down information spoon feeders?
You want root? Don't run TCPA. Yeah, you can't download movies now in pure digital form from Blockbuster (because they don't _TRUST_ you that you won't make copies of their digital library) but your root.
Well, at least you are honest here. If M$ and Intel would be this honest about it we could have saved ourselves a lot of trouble.
oh god, you're a drama troll.
My tone is dramatic because these are dramatic issues. If this idea that the devices we use for our communication should not be under our own control is accepted, then it is the begining of a movement whose logical conclusion is the total dismantlement of the entire open, liberated society. I am dramatic because I am afraid.
To be fair, the astroturfer's (I'll give him the benefit of the doubt) argument regarding corporate computers should be addressed. His assertion that many company's would like the concept of having their employees on user hostile machines where they can control the employees ability to communicate the information he has access to is very correct - in fact, many (most?) corporations already deprive most employees of root accounts on their workstations, so short of a software application running as root decrypting documents only when it pleases, they have already achieved this.
So what does TCPA/palladium provide beyond this? The only thing really is that it designed to make it harder for a person with physical access to machine to break root - on a normal PC is it typically no harder than breaking the case lock and setting a jumper to reset the BIOS - with TCPA, barring software attacks it will take serious hardware reverse engineering (though I doubt software attacks should be barred - nobody has made an OS with privilege escaltion exploits yet - do we really believe MS will this time?) The former is certainly enough for in-office PCs - but I guess corporations would like to retain control of laptops and machines that leave their property.
For this purpose one could imagine a class of corporate user hostile laptops - built so that employees could take home machines that are still loyal to the employer rather than the user - but trying to justify the entire TCPA/Palladium technology on that is naked lie. Firstly, a niche market for such technology hardly makes it a necessity in every computer sold, yet that is pretty clearly where we are headed, and secondly, in this case it would be the employing corporation that should control the keys that give ultimate control of the computers - but under TCPA it is the vendor.
The purpose is clear - TCPA is aimed not at corporate computers that need to be controlled by there owners, but at privately owned computers that "need" not to be controlled by their owners. Thus the vendor controls the keys, and magically the users are turned into consumers, subjects of the technology companies who are ready to trade their power over them to the media industry.
So sure, Microsoft is pushing Palladium. It can be everything to everyone. Don't forget that you can use DRM goes both ways. If you create something for free distribution with DRM, you can ensure that no one can use it for commercial purposes. DRM is a weapon of choice - you can oppress, or you can set free.
This is the worst kind of apologist propaganda imaginable. TCPA and Palladium serve one purpose and one purpose only: taking away the root control of our own machines from us. It is that simple, and it is indeed true that once our freedom of informational self determination has been taking from us, there are many applications, good and evil, for those to whoom we grant it: that is the nature of having power over people. You are absolutely right that this power can be used in fair ways, just like any power over us, but once we have given up control of our computers this is no longer for us to decide. If we accept hardware DRM, we are giving up all our freedoms on the promise that if we are nice they'll give most back. Such power is evil in and of itself, regardless of whether it is used for evil or not.
Defending user hostile computers on the grounds that they can be used for fair applications is like defending totalitarian regimes because they can stop crime and corruption. Both statements are true - a totalitarian regime can indeed protect us in a way an open society cannot, and many intellectually honest thinkers have argued that it is necessary and preferable (Plato, Hobbes, Marx etc.) But history has shown us again and again that open societies prosper, where as those that wish to concentrate power, no matter how convincing the utilitarian argument, lead us down a path of insanity and darkness.
Once more unto the breach, dear friends - for this is not a new battle, what we are seeing with those who would promise us gold riches for the small price of our freedom in cyberspace are the same devils, if with different faces, that have offered this deal since time immemorial. Choose your side, and remember that history will be our judge.
TCPA is always DRM related. A "trusted" app means one that other people can "trust" not to let you do anything they didn't intend you to do with it (like a media player that lets you watch, but can be "trusted" not to let you record.)
