The secureboot stuff CANNOT be changed from within the running OS no matter how good the malware author is. The firmware (which controls ALL accesses to the secure boot storage area) will not let the OS change it.
The whole point is that the bootloader shim will only load further code if the key used to sign that code is in the shim's internal (and unchangeable once the system has actually booted from what I can tell) list of valid keys. Since the malware authors probably dont have any of the keys likely to be in that list, if there is an attempt to boot (via the shim) a piece of malware, the shim bootloader would see that its signed with something not in its database and prompt the user "hey, this isn't signed, do you want to enroll its signing key?"
secure boot is in no way "Trusted Computing 2.0" and Microsoft requires OEMs shipping Windows 8 to provide both options for the user to turn secure boot off completly AND for the user to install new keys of their choice.
Also, Secure Boot is very much about protecting the end user. It stops unknown/untrusted/unwanted low-level code running including many of the new breed of viruses that infect the master boot record to make it harder for anti-virus programs to defeat them.
Now if a manufacturer of x86 PCs started selling PCs where secure boot was on and there was no way to turn it off or to enroll new keys, THEN I would start complaining.
No. The $99 fee is if you want to get stuff signed with the default Microsoft keys (or rather, with a chain-of-trust that ties back to the default Microsoft keys)
Anyone can load new keys into the UEFI boot key-store no problems via the BIOS options.
Yeah but there is no point in counterfeiting those coins since retail stores wont accept them and the few places that would take em (e.g. maybe banks or pawn shops) are gonna know to check that its real gold before they pay out.
Here is an idea I thought of for this: 1.All access to the hard disk goes through a special board that encrypts (with 256-bit AES or whatever else is considered strong cryptography these days) the data on your hard disk in real time as it passes back and forth.
2.When you turn the computer on, you need to input a strong password (done via a bootloader or BIOS rom stored somewhere on the security board), if you input the correct one, the hard disk keys become accessible, if you input the wrong one more than x number of times, the stored keys are erased.
3.The security board contains special memory holding the keys that is connected to mains power (via a nice big UPS in case of power failures). This power supply remains active even if the PC is shut down. If the power is totally lost (e.g. power is disconnected, UPS runs out of juice) then the stored keys are erased.
The memory would be built on-chip with the encryption processor to thwart cold boot type attacks. If the system ever needs to be moved for a legitimate reason, the security can be disabled first and new encryption keys generated once the system
4.Any attempt to open the computer case without disabling the security causes the stored keys to be erased and the system to reset.
5.If the network cable is unplugged without first disabling the security, the stored keys are erased and the system is reset. To account for accidental loss of network (e.g. if you bump the network cable) and to make it harder for attackers to detect this feature, it will not erase the keys until 2 minutes after the network was disconnected.
and 6.To counter an attacker who is able to keep power AND network running whilst they transport the machine, there is a GPS receiver on the security board. If this receiver detects that the GPS signal has strayed outside of a predefined area (as it would if it is being transported to a new location by a hacker), it notifies the security processor to erase the decryption keys and reset the machine. The area would be large enough to account for the variations in signal that you get from most consumer level GPS receiver chips.
Unless the attacker is able to spoof GPS, this should prevent them from reading any viable data off the machine. Attempting to open the case and image the disk directly will give them nothing but an unreadable encrypted block of data. Moving the machine without keeping network intact will erase the keys and render the disk unusable about 2 minutes after the attacker disconnects the network connection. Moving the machine without keeping power intact will render the disk unusable immediately due to loss of key data. And if they keep both power and network, they will be thwarted by the GPS.
Thats assuming the defender doesn't simply kick out the power in the 5 seconds between the attacker making their presence known and the attacker reaching the defender's computer. Attackers power the computer and all they see is a message saying "encryption keys missing, unable to access primary disk" (or similar)
Actually, if you sign up to the right Microsoft program (not sure what they are calling it these days) and digitally sign all your binaries, you can get all the reports for your app (and in some cases provide resolutions that can be accessed via the "check for a solution" button on the "this program has crashed" dialog)
There are an increasing number of manufacturers who ship GPL software on their devices (including the Linux kernel and in some cases GNU software) and then either don't release the source code to the GPL parts or release it weeks/months after the release of the device after much prodding from the community (and then proceed to do the same thing all over again when they release the next firmware update).
Or they release source code but do not properly follow the requirements for the GPL (e.g. not releasing complete compilable source or not releasing essential configuration files and build scripts that specific exactly which options the on-device binaries were compiled with)
Some of these companies have claimed that delays are perfectly acceptable and in compliance with the license. (IMO they are certainly not in compliance with the spirit of the license, even if they may technically be in compliance with the letter of the license)
What do you believe that the free software community and the FSF can (and should) be doing to fight against manufacturers who continue to violate the GPL (and the GPL as applied to GNU/FSF software in particular) in this way?
