The closest you came to mentioning any specific codes of behavior should not be lightly discarded was your mention of the Bible. I did the best I could attempting to address your completely non-specific assertion that there was something valuable in archaic religious codes of behavior that was being (improperly) discarded lightly by modern society. I tried to imagine what you had in mind, and I'll admit some of the possibilities I considered led me to a negative expectation. However I was also firmly conscious that it would be invalid to draw any conclusions based on my imagination of what you might mean. So I specifically asked you to identify one or more examples. Like I said I suspect they won't be very good, but I'm listening and I want to fairly consider what you were trying to say.
These were not arbitrary codes of behavior, these were proven ways of keeping society working over time. That doesn't mean everything is right or that one could improve upon most of it, but there's good solid advice there that should not be lightly discarded.
Seriously? There is ZERO problem with anything being "lightly discarded". We're talking about crap that is literally taken as "word of god" by a majority of the population. It took fucking SIX HUNDRED THOUSAND dead Americans to get rid of slavery. It countless court battles every year, and countless criminal arrests every year, eternally fighting back Biblical versions of Sharia law. We have a large minority of the population who vote for whatever politician proclaims their adherence to the Bible the loudest, and an overwhelming majority of the population who refuse to vote for any politician who doesn't make at least some statement proclaiming the Bible is the Word Of God. We have people being murdered in Exorcisms.... and before you dismiss that as merely a few rouge extremists let me point out that one of the leading contenders for the next presidential race published a description of his own participation in a partcularly abhorrent violent crime, one which not-uncommonly ends up in a murder. And think deeply on the fact that many voters take that as reason FOR electing him to the presidency, and many are be accepting/neutral about it. If you strip the Biblical/religious angle out of that story, everyone involved should obviously be in fucking PRISON for what was done to that poor woman.
Most people aren't religious fanatics, but for a large majority of the population anything related to the Bible is given at least a passive level of default acceptance... even when it's a State Governor and possible presidential candidate recounting their participation in an abhorrent violent crime, it is passively accepted as a non-story. Even when it's someone actually campaigning for presidential candidate nomination on video participating in a ritual for protection against witchcraft in the name of Jesus, it's a non-story. No reporter cites Exodus 22:18 Thou shalt not suffer a witch to live and asks whether there should be capitol punishment if a witch is caught.
No, there's NOT ONE case of "good solid advice" from the Bible being "lightly discarded". What we have in anything Biblical being deeply entrenched, with literally violent force from fanatics and passive acceptance by "moderates". What we have is an almost impossible series of struggles over endless centuries trying to dislodge the most toxic bits one-by-one.
If you want to argue your case you're going to have to do better than some empty handwave that there exists some sort of "good advice" being "lightly discarded". You're going to have to have to identify one or more examples of supposed "good advice". I rather suspect that any example you try to give will fall into at least one of three categories. Either (1) it was never particularly good advice (2) maybe it was "good advice" for a primitive barbaric society but it's not very good advice today, and/or (3) maybe it is "good advice" but it's a Golden-History fantasy to believe the advice was actually applied more in the past than it is today.
Yep. Indonesia made the mistake of allowing some of our religious loons enter their country... and then we make the even bigger mistake of letting them come back.
Terrorists are a marginally greater threat than getting struck by lightning or killed by a falling vending machine, and less of a threat than bathtubs or death by falling out of bed.
Failure of Windows 8 Failure of Xbox One Failure of Vista Failure of the Kin Failure of the Zune Failure of Windows Phone 7 Failure of Windows Phone 8
Ummmm, what the fuck is a Kin?
[Checks Wikipedia Kin] Kin was a mobile phone from Microsoft, manufactured by Sharp Corporation... Microsoft invested two years and about US$1 billion developing the Kin platform.
How the fuck do you spend a billion dollars, and and fail so hard that a geek's geek had to google the name?
P.S. You can add Bing to the list of failures, considering that "google" is now an English language dictionary verb synonym for "search", and "Bing" is just an annoying sound that hasn't earned dollar #1 of profit.
If Balmer's retirement goes past past schedule like everything else, it could happen right on time for Obama to take the position and snag the Nobel Prize for Economics too.
Oh heavens, it must be happening again. I'm obviously experiencing a relapse of those terrible hallucinations that have plagued me for years. Oh, wait, she's real after all.
Dude, you posted a photo of a laptop sitting on the armrest of an empty couch;)
I found it surprising that it seemed to be saying that most of the devices responded in under a microsecond, while others were over 10ms.
I'm pretty sure it was a single device that was tested 227 times.