Yes it can, but that lovely "lets show off about it" TCPA "feature" will make sure that if Hillary Rosen hasn't certified that you have paid $500 for them (regardless of where they came from) it will stick out it's tongue and remind who actually rules your life instead.
"Last but not least" - my ass. What is happening to this place...
This is a common misconception about the GPL, which shows a misunderstand about what the license says.
When you download software that somebody else has written, and use it as the basis of an inhouse piece of software, then you need the permission of the person who wrote the original software to distribute the derivative work (your inhouse software.) If the software comes with a notice that it is under the GPL, that is simply a communication from the author saying under what terms HE will allow you to distribute the software - namely that you keep it under the GPL and give the source code to anyone who wants it.
The people that you distribute the software to have no legal right to dictate the terms under which you do so - only the original author does, since you can only distribute his copyrighted work at all with his permission. Thus, the people who get the software may be more than happy to sign away the ability to get ahold of the source code - but that does not matter, because it is not with them you made an agreement to distribute the source code, it is with the original author of the software.
That said, regarding employees working in the office there is no issue what so ever - distribution of the software has to do with which computers it is installed on, not who uses it, so as long as the company owns the computer there has been no distribution. If it is software that employees or consolutants will take home and run on their own machines, then IANAL but it seems pretty clear to me that, yes, you do owe them the source.
On the whole though, MS campaign of trying to use this against Linux is 100% FUD (or rather an outright lie). There are GPLed programs and libraries on Windows as well, people who don't want to GPL there software don't have to make derivative works based on them, and nor do they on Linux (there are plenty of LGPLed, BSDed, and even proprietary libraries to go around). And if they do want to base their software on something that is GPLed, the worse case is that they have to exactly what you always have to do with proprietary software anyways: call up the author and try to negotiate to pay for permission to use it under other conditions.
Well, the built in encryption chip should be enough to make one smell rat, and looking over their webpage the front page bosts that their product solves "the increased concerns with information security for consumers, enterprises and content owners."
Digging deeper:
Security & Intelligence - industry's first intelligent media with the ability to authenticate an individual and his own data, to encrypt and secure the data, and to enforce policy information on how and when the data may be used.
Online voting protocols are interesting from an academic perspective, but useless in practice. No such protocol, however clever, can get around the forced vote problem. Only by physically seperating people in a controlled environment can we be sure that everyone is completely free to vote exactly as they please (and that they can't even sell their vote, since they can't prove how they voted). Trying to achieve this online is obviously intractable.
Democratic voting, as a concept, is intimately tied to the nature of the meat space: one person, one presence, one identity, one vote. The very beauty of cyberspace is that these properties do not hold, so the two ideas are fundamentally mismatched. Let's keep democracy where it belongs.
I have no real idea how the final products will work. Some of them may be good, some may suck.
This is the very weaseling that you stand accused of: trying to plant the idea of these mythical good uses for this technology but avoiding saying anything about them. The main question, the one that Michael was trying to ask you, and the one that the parent poster was trying to ask you twice, and the one I'm putting to you again is this:
How can a technology whose only purpose is to take away from us control of our own computers, and thus in a very real sense our control of ourselves, EVER, concievably, have good uses?
You have not answered this, because you know the answer as well as we do, and all your justifications and rationalizations of the process you are taking part of fall together like a house of cards because of it. If you think you haven't met the devil, you need to look closer.
Or even better, why can't Slashdot just call up the New York Times and ask to become a partner as well? This site must drive more traffic to nyt.com then just about any other partner (they get slashdotted, what?, once or twice a day, which means upward toward half a million hits) and it's readers are notoriously anti-registration.
Oh, you must mean, "Less useful than what I, with my self-righteous sense of entitlement, feel that I deserve." Well, that's a whole different kettle of fish, isn't it?
No, I meant less useful then it would have been if they had not gone out of their way and put extra effort into locking it down.
It was not _that_ difficult to understand. Keep trying.
