Would this be resistant to physically probing the chip
I was at a presentation a couple of weeks ago by Infineon on their TPM chip. They said the chip has "over 50" sensors to detect attacks like this and zeroize sensitive data. As a simple example there is a light sensor, so that if the chip cover is removed and light strikes the silicon, it erases the secret keys that enable its operation. Apparently there are many more such sensors, although Infineon keeps the details secret.
It remains to be seen at this point whether the Camenisch/Lysyanskaya Idemix credentials are really "less efficient" than Brands. Certainly the CL credential work is newer. Brands' stuff is good but the field does not stand still. Until we see benchmarks putting them side by side, it is too early to say which is more efficient.
The Fermi paradox can be strengthened if we look at proposals for stellar engineering. Many futurists argue that the logical end state for a stellar civilization is to surround the star with solar collectors and capture all that energy which is otherwise wasted. This will not only give the civilization more resources to work with but it is arguably environmentally protective as otherwise that lost energy can never be reclaimed.
Extrapolating to an interstellar civilization, we would expect to see an expanding sphere of stars which go dark and radiate only in the far infrared. In time, entire galaxies would be transformed like this, then clusters of galaxies. We should eventually see roughly spherical voids in space which are empty of visible light galaxies and contain only mysterious far-infrared galaxies. This would be the signature of an interstellar civilization.
Unfortunately, no such astronomical phenomena exist. There are no far-infrared galaxies. There are voids, but they show no gravitational or infrared signs of containing encapsulated galaxies.
Hence it seems that not only are the aliens not here, they're not out there either. The scope of the Fermi paradox is expanded enormously. It appears that there are no mature interstellar civilization in our past light cone, which encompasses a far larger region than just our galaxy.
The doomsday argument says that if we are going to eventually spread out and colonize the universe, future human population will be enormously larger than today, perhaps billions or trillions of times larger. In that case the chance that we as random humans would find ourselves existing today at such an infinitesimally early stage of human progress is virtually nil. Whereas if this is as big as human population will get, and we don't live too much longer, it makes perfect sense for us to be alive today. Given the evidence, then, we can reject the colonize-the-universe scenario with long odds.
I'm a crypto guy, and I've just spent an hour or so studying the AACS spec to see what was broken and whether AACS can fix it.
The short answer is yes, for now AACS can change the processing key on future disks. They could even start making different disks with different processing keys. Right now the same one is used for all disks, but they could easily have set aside say a million different processing keys and start rotating through them. But there is a limit to how far they can go with this.
Down the line, AACS anticipates revoking device keys. They have a very complicated system where individual players have device keys that can be revoked if people crack the players. The problem is that these so-called processing keys are connected to device keys in a complicated and subtle way. The bottom line is that once device keys start getting revoked, AACS may be somewhat forced to use certain processing keys for an extended period of time. If those keys get published, AACS may not be able to easily work around and revoke the processing keys.
So I would say that this crack does point to a potential weakness in the AACS revocation system. The recently discovered processing key will not be good forever, but if hackers can continue to pull keys out of HD players with impunity, they may be able to stay ahead of AACS revocation efforts.
Perhaps the inclusion of TPM in later OSes, chipsets and hard-drives will spur adoption of Linux (which presumably would just not enable such garbage).
Actually, most work on the TPM is being done on Linux. See Trousers, Trusted Grub, TPM Device Driver, Enforcer, OSLO, etc. Not to mention that open-source Xen supports virtualizing the TPM and is aiming at TPM-based trusted boot functionality.
Hypervisors are the way to go for the OS of the future. Microsoft has had this vision for years. It was the foundation of their Next Generation Secure Computing Base, NGSCB, aka (ominous music here) Palladium.
Palladium got embroiled in the whole DRM controversy but there are good reasons to go this way independent of DRM. The idea is that you have a regular OS running, a Vista type OS, and then you launch your hypervisor. The hypervisor digs its way under the OS, takes control, and the OS is then packaged up and is running in a virtual machine. This is what they call "Late Launch" and is the key to one aspect of the technology I will explain below.
