Although Freitas' paper is oriented towards showing ways to detect and fight gray goo, a careful reading shows that it answers most of the superficial objections to the concept. There is plenty of energy to create diamondoid (rock-like) nanobots starting with energy-rich organic matter. Specialized gray goos could eat things like auto tires or road asphalt and bring commerce to a halt. It might even be possible to create a solar powered replicator that could work in air, extracting carbon, nitrogen, oxygen and hydrogen from common gasses. A single microscopic seed could turn the atmosphere opaque within days.
In short, there are enormous dangers from gray goo, and the only thing that can save us is that it will probably be quite difficult to design, so safer forms of nanotech can be well established before goo becomes a real threat. At that point Drexler and Freitas hope that we will have a nanotech immune system for the biosphere, "blue goo" (named for the color of police uniforms) which will be omnipresent and constantly monitoring for the signature of gray goo outbreaks, ready to attack with overwhelming force.
Sure, it's all sci-fi now, but it's going to be a reality eventually. If the Drexlerian vision of nanotech comes to fruition, it brings great dangers along with great rewards. We'll look back on the world of today as a sleepy, safe, comfortable time when nothing much happened.
Is it just me, or does the terrain seem a lot more boring than that seen from previous landers? Many fewer and smaller rocks, no terrain features like gullies, etc.
The problem is, unless that rover is going to rove a really long way, it looks like everywhere it goes it's going to see the same thing: flat sand with a few rocks. Where's the excitement going to be? Look, everybody, here are the latest pictures from Mars, and guess what, they look exactly the same as the ealier pictures.
It looks to me like in the desire to find a nice "safe" landing spot they may have done too good a job, and found someplace so bland that the rover's ability to move will be useless.
In the letters to the editor section, someone was wondering if it was worth taking a course in TV repair because with the release of the Phillips Modular design it will be easy for anyone to fix their own TV so the repair industry would become obsolete.
At one time there was a job called "TV repairman". TVs were enormous in those days, big pieces of furniture, so the TV repairman would come to your house. TVs were full of vacuum tubes that lasted about as long as light bulbs, so they burned out regularly and when they did, your TV wouldn't work, or at least the picture would go bad in some way. So you called the TV repairman and he would come out, open up the back of the set, see which tube wasn't working, and replace it.
My dad used to fix the TV himself. There were tube tester machines in drug and hardware stores. You'd pull out a bunch of tubes from your set, and go to the store and try them in the machine, one at a time. The machines had dozens of sockets to fit all the different types of tubes. You'd plug in the tube, then set some dials for the kind of tube it was, and press a button to see a meter tell whether it was good or bad. When you found the bad one, you could buy a replacement from racks of tubes stored with the machine.
TV repair ain't what it used to be. Today, sets practically never break, and when they do, it just gives you an excuse for an upgrade you've probably been wanting for a while.
If you're going to criticize the critics of the critics of the Broadcast Flag, you have to be willing to accept some criticism yourself...
You say that the FCC order will put HDTV production in the hands of the studios. That's not true! There is nothing in the order that says anything about that.
All it says is that video equipment, if it sees a Broadcast Flag, must restrict how it outputs the data. Video without the BF can be handled any way it ways. It is expected that broadcasters will probably choose to make at least some content unprotected, like public affairs programs, so video equipment must be able to handle both BF and non-BF video.
Nothing in the FCC order says anything about who can and can't put a BF into their video. All it talks about is how the video players have to respond to the BF. The order has no effect whatsoever on the ability of consumers to create HDTV video.
There's already a betting claim on this on the FX game, which has been going on for almost 10 years compared to a few days for the MIT thing.
Claim SCOLIN predicts "Caldera Systems, Inc. will succeed in its legal claim alleging trade secret misappropriation, breach of contract, copyright violations, trademark violations and / or patent violations with respect to the inclusion of UNIX code in Linux." See the URL for more details.
Currently it is trading at FX$0.06, meaning that the traders think there is only about a 6% chance (i.e. about one chance in 15) that SCO will prevail, and a 94% chance that IBM will win.
The Foresight Exchange online game has been doing this since 1994. It was invented by economist Robin Hanson, who was also the mastermind behind the ill fated Pentagon effort.