Here is how to get me to buy your game instead of pirating it or devoting my time to some other game: 1.Do not pull BS with international release dates or limited-time-platform-exclusivity (thinking here of the recent Ghostbusters FPS and the fact that Aussies like me had to put up with the limited-time-PS3-exclusivity crap or pirate/grey-market import the PC or 360 version)
2.Where it makes sense for the genre and style of game, embrace modding. The mod tools don't generally need to be fancy, these days they can usually be much the same tools used to build the game in the first place and there is no reason it needs to take 6-12 months after release to get the mod tools out there. Where it makes sense for the specific game/engine, releasing source code to game-specific parts should also be done (e.g. what Valve does with the Source engine stuff where parts of it are released)
3.Do more to make the games as bug-free as possible when they launch. Listen to your player base when they talk about what bugs (and features) they consider most important.
4.Do not have annoying DRM solutions that get in everyone's way. Make sure that games with single player features can be played offline without any internet connection.
5.Release demos of your games (and release them either before or concurrent with the release of the actual game not months later). If people like me can't get a demo of the game to see if its worth paying for, they are more likely to just pirate the thing.
6.Price the games reasonably (and stop making Aussies pay twice as much as the rest of the world)
Take the new "C&C Ultimate Collection" (which has all the C&C games in one pack). I purchased that product because: 1.It has DRM but the DRM is unobtrusive and doesn't get in the way. No need to have disks in the drive or otherwise mess with stuff, I just click on the game in Origin and it works like magic. 2.It gives me all the games in a form that works on Windows 7 without the need to mess with stuff 3.It was good value (the fact that Aussies didn't get the usual rip-off markup helped too) and 4.It gives me the games that I didn't own and the ones I owned but dont know where the disks are)
I would suspect they still use clean-rooms for all sorts of other things where even the tiniest bit of dust could cause problems during manufacture (like space probes to other planets where the tiniest bit of earth dust or life could contaminate whatever planet the probe is aimed at)
The last time I upgraded my CPU without upgrading my motherboard was when I upgraded from a Pentium 166MMX to a 300MHz Cyrix part which turned out to be the worst decision I ever made (although that was partly due to the mistake of using the heatsink/fan from the 166MMX on the 300MHz Cyrix part and various related mistakes)
Tell me about it, I installed an update to a program and (without any indications I saw) I somehow ended up with Google Chrome (which I dont want, I use SeaMonkey)
Doesn't help if the "lead coder" (who has been there for years and is responsible for most of the bad code) or the PHBs who dont know the codebase refuse to accept your incremental improvements (because they aren't "necessary" and because there is the risk, however small, of breaking things)
The best answer is to shred the documents with a proper cross-cut shredder, pulp the shreds and then recycle the pulp into new paper things. And its good for the environment too:)
.app is not offensive to Australians, they are objecting to it because "app" is a generic term and no one entity should have the ability to control its use.
The Palestinian conflict started when the Allies took what was then Palestine and gave a large chunk to the Jews to create Israel. The Israelis then expanded and took over the rest of Palestine (and have displaced 1000s of Palestinians from their homes to create homes for Israelis) and the 2 sides have been fighting ever since.
The mess in Iran started when the democratically elected government of Iran decided to kick out the British Anglo-Persian Oil Company (one of the predecessors of what is now British Petroleum) and take over the Iranian oil reserves). The British and Americans didn't like this and proceeded to overthrow the government and replace it with a government controlled by the British. This then lead to the Iranian Revolution and the current anti-western fundamentalist islamic dictatorship we have today.
The first mess in Iraq started because the west decided to aid Saddam in his fight with Iran (except that after the war with Iran was over, he proceeded to use those same weapons against Kuwait)
The current mess in Iraq started because the west decided to invade so they could overthrow Saddam and in so doing have created another state for islamic extremists to use as a base of operations.
The law enforcement and intelligence agencies continue to push for more and more data (warrentless wiretapping of every internet packet that flows through AT&Ts tapping points, wholesale retention of internet data by ISPs, email snooping, increasing numbers of CCTV cameras private and public and who knows what else) yet I dont see any funding anywhere for the massive numbers of agents required to find the few needles in that ever-larger haystack and turn that massive pile of data into useful information.