Now, here is the big win. You can create a new class of software, "applets" (maybe "virtlets" would be a better name) which interface directly to the hypervisor instead of the big legacy OS. These run in separate VMs so are immune to corruption of the big OS. They are simple and use a minimal API from the hypervisor so the chances of getting the code right and bug free are much greater. You can now use these for security oriented features you'd never dare to dream of on a monolithic OS. Think of Internet voting as a good example of what kind of security we are talking about. A more prosaic example is ecommerce - in a future world where people get their credit card numbers stolen all the time by malware there will be a real need for a secure way to shop online. Hypervisors and virtlets give developers a chance to start with a clean sheet of paper on the security front, while still maintaining full legacy backwards compatibility.
Then there's the kicker. Part of the goal of Late Launch is to use the TPM chip to measure (hash) the hypervisor and each VM separately. It means that each VM has an identity that it can securely attest to using a certified key embedded in the TPM chip. That Internet voting app? It can connect to the voting server and the server can verify that it is running in a clean state. Any corruption would be detected and show up in a bad hash report from the TPM chip. Malware can't fake that report because nobody can fake it, not even the user (meaning, he can't be fooled into faking it either - this is the flaw in EFF's "owner override" proposal, but that's another story).
This is all happening, folks. Intel's Lagrande Technology, now called TXT or Trusted Execution Technology, is rolling out as we write. This was the gating factor for all this technology and is probably the real reason it didn't appear in Vista - the hardware wasn't ready. But it's going to be there and it will be ubiquitous in a couple of years (at least, as ubiquitous as Vista-ready PCs are today). The next OS will take advantage of these features (and analogous ones on AMD, code-named Presidio) and will provide a whole new paradigm for security. This will leap beyond anything Apple can do and they will be playing catch-up, unless of course they start heading in this direction themselves.
To me as a security person, this is the obvious, inevitable path of OS development and is the only plausible thing Microsoft could be talking about. It should be very exciting to see these ideas brought to market in real systems.
"C'mon, $25 million is nothing compared to something like global warming. If global warming could really be solved for $25 million someone would have done it by now."
Not necessarily. You can't make money by solving global warming because there is no one who will pay you for your technology. The benefits from reducing CO2 are spread out among everyone on earth and are too diffuse for conventional market rewards.
Only if we create a global system for carbon credit trading, or apply mandates to force people to reduce their carbon output, would such an invention become profitable. In the current situation you could come up with a brilliant idea but have no way to profit from it. Branson's offer could help to jump-start innovation that would otherwise not be profitable.
Trees do not absorb CO2 every year. They only absorb CO2 while growing - the additional mass they create is partially carbon. In a steady state, such as a mature forest, as much carbon is being liberated from decaying trees as is being absorbed by growing trees. Forests are not, in general, carbon sinks.
Planting forests to absorb CO2 works, but only for a few years. After that the forest is mature and is no longer absorbing carbon. But you have to keep the forest around forever, taking up land and water resources, even though it is no longer of benefit to you. If you cut it down the carbon will go back into the atmosphere and you are worse off than before.
I agree that this article didn't make sense. He didn't offer a single concrete example of the phenomena he was decrying. His concern was losing the end to end principle, and the only controversy there I'm aware of is the "net neutrality" debate, which pits Google against the telecomm companies. That doesn't have anything to do with Vista. If net neutrality is what he's worried about, he ought to say so.
idemix which is the software in question appears to be covered by a number of patent applications submitted by the inventor, Jan Camenisch. What's the point in open-sourcing it if IBM has half a dozen or more patents covering the technology being used? Or will this process grant use of any IBM-owned patents necessary to run the code? And if so, what happens as people start modifying the code; how far can they go and still be indemnified against IBM patent infringement?
Patents and open source don't mix well. I don't see how this is going to work.
2006 has not yet been determined to be "the warmest year ever" worldwide. That data is not out yet, although it may turn out to be true. The statement was, "The 2006 average annual temperature for the contiguous U.S. was the warmest on record..." So it only applies to the contiguous 48 states. Whether the entire world was the warmest on record will take a little more data gathering and analysis.
Another point I haven't seen made, perhaps because it is so obvious, is that warm winters are by and large good for humanity. Normally thousands of people freeze to death every winter. With these warm winters, we must be seeing far fewer deaths and illnesses than we usually do. Granted, heat waves do kill people in summer, but I think on balance more people die due to weather in winter than in summer, at least in the U.S. and Europe, which are temperate-zone climates that extend into some very cold regions. I'd like to see some analysis comparing the number of lives saved due to warmer winters to the lives lost due to warmer summers.