One of the big problems with these "funny money" based games is the possibility of cheating. Sine it doesn't cost anything to register, you can create as many accounts as you want, for free. What you do is create multiple accounts under different names, and arrange to funnel money from one account to another. You have one account make bad trades so it loses money, which then goes into the other accounts, building up their scores. Since this MIT game is offering valuable prizes, they can expect problems with this kind of cheating.
This competition is incredibly difficult. Travellling 250 miles in 10 hours over desert terrain, on a course which in some places is intentionally too narrow for GPS navigation, is almost certainly beyond the limits of current robotic technology. Because of the slow speeds necessary on portions of the course, the robot must drive at over 60 MPH much of the time! It will undoubtedly be several years before any team passes the test (unless they loosen the rules).
Although there are 100+ teams registered (see the team list here), that doesn't mean much. There was no entry fee to apply! At this point all the teams have to have done is supply a technical paper with their ideas for how their robot could work. There's a huge difference between doing that and actually producing a multi hundred thousand dollar vehicle.
Undoubtedly, only a small fraction of these teams will have the budgets and resources to show up with a vehicle on March 13. I doubt there will be more than 10. And none of them will meet the standards necessary to win the contest. But most of them will be back next year, with a few new entrants, and after enough years of experience they will hopefully succeed.
But for now, this is all a mountain in a molehill. People are making a tempest out of a teapot. DARPA simply failed to explicitly include a phase to weed out those contestants who won't have a vehicle. Now they are fixing that. I doubt very much that the numbers will be an issue at all.
This L-shaped Lotka curve bears a suspicious resemblance to the Zipf distribution, which describes the popularity or prominence of objects in a wide range of fields. It is better displayed on a logarithmic scale, where the L shaped curve becomes a straight line. It would be interesting to see if Murray's data also showed that effect.
I'm old enough to remember when HP came out with the first scientific calculator, the HP-35. It was the front cover article on Popular Electronics, and I'd bike over to the local university bookstore and salivate over this amazing machine. Back then the alternative was slide rules and books filled with tables of logs and transcendental functions. Replacing all that with a handheld device that produced the answer in a fraction of a second was absolutely amazing.
I never got a 35, it was too expensive, and by the time I got into college and could justify a scientific calculator it had been replaced by the HP-45. But I've owned many models of HPs over the years, the 45, then the 67 with its mag cards, the 41, the first that could display letters as well as numbers, the Forth-like 28 and finally an HP-48.
TI always seemed to kick HP's butt in the market, but the HP inspired devotion in its fans, kind of like PCs and Macs. You used to see T shirts with "ENTER > =" on them, asserting the superiority of HP's dataflow oriented RPN notation over the TI model where you'd write down the formula with parentheses just like you'd see it in the book. The TI was easier to use in a "monkey see, monkey do" sense, but if you actually understood what you were doing, the HP method was more natural and powerful.
You can't convincingly show me that you're running Mozilla or Internet Explorer or Opera. ..
Thank God. I'll do everything I can to keep it that way. And if you feel the need to be "convinced" of what's in my house, get a warrant. I have no such need of demonstration. My house has doors and windows. My computer has ports and file ownership. I can open them. I can close them. I can let people in. I can throw people out. I don't have to "prove" a bloody thing. To anybody. Even if you have a warrant.
The point is, you don't HAVE TO prove anything with TC. It allows you to do it, but it doesn't force you to.
Without TC, you don't even have the choice. If you wanted to prove to someone that you were running a certain program, you can't do it today. TC gives you that choice.
It has nothing to do with warrants or being forced to prove anything. At most you may be requested to prove something in return for being offered something that you value.
Your house has doors and windows that you can open and close to let people see in. But with your computer, you don't have the option to have that kind of transparency. You can't "open a window" into your computer and show people what software you are running. It's like a house with no windows or doors.
Again, it's not a matter of being forced, coerced, or given a warrant. It's just a matter of being able to choose to open up your system and reveal its configuration, which you can't do today.
I know no one wants to hear this, but the dark picture painted by the EFF of the ills due to Trusted Computing is not likely to come to pass.
The main point that the EFF analysis overlooks is the role of competition in the marketplace. Yes, TC could allow web sites to require you to run particular software; yes, TC could allow vendors to encrypt their data formats making it impossible for you to switch to a new software package; yes, TC could be the foundation for DRM and restrictive licensing.