Obviously you haven't heard the GOOD AC/DC songs:) Go listen to "Its a long way to the top if you wanna rock n roll" (the bagpipe bit from that song is my current SMS ringtone:)
One thing I think that the digital bill of rights should add to the constitution is an addition to the 5th amendment rights that specifically covers the disclosure of passwords, encryption keys and login details and declares that the protections relating to self-incrimination mean you cant be forced to hand over those things nor can you be forced to enter those details in and unlock things.
Lets bring in 4th amendment protections against things like warrantless seizure of domain names (if the FBI/DOJ/etc can't prove to a judge that the site is violating the law, then no they shouldn't be able to seize the domain)
What I want to see is a site similar to Rapidshare or Megaupload or MediaFire that uses client-side encryption (even the actual name of the file would be part of the opaque blob). Heck, build a system (presumably using a cypher that is designed to be good with random seeking in the file if such a cypher exists) that can play videos in the client (where the video player would take the key as input and decrypt on the fly). So like YouTube except that the hosting provider never sees the content and is unable to pre-screen it.
So without the key all you get is some kind of ID for the file (just start at 0 or 1 and keep going up) and an opaque AES encrypted blob.
Harder for the media companies to send take-down notices (as they would be unable to use their regular automated system and would have to have a human manually find the decryption key for the content in whichever blog post, forum post or other location the link itself was found in.
Look at what happened to allofmp3.com. Followed all the laws in Russia. Paid all the required money to the Russian music licensing agency. Yet it was still targeted by the RIAA who claimed it was "illegal"
I suspect it would be quite hard to find any digital music store in some of these Asian countries that is both accessible to the USA AND would be considered acceptable/legit by the RIAA.
I would LOVE to meet the idiots that decided that document formats (such as Word, Excel, PDF, RTF etc) need to support full programming languages with system level access.
Old office formats (Word Perfect, Lotus etc) got by just fine without programmability so why do modern formats need it?
A special place in hell should be reserved for the person who decided to merge 2 of the least secure mainstream programs known to man and add support for embedding a Flash file into a PDF file.
Thats what happens here in Australia too, the networks broadcast program data over-the-air through the DVB-T streams. How far into the future depends on the network but all of them do it.
Slashdot Mirror
The secureboot stuff CANNOT be changed from within the running OS no matter how good the malware author is. The firmware (which controls ALL accesses to the secure boot storage area) will not let the OS change it.
The whole point is that the bootloader shim will only load further code if the key used to sign that code is in the shim's internal (and unchangeable once the system has actually booted from what I can tell) list of valid keys. Since the malware authors probably dont have any of the keys likely to be in that list, if there is an attempt to boot (via the shim) a piece of malware, the shim bootloader would see that its signed with something not in its database and prompt the user "hey, this isn't signed, do you want to enroll its signing key?"
secure boot is in no way "Trusted Computing 2.0" and Microsoft requires OEMs shipping Windows 8 to provide both options for the user to turn secure boot off completly AND for the user to install new keys of their choice.
Also, Secure Boot is very much about protecting the end user. It stops unknown/untrusted/unwanted low-level code running including many of the new breed of viruses that infect the master boot record to make it harder for anti-virus programs to defeat them.
Now if a manufacturer of x86 PCs started selling PCs where secure boot was on and there was no way to turn it off or to enroll new keys, THEN I would start complaining.
No.
The $99 fee is if you want to get stuff signed with the default Microsoft keys (or rather, with a chain-of-trust that ties back to the default Microsoft keys)
Anyone can load new keys into the UEFI boot key-store no problems via the BIOS options.
Yeah but there is no point in counterfeiting those coins since retail stores wont accept them and the few places that would take em (e.g. maybe banks or pawn shops) are gonna know to check that its real gold before they pay out.
Here is an idea I thought of for this:
1.All access to the hard disk goes through a special board that encrypts (with 256-bit AES or whatever else is considered strong cryptography these days) the data on your hard disk in real time as it passes back and forth.
2.When you turn the computer on, you need to input a strong password (done via a bootloader or BIOS rom stored somewhere on the security board), if you input the correct one, the hard disk keys become accessible, if you input the wrong one more than x number of times, the stored keys are erased.
3.The security board contains special memory holding the keys that is connected to mains power (via a nice big UPS in case of power failures). This power supply remains active even if the PC is shut down. If the power is totally lost (e.g. power is disconnected, UPS runs out of juice) then the stored keys are erased.
The memory would be built on-chip with the encryption processor to thwart cold boot type attacks. If the system ever needs to be moved for a legitimate reason, the security can be disabled first and new encryption keys generated once the system
4.Any attempt to open the computer case without disabling the security causes the stored keys to be erased and the system to reset.