Everything I read about global warming emphasizes the harm. Of course, that's what sells newspapers. But still, it can't all be bad, can it? Does anyone think that if we were suffering global cooling, sliding towards an ice age, that we'd be reading nothing but articles talking about how good this is? With killer blizzards sweeping across the globe, would we be reminded of how many lives were saved due to the mild summers? Would truncated growing seasons be turned into a positive, the way extended growing seasons are somehow being described as harmful? No, I don't think so.
Global warming has got to be better than global cooling, and undoubtedly has some good effects. It may be harmful on balance, but I don't think we are seeing that balance being presented clearly and honestly.
The article describes VMware as a full virtualization solution. "A hypervisor sits between the guest operating systems and the bare hardware as an abstraction layer." Is this really how it works? The hypervisor runs on the bare hardware? I thought VMware was launched as an application under the hosting OS. Then it is able to load guest OS's. So it does not sit between the bare hardware and the guest OS, but rather between the host OS and the guest OS. See the PDF datasheet for VMware Server which shows this architecture.
Is there a different kind of VMware than what I am familiar with? One that runs on the "bare hardware" as described in the article?
It wasn't done as well as it could be, but these passports do add security. The chip includes a digital signature over the data, including the picture. When they scan it the picture shows up on the scanner. It will be essentially impossible to change the picture associated with a person's name. With present passports without the chip, that attack is relatively straightforward. Defeating this attack is the main security improvement from adding the chip.
I'm thrilled to see this, because it exposes the big lie which everyone uses to justify their illegal and immoral violation of music copyrights, that they're just stickin' it to the evil music companies and that the artists implicitly support these downloads. It's time once and for all for you people to realize that you are screwing over the artists when you pirate their music. Let that be on your conscience.
I don't expect you to stop, but at least stop lying to yourself and pretending that you aren't hurting the very people creating the music you love.
I don't believe the Java license terms constrain software written in Java in any way. You can still write proprietary software in Java and release it under your own commercial license, or do whatever you want with it. The Java GPL license only relates to the internal implementation of the Java language itself.
It would be unusual to say the least for a language to constrain programs written in that language to obey a certain license. I'm not even sure that copyright law would give language developers the power to control language users to that degree.
Does anyone know of any languages that force people who write in that language to release their code as open source, or put similar restrictions on language users?
Let's stick with the "British" theme here. You'll get one for your Mum cause she smacked you on your Bum. But you can't get one for Granny because she whacked you on your fanny... that means something else over there!
That's a British site, isn't it? Terms like "high street" and "granny" are not used much in American English. Was the study done in England or the U.S.? It wouldn't surprise me if Apple's penetration among the young is much less in the U.K. and Europe. It's always been something of an American phenomenon.
Treacherous Computing is hardware that is meant to allow person X to set their hardware up to refuse to run (or not cage) software that is not digitally signed by them. As you can imagine, this COULD be extremely valuable for security. HOWEVER, the collection of companies making up the Trusted Computing Group (most of the tech companies) decided that the capability to TRUST should be reserved for them.
This is fundamentally false. There is a core of truth to it, but the details are all wrong.
You can run ANYTHING you want on a "trusted (treacherous, whatever) computer". The TCG does not reserve anything to themselves. In the TC world, everyone is equal. No one is more equal than anyone else.
What TC does is to allow you to prove to a third party that you are running certain software. This is the "remote attestation" that everyone is so exercised about. It doesn't mean you can only run signed software, or that only the TCG decides what software is trusted. What it does mean is that someone can refuse to talk to you if you are not running software they like. But this means anyone. It's not just the TCG and it's not just big companies. You could refuse to talk to another system in a P2P network if it is not running the right peer software. TC can enforce this. There have been papers written on how this could actually HELP pirates to keep their networks secret from authorities. And of course it can also be used for DRM - Apple could refuse to talk to you unless you are running the official iTunes client.
I wish critics of TC would stick to the facts and stop introducing bogus arguments. RMS tries to claim that a TC is no longer a general purpose computer. This is completely false. You can run anything on a TC. The remote attestation feature may allow third parties to refuse to talk to you. That doesn't change the fact that you can still run whatever you want.
People should criticize TC in terms of what it really does, instead of making up a bunch of BS about how you won't be able to run software unless someone else approves it.
It's also false that TC will defeat Linux. In fact most of the work towards TC today is happening on Linux and Xen. See http://trousers.sf.net/ for example. Linux is distributed today with TPM drivers. Trusted Grub will measure your kernel into the TPM so it can report what has booted. Xen has full TPM virtualization support. In contrast Microsoft is doing almost nothing with the TPM.