While most of what you say is very true, this is only a problem if viewed with eyes that are unready to change the business model from the ground up (which admittely includes just about the entire media industry).
If shows could be entirely paid for by embedded advertisements, then the business model the distribution of the shows would have to be different. Firstly, the producers would want to have as many viewers as possible, spreading over the Internet would be greatly encouraged. Secondly , while it is true that there would be no reason for syndicated channels to pay for the material if they cannot tack on their own advertisements, the original sponsors and producers, again looking for as many viewers as possible, would want the shows syndicated. So the business relationship would be inverse: producers would pay channels to show there shows.
The question that remains, of course, is that of the efficiency of the adveritising. It is obvious that if an advertisement in embedded in the program instead of tacked on, it will be less flexible both geographically and temporally (difficult to change for different markets, as well as for different times), meaning that advertisers are less likely to pay as much as they do today per viewer of the add. But there are several things that help moderate this. Firstly, brands and products are much more global today then when television started - there is probably no shortage of companies that are willing to market there product at every viewer of Friends (or whatever mind numbing sitcom we are being spoon fed this week). Secondly, a loss in advertising revenue does not necessarily mean the end of TV - there are what, five?, different Discovery channels in cable packages these days, will it really be the end of the world if they were forced to scale that back to one or two? Television has become much more efficient in just the last ten years or so - it is now possible to produce material for much less per possible viewer then it was previously.
Writing off the concept of embedded advertisements is premature. The nature of the information age (barring the bonds that MS and co. want to place on it) is that people are in control, down to the micro level, of what content they consume. In the long term, it is not possible in such a society to try to make people pay attention to things they do not desire - making it seem to them that they do desire it is advertisements only hope.
TiVo's Thursday press release in which they assure us that "every TiVo Series2 DVR contains a unique public/private key pair," so only "designated" units within your home can share programs, you "cannot send content outside the home," and transfers over your home network will be encrypted (no sniffing!).
So TiVo is going out of it's way to assure it's customers that the device has been purposely and explicitely designed so as to be less useful to them. What the fuck is going on here?????
How many of the recent big viruses have been binary programs? Nearly all the viruses are macros and scripts infecting installed applications (and those are already supposed to be sandboxed). Nearly all remote cracks are by buffer overflows which means the code runs as if it were part of the attacked application, which presumably is signed. Nearly all computers that are broken into are used only as zombies for DoS attacks - something that requires only normal, installed, user applications.
Taking away users control of their computers can only make the situation worse - soon, even those of us who normally know how to protect ourselves will be beyond hope.
Yes. It's none of their business in what mode I decide to run my programs.
Which is why the GPL only pertains to distribution, on your own computer you always have the right to do exactly whatever you want (unlike with your beloved Palladium fuckware).
Astroturf is green!
Re:The reason why DSL beats Cable outside of the U
on
DSL Rising
·
· Score: 3, Insightful
I don't know if you really grok the difference in scale between the US and Finland. 90% of Finland's land mass (337,113 km^2) is equivalent to 3.2% of the US's land mass (9,363,130km^2).
So the USA has 30 times as much land to cover, but it also has 50 times the population (and 70 times the GNP) of Finland to pay for coverage. Population density is the only worth while measurement here.
Incidentally, we have fairly decent GSM coverage in the Southeastern US, as long as we're relatively close to an interstate highway.
I don't think many Americans understand what good coverage is. I've trecked through the tundra for days and found myself in places where the only manmade structure visible for miles is a cell tower on nearby mountain giving perfect coverage. Close to an interstate highway? I'm talking places with no roads.
Of course, this is not all good, since the Nordic governments have, for political reasons, made coverage of rural areas a condition for receiving GSM licenses, meaning that it is us city dwellers who are paying for all the underused towers...
As long as they keep the DMCA etc in their pants, Sony can do whatever they want as far as I'm concerned. My comment was in regards to trying to equate claiming the right to hack your software to claiming the right to cheat.
