If TCPA is such a great thing for users like me, why can't I have access to the private keys in the TPM within my own computer?
Because, as I explained, the point of the TPM is to be an autonomous agent whose statements can be trusted. If you had access to the TPM's keys, you could get it to lie for you, that is, you could lie on its behalf. That would make its statements useless as they would have no truth value, and would eliminate the whole purpose of the technology.
You might as well ask why you can't have a copy of Verisign's private root key. Because that would make assertions by Verisign worthless. It's the same principle for the TPM.
Only by giving the TPM keys that it and only it controls can we gain trust in assertions signed by that key. The only reason you would want those keys is so you can get the TPM to make false assertions. Why is lying so important to you? Why is honesty such a threat? That's the real question here.
Unless they're Luddites, people aren't opponents of a technology for no good reason. TPM depends on someone else, somewhere, attesting to... something.
How can you object to people attesting to things? People attest to things all the time. Do you get up in arms over the Good Housekeeping Seal of Approval? Do you insist that it is an infringement on your freedom that you can't use their Seal dishonestly in business?
Or how about the Verisign root CA key? This is the foundation for SSL security on the net. Do you think they should publish the private part so that anyone can forge signatures by that key and make their own attestations? That would destroy its security.
Secure attestation is the foundation of commerce in the whole world, as well as in the smaller world of the net. The TPM merely applies that same principle on a finer scale, allowing you to attest to the nature of your own software.
For my security, I don't trust anyone else holding the keys in these TPM chips. Apparently, you do.
No one else holds the keys in the TPM. Only the TPM holds the keys. The TPM owns the keys and never lets them go. That makes the TPM, from the security perspective, an autonomous agent; a little robot that obeys certain rules. Everyone knows what the rules are, and thanks to the keys embedded in the TPM which never leave, everyone can tell when a TPM is making a statement. This gives people confidence in what the TPM says.
That's the essence of this enormous threat that everyone is so up in arms over. That there could be an entity in the world that makes verifiable statements of known facts. The bottom line is that people want the ability to make their TPMs lie. Apparently no one can abide the presence of an honest agent in their life.
I call this complete bullshit. I have no desire to defraud or lie to anyone. Yet I want to preserve my own privacy and anonymity. These goals are completely consistent. And the TPM actually serves these goals. Because people know its rules and can trust what it says, the TPM can make statements about what I am doing that are reassuring to others, without me having to reveal any more information than necessary or any details. The TPM allows local filtering of outgoing information so as to add MORE privacy while allowing a degree of remote trust that is unimaginable today.
I could go on and on, but what's the point? You either won't understand or won't believe me. I have read thousands of pages of TPM documentation and understand this technology as well as anyone. You have read a few web sites that are totally biased in their presentation. Unfortunately millions of others are like you, and almost no one is like me.
Alright, who has been requesting this trusted computing platform bullshit? Speak up! I want to know the name of the one consumer who said "Yes, I really want computers that can be uniquely identified. I hate the freedom that being anonymous brings."
I do want a trusted computing platform. That's because I know how they work, and you don't. You think it limits what code you can run and takes away your anonymity. But those are all lies, fed to you by opponents of the technology, which you have blindly accepted.
The truth is that TC technology lets you prove the software configuration you are running, if you want to. That's it. This will be able to be done per-application, so that you can prove you are running a particular app while keeping other details private. I can think of many good reasons for this; yes, good, privacy-protecting reasons; even good, anonymity-protecting reasons.
But because of people like you who believe the Big Lie, the technology I need to improve privacy and anonymity on the net is being killed even in its moment of birth.
It's possible that "adding some wires" is what the pulled presentation was going to be about. Some TPM chips are even available in removable modules which would make it exceptionally easy to fool them about what was going on in the rest of the PC.
Another possibility for breaking TPM security would be to reflash the BIOS so that it lies to the TPM about the system configuration and boot sequence. Now, TPM-compliant systems are supposed to not allow the "core" part of the BIOS to be reflashed, the part that talks to the TPM. But maybe the researchers found that PCs were not properly enforcing that. Since they apparently have experience with BIOS viruses and such, this would make sense coming from them.
