Power draw would be more at night....people tend to use lights when its dark =]
Here's a real time graph of California's electricity usage. You can see that the peak is about 4 PM, probably due to air conditioning. A solar system could work out pretty well to provide some extra power at periods of peak demand.
The fit hits the shan in less than a year when Microsoft releases their new OS in summer 2006. By then yes, the systems will be coming with the required certificates and it is a DRM system and worse. Apple's new hardware switchover is what, a year after that in 2007? If it too includes a TPM (which appears likely despite the conflicting claims and reports) then the TPM will be a DRM enforcement device there too.
That is completely wrong. Read what Seth Schoen of the EFF wrote two weeks ago about Microsoft's plans for the TPM in Windows Vista. Seth is one of the most knowledgeable Trusted Computing opponents on the net, author of the so-called User Override concept which would eviscerate the most useful features of TC. He wrote:
"The most important message at the 2005 WinHEC about Microsoft's trusted computing effort, now known as Next Generation Secure Computing Base (NGSCB), is that it is late and will not be included in Windows Longhorn.
"In fact, Microsoft is not implementing support in Longhorn for the controversial remote attestation features of trusted computing hardware. That means that publishers and service providers will not have a hardware-based means of forcing people to use particular programs for interoperability, nor of stopping people from reverse engineering or altering software on their own computers."
In short, you are wrong that Vista in 2006 will use TPMs with certs for DRM purposes. This will not happen. There will be no remote attestation, hence no certs, hence no utility of the TPM for DRM, not in that time frame. Maybe never, depending on the politics of the issue.
Then they added previews etc. that can't be skipped, but maybe FF'd through. Who knows, in 5 years you may not even be able to FF through them. By then it will be too late.
People always say this, but is it true? I haven't rented a DVD in a long time that I couldn't skip the previews. Somebody go out and find me a DVD in the top ten rentals this week that won't let you skip the previews, I'll rent it and see for myself. I want to know if this is an urban legend or if DVD makers are still making people sit through previews (like the theaters do!).
...if the vast majority of ISPs require Trusted Network Connect in order to get an IP address, which some people expect to happen between 2011 and 2015, possibly by force of law.
Come on, dude... anybody who claims to know what's going to happen in 2015 is full of, well, hot air. There's a million ways the future can come out, and the chance that it will at all resemble your one little snapshot is essentially zero. We've got enough to worry about in 2005, there's no need for nightmares about the second coming of George Orwell in 2015.
The TPM chip is not necessarily used for DRM. In fact in today's environment, it can't be used for that purpose. To use it for DRM it is necessary for the chip to be sold with an embedded key and for the manufacturer to supply a certificate (similar to a web site certificate) which means that the key is a valid TPM key. No manufacturers are presently doing this, because the whole issue is too controversial.
I have a computer with a TPM that I bought for research, and I tried to get one with a key and a certificate, but it was impossible. Even though it was for legitimate security research, everyone has been scared by all the anti-TCPA and anti-Palladium activism on the net.
You can still do some useful things with the TPM; it has crypto features and can do some Tripwire-like functionality. But this is not DRM.
It's entirely possible that Apple is using the TPM for various purposes. Theoretically the software could look for a particular brand of TPM and use that to somewhat limit which boxes it would run on. Or it could be using it for the crypto functions.
But that is a far cry from using it for DRM or the other advanced features in the TCPA spec. My reading of the various claims and counter-claims is that Apple is in fact shipping with a TPM but it is not using it for DRM and has no plans to do so. That is generally consistent with what all sides are saying, modulo a bit of confusion and sloppy terminology. It appears to be as close to the truth as we are going to get in a situation like this.
I know a lot more about the TPM than what is in any FAQ; I've read every page of the spec and have written software to talk to the chip, okay? Let me point to one place you are going wrong:
To begin with, the first application that boots up, typically the BIOS (probably UEFI but any other choice really), if written to do so can refuse to allow any application to start which isn't signed by one of the keys securely stored in the TPM. The BIOS will check the TPM for a matching key for the OS, and if it matches, will allow it to start. Conversely, if the key doesn't match (for example, a bootleg OS), the BIOS can just stop right there. Keep in mind, this is the BIOS handling this, not the TPM, but, unlike even the M-1 tank, there is no way to tamper with the TPM to change the keys.
First of all, there is no interest in general purpose PCs to stop them booting other OS's. That would reduce sales, and strange as it may seem, businesses actually like to grow their sales, not shrink them. Intel makes money off of Linux and they are never going to stop making machines that can run it! So put your mind to rest on this issue.
The problem with what you describe is that you could patch the BIOS to disable this check of the TPM, if you didn't want it to have these limitations. What's that you say, you can't patch the BIOS on a TCG box? Then in that case, the BIOS wouldn't need the TPM to do this check, would it, because it could just have the keys right there in the BIOS. An unpatchable BIOS already has the power to do a restricted boot, and the TPM would be superfluous.
In short the TPM is not there to keep the machine from booting other software. It does provide important functions, such as remote attestation and the ability to lock encrypted data to the machine configuration. That latter feature means that it can be set up so if you boot a different OS (WHICH IS ALLOWED!) then data that was encrypted under the previous OS can't be decrypted now. That does have DRM implications, but the details are totally different from the misleading picture that you described.