But the point is that not all companies would use TC to do these things. Users would have a choice between companies which impose very strong restrictions on how end users can manipulate their data, and companies which offer open and unrestricted data formats. If all those limitations which TC would allow companies to impose are so bad, customers will refuse to buy the software of those companies. Competitors which offer unrestricted data formats will win in the marketplace.
Look at what is happening today with online music. By the end of this year, there will have been several launches of online music services, each with its own tradeoffs of per-song pricing, subscription fees, and download restrictions. This is competition. The market will respond, and we will get to a situation that provides a balance between the desires of all parties involved. Some DRM will exist, but it will be in a form that customers can accept.
In the same way, TC can be used lightly to enforce DRM and other restrictions in a way that users will not find objectionable and onerous. Competition will evolve a balance between the desires of the vendors and those of the customers, just as it does for prices, features, licensing and all other elements of a software purchase. Neither side is in a position to dictate terms.
There are some other problems with Trusted Computing that the EFF article fails to address.
One is the difficulty of dealing with upgrades, failures and replacement of computers, if your data is locked to the old machine. TCPA had a hugely complicated process you would have to go through to migrate any of your "secure" data to the new machine. It involved going back to the manufacturer, getting a special transfer key, moving the data over and having it get re-encrypted. Microsoft hasn't said what they're going to do, but it's an extremely difficult technical problem to solve while retaining the security.
Another problem is the PKI (public key infrastructure) issue. For remote attestation to work, it's necessary that the TC chips have some kind of crypto certificate that says that they are legitimate. Microsoft has said nothing about who will issue these certificates and who will revoke them if a machine gets broken into. Setting up a successful, global PKI is a prerequisite for DRM type applications and will be an enormous job.
The article also overlooks that the sealed storage feature, which the EFF mostly views favorably, can also be used to achieve lock-in and secure closed formats. Microsoft Word could store data encrypted using the TC hardware, such that only Microsoft-signed applications can access the data. This kind of lock-in does not depend on the remote attestation features that the EFF is so concerned about, and would not be addressed by their Owner Overrides.
The "trusted party" in trusted computing is the software. TC lets you trust software to behave in a certain way: software on your own computer, or software on remote computers, with the owner's permission.
Just as I wish with my house. I want my house to protect me, my papers, possessions and privacy. I want it to be nobody's business what my house contains, even to the point of being able to protect myself against legitimate legal prossecution.
I don't think you understand Trusted Computing. I suggest that you read the linked article.
TC will not allow anyone else to look into your computer and see what software you are running, without your permission. What it does is to allow you to SHOW other people what software you are running. You can't do that today. You can't convincingly show me that you're running Mozilla or Internet Explorer or Opera or any other specific browser. Trusted Computing technology would allow you to make that kind of demonstration.
In your house analogy, it's as though today, your house was inpregnable, and you couldn't even show anyone else what you had. No one else could see in, even if you wanted them to. It's like a house with no windows.
TC would give you the power to let people see into your house, so they could see for themselves what you had. TC is like a window you can open or close. It's a window you can open into your computer that lets you show people what software is running.
In short, TC does not take away your privacy or invade your computer. It gives you the power to reveal information about your computer, and the EFF is afraid that you'll be forced to do so in exchange for being offered services on the net. But the control remains in your hands.
Even the proposed "Owner Override" seems to me a "how are you going to do that" issue. How are you going to assure that a change was made by you and not by some software pretending to be you?
The idea would be to use the secure I/O capabilities to make sure the user approves the change/override at the keyboard, which can't be spoofed by software in a TC system.
"Identity" of software is determined by submitting a hash value, but how can you be sure someone's not sending a canned hash value?
The hash value is cryptographically signed by a key generated in the Trusted Platform Module. The key never leaves the chip and only the chip can issue such signatures. This is what makes sure that the hash values are correct.
The EFF's proposal actually amounts to letting you submit a spoofed or canned hash value, which makes the whole attestation feature useless.
"Secure output can prevent information displayed on the screen from being recorded" -- until someone invents a screen-scraping monitor. If information exists, there's a way to copy it. That's just what information is.
The (claimed) purpose of the secure I/O is to prevent software in the computer from being able to see certain parts of the screen. Obviously the user can see it, photograph it, etc.
The most serious point of all -- that the EFF is lending credibility to this blatant grab for dictator-like powers by suggesting that it can be "fixed" and the problems "addressed", at which point we should all happily adopt it.