Sony can of course write software that does anything they want it to, although, personally, I find it highly disturbing that people are willing to accept user hostile software running on their systems. PCs are communication devices, and in many ways they serve as extensions of ourselves into cyberspace, that they should even attempt to control us terifies me beyond words. But then, even here, most people seem to think that is a splendid idea when it suits them (and they can't all be MS astroturfers).
Slashdot Mirror
These ventures require money. Who will want to risk money on a venture that has a high likelyhood of getting smashed?
No they don't. These networks are entirely self supporting, and could well be supported by free software projects.
As always, the free projects are taking longer to mature then the proprietary once, but they are coming along. Look at EMule and DC++ for instance.
I think that they could possibly kill the "global" P2P systems if they managed to effectively attack and fine people who are sharing data. As it is, the worst thing that can happen if you share is that you get told to stop - if there was a substantial chance that sharing files meant a $100 ticket, they would dry out pretty fast.
(I wrote "global" because I think in such a case people would start trading in closed circles, relying on the six degrees of seperation for files to get around.)
Now I've got an application that will run under my emulator, and I've got the data, encrypted with the TCPA chip which is under my control, so I can decrypt it, and I would seem to be happy as a clam.
Am I missing something?
Yes, that the TCPA chip is NOT under your control. That is the entire purpose of it - it will not decrypt the DRM data unless running under the same operating system where it was created, and because this operating system is "trusted" it will make sure that only the unmodified DRM app (or any that it specifically allows) can read the data.
IBM claim that their TCPA chips are not resistant to hardware tampering, so it might be possible to bring the TCPA chip under your control (the easiest way would probably be to disrupt the point at startup where the TCPA chip reads the boot loader and feed it false values). This isn't really that surprising however: NSA level tamper resistance is expensive (see how easy it has been to build mod chips for the consoles even though the makers hate them). Most probably they are counting on the DMCA: as toothless as the DMCA is against software cracks, as effective it against the distribution of hardware cracks - they figure most people will bend over obediently rather than start soldering their motherboards.
They mean reading the public key part of the "endorsement" keypair. The reason this is considered sensitive that it serves as a unique identifier of your hardware - privacy is probably the least of our concerns if using these systems, but it is something that has mainstream attention.
The private key part of the "endorsement" key cannot be read. If you read the whole document at the IBM page the guy says quite clearly that the "endorsement" key cannot be changed, but that that would serve no purpose because it's purpose is exactly to get the vendors "endorsement" that it has not been tampered with (flatly ignoring that the only application of this is the DRM he claims TCPA was not designed for.)
TCPA is more like pgp than like ssl, i.e. there are no "root certificates". The chip contains a key, and can store signatures. So, when you install a system, you sign it, and install the signature in the chip. The boot loader only has to be trusted by you.
:)
Not quite, you should have read the documents you linked to more carefully. What TCPA does is that it hashes the boot sector, and stores that hash. It can then provide that hash, signed if need be, later. And that the TCPA chip only contains the keys you generate is in fact not true: it contains a pair of hardwired keys called the "endorsement" keys that are set by the vendor. What the DRM applications will require is the boot sector hash of "trusted" operating system, signed by an "endorsement key" from a vendor that it trusts. It can then be sure you are running an OS that will not let you control your machine.
To repeat myself, here is a paste from something I posted yesterday:
The trick is that you cannot modify the OS software, because each layer of it that is loaded verifies the next, down to the boot loader, which the TCPA chip takes the hash of. So a modified OS means a modified boot loader, and the DRM service will ask for the current boot loader hash signed by the TCPA chips "endorsement key" (which is set by the vendor.) If the hash is not one recognized as a "trusted" OS (ie, one on which the user can't have root) then no go. Nor can you open files you downloaded previously, exactly because the TCPA chip won't decrypt stuff if the boot loader hash is different (boot viruses my ass).
Of course, this might prevent you from dual-booting Linux and MS, since MS might make their system refuse to install unless you put their signature into the chip, but I have an easy solution to that. I just install Linux, and don't run anything from MS.