Please, let's try to keep our facts straight. There are legitimate criticisms of TC but much of what is out there is BS. Critics seem to love to throw out a mixture of truth and falsehoods, doing whatever they can to make the technology look bad. If we stick to the facts we can have a more reasoned and informative discussion.
It's easy to get sizes mixed up. Nanometers, microns, angstroms, they all sound about the same.
300 nanometers is a third of a micron. Cells vary greatly in size and shape but a ballpark figure for human cells is 20 microns. So we're not talking about something that is all that "sharp" compared to the size of the object it aims to cut.
Here is the description from the patent that describes what it's for:
[0013] It is to be appreciated that from time to time the user, the computing device 14, the trusted component 18, or another entity (hereinafter, the client) may wish to remove a license 16 from use in connection therewith. For example, it may be the case that the client no longer wishes to render the corresponding content 12, or that the client wishes to transfer the license 16 to another client. Although the client could merely remove the license 16 on its own, it may be the case that the license 16 is stored in a store such as the secure store 22 and is therefore not accessible except under controlled circumstances, or it may be the case that an external entity wishes to ensure that the license 16 is in fact removed. In one envisioned scenario, where a client that purchased the license 16 from a service for value and wishes to `return` the license 16 for a refund, it is to be expected that the service would require some assurance that the returned license 16 is in fact removed from the client. In another envisioned scenario, where a client that purchased the license 16 from a service for a first computing device 14 and wishes to transfer the license 16 to a second computing device 14, it is likewise to be expected that the service would require some assurance that the transferred license 16 is in fact removed from the first computing device 14.
[0014] Accordingly, a need exists for an architecture and method that effectuates trusted removal of a license 16 from use by a client. In particular, a need exists for an architecture and method that notifies a removal service or the like in a trusted manner that the license 16 is to be removed from use by a client or the like and that in fact removes the license 16 in a trusted manner from use by the client.
So the main idea is to have a way that the client software (such as WMP) can notify the license server that the license (i.e. decryption keys, etc) is being deleted from a particular machine. This is so they can support letting people move content from one machine to another without automatically authorizing unlimited copying. It's a normal and reasonable part of an overall DRM system. I'm sure Apple's iTunes does something similar when you authorize and de-authorize machines.
It doesn't really have anything to do with Trusted Computing Group (aka TCPA) style Trusted Computing, rather they mean that the server trusts the client (just as Apple trusts iTunes).
Yeah, what's the etiquette for looking at porn on your laptop while flying? I've never done it but I'm not the kind of guy who would do that in public. I've never seen it done either.
Slashdot Mirror
Would this be resistant to physically probing the chip
I was at a presentation a couple of weeks ago by Infineon on their TPM chip. They said the chip has "over 50" sensors to detect attacks like this and zeroize sensitive data. As a simple example there is a light sensor, so that if the chip cover is removed and light strikes the silicon, it erases the secret keys that enable its operation. Apparently there are many more such sensors, although Infineon keeps the details secret.
It remains to be seen at this point whether the Camenisch/Lysyanskaya Idemix credentials are really "less efficient" than Brands. Certainly the CL credential work is newer. Brands' stuff is good but the field does not stand still. Until we see benchmarks putting them side by side, it is too early to say which is more efficient.
The Fermi paradox can be strengthened if we look at proposals for stellar engineering. Many futurists argue that the logical end state for a stellar civilization is to surround the star with solar collectors and capture all that energy which is otherwise wasted. This will not only give the civilization more resources to work with but it is arguably environmentally protective as otherwise that lost energy can never be reclaimed.
Extrapolating to an interstellar civilization, we would expect to see an expanding sphere of stars which go dark and radiate only in the far infrared. In time, entire galaxies would be transformed like this, then clusters of galaxies. We should eventually see roughly spherical voids in space which are empty of visible light galaxies and contain only mysterious far-infrared galaxies. This would be the signature of an interstellar civilization.
Unfortunately, no such astronomical phenomena exist. There are no far-infrared galaxies. There are voids, but they show no gravitational or infrared signs of containing encapsulated galaxies.
Hence it seems that not only are the aliens not here, they're not out there either. The scope of the Fermi paradox is expanded enormously. It appears that there are no mature interstellar civilization in our past light cone, which encompasses a far larger region than just our galaxy.