This is just inflammatory rhetoric, something the EFF analysis was refreshingly free of. There are no dictator-like powers being grabbed here. At most, TC lets you prove your software configuration to third parties, allowing them to refuse to perform services for you unless you use certain software. That's hardly dictatorial.
How do secure software authors then avoid the kind of security holes that are difficult to find? By keeping the code simple.
You're way off base in this case. SSL requires the use of X.509 certificates, and it was in the cert parsing code that these new vulnerabilities were found. X.509 means ASN.1 formats, which have at least two different encoding rules, BER and DER that both must be supported; implicit versus explicit tags; several different ways of encoding packet lengths, and a host of other complexities. There's no way to write this kind of code and just keep it simple as you describe. Any implementation of SSL which is going to interoperate with other systems on the net is going to face these complexities.
I've written certificate handling code so I know how complicated it is. Also worth reading is Peter Gutmann's somewhat dated but still insightful X.509 Style Guide which describes some of the horrors an X.509 implementation has to deal with.
In this case the failures were mostly in the error handling, and any developer knows that this tends to be the hardest part of your program to get right. Not only are there a lot more ways things can fail than go right, but they can fail in many more places in your code and it is very difficult to make sure your program can recover gracefully from everywhere something might go wrong.
Also, I'm not sure if it's public yet, but a lot of other implementations are affected by this besides OpenSSL. See the CERT advisory when it comes out and you will find some of the biggest names in the security business got burned by this. It's absurd to suppose that your cosmic insights are somehow being overlooked by companies that base their reputations on security.
I am indebted to Lee Corbin for the following observation. The article notes:
Nothing travels faster than light - it only takes 8 minutes for it to reach the Earth from the nearest star, the Sun, which is 150 million kilometers away. This means that when you see the sun (remember not look directly at the sun), you're really seeing light that left the sun 8 minutes ago - you're seeing the sun as it was, and where it was, 8 minutes earlier.
Now, it happens that it takes 2 minutes for the Sun to move across the sky by its own diameter. In 8 minutes the Sun moves four times its own width. Therefore when you look at the Sun, it's not where you think it is, it's four diameters away from that point, a very visible and noticeable difference. Right?
Wrong. This is not true. The sun is exactly where it looks like it is, to within any reasonable visual precision. The reason is basically because the Sun is not really moving, the Earth is rotating.
If a plane passes overhead high enough that it takes 10 seconds for the sound to reach you, its sound will seem to come from a point where the plane was ten seconds ago. This is sometimes noticeable with fast jets flying low. This is a true observation because the plane is moving.
But suppose you faced away from the jet and then took 10 seconds to turn 180 degrees and be looking at the jet. Then the jet apparently swung around from behind you to in front of you over those 10 seconds. But the sound doesn't come from behind you. That's because the jet didn't really move from behind to in front of you in 10 seconds, it just looked like it did.
In the same way, the sun doesn't really move 4 widths in 8 minutes, it just looks like it does. The sun's actual motion relative to the earth is 360 degrees in 365 days, i.e. one revolution per year or about one degree per day. In 8 minutes the Sun moves only a tiny fraction of a degree.
Therefore when you look at the Sun, it is pretty much exactly where it looks like it is.
(Furthermore there is another factor called aberration which makes the visual effect even smaller.)
The fabled Northwest Passage is at hand, reducing voyages from Europe to Asia by 5000 miles.
It's been sought by adventurers and explorers for hundreds of years, and only now is the northern boundary of the American continent becoming free of ice to allow passage. No longer will the Panama Canal or Cape Horn be the only routes between the Atlantic and the Pacific.
Not all changes are bad. Sometimes the world actually changes for the better, contrary as this is to the worldview with which we have been indoctrinated.
They aren't about insuring that you, the owner of the computer, can trust the computer or the software on it. They're about insuring that third parties can trust your computer to do what they tell it to do.
That's not quite right, and the distinction is important.
It's not that third parties can trust your computer to do what they say; it's that third parties can trust YOU when you promise that your computer will behave in a certain way.
You can promise that your computer will encrypt the movie or song you are about to download, keep it encrypted and only display it under terms acceptable to the third party. And you can be trusted to keep your promise, using TC technology.
The distinction is important because no one is forcing you to do any of this. You are voluntarily agreeing to the conditions in order to get the third party to agree to give you the data. If you don't want to agree, you don't have to, but you won't get the data, either. Quid pro quo.