You are right that we will probably be able to simply ignore this by running Linux for the forseeable future - but we will not be able to ignore it if user hostile clients become the norm. I figure we can all live without whatever annoying overpriced services the record companies are thinking up, but what happens when M$ has the bright idea of making a "trusted" version of IE that respects a "do not display source" tag in the HTTP reply? All it would take is the simple addition of a field containing the signed boot loader hash to the HTTP request to prove that the data is going to a "trusted" browser and not "untrusted" mozilla which should be locked out (until it implements the same "feature".)
Yes, it is a good thing that those of us who understand that user hostile applications are pestilence can simply choose to turn them off - but we also need to be vocal in our opposition, because a LOT of people are being LIED TO regarding the purpose and function of these technologies in order to lead them down a path they may not have chosen had they been told the truth.
The application is happily encrypting its audio, however, in the background you're running an application that acts as a virtual soundcard and you're capturing open, unencrypted audio and saving THAT to your hard drive as well. So much for TCPA.
This is true, but making the operating system only use signed drivers requires only a software modification - one that I think recent versions of windows already implements. What TCPA allows is for services to require that you are running a operating system on which you do not have root access (it does this by making it possible to prove you are running an operating system on which no user is allowed root access) - once such an OS is booted, everything else can be implemented in software.
The trick is that you cannot modify the OS software, because each layer of it that is loaded verifies the next, down to the boot loader, which the TCPA chip takes the hash of. So a modified OS means a modified boot loader, and the DRM service will ask for the current boot loader hash signed by the TCPA chips "endorsement key" (which is set by the vendor.) If the hash is not one recognized as a "trusted" OS (ie, one on which the user can't have root) then no go. Nor can you open files you downloaded previously, exactly because the TCPA chip won't decrypt stuff if the boot loader hash is different (boot viruses my ass).
With incredible dishonesty, the linked article claims that such a system is not practical because it would be impossible for all services to keep lists of all "trusted" operating system versions. This is just silly: In fact, any "trusted" OS would be distributed with a signature of boot loader hash using a key belonging to the vendor (read Microsoft.) So the service would just require that the boot hash is also signed by a recognized vendor (in fact, it probably wouldn't even do this - there would be some other authority that signed vendors keys).
This article is misinformation just like most others on this topic. TCPA provides the only necessary element for software secure DRM (ie, DRM that requires hardware modification to change), and that is it's main purpose, it's other uses are marginally interesting at best. I challenge anyone who claims otherwise to explain what the purpose of the "endorsement key".
It's simple, turn off TCPA mode.
Which I will do, and which is why, in the hope that others will as well, I respond forcefully to posts that falsely portray it as something benign.
It is worth wondering for how long, and for how many, this will be the case however. I suppose as an exclusive linux user my platform will be safe for the forseeable future, but many people are, for whatever reasons, tied to M$ software - how many future versions of windows will run without TCPA? How many corporations will buy the filthy lie that is about security and start forcing it on their employees and customers? How long before the content industry starts threatening ISPs who allow connecting without it with lawsuits for allowing free users? How strong will the resitance be to laws making it mandatory if it accepted by users?
How long until they start realizing exactly what you said, that this does not stop the downloading and copying of files, and that their overpriced annoying services are being ignored? How strong will the temptation be at that point to use the power they have over peoples computers to restrict completely what people may do with them? And, at that point, how long will direct communication between these computers be tolerated at all?
What will happen to the Internet that we love when PCs are turned into locked down information spoon feeders?
You want root? Don't run TCPA. Yeah, you can't download movies now in pure digital form from Blockbuster (because they don't _TRUST_ you that you won't make copies of their digital library) but your root.
Well, at least you are honest here. If M$ and Intel would be this honest about it we could have saved ourselves a lot of trouble.
oh god, you're a drama troll.
My tone is dramatic because these are dramatic issues. If this idea that the devices we use for our communication should not be under our own control is accepted, then it is the begining of a movement whose logical conclusion is the total dismantlement of the entire open, liberated society. I am dramatic because I am afraid.