The doomsday argument says that if we are going to eventually spread out and colonize the universe, future human population will be enormously larger than today, perhaps billions or trillions of times larger. In that case the chance that we as random humans would find ourselves existing today at such an infinitesimally early stage of human progress is virtually nil. Whereas if this is as big as human population will get, and we don't live too much longer, it makes perfect sense for us to be alive today. Given the evidence, then, we can reject the colonize-the-universe scenario with long odds.
I'm a crypto guy, and I've just spent an hour or so studying the AACS spec to see what was broken and whether AACS can fix it.
The short answer is yes, for now AACS can change the processing key on future disks. They could even start making different disks with different processing keys. Right now the same one is used for all disks, but they could easily have set aside say a million different processing keys and start rotating through them. But there is a limit to how far they can go with this.
Down the line, AACS anticipates revoking device keys. They have a very complicated system where individual players have device keys that can be revoked if people crack the players. The problem is that these so-called processing keys are connected to device keys in a complicated and subtle way. The bottom line is that once device keys start getting revoked, AACS may be somewhat forced to use certain processing keys for an extended period of time. If those keys get published, AACS may not be able to easily work around and revoke the processing keys.
So I would say that this crack does point to a potential weakness in the AACS revocation system. The recently discovered processing key will not be good forever, but if hackers can continue to pull keys out of HD players with impunity, they may be able to stay ahead of AACS revocation efforts.
Perhaps the inclusion of TPM in later OSes, chipsets and hard-drives will spur adoption of Linux (which presumably would just not enable such garbage).
Actually, most work on the TPM is being done on Linux. See Trousers, Trusted Grub, TPM Device Driver, Enforcer, OSLO, etc. Not to mention that open-source Xen supports virtualizing the TPM and is aiming at TPM-based trusted boot functionality.
Hypervisors are the way to go for the OS of the future. Microsoft has had this vision for years. It was the foundation of their Next Generation Secure Computing Base, NGSCB, aka (ominous music here) Palladium.
Palladium got embroiled in the whole DRM controversy but there are good reasons to go this way independent of DRM. The idea is that you have a regular OS running, a Vista type OS, and then you launch your hypervisor. The hypervisor digs its way under the OS, takes control, and the OS is then packaged up and is running in a virtual machine. This is what they call "Late Launch" and is the key to one aspect of the technology I will explain below.
Now, here is the big win. You can create a new class of software, "applets" (maybe "virtlets" would be a better name) which interface directly to the hypervisor instead of the big legacy OS. These run in separate VMs so are immune to corruption of the big OS. They are simple and use a minimal API from the hypervisor so the chances of getting the code right and bug free are much greater. You can now use these for security oriented features you'd never dare to dream of on a monolithic OS. Think of Internet voting as a good example of what kind of security we are talking about. A more prosaic example is ecommerce - in a future world where people get their credit card numbers stolen all the time by malware there will be a real need for a secure way to shop online. Hypervisors and virtlets give developers a chance to start with a clean sheet of paper on the security front, while still maintaining full legacy backwards compatibility.
Then there's the kicker. Part of the goal of Late Launch is to use the TPM chip to measure (hash) the hypervisor and each VM separately. It means that each VM has an identity that it can securely attest to using a certified key embedded in the TPM chip. That Internet voting app? It can connect to the voting server and the server can verify that it is running in a clean state. Any corruption would be detected and show up in a bad hash report from the TPM chip. Malware can't fake that report because nobody can fake it, not even the user (meaning, he can't be fooled into faking it either - this is the flaw in EFF's "owner override" proposal, but that's another story).
This is all happening, folks. Intel's Lagrande Technology, now called TXT or Trusted Execution Technology, is rolling out as we write. This was the gating factor for all this technology and is probably the real reason it didn't appear in Vista - the hardware wasn't ready. But it's going to be there and it will be ubiquitous in a couple of years (at least, as ubiquitous as Vista-ready PCs are today). The next OS will take advantage of these features (and analogous ones on AMD, code-named Presidio) and will provide a whole new paradigm for security. This will leap beyond anything Apple can do and they will be playing catch-up, unless of course they start heading in this direction themselves.
To me as a security person, this is the obvious, inevitable path of OS development and is the only plausible thing Microsoft could be talking about. It should be very exciting to see these ideas brought to market in real systems.