Slashdot Mirror
Although Freitas' paper is oriented towards showing ways to detect and fight gray goo, a careful reading shows that it answers most of the superficial objections to the concept. There is plenty of energy to create diamondoid (rock-like) nanobots starting with energy-rich organic matter. Specialized gray goos could eat things like auto tires or road asphalt and bring commerce to a halt. It might even be possible to create a solar powered replicator that could work in air, extracting carbon, nitrogen, oxygen and hydrogen from common gasses. A single microscopic seed could turn the atmosphere opaque within days.
In short, there are enormous dangers from gray goo, and the only thing that can save us is that it will probably be quite difficult to design, so safer forms of nanotech can be well established before goo becomes a real threat. At that point Drexler and Freitas hope that we will have a nanotech immune system for the biosphere, "blue goo" (named for the color of police uniforms) which will be omnipresent and constantly monitoring for the signature of gray goo outbreaks, ready to attack with overwhelming force.
Sure, it's all sci-fi now, but it's going to be a reality eventually. If the Drexlerian vision of nanotech comes to fruition, it brings great dangers along with great rewards. We'll look back on the world of today as a sleepy, safe, comfortable time when nothing much happened.
Let's see, 4.9 inches wide, 3.4 high, 0.9 deep, weighing 13 ounces... how does this compare in size with the Newton?
I don't know about putting it in your pocket... maybe if you're wearing a suit or jacket you could load up an outer pocket with one.
I can' t wait to see HP's RPN interface to the iPod...
Is it just me, or does the terrain seem a lot more boring than that seen from previous landers? Many fewer and smaller rocks, no terrain features like gullies, etc.
The problem is, unless that rover is going to rove a really long way, it looks like everywhere it goes it's going to see the same thing: flat sand with a few rocks. Where's the excitement going to be? Look, everybody, here are the latest pictures from Mars, and guess what, they look exactly the same as the ealier pictures.
It looks to me like in the desire to find a nice "safe" landing spot they may have done too good a job, and found someplace so bland that the rover's ability to move will be useless.
Sorry, try this link.
See http://slashdot.org/article.pl?sid=03/11/12/214622 7 for a link with considerably more detail.
In the letters to the editor section, someone was wondering if it was worth taking a course in TV repair because with the release of the Phillips Modular design it will be easy for anyone to fix their own TV so the repair industry would become obsolete.
At one time there was a job called "TV repairman". TVs were enormous in those days, big pieces of furniture, so the TV repairman would come to your house. TVs were full of vacuum tubes that lasted about as long as light bulbs, so they burned out regularly and when they did, your TV wouldn't work, or at least the picture would go bad in some way. So you called the TV repairman and he would come out, open up the back of the set, see which tube wasn't working, and replace it.
My dad used to fix the TV himself. There were tube tester machines in drug and hardware stores. You'd pull out a bunch of tubes from your set, and go to the store and try them in the machine, one at a time. The machines had dozens of sockets to fit all the different types of tubes. You'd plug in the tube, then set some dials for the kind of tube it was, and press a button to see a meter tell whether it was good or bad. When you found the bad one, you could buy a replacement from racks of tubes stored with the machine.
TV repair ain't what it used to be. Today, sets practically never break, and when they do, it just gives you an excuse for an upgrade you've probably been wanting for a while.
"The device can also be used as a plastic wrap", say the researchers. "We think it brings new meaning to shrink-wrap licensing."
If you're going to criticize the critics of the critics of the Broadcast Flag, you have to be willing to accept some criticism yourself...
You say that the FCC order will put HDTV production in the hands of the studios. That's not true! There is nothing in the order that says anything about that.
All it says is that video equipment, if it sees a Broadcast Flag, must restrict how it outputs the data. Video without the BF can be handled any way it ways. It is expected that broadcasters will probably choose to make at least some content unprotected, like public affairs programs, so video equipment must be able to handle both BF and non-BF video.
Nothing in the FCC order says anything about who can and can't put a BF into their video. All it talks about is how the video players have to respond to the BF. The order has no effect whatsoever on the ability of consumers to create HDTV video.
There's already a betting claim on this on the FX game, which has been going on for almost 10 years compared to a few days for the MIT thing.