The largest RSA number so far factored is only 663 bits. 512 bits in 1999, 576 bits in 2003, 663 bits in 2005. Call it 100 bits improvement in 2 years. At this rate we should be due for a 700 and some bit number this year, with 1024 bits 5-10 years away.
The RSA Factoring Challenge has been suspended, i.e. they are no longer giving out prize money, but the numbers still stand as a good reference for where we are in comparison to 1024. There's a lot of mileage between here and there.
This is true but it is only the beginning. There is no such thing as physical property either. If I take it from you by force it is no longer yours, I can use it as I see fit. Only society's conventions allow us to pretend that physical property exists, and the same with intellectual property. The bottom line is, what conventions will lead to the most well satisfied society?
Unfortunately Slashdot is not a good forum for ongoing discussions. This thread has slipped off the front page and few if any readers will find it. But let me address your points in order:
1. Owners want to violate their own policies.
Then you're not really following your stated policy, are you? Either you can make binding commitments or you can't. Do you really think that no one should be able to make binding commitments, or feel obligated to be held to them if they do make them? You realize that is the basis for contract, which is the foundation of most of the economic growth the world has seen since the Renaissance? Being able to bind yourself in a relationship to perform certain functions is the foundation for cooperative enterprise, the division of labor, and a host of other modern-day financial innovations. Trusted Computing simply moves this ability into the online world. Within the framework of an inherently anonymous, worldwide computer network it allows people to set up frameworks of trust which would otherwise be impossible. As with contract, the central feature is the ability to make binding commitments. Being able to violate your own guaranteed policy destroys any semblance of trust.
2. What if my ISP does it?
Then you switch to another ISP. So then people always ask, what if all the ISPs do it? Well, what if all the ISPs charge a million dollars a minute for Internet access, that would be a disaster, right? So do we say that no ISP should be able to charge money? No, instead we don't entertain what-if suggestions that have no basis in reality. ISPs are businesses who cannot just impose arbitrary conditions on their customers. No ISP owns its customer. Every businessman I have known is afraid his customers are about to switch to a competitor. In the worst case, if no other ISP in your area provides the kinds of services you want, you can always start your own ISP business. The barriers to entry are not particularly high. And if all the other ISPs are imposing hated restrictions, you can clean up and make a million bucks.
3. Trusted Computing is impossible, it won't work, it is insane, blah blah, blah.
I'm not really even interested in copyright. I agree that no technical measure can effectively protect copyright in its traditional forms. Books, music and movies are doomed. They are going to become dilettante art forms, produced purely for love with little expectation of commercial reward. They will become the products of hobbyists. The quantity of such products produced will be probably two or three orders of magnitude less than today, in another couple of decades.
However in exchange we will see all of the money and commerce going into a field which really can be protected technologically: interactive entertainment, the future of what we today would consider video games. You can record a movie and play it back. Likewise with music. You can copy the text of books and art. But you can't record a video game and play it back with the same enjoyment. The point of a game is to interact with it. Every play is different, every player gets his own experience.
This is the last bastion of creative entertainment, a field which can be protected technologically and which can be commercially successful. I foresee all of the billions of dollars being spent today in those other areas, all being funneled into interactive entertainment. Games are already bigger business than movies, and the disparity is only going to increase.
Trusted Computing can play a role in facilitating this transition, by improving the security of computers and making it more obvious that passive entertainment is on the way out. But I am mostly interested in TC for completely different reasons. It opens up all kinds of applications which would be completely impossible today, such as voting from home. Having truly secure computer systems that can be remotely audited and validated is a crucial foundation for a future world which relies even more on a trustworthy worldwide computer network.
What they said is not what Trusted Computing does. It does not enforce policy on your machine.
Rather, it provides a way for people to prove what policies they are enforcing on their own machines. And thereby that will allow someone to say, I won't give you this data unless you are running a certain policy (that will protect my data). Today, that wouldn't really work because they couldn't tell what policies you were running. But with Trusted Computing, it will be possible. You will be able to prove your policies and they can decide whether to give you the data depending on what your policies are.
It may seem like a subtle distinction, and in a way there's not that much difference. But saying that third parties can enforce policy on your machine evokes many images that just would not happen with the real Trusted Computing. It suggests that your machine could be made to spy on you or do some other bad thing and there's nothing you can do about it. But that's not true. You always have a choice with Trusted Computing to tell the other guy to stuff it, you just won't take his damn data if he wants to put so many restrictions on it. Just like today you don't have to shop at Apple music store if you don't like DRM, you can download music from independent bands who make it freely available in MP3 format.