To be fair, the astroturfer's (I'll give him the benefit of the doubt) argument regarding corporate computers should be addressed. His assertion that many company's would like the concept of having their employees on user hostile machines where they can control the employees ability to communicate the information he has access to is very correct - in fact, many (most?) corporations already deprive most employees of root accounts on their workstations, so short of a software application running as root decrypting documents only when it pleases, they have already achieved this.
So what does TCPA/palladium provide beyond this? The only thing really is that it designed to make it harder for a person with physical access to machine to break root - on a normal PC is it typically no harder than breaking the case lock and setting a jumper to reset the BIOS - with TCPA, barring software attacks it will take serious hardware reverse engineering (though I doubt software attacks should be barred - nobody has made an OS with privilege escaltion exploits yet - do we really believe MS will this time?) The former is certainly enough for in-office PCs - but I guess corporations would like to retain control of laptops and machines that leave their property.
For this purpose one could imagine a class of corporate user hostile laptops - built so that employees could take home machines that are still loyal to the employer rather than the user - but trying to justify the entire TCPA/Palladium technology on that is naked lie. Firstly, a niche market for such technology hardly makes it a necessity in every computer sold, yet that is pretty clearly where we are headed, and secondly, in this case it would be the employing corporation that should control the keys that give ultimate control of the computers - but under TCPA it is the vendor.
The purpose is clear - TCPA is aimed not at corporate computers that need to be controlled by there owners, but at privately owned computers that "need" not to be controlled by their owners. Thus the vendor controls the keys, and magically the users are turned into consumers, subjects of the technology companies who are ready to trade their power over them to the media industry.
So sure, Microsoft is pushing Palladium. It can be everything to everyone. Don't forget that you can use DRM goes both ways. If you create something for free distribution with DRM, you can ensure that no one can use it for commercial purposes. DRM is a weapon of choice - you can oppress, or you can set free.
This is the worst kind of apologist propaganda imaginable. TCPA and Palladium serve one purpose and one purpose only: taking away the root control of our own machines from us. It is that simple, and it is indeed true that once our freedom of informational self determination has been taking from us, there are many applications, good and evil, for those to whoom we grant it: that is the nature of having power over people. You are absolutely right that this power can be used in fair ways, just like any power over us, but once we have given up control of our computers this is no longer for us to decide. If we accept hardware DRM, we are giving up all our freedoms on the promise that if we are nice they'll give most back. Such power is evil in and of itself, regardless of whether it is used for evil or not.
Defending user hostile computers on the grounds that they can be used for fair applications is like defending totalitarian regimes because they can stop crime and corruption. Both statements are true - a totalitarian regime can indeed protect us in a way an open society cannot, and many intellectually honest thinkers have argued that it is necessary and preferable (Plato, Hobbes, Marx etc.) But history has shown us again and again that open societies prosper, where as those that wish to concentrate power, no matter how convincing the utilitarian argument, lead us down a path of insanity and darkness.
Once more unto the breach, dear friends - for this is not a new battle, what we are seeing with those who would promise us gold riches for the small price of our freedom in cyberspace are the same devils, if with different faces, that have offered this deal since time immemorial. Choose your side, and remember that history will be our judge.
I meant here.
TCPA is always DRM related. A "trusted" app means one that other people can "trust" not to let you do anything they didn't intend you to do with it (like a media player that lets you watch, but can be "trusted" not to let you record.)
See here.
Yes it can, but that lovely "lets show off about it" TCPA "feature" will make sure that if Hillary Rosen hasn't certified that you have paid $500 for them (regardless of where they came from) it will stick out it's tongue and remind who actually rules your life instead.
"Last but not least" - my ass. What is happening to this place...
This is a common misconception about the GPL, which shows a misunderstand about what the license says.