It's frustrating to talk about this because the TPM is powerful in its way, but it is a very specific sort of power. Most of the fears about it are completely wrong in their details, although not perhaps wrong in fearing the power of the chip. If people have valid fears but for incorrect reasons, what should I say to them? I try to correct the errors but then people accuse me of whitewashing because I deny the apocalyptic claims ("the TPM is root on your computer").
I know a great deal about TPMs, I have a computer with a TPM. They are very common. Many high end laptops and desktops have TPMs. Here is an up to date list of systems that have TPMs. They include manufacturers such as HP, IBM, Acer, NEC, Dell, Gateway, Toshiba, Fujitsu, and Samsung. You've probably heard of some of them. It's easy to get a computer with a TPM. Probably in a few years it will be hard to get a computer without one.
What does a TPM do? Essentially it is just a crypto chip. It can hold keys, and sign and encrypt data with them. It's completely passive. It never takes control of your system or does anything invasive. It doesn't even monitor the bus or snoop on data flows. It merely hashes, signs and encrypts data, on request from the CPU.
How is it used for DRM? It can't be done today. They way it would be used, sometimes in the future, is to ship the chip with a unique key pre-installed in it, and with a certificate from the manufacturer on that key. Then the BIOS and OS get enhanced to do a "trusted boot" in which every software component gets its hash reported to the TPM. This allows the TPM to send out a crypto-signed "attestation" about the software configuration on the computer. It is signed by the built-in key, and that key is known to be a legitimate TPM key by virtue of the certificate that was created at manufacture time.
This lets a remote server verify that you're running a genuine version of Media Player or iTunes and not some hacked thing that will strip the DRM and put it out on the net. Your system can report its software configuration and that attestation can't be forged, because you don't control a TPM key that has a cert on it from a TPM manufacturer.
It's a complicated system, and no part of it exists today. Manufacturers don't ship TPMs with pre-installed keys, and they don't issue certificates. Nobody wants to touch that stuff with a ten foot poll. I know, I've tried to get a computer with a certified TPM for research purposes, but they're just not available.
How would Apple use a TPM to keep the OS from running on non-Apple PCs? This is the $64 question, but I haven't seen much information about it. If they just look for the presence of a TPM, that won't help much - see above for all the computers out there that have TPMs.
My guess is that it is more likely that the mechanism Apple will use or is using to keep from running on non-Apple hardware is not the TPM. They will probably use a custom chip. The TPM is extremely standard, the Trusted Computing Group has hundreds of pages documenting it. It would be crazy to twist that standard.
Rather, I'm guessing that Apple uses the TPM for crypto purposes, possibly with an eye towards eventual DRM if and when the necessary massive infrastructure ever gets built. Due to its unique position as designer of both the computer and the software, Apple might even be in a unique position with regard to rolling out some form of TPM based DRM, just as they were among the first to create a commercially successful DRM system in iTunes. My speculation is that Apple is not using the TPM to stop hackers porting its software, they're using the TPM because it's useful. It just happens that the hackers don't have many systems with TPMs.
If so, then, it is merely accidental that the use of the TPM is a road block for experimenters determined to run the Apple software on non Apple PCs. It's possible that if they looked at the list they would find some computers lying around that had TPMs in them, and if they tried on those computers, the TPM software would work fine. Maybe the OS would then run in its current form. It sounds like it's worth a try, anyway.
I love that imagery. It's too bad we can't reify patents so that they could really be stacked like cannonballs. Imagine Microsoft, IBM and other companies each surrounded by their stacked-up patents, fortifications, lawyers and lawsuits as cannons peeking over the battlements, threatening to rain down havoc on anyone who challenges them.
Maybe once we have effective AR systems we'll be able to make manifest the underlying corporate realities which are all so invisible and intangible today. People passing by the Microsoft campus will be able to see the stacked cannonballs and other accoutrements of corporate warfare. It will make for a more colorful world!
The Problem is with People. And the problem is so prolific on the internet because you can do things on the internet that in real life would get the crap beaten out of you. After all, if you walked into a bar and started calling everyone in it faggots, you'd probably wind up with a cracked skull.
You need to distinguish between someone who provides unpleasant information and someone who engages in physical assault. Calling people names is not grounds for cracking skulls or any such response. "Sticks and stones may break my bones, but words can never hurt me."
It is one of the strengths of the Internet that thugs can no longer beat people up because they don't like what they say. The fact that you are unhappy about this reflects more on you than on users of Tor.
It pisses me off that Rockstar has lied about this from day one, claiming that the content wasn't in the game and had been inserted by hackers. They deserve whatever bad things happen to them as a result of this. If they had come clean, said our programmer did it and we didn't know, we've fired him, at least they would maintain their self respect (assuming that's what happened).
But no, they had to resort to a cowardly and foolish lie, a lie which would inevitably be found out. They deserve no respect at all.
Although Trusted Network Connect (TNC) is being created under the auspices of the Trusted Computing Group (TCG), formerly TCPA, TNC is really not "trusted computing" as it is known and hated on the net.