The whole point of Trusted Computing is to keep things completely voluntary. It aims to replace legal restrictions (that you have no choice about) with technological ones (that you can always choose not to use). It adds choices and options without taking any away. It lets people who are honest prove that they are honest: when they agree to the policies in return for taking the data it lets them prove what policies they are truly following.
Honest people have nothing to fear from Trusted Computing. In fact they will gain many advantages by letting them prove their honesty and gain others' trust. The only people who will be hampered by Trusted Computing are those who would aim to falsely agree to observe copyright restrictions and then violate them once they get their hands on the data. Unfortunately, judging by the negative reception to Trusted Computing, such people make up a substantial fraction of the online community.
I agree with the comment that the real issue is what it means for a service to be "open source". There are a couple of features you might look for. One is transparency. Open source code gives visibility into what it will do in a way that closed source cannot. For a service, this would mean some mechanism to make sure that the service will do what it claims to do. Another feature is malleability. With open source code you can alter and tweak its behavior to suit your needs. For a service, probably the closest you could get would be the ability to set up your own copy of the service that works in a slightly different way.
One approach to transparency is the concept of a Transparent Server, which is designed to allow remote verification of its policies and procedures via Trusted Computing technology. (It actually is a reversal of the normal Trusted Computing concept, allowing clients to verify servers rather than vice versa.) However this can only go so far when dealing with something like a Certificate Authority, where ultimately human decision making authority must come into play in deciding whether a threshold of authentication has been reached to authorize issuing a given certificate. Unless your CA is completely automated and would, for example, issue certs merely on the basis of an email auto-response, or perhaps using a web service interface to query Dun and Bradstreet, you're not going to be able to verify its policies remotely even if you can check what code base the server is running.
The problem I have with these kinds of regulations is the confusion between the medium which is used to transport the data, and the message, the specific data being transported. If the Uni is unhappy about copyright violations, that's one thing; or if they have bandwidth problems, that's legit; but restricting specific protocols and programs does not accurately target the problem behavior. They seem to adopt the maxim that "the Medium is the Message"; that is, if something is being transferred by Bittorrent, it is a copyright violation. And granted, that is the case much of the time.
But it is not a perfect correlation. Banning Bittorrent will hamper downloading Linux ISOs and other high traffic, legitimate materials. There is no justification for saying that file sharing as a whole is illegal, any more than you could say that using the Internet is illegal even if it turns out that much traffic violates the law.
I was thinking the same thing when I read this. Ah-ha! That's why Dell started soliciting input in such a public and potentially embarrassing way, and did it now. Microsoft is putting enormous pressure on OEMs to sell only Vista machines, and this way Dell has irrefutable public evidence that the market is not accepting this view. The whole Linux thing was just a distraction. This is the one that makes business sense.
The truth is that "cloned beef" is not from cloned animals! Cloned animals are far too expensive to eat. What is called "cloned beef" is from the offspring of cloned bulls. A prize bull's semen fetches a fortune, and his cloned offspring are worth even more. Once you've paid $15,000 for such a clone, you certainly wouldn't want to eat him. You eat his children, and their meat is called "cloned beef".
Good point, and your article is a reminder that there have been previous bee die-offs. It got so here in the U.S. you hardly ever saw bees for a couple of years there. It was some kind of bee mite that was killing them off. The new disease apparently doesn't have an obvious cause but I'm sure there are people working on it. Science can be kind of slow, and this disease came out of nowhere in just a few months to have a huge impact. I wouldn't be surprised if it takes a year or more to figure out what the vector is.
Right, and keep in mind that you can install Vista on a Mac in a dual-boot configuration, and then these rules about virtualization do not apply. AFAIK you can install any version of Vista on a Mac, dual-boot, and it's perfectly legal. It's really no different than for Windows users.
I remember when the HP-35 came out. It was the cover story in (I think) Popular Electronics magazine. It was incredible, an entire slide rule in this small electronic device. It could do trig functions, roots, powers, all to enormous precision. My mouth watered, but I was in high school and it was like $300, which would be more like $3000 today. My friend and I used to bike over to the local university bookstore, where they actually had one on display, and you could punch the buttons and everything.