When you download software that somebody else has written, and use it as the basis of an inhouse piece of software, then you need the permission of the person who wrote the original software to distribute the derivative work (your inhouse software.) If the software comes with a notice that it is under the GPL, that is simply a communication from the author saying under what terms HE will allow you to distribute the software - namely that you keep it under the GPL and give the source code to anyone who wants it.
The people that you distribute the software to have no legal right to dictate the terms under which you do so - only the original author does, since you can only distribute his copyrighted work at all with his permission. Thus, the people who get the software may be more than happy to sign away the ability to get ahold of the source code - but that does not matter, because it is not with them you made an agreement to distribute the source code, it is with the original author of the software.
That said, regarding employees working in the office there is no issue what so ever - distribution of the software has to do with which computers it is installed on, not who uses it, so as long as the company owns the computer there has been no distribution. If it is software that employees or consolutants will take home and run on their own machines, then IANAL but it seems pretty clear to me that, yes, you do owe them the source.
On the whole though, MS campaign of trying to use this against Linux is 100% FUD (or rather an outright lie). There are GPLed programs and libraries on Windows as well, people who don't want to GPL there software don't have to make derivative works based on them, and nor do they on Linux (there are plenty of LGPLed, BSDed, and even proprietary libraries to go around). And if they do want to base their software on something that is GPLed, the worse case is that they have to exactly what you always have to do with proprietary software anyways: call up the author and try to negotiate to pay for permission to use it under other conditions.
Well, the built in encryption chip should be enough to make one smell rat, and looking over their webpage the front page bosts that their product solves "the increased concerns with information security for consumers, enterprises and content owners."
Digging deeper:
Security & Intelligence - industry's first intelligent media with the ability to authenticate an individual and his own data, to encrypt and secure the data, and to enforce policy information on how and when the data may be used.
Look like we have a winner...
Online voting protocols are interesting from an academic perspective, but useless in practice. No such protocol, however clever, can get around the forced vote problem. Only by physically seperating people in a controlled environment can we be sure that everyone is completely free to vote exactly as they please (and that they can't even sell their vote, since they can't prove how they voted). Trying to achieve this online is obviously intractable.
Democratic voting, as a concept, is intimately tied to the nature of the meat space: one person, one presence, one identity, one vote. The very beauty of cyberspace is that these properties do not hold, so the two ideas are fundamentally mismatched. Let's keep democracy where it belongs.
I have no real idea how the final products will work. Some of them may be good, some may suck.
This is the very weaseling that you stand accused of: trying to plant the idea of these mythical good uses for this technology but avoiding saying anything about them. The main question, the one that Michael was trying to ask you, and the one that the parent poster was trying to ask you twice, and the one I'm putting to you again is this:
How can a technology whose only purpose is to take away from us control of our own computers, and thus in a very real sense our control of ourselves, EVER, concievably, have good uses?
You have not answered this, because you know the answer as well as we do, and all your justifications and rationalizations of the process you are taking part of fall together like a house of cards because of it. If you think you haven't met the devil, you need to look closer.
Or even better, why can't Slashdot just call up the New York Times and ask to become a partner as well? This site must drive more traffic to nyt.com then just about any other partner (they get slashdotted, what?, once or twice a day, which means upward toward half a million hits) and it's readers are notoriously anti-registration.
Oh, you must mean, "Less useful than what I, with my self-righteous sense of entitlement, feel that I deserve." Well, that's a whole different kettle of fish, isn't it?
No, I meant less useful then it would have been if they had not gone out of their way and put extra effort into locking it down.
It was not _that_ difficult to understand. Keep trying.
While most of what you say is very true, this is only a problem if viewed with eyes that are unready to change the business model from the ground up (which admittely includes just about the entire media industry).
If shows could be entirely paid for by embedded advertisements, then the business model the distribution of the shows would have to be different. Firstly, the producers would want to have as many viewers as possible, spreading over the Internet would be greatly encouraged. Secondly , while it is true that there would be no reason for syndicated channels to pay for the material if they cannot tack on their own advertisements, the original sponsors and producers, again looking for as many viewers as possible, would want the shows syndicated. So the business relationship would be inverse: producers would pay channels to show there shows.