Trusted Computing is a technology where user computers can be configured to report what programs the user is running in an unspoofable way, and to keep the user from being able to hack on various programs and data that he has downloaded. Many people object to this because of the need to give up control over their own computers in exchange for being allowed to download certain data. It has many uses for DRM.
I don't think TNC has these properties. It is a way of authenticating on a network. Yes, it can use the same TPM chip that is used in the regular TCG specification, but the protocol is not nearly as all-encompassing and doesn't have those features that are so objectionable, limiting what people can do on their computers.
So the whole conspiracy-theory angle loses one of its key selling points, namely that this is all tied into DRM and restrictions on user actions. TNC is completely different and there is no tie in to the kinds of things that conspiracy theory fans are interested in.
I got mail over the weekend announcing the imminent shipping of the eMagin Z800 3D Visor, which looks pretty nice but is expensive. 800x600 OLED display (in stereo!), a 40 degree field of view ("equivalent of a 105 inch screen at 12 feet"), and an integrated headtracker. You can literally be inside the game, turn your head left and right, up and down, and see what's there, with standard games like UT, HL2 and Doom3, and an NVIDIA graphics card.
It sounds pretty cool, but here's the bad news: $899. Ouch. They offered me $50 off because I pre-registered for information but that's way too steep for me.
Here is what the document claims is the usage model for.tel:
2.5. How is the.Tel used?
Individuals could use their name as a personal "brand" or a universal identity accessible from any Internet-enabled communications device to publish their contact information or other personal data. For example, Adam Smith could develop a personal mini-website that provides general information about himself including his contact information, such as phone numbers, and email addresses. Adam would be able to update and manage this data at will, and Adam's friends, when trying to reach him, could simply check adamsmith.tel to find his most current contact information and connect the call or send a text message.
The business market has different needs than the individual market. Businesses are primarily concerned with customer acquisition and retention, ease of client communication, and efficiency of customer management. The.Tel domain has been conceived to meet each of these needs fully. Hertz, for example, could purchase hertz.tel and design a simple and clear navigational system for customers accessing the company via Internet-enabled communications devices. Hertz could segment the customer by geographic location and department and then route the customer to the appropriate call center, which enhances the customer experience and provides the most efficient and cost effective solution for Hertz.
I don't see that much point to this, it is the same as a "contact" link on the person or company's home page. Do we really need a special domain for that one purpose?
I'm very familiar with the TPM spec and I don't see how it would be much help to Apple.
The usual concern with the TPM and "trusted computing" is that the hardware and OS can limit what software will run. This is an oversimplification but there are some valid concerns along these lines.
However, here we want to do the opposite: we want the software (Mac OSX) to limit what hardware it will run on. Hopefully readers can see that it is different for hardware to limit software than for software to limit hardware.
What does the TPM offer that Apple might be able to use? Well, as the articles state, the TPM does have some manufacturer ID information in it. Perhaps Apple motherboards could use a special TPM model or manufacturer number, and the software could look for that. But that's not really TPM specific. There are a number of chips on the boards which have manufacturer IDs in them that could be queried in the same way. There's nothing special about the TPM.
Also, each TPM has a unique crypto key burned in. But, assuming they follow the standard, the keys are random and essentially indistinguishable. Any computer with a TPM would look like any other. So this doesn't help either.
Conceivably we could combine these ideas, and have the manufacturer create a special crypto certificate on the TPM keys that were in Apple-compatible motherboards. This would be signed with a key that was only used for that purpose. Then this cert could be burned into BIOS or somewhere, and OS X could look for it. This is a roundabout method though and it's no more powerful than checking for manufacturer ID.
What you'd really want would be that Apple PCs would have some special crypto key in them that no other PCs had. Then this key could decrypt part of the OS and that way the OS wouldn't run on any computer that didn't have one of these chips. However, there's nothing in the TPM spec that works like this! There's no provision for a key to be shared across all the chips from a particular manufacturer. So that doesn't seem to work either.
All in all I think this is just some poorly-informed speculation that tries to tie together TPM technology with Apple's goals. But to me it doesn't look like a good match.
I'd also like to remind people about the Petname Toolbar from Tyler Close, which uses capability-security concepts.
When you visit your bank site for the first time, you enter your own chosen "pet name" for the bank, which is like a nickname. Then when you (supposedly) visit the bank again via clicking on a link, it will show you the same pet name if it is the same site. If it is a phishing site you will see a glaring indication that the site is new and not one you have previously visited and trusted. This way you will know when you are at the site that you should be at.
It is a simple concept and doesn't rely on any humongous database created by external users. For Firefox, available today!
I think that Paul Kangro may have been talking about "Zen" for linux a Novell product... that is an update to Ximian Red Carpet Server and red-carpet client used for distributing patches to linux distributions...
That's hilarious! He said Zen, they wrote Xen, and nobody noticed that Xen is essentially useless as an aid to patch management! It's just a virtualization technology that makes it easier to run multiple OS's at once. If anything it will make patch management more difficult since it encourages running multiple OS's, and you now must juggle each OS's patch management scheme - rpm vs apt-get vs something else.
It just goes to show how people don't think about what they read, and how they're willing to grasp at straws to support their preconceptions. Open Source is good, therefore patch management must not be a problem, therefore if they say Xen helps, then it must help! Talk about backwards thinking. Try starting from the evidence and working your way to the conclusions, people, rather than vice versa.