I never got an HP-35, but later when I was in college I bought an HP-45, the upgrade to the -35, and it served me well for my years.
Related to this but much more significant in my opinion is SL's announcement last week that they would be cracking down on in-game casinos. Presently casinos and sex services make up the lion's share of the traffic in the game, but casinos will now be excluded from listings and search results. Announcement here:
http://blog.secondlife.com/2007/04/05/advertising- policy-changes/
It has been a basic tenet of Second Life that all Residents are legally responsible for their own activities and for complying with the laws of the local jurisdiction in which they reside. However, given the ambiguities of the issues, Linden Lab has decided that we will not accept any classified ads, place listings, or event listings that appear to relate to simulated casino activity.
Your description of device keys and such is accurate if simplified, but how do you KNOW that this is all that is involved in the update? The Intervideo site says
This update includes security enhancements as well as updated licensing keys that will be required to view both newly purchased HD DVD/BD titles and those in your existing HD DVD/BD collections.[Emphasis mine] That last part wouldn't be true if all they were doing is switching to a new set of device keys. Also this part:
Please be aware that failure to apply the update will result in AACS-protected HD DVD and BD playback being disabled. would not be true either.
I'll also point to the AACS site, where they say,
Through this online update process, manufacturers are also able to see that consumers update their player implementations prior to distribution of encryption key expiration information via new movie discs. That phrase, "distribution of encryption key expiration information via new movie discs" sounds a lot like distribution of an HRL.
Granted, the situation is ambiguous. But it seems to me that this could indicate that as part of the Media Key Block update on new disks, a new HRL will be distributed to invalidate the old WinDVD host key, in addition to the changes for the new WinDVD device key. That would be more consistent with what all these parties are describing.
Very interesting. Thanks for that description. I note this rather amusing comment in the Microsoft document on protected processes:
Do not attempt to circumvent this restriction by installing a kernel-mode component to access the memory of a protected process because the system and third-party applications may rely on the fact that protected processes are signed code that is run in a contained environment. Yet that is basically exactly what this hack does.
Note that this will not work in 64-bit Vista because there, only signed drivers can be loaded. Only in 64-bit Vista are "protected processes" truly protected.
It does mean though that Ionescu is right that virus scanners and the like cannot assume that protected processes are benign, not in 32-bit Vista anyway. Malware could install a bad driver and get it to create a protected process to do its dirty deeds. It would seem that a tool like his is needed to get good AV protection in 32-bit Vista.
once you put in a disc which says "Hey, you're supposed to be revoked" that player will stop working until you get an upgrade.This myth appears to have originated...
An AACS licensed drive shall retain in non-volatile storage, the most recent Host Revocation List (HRL) data which it encounters and has verified. To do this, for the first AACS drive authentication to the media inserted, the drive shall read an MKB recorded on the media to check if its version is higher than the version of HRL that it has stored in its non-volatile memory... If the version of MKB recorded on the media is higher than the version of HRL that the drive has stored in its non volatile memory, the drive verifies the signature in the Host Revocation List Record of MKB as specified in section 3.2.5.2. If the signature is successfully verified, the drive shall replace the previously stored HRL data, if any, with the newly read HRL data.
What this means is that disks are distributed with Host Revocation Lists on them, cryptographically signed by AACS. Whenever a disk is inserted, the drive checks to see if the HRL on the disk is newer than the one it has in nonvolatile memory, and if so, it checks the AACS signature on the new one and stores it in memory. This allows a drive to refuse to talk to a given host software. Likewise there is a drive revocation list that the hosts are supposed to hold which tells them not to talk to certain drive versions, in case an attack is found in some models of drives.
"Those children who had little opportunity at school to undertake activity were bouncing around after school whereas those who'd had a lot of opportunity during the course of the school day settled down, and did relatively little," he said.
"The most important thing (was) if you added the in-school activity to the out-of-school activity, they were exactly the same."
I've seen worse than that. I knew someone who didn't eat *anything* for a year and she managed to gain 40 pounds. It was terrible because she was trying to lose weight and nothing worked.