"C'mon, $25 million is nothing compared to something like global warming. If global warming could really be solved for $25 million someone would have done it by now."
Not necessarily. You can't make money by solving global warming because there is no one who will pay you for your technology. The benefits from reducing CO2 are spread out among everyone on earth and are too diffuse for conventional market rewards.
Only if we create a global system for carbon credit trading, or apply mandates to force people to reduce their carbon output, would such an invention become profitable. In the current situation you could come up with a brilliant idea but have no way to profit from it. Branson's offer could help to jump-start innovation that would otherwise not be profitable.
Trees do not absorb CO2 every year. They only absorb CO2 while growing - the additional mass they create is partially carbon. In a steady state, such as a mature forest, as much carbon is being liberated from decaying trees as is being absorbed by growing trees. Forests are not, in general, carbon sinks.
Planting forests to absorb CO2 works, but only for a few years. After that the forest is mature and is no longer absorbing carbon. But you have to keep the forest around forever, taking up land and water resources, even though it is no longer of benefit to you. If you cut it down the carbon will go back into the atmosphere and you are worse off than before.
I agree that this article didn't make sense. He didn't offer a single concrete example of the phenomena he was decrying. His concern was losing the end to end principle, and the only controversy there I'm aware of is the "net neutrality" debate, which pits Google against the telecomm companies. That doesn't have anything to do with Vista. If net neutrality is what he's worried about, he ought to say so.
idemix which is the software in question appears to be covered by a number of patent applications submitted by the inventor, Jan Camenisch. What's the point in open-sourcing it if IBM has half a dozen or more patents covering the technology being used? Or will this process grant use of any IBM-owned patents necessary to run the code? And if so, what happens as people start modifying the code; how far can they go and still be indemnified against IBM patent infringement?
Patents and open source don't mix well. I don't see how this is going to work.
2006 has not yet been determined to be "the warmest year ever" worldwide. That data is not out yet, although it may turn out to be true. The statement was, "The 2006 average annual temperature for the contiguous U.S. was the warmest on record..." So it only applies to the contiguous 48 states. Whether the entire world was the warmest on record will take a little more data gathering and analysis.
Another point I haven't seen made, perhaps because it is so obvious, is that warm winters are by and large good for humanity. Normally thousands of people freeze to death every winter. With these warm winters, we must be seeing far fewer deaths and illnesses than we usually do. Granted, heat waves do kill people in summer, but I think on balance more people die due to weather in winter than in summer, at least in the U.S. and Europe, which are temperate-zone climates that extend into some very cold regions. I'd like to see some analysis comparing the number of lives saved due to warmer winters to the lives lost due to warmer summers.
Everything I read about global warming emphasizes the harm. Of course, that's what sells newspapers. But still, it can't all be bad, can it? Does anyone think that if we were suffering global cooling, sliding towards an ice age, that we'd be reading nothing but articles talking about how good this is? With killer blizzards sweeping across the globe, would we be reminded of how many lives were saved due to the mild summers? Would truncated growing seasons be turned into a positive, the way extended growing seasons are somehow being described as harmful? No, I don't think so.
Global warming has got to be better than global cooling, and undoubtedly has some good effects. It may be harmful on balance, but I don't think we are seeing that balance being presented clearly and honestly.
The article describes VMware as a full virtualization solution. "A hypervisor sits between the guest operating systems and the bare hardware as an abstraction layer." Is this really how it works? The hypervisor runs on the bare hardware? I thought VMware was launched as an application under the hosting OS. Then it is able to load guest OS's. So it does not sit between the bare hardware and the guest OS, but rather between the host OS and the guest OS. See the PDF datasheet for VMware Server which shows this architecture.
Is there a different kind of VMware than what I am familiar with? One that runs on the "bare hardware" as described in the article?
Is this the same Gutman who figured a way to securely delete hard drive files by overwriting it 35 times?
Yes, absolutely. Peter Gutmann is a great asset to the security community.
It wasn't done as well as it could be, but these passports do add security. The chip includes a digital signature over the data, including the picture. When they scan it the picture shows up on the scanner. It will be essentially impossible to change the picture associated with a person's name. With present passports without the chip, that attack is relatively straightforward. Defeating this attack is the main security improvement from adding the chip.
Mod parent up. Best RMS related post ever.