5.If the network cable is unplugged without first disabling the security, the stored keys are erased and the system is reset. To account for accidental loss of network (e.g. if you bump the network cable) and to make it harder for attackers to detect this feature, it will not erase the keys until 2 minutes after the network was disconnected.
and 6.To counter an attacker who is able to keep power AND network running whilst they transport the machine, there is a GPS receiver on the security board. If this receiver detects that the GPS signal has strayed outside of a predefined area (as it would if it is being transported to a new location by a hacker), it notifies the security processor to erase the decryption keys and reset the machine. The area would be large enough to account for the variations in signal that you get from most consumer level GPS receiver chips.
Unless the attacker is able to spoof GPS, this should prevent them from reading any viable data off the machine. Attempting to open the case and image the disk directly will give them nothing but an unreadable encrypted block of data. Moving the machine without keeping network intact will erase the keys and render the disk unusable about 2 minutes after the attacker disconnects the network connection. Moving the machine without keeping power intact will render the disk unusable immediately due to loss of key data. And if they keep both power and network, they will be thwarted by the GPS.
Thats assuming the defender doesn't simply kick out the power in the 5 seconds between the attacker making their presence known and the attacker reaching the defender's computer.
Attackers power the computer and all they see is a message saying "encryption keys missing, unable to access primary disk" (or similar)
Actually, if you sign up to the right Microsoft program (not sure what they are calling it these days) and digitally sign all your binaries, you can get all the reports for your app (and in some cases provide resolutions that can be accessed via the "check for a solution" button on the "this program has crashed" dialog)
There are an increasing number of manufacturers who ship GPL software on their devices (including the Linux kernel and in some cases GNU software) and then either don't release the source code to the GPL parts or release it weeks/months after the release of the device after much prodding from the community (and then proceed to do the same thing all over again when they release the next firmware update).
Or they release source code but do not properly follow the requirements for the GPL (e.g. not releasing complete compilable source or not releasing essential configuration files and build scripts that specific exactly which options the on-device binaries were compiled with)
Some of these companies have claimed that delays are perfectly acceptable and in compliance with the license. (IMO they are certainly not in compliance with the spirit of the license, even if they may technically be in compliance with the letter of the license)
What do you believe that the free software community and the FSF can (and should) be doing to fight against manufacturers who continue to violate the GPL (and the GPL as applied to GNU/FSF software in particular) in this way?
Here is how to get me to buy your game instead of pirating it or devoting my time to some other game:
1.Do not pull BS with international release dates or limited-time-platform-exclusivity (thinking here of the recent Ghostbusters FPS and the fact that Aussies like me had to put up with the limited-time-PS3-exclusivity crap or pirate/grey-market import the PC or 360 version)
2.Where it makes sense for the genre and style of game, embrace modding. The mod tools don't generally need to be fancy, these days they can usually be much the same tools used to build the game in the first place and there is no reason it needs to take 6-12 months after release to get the mod tools out there. Where it makes sense for the specific game/engine, releasing source code to game-specific parts should also be done (e.g. what Valve does with the Source engine stuff where parts of it are released)
3.Do more to make the games as bug-free as possible when they launch. Listen to your player base when they talk about what bugs (and features) they consider most important.
4.Do not have annoying DRM solutions that get in everyone's way. Make sure that games with single player features can be played offline without any internet connection.
5.Release demos of your games (and release them either before or concurrent with the release of the actual game not months later). If people like me can't get a demo of the game to see if its worth paying for, they are more likely to just pirate the thing.
6.Price the games reasonably (and stop making Aussies pay twice as much as the rest of the world)
Take the new "C&C Ultimate Collection" (which has all the C&C games in one pack). I purchased that product because:
1.It has DRM but the DRM is unobtrusive and doesn't get in the way. No need to have disks in the drive or otherwise mess with stuff, I just click on the game in Origin and it works like magic.