Of course, she spent hours lying in the sun and photosynthesizing. I tried to warn her about that, but would she listen? No!
The question is, did the game theory model include competition among ISPs? In my area we have a choice of DSL or Cable for broadband, but some customers live where there is only one provider (or none!). The optimal game theory strategy should be very different for cases where there is a monopoly on broadband internet access vs where two or more companies have to compete for customers. Their model would have to take that into consideration.
The fact that the article didn't say anything about it makes me suspect that they only modeled monopoly ISPs, in which case their results are not too surprising. Monopoly ISPs are in a much better position to appropriate the lion's share of the benefits than those who have to compete.
Slashdot Mirror
I can think of many good reasons for this; yes, good, privacy-protecting reasons; even good, anonymity-protecting reasons.
Out with it, then. What are these reasons?
How about this for starters: Securing Peer-to-Peer Networks using Trusted Computing (Google cache). This technology can make P2P networks much more immune to attack and surveillance from outside, protecting the privacy and anonymity of participants.
If TCPA is such a great thing for users like me, why can't I have access to the private keys in the TPM within my own computer?
Because, as I explained, the point of the TPM is to be an autonomous agent whose statements can be trusted. If you had access to the TPM's keys, you could get it to lie for you, that is, you could lie on its behalf. That would make its statements useless as they would have no truth value, and would eliminate the whole purpose of the technology.
You might as well ask why you can't have a copy of Verisign's private root key. Because that would make assertions by Verisign worthless. It's the same principle for the TPM.
Only by giving the TPM keys that it and only it controls can we gain trust in assertions signed by that key. The only reason you would want those keys is so you can get the TPM to make false assertions. Why is lying so important to you? Why is honesty such a threat? That's the real question here.
Unless they're Luddites, people aren't opponents of a technology for no good reason. TPM depends on someone else, somewhere, attesting to... something.
How can you object to people attesting to things? People attest to things all the time. Do you get up in arms over the Good Housekeeping Seal of Approval? Do you insist that it is an infringement on your freedom that you can't use their Seal dishonestly in business?
Or how about the Verisign root CA key? This is the foundation for SSL security on the net. Do you think they should publish the private part so that anyone can forge signatures by that key and make their own attestations? That would destroy its security.
Secure attestation is the foundation of commerce in the whole world, as well as in the smaller world of the net. The TPM merely applies that same principle on a finer scale, allowing you to attest to the nature of your own software.
For my security, I don't trust anyone else holding the keys in these TPM chips. Apparently, you do.
No one else holds the keys in the TPM. Only the TPM holds the keys. The TPM owns the keys and never lets them go. That makes the TPM, from the security perspective, an autonomous agent; a little robot that obeys certain rules. Everyone knows what the rules are, and thanks to the keys embedded in the TPM which never leave, everyone can tell when a TPM is making a statement. This gives people confidence in what the TPM says.
That's the essence of this enormous threat that everyone is so up in arms over. That there could be an entity in the world that makes verifiable statements of known facts. The bottom line is that people want the ability to make their TPMs lie. Apparently no one can abide the presence of an honest agent in their life.
I call this complete bullshit. I have no desire to defraud or lie to anyone. Yet I want to preserve my own privacy and anonymity. These goals are completely consistent. And the TPM actually serves these goals. Because people know its rules and can trust what it says, the TPM can make statements about what I am doing that are reassuring to others, without me having to reveal any more information than necessary or any details. The TPM allows local filtering of outgoing information so as to add MORE privacy while allowing a degree of remote trust that is unimaginable today.
I could go on and on, but what's the point? You either won't understand or won't believe me. I have read thousands of pages of TPM documentation and understand this technology as well as anyone. You have read a few web sites that are totally biased in their presentation. Unfortunately millions of others are like you, and almost no one is like me.
Alright, who has been requesting this trusted computing platform bullshit? Speak up! I want to know the name of the one consumer who said "Yes, I really want computers that can be uniquely identified. I hate the freedom that being anonymous brings."
I do want a trusted computing platform. That's because I know how they work, and you don't. You think it limits what code you can run and takes away your anonymity. But those are all lies, fed to you by opponents of the technology, which you have blindly accepted.