The spec actually says the host must send a 20 ms wake up signal, then wait quietly for 10 ms. If we start counting from the beginning of the quiet period (the end of the wake up signal) then you get the odd seeming result that the device is usually ready "instantly <1 ms" and sometimes takes 13 ms. But if we start counting from the beginning of the wake-up signal we get the more reasonable seeming result that the device usually completes waking up in <21 ms and sometimes took up to 33 ms. The device was in violation of the spec in the occasional cases where the it took >30 ms to complete the activation.
Atleast with the case of xHCI the 10ms is actually a minimum for both -- the specs do not indicate a maximum for the hardware to resume at all.
That's not how specifications work. Both sides are required to obey the spec for things to work. A minimum for one side is a maximum for the other side.
It's like we have a lunch break specification. The specification says that on a lunch break he must wait a minimum 30 minutes before sending the employee more work to do. This means the employee has a maximum 30 minutes to finish lunch.
What is happening here is that the employer (the computer) is obeying the spec. It's waiting the required minimum time, then sending a message "here's some work to do". The employee (the USB device) is late, still lingering out to lunch (in violation og the lunch rules) when he gets the work message. This employee (device) is responding "I'm not ready, I quit" and goes home (device disconnect).
The same things a national security letter could, and almost certainly did, demand from Groklaw.
(A) All emails (B) All account information for every account (C) IP-addresses and any other data on hand that can be used to track ever Slashdot user (D) to install a surveillance box on the network to scan and log every packet of everyone who views Slashdot (regardless of whether they post)
The would probably also demand (E) to copy the entire database of all posts by every user and all other publicly available information. Category E is stuff anyone can get merely by scanning the site over the internet, but doubtless they'd take it because they can and because it saves them a lot of work trying to crawl the entire website themselves.
And based on what happened with TOR recently, and based on the available information on the Lavabit situation, it seems very possible the government has moved beyond "passive listening" and has moved into the realm of forcing active code onto websites to attack/subvert visitors' machines. As I understand it, Lavabit was set up in such a way that the Lavabit servers literally didn't have access to the information the government would need to access the mails... that the only way the government could obtain useful information would be to hijack the Lavasoft servers and use them to actively extract the required information from visitors.
Note that the government has already beenhacking into cellphones and car ONSTAR type systems to turn on the microphones an use them as "roving wiretaps". Those aren't even National Security Letter level stuff, those are court cases of regular law enforcement doing it.
So yeah, no big shocker if they're demanding websites host attack code to trace people who's true IP address is hidden behind TOR or a proxy or otherwise hard to trace.
This may not be about secret magic security letters -- but again... how do we ever know.
The title of her farewell message is "Forced Exposure", the very first sentence is about Lavabit, and her discussion of privacy centers around government surveillance. She includes a link where "You'll find all the laws in the US related to privacy and surveillance there". And continues with "Not that anyone seems to follow any laws that get in their way these days. Or if they find they need a law to make conduct lawful, they just write a new law or reinterpret an old one and keep on going".
This is clearly isn't about creepy stalkers or corporate private investigators. This is Force-Of-Government "Forced Exposure".
She wouldn't abruptly shut down the site without explanation. The post she did leave is clearly an attempt at explanation, with a glaring hole where the actual reason would be. A hole with the exact size and shape of a government gag painfully wedged in her mouth.
But here is the horrible thing: even if/. has received a National Security Letter... They can't tell you.
Nope. But they can shut down abruptly, like Groklaw and Lavabit did. And they can put up a shutdown notice like Groklaw did, mentioning Lavabit like Groklaw did, and "inexplicably" lock out comments like Groklaw did. Hell, they could put up a page with nothing but a link to the Groklaw message.
I bet a LOT of people would be freaked and outraged by such an event.
I'm kinda hoping it turns into a whole chain of sites abruptly shutting down like Lavabit did. It might stir up a large part of the population if a lot of websites started shutting down in that manner. Hell, imagine the fallout if something like Wikipedia were to suddenly shut down with no explanation beyond a message like the one currently sitting on Groklaw. A message decrying government intrusion and total loss of privacy, and directly mentioning Lavabit. Hundreds of reporters asking why.... and the only answer fro the Wikimedia foundation is "Under advice of our lawyers we are unable to answer that question", and just directing the reporters back to the shutdown message.
The stunning abruptness of the shutdown and the discussion of Lavabit screams at me that she was hit with an NSA letter. There's no way PJ would yank the plug without warning like that on some whim. Even comments were disabled. If PJ simply wanted to retire the project she would have wound things down gracefully. She would have encouraged the community to stay active. She would have given the community time to look for alternatives. She would have encouraged someone else to take up the job running a successor site.