2.It gives me all the games in a form that works on Windows 7 without the need to mess with stuff
3.It was good value (the fact that Aussies didn't get the usual rip-off markup helped too)
and 4.It gives me the games that I didn't own and the ones I owned but dont know where the disks are)
I would suspect they still use clean-rooms for all sorts of other things where even the tiniest bit of dust could cause problems during manufacture (like space probes to other planets where the tiniest bit of earth dust or life could contaminate whatever planet the probe is aimed at)
The last time I upgraded my CPU without upgrading my motherboard was when I upgraded from a Pentium 166MMX to a 300MHz Cyrix part which turned out to be the worst decision I ever made (although that was partly due to the mistake of using the heatsink/fan from the 166MMX on the 300MHz Cyrix part and various related mistakes)
Tell me about it, I installed an update to a program and (without any indications I saw) I somehow ended up with Google Chrome (which I dont want, I use SeaMonkey)
Doesn't help if the "lead coder" (who has been there for years and is responsible for most of the bad code) or the PHBs who dont know the codebase refuse to accept your incremental improvements (because they aren't "necessary" and because there is the risk, however small, of breaking things)
The best answer is to shred the documents with a proper cross-cut shredder, pulp the shreds and then recycle the pulp into new paper things. :)
And its good for the environment too
.app is not offensive to Australians, they are objecting to it because "app" is a generic term and no one entity should have the ability to control its use.
The Palestinian conflict started when the Allies took what was then Palestine and gave a large chunk to the Jews to create Israel. The Israelis then expanded and took over the rest of Palestine (and have displaced 1000s of Palestinians from their homes to create homes for Israelis) and the 2 sides have been fighting ever since.
The mess in Iran started when the democratically elected government of Iran decided to kick out the British Anglo-Persian Oil Company (one of the predecessors of what is now British Petroleum) and take over the Iranian oil reserves). The British and Americans didn't like this and proceeded to overthrow the government and replace it with a government controlled by the British. This then lead to the Iranian Revolution and the current anti-western fundamentalist islamic dictatorship we have today.
The first mess in Iraq started because the west decided to aid Saddam in his fight with Iran (except that after the war with Iran was over, he proceeded to use those same weapons against Kuwait)
The current mess in Iraq started because the west decided to invade so they could overthrow Saddam and in so doing have created another state for islamic extremists to use as a base of operations.
The law enforcement and intelligence agencies continue to push for more and more data (warrentless wiretapping of every internet packet that flows through AT&Ts tapping points, wholesale retention of internet data by ISPs, email snooping, increasing numbers of CCTV cameras private and public and who knows what else) yet I dont see any funding anywhere for the massive numbers of agents required to find the few needles in that ever-larger haystack and turn that massive pile of data into useful information.
Obviously you haven't heard the GOOD AC/DC songs :) :)
Go listen to "Its a long way to the top if you wanna rock n roll" (the bagpipe bit from that song is my current SMS ringtone
I made a similar posting with some of my own thoughts here:
http://www.schneier.com/blog/archives/2012/11/e-mail_security.html#c996365
One thing I think that the digital bill of rights should add to the constitution is an addition to the 5th amendment rights that specifically covers the disclosure of passwords, encryption keys and login details and declares that the protections relating to self-incrimination mean you cant be forced to hand over those things nor can you be forced to enter those details in and unlock things.
Lets bring in 4th amendment protections against things like warrantless seizure of domain names (if the FBI/DOJ/etc can't prove to a judge that the site is violating the law, then no they shouldn't be able to seize the domain)
The C&C series is probably the biggest thing keeping me from Linux-as-a-main-OS (gaming wise that is). That and Elder Scrolls.
What I want to see is a site similar to Rapidshare or Megaupload or MediaFire that uses client-side encryption (even the actual name of the file would be part of the opaque blob). Heck, build a system (presumably using a cypher that is designed to be good with random seeking in the file if such a cypher exists) that can play videos in the client (where the video player would take the key as input and decrypt on the fly). So like YouTube except that the hosting provider never sees the content and is unable to pre-screen it.
So without the key all you get is some kind of ID for the file (just start at 0 or 1 and keep going up) and an opaque AES encrypted blob.
Harder for the media companies to send take-down notices (as they would be unable to use their regular automated system and would have to have a human manually find the decryption key for the content in whichever blog post, forum post or other location the link itself was found in.
Look at what happened to allofmp3.com. Followed all the laws in Russia. Paid all the required money to the Russian music licensing agency. Yet it was still targeted by the RIAA who claimed it was "illegal"
I suspect it would be quite hard to find any digital music store in some of these Asian countries that is both accessible to the USA AND would be considered acceptable/legit by the RIAA.
I would LOVE to meet the idiots that decided that document formats (such as Word, Excel, PDF, RTF etc) need to support full programming languages with system level access.
Old office formats (Word Perfect, Lotus etc) got by just fine without programmability so why do modern formats need it?
A special place in hell should be reserved for the person who decided to merge 2 of the least secure mainstream programs known to man and add support for embedding a Flash file into a PDF file.
Are they going to use stronger crypto on this one?
Thats what happens here in Australia too, the networks broadcast program data over-the-air through the DVB-T streams. How far into the future depends on the network but all of them do it.