The truth is that TC technology lets you prove the software configuration you are running, if you want to. That's it. This will be able to be done per-application, so that you can prove you are running a particular app while keeping other details private. I can think of many good reasons for this; yes, good, privacy-protecting reasons; even good, anonymity-protecting reasons.
But because of people like you who believe the Big Lie, the technology I need to improve privacy and anonymity on the net is being killed even in its moment of birth.
It's possible that "adding some wires" is what the pulled presentation was going to be about. Some TPM chips are even available in removable modules which would make it exceptionally easy to fool them about what was going on in the rest of the PC.
Another possibility for breaking TPM security would be to reflash the BIOS so that it lies to the TPM about the system configuration and boot sequence. Now, TPM-compliant systems are supposed to not allow the "core" part of the BIOS to be reflashed, the part that talks to the TPM. But maybe the researchers found that PCs were not properly enforcing that. Since they apparently have experience with BIOS viruses and such, this would make sense coming from them.
The largest RSA number so far factored is only 663 bits. 512 bits in 1999, 576 bits in 2003, 663 bits in 2005. Call it 100 bits improvement in 2 years. At this rate we should be due for a 700 and some bit number this year, with 1024 bits 5-10 years away.
The RSA Factoring Challenge has been suspended, i.e. they are no longer giving out prize money, but the numbers still stand as a good reference for where we are in comparison to 1024. There's a lot of mileage between here and there.
This is true but it is only the beginning. There is no such thing as physical property either. If I take it from you by force it is no longer yours, I can use it as I see fit. Only society's conventions allow us to pretend that physical property exists, and the same with intellectual property. The bottom line is, what conventions will lead to the most well satisfied society?
Unfortunately Slashdot is not a good forum for ongoing discussions. This thread has slipped off the front page and few if any readers will find it. But let me address your points in order:
1. Owners want to violate their own policies.
Then you're not really following your stated policy, are you? Either you can make binding commitments or you can't. Do you really think that no one should be able to make binding commitments, or feel obligated to be held to them if they do make them? You realize that is the basis for contract, which is the foundation of most of the economic growth the world has seen since the Renaissance? Being able to bind yourself in a relationship to perform certain functions is the foundation for cooperative enterprise, the division of labor, and a host of other modern-day financial innovations. Trusted Computing simply moves this ability into the online world. Within the framework of an inherently anonymous, worldwide computer network it allows people to set up frameworks of trust which would otherwise be impossible. As with contract, the central feature is the ability to make binding commitments. Being able to violate your own guaranteed policy destroys any semblance of trust.
2. What if my ISP does it?
Then you switch to another ISP. So then people always ask, what if all the ISPs do it? Well, what if all the ISPs charge a million dollars a minute for Internet access, that would be a disaster, right? So do we say that no ISP should be able to charge money? No, instead we don't entertain what-if suggestions that have no basis in reality. ISPs are businesses who cannot just impose arbitrary conditions on their customers. No ISP owns its customer. Every businessman I have known is afraid his customers are about to switch to a competitor. In the worst case, if no other ISP in your area provides the kinds of services you want, you can always start your own ISP business. The barriers to entry are not particularly high. And if all the other ISPs are imposing hated restrictions, you can clean up and make a million bucks.
3. Trusted Computing is impossible, it won't work, it is insane, blah blah, blah.
I'm not really even interested in copyright. I agree that no technical measure can effectively protect copyright in its traditional forms. Books, music and movies are doomed. They are going to become dilettante art forms, produced purely for love with little expectation of commercial reward. They will become the products of hobbyists. The quantity of such products produced will be probably two or three orders of magnitude less than today, in another couple of decades.
However in exchange we will see all of the money and commerce going into a field which really can be protected technologically: interactive entertainment, the future of what we today would consider video games. You can record a movie and play it back. Likewise with music. You can copy the text of books and art. But you can't record a video game and play it back with the same enjoyment. The point of a game is to interact with it. Every play is different, every player gets his own experience.
This is the last bastion of creative entertainment, a field which can be protected technologically and which can be commercially successful. I foresee all of the billions of dollars being spent today in those other areas, all being funneled into interactive entertainment. Games are already bigger business than movies, and the disparity is only going to increase.