I saw nothing in her post that I would call "false information". If she got an NSA letter and didn't mention it, that does not make any of what she wrote untrue. If PJ got an NSA letter with a legal gag order, she would obey it to the letter. But that can't stop her from shutting down the site to refuse to participate, and she knows the community is smart enough to see how utterly out of character such an abrupt shutdown is.
I dunno if you actually want to dig though that, it's pretty dense techno-jargon specifications for the microchip. I just wanted to include it as a official source for the specification-quotes in my post, and to generally back up my other claims and explanations.
In the end, it doesn't really matter who agrees with whom where. I want my keys. How do I get them?
Oh sorry, maybe I should have answered that sooner:) Get yourself a sophisticated science laboratory and crack / acid-etch the chip open. Then use microscopic probes to extract the key directly out of the silicon circuitry.
Oh, and by the way the chips are explicitly designed to be attack resistant, meaning you have to be really careful the keys don't get damaged/wiped during the process.
Oh, and if you *do* manage to get your keys, you've got to be really careful that no one ever detects you doing anything the Trust system prohibits, like not obeying DRM. The PubEK is the public "name" for your PrivEK, and they can track you by it. They specified a revocation system they can use to effectively kill that key. You then need to go out and buy a new chip (perhaps even buy an entire new computer with a new key and new set of certificates), and crack that that chip open to get a new working key. And of course they'll revoke that key too if/when they detect your computer isn't securely locked down.
The entire point of the Trust system is for you to be able to "trust" that my computer will do what it says it will do, and only what it says it will do, and that my computer is secure against me meddling in that. And vice-versa, that I can trust that your computer is secure against you, and that it will do what I want it to do. For example you could agree to share personal information with some company. Under the Trust system you know that they don't know the Master Key to their own computer, so if their computer says that it will keep your personal information encrypted, then you can Trust that. If their computer says they will only use your personal information in an anonymous way to generate overall statistical data of all their customers, then you can Trust that their computer will enforce that. In theory.
Of course things will virtually always go in the exact opposite direction. A music service will sell you music files, and they will use the Trust system to ensure your computer strictly enforces that DRM against you. You don't have you master key, so when your computer says it will never allow you to read or copy the file (except through the approved DRM-enforcing-music-player), then they can Trust that your computer will never allow you to read or copy your music files. Some company can "rent" software to you, and they can Trust that your computer will never permit you to run that software, except during the paid rental time-span (and the computer would use a secure online date verification to enforce it). And my favorite example, websites using the Trust system to ensure you're not running any ad-blockers and that you can't right-click-save images or other content from the webpage.
The entire point of the Trust system falls apart if owners know or truly control their own computer's master keys. I can no longer Trust your computer, and you could no longer Trust my computer. That's why they set up an elaborate key-tracking and key-revocation revocation system. If you manage any sort of hardware hack to obtain control over your computer they can kill that key and establish your computer is no longer Trusted.
To clarify: The aspect on which BIOS4breakfast and Alsee disgree is that the former feels that there is not a restriction on obtaining keys as long as they are not obtained from the TPM module
You could simply "make up" a completely random key and there are some limited things you can do with it, but in general it isn't going to work. It's not a "valid" or "real" key. It will fail in critical chip operations such as Remote Attestation.
The best comparison is like buying a cellphone without a SIM card. Sure, you can make up your own phone number, and you can program phone numbers into the speed-dial memory and stuff, but in general a cell phone is designed for calling other cell phones,
I'll paste quotes here in italics, key points in bold, and non-italics comments from myself in between.
An Endorsement Key (EK) has two parts, the public part and the private part. The private part the part in control, the public part allows anyone to verify signatures. The PrivEK is the highest level master key of a TPM. It's primary function is to sign messages sent out of the TPM to other people over the internet. PrivEKs are forbidden to ever exist outside a TPM. Anyone receiving a proper PrivEK -signed-message therefore knows that the message could only have been generated inside a TPM, secure under the controls and limitations of the TPM, and secure against tampering by anyone (including the owner).
Note that the PrivEK gets signed by a manufacturer key, securely identifying it as a genuine PrivEK securely locked inside a TPM. The manufacturer key is itself signed by the Trusted Computing Group's master key, authenticating the manufacturer key as a valid key of belonging to a valid and compliant manufacturer. If the Trusted Computing Group ever revokes a manufacturer's key then all TPMs made by that manufacturer are lo longer Trusted... for practical purposes those chips can be considered "dead". If some manufacturer's chips are found to be insecure the Trusted Computing Group can "close the security hole" by effectively killing all of those chips in one shot. And this is exactly how the Trusted Computing Group prohibits any manufacturer from making a non-compliant chip that allowed the owner to obtain control of his system.