I want to know if I should be pi**ed or not about missing out. And on what site are the screenings announced? I didn't see it at the rottentomatoes site linked in the article.
What we have today is a system in which each state's driver's license and identity card has to be honored by all the others as well as by federal agencies. You show your DL when you fly, and it is accepted no matter what state you fly to. That means that the collection of all these state IDs amounts to the same thing as a national ID.
The problem is that with the situation today, there is no uniformity in policies and procedures for getting state IDs. The result, as anyone familiar with security will realize, is that the system is only as strong as the weakest state ID. For example, several of the 9/11 hijackers had gotten driver's licenses in Virginia, which had a thriving black market in DLs due to lax controls.
Given that we already are in a situation where each state accepts every other state's DLs for identity purposes, we already have de facto national ID. The problem is that the system at present is a security nightmare with 50 different ways to game and beat the system. Applying some uniformity to the procedures for creating acceptable identity documents is a sensible way forward, and should be an improvement over the current hodgepodge of regulations and requirements, some much weaker than others.
Wow, that's great news, but isn't it coming a little late in the timeline? If sets on sale in July were supposed to have BF support, you'd think that they would already be being manufactured that way. The TV makers would have had to already have designed BF circuitry into their sets and be producing them with that capability, if all the sets in the stores by July were supposed to work that way, as required by the law.
I wonder if there will be a way to disable BF circuitry in sets which get sold that already have it built in? Or will the makers even tell people that they are buying sets that are BF enabled? Maybe some people will buy them without even knowing it.
I am troubled by the decision by scientific groups to boycott these hearings. Wouldn't it be better to take these arguments on squarely and address them on the merits? Science is supposed to be open to challenge, its entire structre is designed to allow for changing theories in response to evidence. By boycotting the hearings it makes it look like science has no answer to the points which the Intelligent Design proponents are raising.
It's no secret what their arguments are. They are posted widely on the net and promulgated by ID websites. Scientists should prepare responses to these points that are simple, concise and can be explained and understood. People like Richard Dawkins have written whole books on the topics. There are plenty of engaging, articulate and intelligent scientists who could do a good job of making the case.
I know the arguments against it: that the hearings are rigged, or that this dignifies the opponents by making it appear that their weak arguments are even worth responding to. But first, even if the hearings are rigged, it is important to put the facts into the public record. This is a subcommittee, and the full school board has to make the final determination. The scientifically oriented board members need ammunition to strike down claims by religious members.
And as far as dignifying the creationists, they are already gaining political power! Refusing to argue with them won't change that. The right and honorable thing for science to do is to deal with them on the level of scientific argumentation. Explain why their arguments don't work, show the problems in their theories. This has been done successfully in other forums.
Look at the Scopes trial: Scopes lost! A fact often forgotten today. (Actually Darrow requested a guilty verdict so he could appeal the case and make it set a precedent.) The point is that winning or losing in the local setting doesn't matter that much. What matters is making the case forthrightly, honestly and fearlessly.
Scientists shouldn't worry that they are dignifying the opposition. People do deserve to be treated with dignity, after all. Science should merely respond calmly and factually to the charges, and should inquire carefully after any flaws in the logic of the ID proponents. This is the method of science, it is what has made it so successful, and it is how science should proceed today in these hearings.
Either you argue for an eternal Creator that set everything in motion - or you argue for an eternal Universe that just happened. Either way, you're arguing for an eternal _something_ that set the universe in motion, both of which take no small amount of faith.
But the big bang model is far simpler. It requires only a uniform gas and a set of relatively simple physical laws. We don't know the exact laws yet but the ones we have can be expressed in a few lines of math.
Compare that to the complexity of God! Many people would say that He is infinitely complex. Why is it easier to believe in this incredibly complex entity than to believe in a simple ball of hot gas? It takes far more information to describe the Entity than the gas.
"those that are the problem don't care - they ignore every warning they get and just buy a faster computer to compensate for their systems sluggishness"
You're not looking at this realistically. The statement above betrays your frustration. You see the users as stereotypes of carelessness and stupidity.
So they buy faster computers when they get infected? And how often does your typical student buy a faster computer? Every day? Every week? I think not! Yet, how often do people get infected? From the way you describe the problem, it is quite often.
Users already have incentives to keep their computers virus free. Nobody likes getting a virus. It slows their computer down and makes it hard to use. They can't just run out and buy a new computer! Your harsh stereotyping is ignoring the reality of what students face.
So, the first step is to get a better understanding of the problem. Why not try talking to some users? Not just your techie friends, talk to the average person who knows only how to turn it on and run the few programs they use? I'll bet you'll find out that the real reason for the problem is not that people don't care, because they can just buy new computers! It is because they don't feel confident in their abilities to download, install and run the AV software, and to continue to use their computers with whatever small operational changes the AV software may impose.
I can't tell you for sure what the solution is, but the first step will be to understand the problem better. Resorting to stereotypes of users as malicious or uncaring is only going to take you farther from the solution.