Trusted Computing can play a role in facilitating this transition, by improving the security of computers and making it more obvious that passive entertainment is on the way out. But I am mostly interested in TC for completely different reasons. It opens up all kinds of applications which would be completely impossible today, such as voting from home. Having truly secure computer systems that can be remotely audited and validated is a crucial foundation for a future world which relies even more on a trustworthy worldwide computer network.
What they said is not what Trusted Computing does. It does not enforce policy on your machine.
Rather, it provides a way for people to prove what policies they are enforcing on their own machines. And thereby that will allow someone to say, I won't give you this data unless you are running a certain policy (that will protect my data). Today, that wouldn't really work because they couldn't tell what policies you were running. But with Trusted Computing, it will be possible. You will be able to prove your policies and they can decide whether to give you the data depending on what your policies are.
It may seem like a subtle distinction, and in a way there's not that much difference. But saying that third parties can enforce policy on your machine evokes many images that just would not happen with the real Trusted Computing. It suggests that your machine could be made to spy on you or do some other bad thing and there's nothing you can do about it. But that's not true. You always have a choice with Trusted Computing to tell the other guy to stuff it, you just won't take his damn data if he wants to put so many restrictions on it. Just like today you don't have to shop at Apple music store if you don't like DRM, you can download music from independent bands who make it freely available in MP3 format.
The whole point of Trusted Computing is to keep things completely voluntary. It aims to replace legal restrictions (that you have no choice about) with technological ones (that you can always choose not to use). It adds choices and options without taking any away. It lets people who are honest prove that they are honest: when they agree to the policies in return for taking the data it lets them prove what policies they are truly following.
Honest people have nothing to fear from Trusted Computing. In fact they will gain many advantages by letting them prove their honesty and gain others' trust. The only people who will be hampered by Trusted Computing are those who would aim to falsely agree to observe copyright restrictions and then violate them once they get their hands on the data. Unfortunately, judging by the negative reception to Trusted Computing, such people make up a substantial fraction of the online community.
It's not a touch screen, it's a Light Pen, straight outta 1957. Everything old is new again...
I agree with the comment that the real issue is what it means for a service to be "open source". There are a couple of features you might look for. One is transparency. Open source code gives visibility into what it will do in a way that closed source cannot. For a service, this would mean some mechanism to make sure that the service will do what it claims to do. Another feature is malleability. With open source code you can alter and tweak its behavior to suit your needs. For a service, probably the closest you could get would be the ability to set up your own copy of the service that works in a slightly different way.
One approach to transparency is the concept of a Transparent Server, which is designed to allow remote verification of its policies and procedures via Trusted Computing technology. (It actually is a reversal of the normal Trusted Computing concept, allowing clients to verify servers rather than vice versa.) However this can only go so far when dealing with something like a Certificate Authority, where ultimately human decision making authority must come into play in deciding whether a threshold of authentication has been reached to authorize issuing a given certificate. Unless your CA is completely automated and would, for example, issue certs merely on the basis of an email auto-response, or perhaps using a web service interface to query Dun and Bradstreet, you're not going to be able to verify its policies remotely even if you can check what code base the server is running.
The problem I have with these kinds of regulations is the confusion between the medium which is used to transport the data, and the message, the specific data being transported. If the Uni is unhappy about copyright violations, that's one thing; or if they have bandwidth problems, that's legit; but restricting specific protocols and programs does not accurately target the problem behavior. They seem to adopt the maxim that "the Medium is the Message"; that is, if something is being transferred by Bittorrent, it is a copyright violation. And granted, that is the case much of the time.
But it is not a perfect correlation. Banning Bittorrent will hamper downloading Linux ISOs and other high traffic, legitimate materials. There is no justification for saying that file sharing as a whole is illegal, any more than you could say that using the Internet is illegal even if it turns out that much traffic violates the law.
I was thinking the same thing when I read this. Ah-ha! That's why Dell started soliciting input in such a public and potentially embarrassing way, and did it now. Microsoft is putting enormous pressure on OEMs to sell only Vista machines, and this way Dell has irrefutable public evidence that the market is not accepting this view. The whole Linux thing was just a distraction. This is the one that makes business sense.