Claim SCOLIN predicts "Caldera Systems, Inc. will succeed in its legal claim alleging trade secret misappropriation, breach of contract, copyright violations, trademark violations and / or patent violations with respect to the inclusion of UNIX code in Linux." See the URL for more details.
Currently it is trading at FX$0.06, meaning that the traders think there is only about a 6% chance (i.e. about one chance in 15) that SCO will prevail, and a 94% chance that IBM will win.
The Foresight Exchange online game has been doing this since 1994. It was invented by economist Robin Hanson, who was also the mastermind behind the ill fated Pentagon effort.
One of the big problems with these "funny money" based games is the possibility of cheating. Sine it doesn't cost anything to register, you can create as many accounts as you want, for free. What you do is create multiple accounts under different names, and arrange to funnel money from one account to another. You have one account make bad trades so it loses money, which then goes into the other accounts, building up their scores. Since this MIT game is offering valuable prizes, they can expect problems with this kind of cheating.
This competition is incredibly difficult. Travellling 250 miles in 10 hours over desert terrain, on a course which in some places is intentionally too narrow for GPS navigation, is almost certainly beyond the limits of current robotic technology. Because of the slow speeds necessary on portions of the course, the robot must drive at over 60 MPH much of the time! It will undoubtedly be several years before any team passes the test (unless they loosen the rules).
Although there are 100+ teams registered (see the team list here), that doesn't mean much. There was no entry fee to apply! At this point all the teams have to have done is supply a technical paper with their ideas for how their robot could work. There's a huge difference between doing that and actually producing a multi hundred thousand dollar vehicle.
Undoubtedly, only a small fraction of these teams will have the budgets and resources to show up with a vehicle on March 13. I doubt there will be more than 10. And none of them will meet the standards necessary to win the contest. But most of them will be back next year, with a few new entrants, and after enough years of experience they will hopefully succeed.
But for now, this is all a mountain in a molehill. People are making a tempest out of a teapot. DARPA simply failed to explicitly include a phase to weed out those contestants who won't have a vehicle. Now they are fixing that. I doubt very much that the numbers will be an issue at all.
This L-shaped Lotka curve bears a suspicious resemblance to the Zipf distribution, which describes the popularity or prominence of objects in a wide range of fields. It is better displayed on a logarithmic scale, where the L shaped curve becomes a straight line. It would be interesting to see if Murray's data also showed that effect.
I'm old enough to remember when HP came out with the first scientific calculator, the HP-35. It was the front cover article on Popular Electronics, and I'd bike over to the local university bookstore and salivate over this amazing machine. Back then the alternative was slide rules and books filled with tables of logs and transcendental functions. Replacing all that with a handheld device that produced the answer in a fraction of a second was absolutely amazing.
I never got a 35, it was too expensive, and by the time I got into college and could justify a scientific calculator it had been replaced by the HP-45. But I've owned many models of HPs over the years, the 45, then the 67 with its mag cards, the 41, the first that could display letters as well as numbers, the Forth-like 28 and finally an HP-48.
TI always seemed to kick HP's butt in the market, but the HP inspired devotion in its fans, kind of like PCs and Macs. You used to see T shirts with "ENTER > =" on them, asserting the superiority of HP's dataflow oriented RPN notation over the TI model where you'd write down the formula with parentheses just like you'd see it in the book. The TI was easier to use in a "monkey see, monkey do" sense, but if you actually understood what you were doing, the HP method was more natural and powerful.
That is a BIG assumption saying they can't win!
Tell that to Dmitry and his employer!
Good news! Dmitry and his employer won!
And if you feel the need to be "convinced" of what's in my house, get a warrant. I have no such need of demonstration.
My house has doors and windows. My computer has ports and file ownership. I can open them. I can close them. I can let people in. I can throw people out.
I don't have to "prove" a bloody thing. To anybody. Even if you have a warrant.
The point is, you don't HAVE TO prove anything with TC. It allows you to do it, but it doesn't force you to.
Without TC, you don't even have the choice. If you wanted to prove to someone that you were running a certain program, you can't do it today. TC gives you that choice.
It has nothing to do with warrants or being forced to prove anything. At most you may be requested to prove something in return for being offered something that you value.
Your house has doors and windows that you can open and close to let people see in. But with your computer, you don't have the option to have that kind of transparency. You can't "open a window" into your computer and show people what software you are running. It's like a house with no windows or doors.