I attend the "Time Travel" conference, but it is a near-disaster. As far as I can tell the conference is spectacularly devoid of time travellers and instead is full of wannabees wandering around speculating about time travel. Worse, there are glitches at the registration table forcing people to wait in long lines as the students try to get organized. The "food" leaves much to be desired as well, what there is of it. And about the conference sessions, the less I say, the better.
It certainly doesn't compare with the twin millennium celebrations on December 31, 999 and 1000, where the hostesses pull out all the stops to outdo one another. Now, those are parties!
Slashdot Mirror
Power draw would be more at night....people tend to use lights when its dark =]
Here's a real time graph of California's electricity usage. You can see that the peak is about 4 PM, probably due to air conditioning. A solar system could work out pretty well to provide some extra power at periods of peak demand.
The fit hits the shan in less than a year when Microsoft releases their new OS in summer 2006. By then yes, the systems will be coming with the required certificates and it is a DRM system and worse. Apple's new hardware switchover is what, a year after that in 2007? If it too includes a TPM (which appears likely despite the conflicting claims and reports) then the TPM will be a DRM enforcement device there too.
That is completely wrong. Read what Seth Schoen of the EFF wrote two weeks ago about Microsoft's plans for the TPM in Windows Vista. Seth is one of the most knowledgeable Trusted Computing opponents on the net, author of the so-called User Override concept which would eviscerate the most useful features of TC. He wrote:
"The most important message at the 2005 WinHEC about Microsoft's trusted computing effort, now known as Next Generation Secure Computing Base (NGSCB), is that it is late and will not be included in Windows Longhorn.
"In fact, Microsoft is not implementing support in Longhorn for the controversial remote attestation features of trusted computing hardware. That means that publishers and service providers will not have a hardware-based means of forcing people to use particular programs for interoperability, nor of stopping people from reverse engineering or altering software on their own computers."
In short, you are wrong that Vista in 2006 will use TPMs with certs for DRM purposes. This will not happen. There will be no remote attestation, hence no certs, hence no utility of the TPM for DRM, not in that time frame. Maybe never, depending on the politics of the issue.
Then they added previews etc. that can't be skipped, but maybe FF'd through. Who knows, in 5 years you may not even be able to FF through them. By then it will be too late.
People always say this, but is it true? I haven't rented a DVD in a long time that I couldn't skip the previews. Somebody go out and find me a DVD in the top ten rentals this week that won't let you skip the previews, I'll rent it and see for myself. I want to know if this is an urban legend or if DVD makers are still making people sit through previews (like the theaters do!).
...if the vast majority of ISPs require Trusted Network Connect in order to get an IP address, which some people expect to happen between 2011 and 2015, possibly by force of law.
Come on, dude... anybody who claims to know what's going to happen in 2015 is full of, well, hot air. There's a million ways the future can come out, and the chance that it will at all resemble your one little snapshot is essentially zero. We've got enough to worry about in 2005, there's no need for nightmares about the second coming of George Orwell in 2015.
The TPM chip is not necessarily used for DRM. In fact in today's environment, it can't be used for that purpose. To use it for DRM it is necessary for the chip to be sold with an embedded key and for the manufacturer to supply a certificate (similar to a web site certificate) which means that the key is a valid TPM key. No manufacturers are presently doing this, because the whole issue is too controversial.
I have a computer with a TPM that I bought for research, and I tried to get one with a key and a certificate, but it was impossible. Even though it was for legitimate security research, everyone has been scared by all the anti-TCPA and anti-Palladium activism on the net.
You can still do some useful things with the TPM; it has crypto features and can do some Tripwire-like functionality. But this is not DRM.
It's entirely possible that Apple is using the TPM for various purposes. Theoretically the software could look for a particular brand of TPM and use that to somewhat limit which boxes it would run on. Or it could be using it for the crypto functions.
But that is a far cry from using it for DRM or the other advanced features in the TCPA spec. My reading of the various claims and counter-claims is that Apple is in fact shipping with a TPM but it is not using it for DRM and has no plans to do so. That is generally consistent with what all sides are saying, modulo a bit of confusion and sloppy terminology. It appears to be as close to the truth as we are going to get in a situation like this.
I know a lot more about the TPM than what is in any FAQ; I've read every page of the spec and have written software to talk to the chip, okay? Let me point to one place you are going wrong:
To begin with, the first application that boots up, typically the BIOS (probably UEFI but any other choice really), if written to do so can refuse to allow any application to start which isn't signed by one of the keys securely stored in the TPM. The BIOS will check the TPM for a matching key for the OS, and if it matches, will allow it to start. Conversely, if the key doesn't match (for example, a bootleg OS), the BIOS can just stop right there. Keep in mind, this is the BIOS handling this, not the TPM, but, unlike even the M-1 tank, there is no way to tamper with the TPM to change the keys.
First of all, there is no interest in general purpose PCs to stop them booting other OS's. That would reduce sales, and strange as it may seem, businesses actually like to grow their sales, not shrink them. Intel makes money off of Linux and they are never going to stop making machines that can run it! So put your mind to rest on this issue.