The truth is that "cloned beef" is not from cloned animals! Cloned animals are far too expensive to eat. What is called "cloned beef" is from the offspring of cloned bulls. A prize bull's semen fetches a fortune, and his cloned offspring are worth even more. Once you've paid $15,000 for such a clone, you certainly wouldn't want to eat him. You eat his children, and their meat is called "cloned beef".
m ar04,1,6731897.story?coll=la-news-science
http://www.latimes.com/news/science/la-sci-clone4
Good point, and your article is a reminder that there have been previous bee die-offs. It got so here in the U.S. you hardly ever saw bees for a couple of years there. It was some kind of bee mite that was killing them off. The new disease apparently doesn't have an obvious cause but I'm sure there are people working on it. Science can be kind of slow, and this disease came out of nowhere in just a few months to have a huge impact. I wouldn't be surprised if it takes a year or more to figure out what the vector is.
Right, and keep in mind that you can install Vista on a Mac in a dual-boot configuration, and then these rules about virtualization do not apply. AFAIK you can install any version of Vista on a Mac, dual-boot, and it's perfectly legal. It's really no different than for Windows users.
I remember when the HP-35 came out. It was the cover story in (I think) Popular Electronics magazine. It was incredible, an entire slide rule in this small electronic device. It could do trig functions, roots, powers, all to enormous precision. My mouth watered, but I was in high school and it was like $300, which would be more like $3000 today. My friend and I used to bike over to the local university bookstore, where they actually had one on display, and you could punch the buttons and everything.
I never got an HP-35, but later when I was in college I bought an HP-45, the upgrade to the -35, and it served me well for my years.
http://blog.secondlife.com/2007/04/05/advertising
I'll also point to the AACS site, where they say, Through this online update process, manufacturers are also able to see that consumers update their player implementations prior to distribution of encryption key expiration information via new movie discs. That phrase, "distribution of encryption key expiration information via new movie discs" sounds a lot like distribution of an HRL.
Granted, the situation is ambiguous. But it seems to me that this could indicate that as part of the Media Key Block update on new disks, a new HRL will be distributed to invalidate the old WinDVD host key, in addition to the changes for the new WinDVD device key. That would be more consistent with what all these parties are describing.
Note that this will not work in 64-bit Vista because there, only signed drivers can be loaded. Only in 64-bit Vista are "protected processes" truly protected.
It does mean though that Ionescu is right that virus scanners and the like cannot assume that protected processes are benign, not in 32-bit Vista anyway. Malware could install a bad driver and get it to create a protected process to do its dirty deeds. It would seem that a tool like his is needed to get good AV protection in 32-bit Vista.
It's not a myth at all. Try reading section 4.8 of the AACS Introduction and Common Cryptographic Elements spec:What this means is that disks are distributed with Host Revocation Lists on them, cryptographically signed by AACS. Whenever a disk is inserted, the drive checks to see if the HRL on the disk is newer than the one it has in nonvolatile memory, and if so, it checks the AACS signature on the new one and stores it in memory. This allows a drive to refuse to talk to a given host software. Likewise there is a drive revocation list that the hosts are supposed to hold which tells them not to talk to certain drive versions, in case an attack is found in some models of drives.
"...suits brought against disabled people who have never engaged in file sharing..."
No doubt they claim never to have engaged in file sharing, but that doesn't automatically make it true.
I suggest you read a little more closely!
"Those children who had little opportunity at school to undertake activity were bouncing around after school whereas those who'd had a lot of opportunity during the course of the school day settled down, and did relatively little," he said.
"The most important thing (was) if you added the in-school activity to the out-of-school activity, they were exactly the same."
There you go.
I've seen worse than that. I knew someone who didn't eat *anything* for a year and she managed to gain 40 pounds. It was terrible because she was trying to lose weight and nothing worked.
Of course, she spent hours lying in the sun and photosynthesizing. I tried to warn her about that, but would she listen? No!
The question is, did the game theory model include competition among ISPs? In my area we have a choice of DSL or Cable for broadband, but some customers live where there is only one provider (or none!). The optimal game theory strategy should be very different for cases where there is a monopoly on broadband internet access vs where two or more companies have to compete for customers. Their model would have to take that into consideration.
The fact that the article didn't say anything about it makes me suspect that they only modeled monopoly ISPs, in which case their results are not too surprising. Monopoly ISPs are in a much better position to appropriate the lion's share of the benefits than those who have to compete.