The question that remains, of course, is that of the efficiency of the adveritising. It is obvious that if an advertisement in embedded in the program instead of tacked on, it will be less flexible both geographically and temporally (difficult to change for different markets, as well as for different times), meaning that advertisers are less likely to pay as much as they do today per viewer of the add. But there are several things that help moderate this. Firstly, brands and products are much more global today then when television started - there is probably no shortage of companies that are willing to market there product at every viewer of Friends (or whatever mind numbing sitcom we are being spoon fed this week). Secondly, a loss in advertising revenue does not necessarily mean the end of TV - there are what, five?, different Discovery channels in cable packages these days, will it really be the end of the world if they were forced to scale that back to one or two? Television has become much more efficient in just the last ten years or so - it is now possible to produce material for much less per possible viewer then it was previously.
Writing off the concept of embedded advertisements is premature. The nature of the information age (barring the bonds that MS and co. want to place on it) is that people are in control, down to the micro level, of what content they consume. In the long term, it is not possible in such a society to try to make people pay attention to things they do not desire - making it seem to them that they do desire it is advertisements only hope.
It's the karma whore variant of "FIRST POST". Ssshhhh!
TiVo's Thursday press release in which they assure us that "every TiVo Series2 DVR contains a unique public/private key pair," so only "designated" units within your home can share programs, you "cannot send content outside the home," and transfers over your home network will be encrypted (no sniffing!).
So TiVo is going out of it's way to assure it's customers that the device has been purposely and explicitely designed so as to be less useful to them. What the fuck is going on here?????
How many of the recent big viruses have been binary programs? Nearly all the viruses are macros and scripts infecting installed applications (and those are already supposed to be sandboxed). Nearly all remote cracks are by buffer overflows which means the code runs as if it were part of the attacked application, which presumably is signed. Nearly all computers that are broken into are used only as zombies for DoS attacks - something that requires only normal, installed, user applications.
Taking away users control of their computers can only make the situation worse - soon, even those of us who normally know how to protect ourselves will be beyond hope.
Yes. It's none of their business in what mode I decide to run my programs.
Which is why the GPL only pertains to distribution, on your own computer you always have the right to do exactly whatever you want (unlike with your beloved Palladium fuckware).
Astroturf is green!
I don't know if you really grok the difference in scale between the US and Finland. 90% of Finland's land mass (337,113 km^2) is equivalent to 3.2% of the US's land mass (9,363,130km^2).
So the USA has 30 times as much land to cover, but it also has 50 times the population (and 70 times the GNP) of Finland to pay for coverage. Population density is the only worth while measurement here.
Incidentally, we have fairly decent GSM coverage in the Southeastern US, as long as we're relatively close to an interstate highway.
I don't think many Americans understand what good coverage is. I've trecked through the tundra for days and found myself in places where the only manmade structure visible for miles is a cell tower on nearby mountain giving perfect coverage. Close to an interstate highway? I'm talking places with no roads.
Of course, this is not all good, since the Nordic governments have, for political reasons, made coverage of rural areas a condition for receiving GSM licenses, meaning that it is us city dwellers who are paying for all the underused towers...
As long as they keep the DMCA etc in their pants, Sony can do whatever they want as far as I'm concerned. My comment was in regards to trying to equate claiming the right to hack your software to claiming the right to cheat.
Sony can of course write software that does anything they want it to, although, personally, I find it highly disturbing that people are willing to accept user hostile software running on their systems. PCs are communication devices, and in many ways they serve as extensions of ourselves into cyberspace, that they should even attempt to control us terifies me beyond words. But then, even here, most people seem to think that is a splendid idea when it suits them (and they can't all be MS astroturfers).
Silver, purple, and month remain intractable problems for poets.
The poet, he laments: "Not a word rhymes with month,"
"Not tho," says the lisper, "I thought of one onthe!"