The problem with what you describe is that you could patch the BIOS to disable this check of the TPM, if you didn't want it to have these limitations. What's that you say, you can't patch the BIOS on a TCG box? Then in that case, the BIOS wouldn't need the TPM to do this check, would it, because it could just have the keys right there in the BIOS. An unpatchable BIOS already has the power to do a restricted boot, and the TPM would be superfluous.
In short the TPM is not there to keep the machine from booting other software. It does provide important functions, such as remote attestation and the ability to lock encrypted data to the machine configuration. That latter feature means that it can be set up so if you boot a different OS (WHICH IS ALLOWED!) then data that was encrypted under the previous OS can't be decrypted now. That does have DRM implications, but the details are totally different from the misleading picture that you described.
It's frustrating to talk about this because the TPM is powerful in its way, but it is a very specific sort of power. Most of the fears about it are completely wrong in their details, although not perhaps wrong in fearing the power of the chip. If people have valid fears but for incorrect reasons, what should I say to them? I try to correct the errors but then people accuse me of whitewashing because I deny the apocalyptic claims ("the TPM is root on your computer").
I know a great deal about TPMs, I have a computer with a TPM. They are very common. Many high end laptops and desktops have TPMs. Here is an up to date list of systems that have TPMs. They include manufacturers such as HP, IBM, Acer, NEC, Dell, Gateway, Toshiba, Fujitsu, and Samsung. You've probably heard of some of them. It's easy to get a computer with a TPM. Probably in a few years it will be hard to get a computer without one.
What does a TPM do? Essentially it is just a crypto chip. It can hold keys, and sign and encrypt data with them. It's completely passive. It never takes control of your system or does anything invasive. It doesn't even monitor the bus or snoop on data flows. It merely hashes, signs and encrypts data, on request from the CPU.
How is it used for DRM? It can't be done today. They way it would be used, sometimes in the future, is to ship the chip with a unique key pre-installed in it, and with a certificate from the manufacturer on that key. Then the BIOS and OS get enhanced to do a "trusted boot" in which every software component gets its hash reported to the TPM. This allows the TPM to send out a crypto-signed "attestation" about the software configuration on the computer. It is signed by the built-in key, and that key is known to be a legitimate TPM key by virtue of the certificate that was created at manufacture time.
This lets a remote server verify that you're running a genuine version of Media Player or iTunes and not some hacked thing that will strip the DRM and put it out on the net. Your system can report its software configuration and that attestation can't be forged, because you don't control a TPM key that has a cert on it from a TPM manufacturer.
It's a complicated system, and no part of it exists today. Manufacturers don't ship TPMs with pre-installed keys, and they don't issue certificates. Nobody wants to touch that stuff with a ten foot poll. I know, I've tried to get a computer with a certified TPM for research purposes, but they're just not available.
How would Apple use a TPM to keep the OS from running on non-Apple PCs? This is the $64 question, but I haven't seen much information about it. If they just look for the presence of a TPM, that won't help much - see above for all the computers out there that have TPMs.
My guess is that it is more likely that the mechanism Apple will use or is using to keep from running on non-Apple hardware is not the TPM. They will probably use a custom chip. The TPM is extremely standard, the Trusted Computing Group has hundreds of pages documenting it. It would be crazy to twist that standard.
Rather, I'm guessing that Apple uses the TPM for crypto purposes, possibly with an eye towards eventual DRM if and when the necessary massive infrastructure ever gets built. Due to its unique position as designer of both the computer and the software, Apple might even be in a unique position with regard to rolling out some form of TPM based DRM, just as they were among the first to create a commercially successful DRM system in iTunes. My speculation is that Apple is not using the TPM to stop hackers porting its software, they're using the TPM because it's useful. It just happens that the hackers don't have many systems with TPMs.
If so, then, it is merely accidental that the use of the TPM is a road block for experimenters determined to run the Apple software on non Apple PCs. It's possible that if they looked at the list they would find some computers lying around that had TPMs in them, and if they tried on those computers, the TPM software would work fine. Maybe the OS would then run in its current form. It sounds like it's worth a try, anyway.
I love that imagery. It's too bad we can't reify patents so that they could really be stacked like cannonballs. Imagine Microsoft, IBM and other companies each surrounded by their stacked-up patents, fortifications, lawyers and lawsuits as cannons peeking over the battlements, threatening to rain down havoc on anyone who challenges them.
Maybe once we have effective AR systems we'll be able to make manifest the underlying corporate realities which are all so invisible and intangible today. People passing by the Microsoft campus will be able to see the stacked cannonballs and other accoutrements of corporate warfare. It will make for a more colorful world!
The Problem is with People. And the problem is so prolific on the internet because you can do things on the internet that in real life would get the crap beaten out of you. After all, if you walked into a bar and started calling everyone in it faggots, you'd probably wind up with a cracked skull.
You need to distinguish between someone who provides unpleasant information and someone who engages in physical assault. Calling people names is not grounds for cracking skulls or any such response. "Sticks and stones may break my bones, but words can never hurt me."
It is one of the strengths of the Internet that thugs can no longer beat people up because they don't like what they say. The fact that you are unhappy about this reflects more on you than on users of Tor.
It pisses me off that Rockstar has lied about this from day one, claiming that the content wasn't in the game and had been inserted by hackers. They deserve whatever bad things happen to them as a result of this. If they had come clean, said our programmer did it and we didn't know, we've fired him, at least they would maintain their self respect (assuming that's what happened).