Thanks, now please explain:
Acts as Taggable
Acts as Versioned
low-flash coding
DRYing up your code
routing methods
I'm thrilled to see this, because it exposes the big lie which everyone uses to justify their illegal and immoral violation of music copyrights, that they're just stickin' it to the evil music companies and that the artists implicitly support these downloads. It's time once and for all for you people to realize that you are screwing over the artists when you pirate their music. Let that be on your conscience.
I don't expect you to stop, but at least stop lying to yourself and pretending that you aren't hurting the very people creating the music you love.
I don't believe the Java license terms constrain software written in Java in any way. You can still write proprietary software in Java and release it under your own commercial license, or do whatever you want with it. The Java GPL license only relates to the internal implementation of the Java language itself.
It would be unusual to say the least for a language to constrain programs written in that language to obey a certain license. I'm not even sure that copyright law would give language developers the power to control language users to that degree.
Does anyone know of any languages that force people who write in that language to release their code as open source, or put similar restrictions on language users?
Let's stick with the "British" theme here. You'll get one for your Mum cause she smacked you on your Bum. But you can't get one for Granny because she whacked you on your fanny... that means something else over there!
That's a British site, isn't it? Terms like "high street" and "granny" are not used much in American English. Was the study done in England or the U.S.? It wouldn't surprise me if Apple's penetration among the young is much less in the U.K. and Europe. It's always been something of an American phenomenon.
Treacherous Computing is hardware that is meant to allow person X to set their hardware up to refuse to run (or not cage) software that is not digitally signed by them. As you can imagine, this COULD be extremely valuable for security. HOWEVER, the collection of companies making up the Trusted Computing Group (most of the tech companies) decided that the capability to TRUST should be reserved for them.
This is fundamentally false. There is a core of truth to it, but the details are all wrong.
You can run ANYTHING you want on a "trusted (treacherous, whatever) computer". The TCG does not reserve anything to themselves. In the TC world, everyone is equal. No one is more equal than anyone else.
What TC does is to allow you to prove to a third party that you are running certain software. This is the "remote attestation" that everyone is so exercised about. It doesn't mean you can only run signed software, or that only the TCG decides what software is trusted. What it does mean is that someone can refuse to talk to you if you are not running software they like. But this means anyone. It's not just the TCG and it's not just big companies. You could refuse to talk to another system in a P2P network if it is not running the right peer software. TC can enforce this. There have been papers written on how this could actually HELP pirates to keep their networks secret from authorities. And of course it can also be used for DRM - Apple could refuse to talk to you unless you are running the official iTunes client.
I wish critics of TC would stick to the facts and stop introducing bogus arguments. RMS tries to claim that a TC is no longer a general purpose computer. This is completely false. You can run anything on a TC. The remote attestation feature may allow third parties to refuse to talk to you. That doesn't change the fact that you can still run whatever you want.
People should criticize TC in terms of what it really does, instead of making up a bunch of BS about how you won't be able to run software unless someone else approves it.
It's also false that TC will defeat Linux. In fact most of the work towards TC today is happening on Linux and Xen. See http://trousers.sf.net/ for example. Linux is distributed today with TPM drivers. Trusted Grub will measure your kernel into the TPM so it can report what has booted. Xen has full TPM virtualization support. In contrast Microsoft is doing almost nothing with the TPM.
Please, let's try to keep our facts straight. There are legitimate criticisms of TC but much of what is out there is BS. Critics seem to love to throw out a mixture of truth and falsehoods, doing whatever they can to make the technology look bad. If we stick to the facts we can have a more reasoned and informative discussion.
It's easy to get sizes mixed up. Nanometers, microns, angstroms, they all sound about the same.
300 nanometers is a third of a micron. Cells vary greatly in size and shape but a ballpark figure for human cells is 20 microns. So we're not talking about something that is all that "sharp" compared to the size of the object it aims to cut.
So the main idea is to have a way that the client software (such as WMP) can notify the license server that the license (i.e. decryption keys, etc) is being deleted from a particular machine. This is so they can support letting people move content from one machine to another without automatically authorizing unlimited copying. It's a normal and reasonable part of an overall DRM system. I'm sure Apple's iTunes does something similar when you authorize and de-authorize machines.
It doesn't really have anything to do with Trusted Computing Group (aka TCPA) style Trusted Computing, rather they mean that the server trusts the client (just as Apple trusts iTunes).
Yeah, what's the etiquette for looking at porn on your laptop while flying? I've never done it but I'm not the kind of guy who would do that in public. I've never seen it done either.