Again, it's not a matter of being forced, coerced, or given a warrant. It's just a matter of being able to choose to open up your system and reveal its configuration, which you can't do today.
I know no one wants to hear this, but the dark picture painted by the EFF of the ills due to Trusted Computing is not likely to come to pass.
The main point that the EFF analysis overlooks is the role of competition in the marketplace. Yes, TC could allow web sites to require you to run particular software; yes, TC could allow vendors to encrypt their data formats making it impossible for you to switch to a new software package; yes, TC could be the foundation for DRM and restrictive licensing.
But the point is that not all companies would use TC to do these things. Users would have a choice between companies which impose very strong restrictions on how end users can manipulate their data, and companies which offer open and unrestricted data formats. If all those limitations which TC would allow companies to impose are so bad, customers will refuse to buy the software of those companies. Competitors which offer unrestricted data formats will win in the marketplace.
Look at what is happening today with online music. By the end of this year, there will have been several launches of online music services, each with its own tradeoffs of per-song pricing, subscription fees, and download restrictions. This is competition. The market will respond, and we will get to a situation that provides a balance between the desires of all parties involved. Some DRM will exist, but it will be in a form that customers can accept.
In the same way, TC can be used lightly to enforce DRM and other restrictions in a way that users will not find objectionable and onerous. Competition will evolve a balance between the desires of the vendors and those of the customers, just as it does for prices, features, licensing and all other elements of a software purchase. Neither side is in a position to dictate terms.
There are some other problems with Trusted Computing that the EFF article fails to address.
One is the difficulty of dealing with upgrades, failures and replacement of computers, if your data is locked to the old machine. TCPA had a hugely complicated process you would have to go through to migrate any of your "secure" data to the new machine. It involved going back to the manufacturer, getting a special transfer key, moving the data over and having it get re-encrypted. Microsoft hasn't said what they're going to do, but it's an extremely difficult technical problem to solve while retaining the security.
Another problem is the PKI (public key infrastructure) issue. For remote attestation to work, it's necessary that the TC chips have some kind of crypto certificate that says that they are legitimate. Microsoft has said nothing about who will issue these certificates and who will revoke them if a machine gets broken into. Setting up a successful, global PKI is a prerequisite for DRM type applications and will be an enormous job.
The article also overlooks that the sealed storage feature, which the EFF mostly views favorably, can also be used to achieve lock-in and secure closed formats. Microsoft Word could store data encrypted using the TC hardware, such that only Microsoft-signed applications can access the data. This kind of lock-in does not depend on the remote attestation features that the EFF is so concerned about, and would not be addressed by their Owner Overrides.
The "trusted party" in trusted computing is the software. TC lets you trust software to behave in a certain way: software on your own computer, or software on remote computers, with the owner's permission.
Just as I wish with my house. I want my house to protect me, my papers, possessions and privacy. I want it to be nobody's business what my house contains, even to the point of being able to protect myself against legitimate legal prossecution.
I don't think you understand Trusted Computing. I suggest that you read the linked article.
TC will not allow anyone else to look into your computer and see what software you are running, without your permission. What it does is to allow you to SHOW other people what software you are running. You can't do that today. You can't convincingly show me that you're running Mozilla or Internet Explorer or Opera or any other specific browser. Trusted Computing technology would allow you to make that kind of demonstration.
In your house analogy, it's as though today, your house was inpregnable, and you couldn't even show anyone else what you had. No one else could see in, even if you wanted them to. It's like a house with no windows.
TC would give you the power to let people see into your house, so they could see for themselves what you had. TC is like a window you can open or close. It's a window you can open into your computer that lets you show people what software is running.
In short, TC does not take away your privacy or invade your computer. It gives you the power to reveal information about your computer, and the EFF is afraid that you'll be forced to do so in exchange for being offered services on the net. But the control remains in your hands.
Even the proposed "Owner Override" seems to me a "how are you going to do that" issue. How are you going to assure that a change was made by you and not by some software pretending to be you?
The idea would be to use the secure I/O capabilities to make sure the user approves the change/override at the keyboard, which can't be spoofed by software in a TC system.
"Identity" of software is determined by submitting a hash value, but how can you be sure someone's not sending a canned hash value?
The hash value is cryptographically signed by a key generated in the Trusted Platform Module. The key never leaves the chip and only the chip can issue such signatures. This is what makes sure that the hash values are correct.