But no, they had to resort to a cowardly and foolish lie, a lie which would inevitably be found out. They deserve no respect at all.
Although Trusted Network Connect (TNC) is being created under the auspices of the Trusted Computing Group (TCG), formerly TCPA, TNC is really not "trusted computing" as it is known and hated on the net.
Trusted Computing is a technology where user computers can be configured to report what programs the user is running in an unspoofable way, and to keep the user from being able to hack on various programs and data that he has downloaded. Many people object to this because of the need to give up control over their own computers in exchange for being allowed to download certain data. It has many uses for DRM.
I don't think TNC has these properties. It is a way of authenticating on a network. Yes, it can use the same TPM chip that is used in the regular TCG specification, but the protocol is not nearly as all-encompassing and doesn't have those features that are so objectionable, limiting what people can do on their computers.
So the whole conspiracy-theory angle loses one of its key selling points, namely that this is all tied into DRM and restrictions on user actions. TNC is completely different and there is no tie in to the kinds of things that conspiracy theory fans are interested in.
Your right to forget your past ends at my mind. No one has the right to make other people forget things.
I got mail over the weekend announcing the imminent shipping of the eMagin Z800 3D Visor, which looks pretty nice but is expensive. 800x600 OLED display (in stereo!), a 40 degree field of view ("equivalent of a 105 inch screen at 12 feet"), and an integrated headtracker. You can literally be inside the game, turn your head left and right, up and down, and see what's there, with standard games like UT, HL2 and Doom3, and an NVIDIA graphics card.
It sounds pretty cool, but here's the bad news: $899. Ouch. They offered me $50 off because I pre-registered for information but that's way too steep for me.
Let's be sure to keep crying wolf as often as possible. I'm sure everyone will continue to be just as eager to respond.
I'm very familiar with the TPM spec and I don't see how it would be much help to Apple.
The usual concern with the TPM and "trusted computing" is that the hardware and OS can limit what software will run. This is an oversimplification but there are some valid concerns along these lines.
However, here we want to do the opposite: we want the software (Mac OSX) to limit what hardware it will run on. Hopefully readers can see that it is different for hardware to limit software than for software to limit hardware.
What does the TPM offer that Apple might be able to use? Well, as the articles state, the TPM does have some manufacturer ID information in it. Perhaps Apple motherboards could use a special TPM model or manufacturer number, and the software could look for that. But that's not really TPM specific. There are a number of chips on the boards which have manufacturer IDs in them that could be queried in the same way. There's nothing special about the TPM.
Also, each TPM has a unique crypto key burned in. But, assuming they follow the standard, the keys are random and essentially indistinguishable. Any computer with a TPM would look like any other. So this doesn't help either.
Conceivably we could combine these ideas, and have the manufacturer create a special crypto certificate on the TPM keys that were in Apple-compatible motherboards. This would be signed with a key that was only used for that purpose. Then this cert could be burned into BIOS or somewhere, and OS X could look for it. This is a roundabout method though and it's no more powerful than checking for manufacturer ID.
What you'd really want would be that Apple PCs would have some special crypto key in them that no other PCs had. Then this key could decrypt part of the OS and that way the OS wouldn't run on any computer that didn't have one of these chips. However, there's nothing in the TPM spec that works like this! There's no provision for a key to be shared across all the chips from a particular manufacturer. So that doesn't seem to work either.
All in all I think this is just some poorly-informed speculation that tries to tie together TPM technology with Apple's goals. But to me it doesn't look like a good match.
I'd also like to remind people about the Petname Toolbar from Tyler Close, which uses capability-security concepts.
When you visit your bank site for the first time, you enter your own chosen "pet name" for the bank, which is like a nickname. Then when you (supposedly) visit the bank again via clicking on a link, it will show you the same pet name if it is the same site. If it is a phishing site you will see a glaring indication that the site is new and not one you have previously visited and trusted. This way you will know when you are at the site that you should be at.
It is a simple concept and doesn't rely on any humongous database created by external users. For Firefox, available today!
I think that Paul Kangro may have been talking about "Zen" for linux a Novell product... that is an update to Ximian Red Carpet Server and red-carpet client used for distributing patches to linux distributions...
That's hilarious! He said Zen, they wrote Xen, and nobody noticed that Xen is essentially useless as an aid to patch management! It's just a virtualization technology that makes it easier to run multiple OS's at once. If anything it will make patch management more difficult since it encourages running multiple OS's, and you now must juggle each OS's patch management scheme - rpm vs apt-get vs something else.
It just goes to show how people don't think about what they read, and how they're willing to grasp at straws to support their preconceptions. Open Source is good, therefore patch management must not be a problem, therefore if they say Xen helps, then it must help! Talk about backwards thinking. Try starting from the evidence and working your way to the conclusions, people, rather than vice versa.
I want to know if I should be pi**ed or not about missing out. And on what site are the screenings announced? I didn't see it at the rottentomatoes site linked in the article.
What we have today is a system in which each state's driver's license and identity card has to be honored by all the others as well as by federal agencies. You show your DL when you fly, and it is accepted no matter what state you fly to. That means that the collection of all these state IDs amounts to the same thing as a national ID.