The EFF's proposal actually amounts to letting you submit a spoofed or canned hash value, which makes the whole attestation feature useless.
"Secure output can prevent information displayed on the screen from being recorded" -- until someone invents a screen-scraping monitor. If information exists, there's a way to copy it. That's just what information is.
The (claimed) purpose of the secure I/O is to prevent software in the computer from being able to see certain parts of the screen. Obviously the user can see it, photograph it, etc.
The most serious point of all -- that the EFF is lending credibility to this blatant grab for dictator-like powers by suggesting that it can be "fixed" and the problems "addressed", at which point we should all happily adopt it.
This is just inflammatory rhetoric, something the EFF analysis was refreshingly free of. There are no dictator-like powers being grabbed here. At most, TC lets you prove your software configuration to third parties, allowing them to refuse to perform services for you unless you use certain software. That's hardly dictatorial.
How do secure software authors then avoid the kind of security holes that are difficult to find? By keeping the code simple.
You're way off base in this case. SSL requires the use of X.509 certificates, and it was in the cert parsing code that these new vulnerabilities were found. X.509 means ASN.1 formats, which have at least two different encoding rules, BER and DER that both must be supported; implicit versus explicit tags; several different ways of encoding packet lengths, and a host of other complexities. There's no way to write this kind of code and just keep it simple as you describe. Any implementation of SSL which is going to interoperate with other systems on the net is going to face these complexities.
I've written certificate handling code so I know how complicated it is. Also worth reading is Peter Gutmann's somewhat dated but still insightful X.509 Style Guide which describes some of the horrors an X.509 implementation has to deal with.
In this case the failures were mostly in the error handling, and any developer knows that this tends to be the hardest part of your program to get right. Not only are there a lot more ways things can fail than go right, but they can fail in many more places in your code and it is very difficult to make sure your program can recover gracefully from everywhere something might go wrong.
Also, I'm not sure if it's public yet, but a lot of other implementations are affected by this besides OpenSSL. See the CERT advisory when it comes out and you will find some of the biggest names in the security business got burned by this. It's absurd to suppose that your cosmic insights are somehow being overlooked by companies that base their reputations on security.
Wrong. This is not true. The sun is exactly where it looks like it is, to within any reasonable visual precision. The reason is basically because the Sun is not really moving, the Earth is rotating.
If a plane passes overhead high enough that it takes 10 seconds for the sound to reach you, its sound will seem to come from a point where the plane was ten seconds ago. This is sometimes noticeable with fast jets flying low. This is a true observation because the plane is moving.
But suppose you faced away from the jet and then took 10 seconds to turn 180 degrees and be looking at the jet. Then the jet apparently swung around from behind you to in front of you over those 10 seconds. But the sound doesn't come from behind you. That's because the jet didn't really move from behind to in front of you in 10 seconds, it just looked like it did.
In the same way, the sun doesn't really move 4 widths in 8 minutes, it just looks like it does. The sun's actual motion relative to the earth is 360 degrees in 365 days, i.e. one revolution per year or about one degree per day. In 8 minutes the Sun moves only a tiny fraction of a degree.
Therefore when you look at the Sun, it is pretty much exactly where it looks like it is.
(Furthermore there is another factor called aberration which makes the visual effect even smaller.)
The fabled Northwest Passage is at hand, reducing voyages from Europe to Asia by 5000 miles.
It's been sought by adventurers and explorers for hundreds of years, and only now is the northern boundary of the American continent becoming free of ice to allow passage. No longer will the Panama Canal or Cape Horn be the only routes between the Atlantic and the Pacific.
Not all changes are bad. Sometimes the world actually changes for the better, contrary as this is to the worldview with which we have been indoctrinated.
They aren't about insuring that you, the owner of the computer, can trust the computer or the software on it. They're about insuring that third parties can trust your computer to do what they tell it to do.
That's not quite right, and the distinction is important.
It's not that third parties can trust your computer to do what they say; it's that third parties can trust YOU when you promise that your computer will behave in a certain way.
You can promise that your computer will encrypt the movie or song you are about to download, keep it encrypted and only display it under terms acceptable to the third party. And you can be trusted to keep your promise, using TC technology.
The distinction is important because no one is forcing you to do any of this. You are voluntarily agreeing to the conditions in order to get the third party to agree to give you the data. If you don't want to agree, you don't have to, but you won't get the data, either. Quid pro quo.