The problem is that with the situation today, there is no uniformity in policies and procedures for getting state IDs. The result, as anyone familiar with security will realize, is that the system is only as strong as the weakest state ID. For example, several of the 9/11 hijackers had gotten driver's licenses in Virginia, which had a thriving black market in DLs due to lax controls.
Given that we already are in a situation where each state accepts every other state's DLs for identity purposes, we already have de facto national ID. The problem is that the system at present is a security nightmare with 50 different ways to game and beat the system. Applying some uniformity to the procedures for creating acceptable identity documents is a sensible way forward, and should be an improvement over the current hodgepodge of regulations and requirements, some much weaker than others.
Wow, that's great news, but isn't it coming a little late in the timeline? If sets on sale in July were supposed to have BF support, you'd think that they would already be being manufactured that way. The TV makers would have had to already have designed BF circuitry into their sets and be producing them with that capability, if all the sets in the stores by July were supposed to work that way, as required by the law.
I wonder if there will be a way to disable BF circuitry in sets which get sold that already have it built in? Or will the makers even tell people that they are buying sets that are BF enabled? Maybe some people will buy them without even knowing it.
I am troubled by the decision by scientific groups to boycott these hearings. Wouldn't it be better to take these arguments on squarely and address them on the merits? Science is supposed to be open to challenge, its entire structre is designed to allow for changing theories in response to evidence. By boycotting the hearings it makes it look like science has no answer to the points which the Intelligent Design proponents are raising.
It's no secret what their arguments are. They are posted widely on the net and promulgated by ID websites. Scientists should prepare responses to these points that are simple, concise and can be explained and understood. People like Richard Dawkins have written whole books on the topics. There are plenty of engaging, articulate and intelligent scientists who could do a good job of making the case.
I know the arguments against it: that the hearings are rigged, or that this dignifies the opponents by making it appear that their weak arguments are even worth responding to. But first, even if the hearings are rigged, it is important to put the facts into the public record. This is a subcommittee, and the full school board has to make the final determination. The scientifically oriented board members need ammunition to strike down claims by religious members.
And as far as dignifying the creationists, they are already gaining political power! Refusing to argue with them won't change that. The right and honorable thing for science to do is to deal with them on the level of scientific argumentation. Explain why their arguments don't work, show the problems in their theories. This has been done successfully in other forums.
Look at the Scopes trial: Scopes lost! A fact often forgotten today. (Actually Darrow requested a guilty verdict so he could appeal the case and make it set a precedent.) The point is that winning or losing in the local setting doesn't matter that much. What matters is making the case forthrightly, honestly and fearlessly.
Scientists shouldn't worry that they are dignifying the opposition. People do deserve to be treated with dignity, after all. Science should merely respond calmly and factually to the charges, and should inquire carefully after any flaws in the logic of the ID proponents. This is the method of science, it is what has made it so successful, and it is how science should proceed today in these hearings.
Either you argue for an eternal Creator that set everything in motion - or you argue for an eternal Universe that just happened. Either way, you're arguing for an eternal _something_ that set the universe in motion, both of which take no small amount of faith.
But the big bang model is far simpler. It requires only a uniform gas and a set of relatively simple physical laws. We don't know the exact laws yet but the ones we have can be expressed in a few lines of math.
Compare that to the complexity of God! Many people would say that He is infinitely complex. Why is it easier to believe in this incredibly complex entity than to believe in a simple ball of hot gas? It takes far more information to describe the Entity than the gas.
"those that are the problem don't care - they ignore every warning they get and just buy a faster computer to compensate for their systems sluggishness"
You're not looking at this realistically. The statement above betrays your frustration. You see the users as stereotypes of carelessness and stupidity.
So they buy faster computers when they get infected? And how often does your typical student buy a faster computer? Every day? Every week? I think not! Yet, how often do people get infected? From the way you describe the problem, it is quite often.
Users already have incentives to keep their computers virus free. Nobody likes getting a virus. It slows their computer down and makes it hard to use. They can't just run out and buy a new computer! Your harsh stereotyping is ignoring the reality of what students face.
So, the first step is to get a better understanding of the problem. Why not try talking to some users? Not just your techie friends, talk to the average person who knows only how to turn it on and run the few programs they use? I'll bet you'll find out that the real reason for the problem is not that people don't care, because they can just buy new computers! It is because they don't feel confident in their abilities to download, install and run the AV software, and to continue to use their computers with whatever small operational changes the AV software may impose.
I can't tell you for sure what the solution is, but the first step will be to understand the problem better. Resorting to stereotypes of users as malicious or uncaring is only going to take you farther from the solution.
I attend the "Time Travel" conference, but it is a near-disaster. As far as I can tell the conference is spectacularly devoid of time travellers and instead is full of wannabees wandering around speculating about time travel. Worse, there are glitches at the registration table forcing people to wait in long lines as the students try to get organized. The "food" leaves much to be desired as well, what there is of it. And about the conference sessions, the less I say, the better.
It certainly doesn't compare with the twin millennium celebrations on December 31, 999 and 1000, where the hostesses pull out all the stops to outdo one another. Now, those are parties!