5. Endorsement Key Creation Start of informative comment The TPM contains a 2048-bit RSA key pair called the endorsement key (EK). The public portion of the key is the PUBEK and the private portion the PRIVEK. Due to the nature of this key pair, both the PUBEK and the PRIVEK have privacy and security concerns. The TPM has the EK generated before the end customer receives the platform. The Trusted Platform Module Entity (TPME) that causes EK generation is also the entity that will create and sign the EK credential attesting to the validity of the TPM and the EK. The TPME is typically the TPM manufacturer.
So the chip's top key, the PrivEK, is inside the chip before the customer buys the computer or other device. This is generally done by the manufacturer. You can skip/skim over this next section, I'm just including it to preserve continuity in copy/pasting from the source document.
The TPM can generate the EK internally using the TPM_CreateEndorsementKey or by using an outside key generator. The EK needs to indicate the genealogy of the EK generation. Subsequent attempts to either generate an EK or insert an EK must fail. If the data structure TPM_ENDORSEMENT_CREDENTIAL is stored on a platform after an Owner has taken ownership of that platform, it SHALL exist only in storage to which access is controlled and is available to authorized entities. End of informative comment 1. The EK MUST be a 2048-bit RSA key a. The public portion of the key is the PUBEK b. The private portion of the key is the PRIVEK
Here's where we start getting to the critical point you wanted, whether the owner is allowed to get his key:
c. The PRIVEK SHALL exist only in a TPM-shielded location. 2. Access to the PRIVEK and PUBEK MUST only be via TPM protected capabilities a. The protected capabilities MUST require TPM Owner authentication or operator physical presence 3. The generation of the EK may use a process external to the TPM and TPM_CreateEndorsementKeyPair a. The external generation MUST res
My favorite was this geeky one for a can of Uranium Ore: "I purchased this product 4.47 Billion Years ago and when I opened it today, it was half empty."
store and assist with generating crypto keys and perform platform validation so that you can, e.g., validate that your boot loader is not tampered with before it will release those keys. Hardware support for protecting against evil maid and transparent full disk encryption. That's such a bummer! Why would anyone want that?
That's all swell, and I'll be more than happy to jump on board when they offer a system that does that without being designed to secure the computer against the owner in the process. There are lots of ways to do that, but the simplest example is that I'd be satisfied if they allowed the owners to get a printed copy of their chip-master-keys, the Private Endorsement Key and Storage Root Key. That would preserved 100% of the functionality you just listed, while ensuring owners had the final say to fix/overdrive any threat of the computer being secured against the owner. Simply drop the printed keys in a safety deposit box at your local bank vault.
There have been a number of other proposals to fix the problem, such as the EFF's OwnerOverride system, but the Trusted Computing Group has categorically REFUSED to address any of the anti-owner aspects of the system. Enforcing the anti-owner design aspects are their first priority.
Slashdot Mirror
The closest you came to mentioning any specific codes of behavior should not be lightly discarded was your mention of the Bible. I did the best I could attempting to address your completely non-specific assertion that there was something valuable in archaic religious codes of behavior that was being (improperly) discarded lightly by modern society. I tried to imagine what you had in mind, and I'll admit some of the possibilities I considered led me to a negative expectation. However I was also firmly conscious that it would be invalid to draw any conclusions based on my imagination of what you might mean. So I specifically asked you to identify one or more examples. Like I said I suspect they won't be very good, but I'm listening and I want to fairly consider what you were trying to say.
What did you have in mind?
-
These were not arbitrary codes of behavior, these were proven ways of keeping society working over time. That doesn't mean everything is right or that one could improve upon most of it, but there's good solid advice there that should not be lightly discarded.
Seriously?
There is ZERO problem with anything being "lightly discarded". We're talking about crap that is literally taken as "word of god" by a majority of the population. It took fucking SIX HUNDRED THOUSAND dead Americans to get rid of slavery. It countless court battles every year, and countless criminal arrests every year, eternally fighting back Biblical versions of Sharia law. We have a large minority of the population who vote for whatever politician proclaims their adherence to the Bible the loudest, and an overwhelming majority of the population who refuse to vote for any politician who doesn't make at least some statement proclaiming the Bible is the Word Of God. We have people being murdered in Exorcisms.... and before you dismiss that as merely a few rouge extremists let me point out that one of the leading contenders for the next presidential race published a description of his own participation in a partcularly abhorrent violent crime, one which not-uncommonly ends up in a murder. And think deeply on the fact that many voters take that as reason FOR electing him to the presidency, and many are be accepting/neutral about it. If you strip the Biblical/religious angle out of that story, everyone involved should obviously be in fucking PRISON for what was done to that poor woman.
Most people aren't religious fanatics, but for a large majority of the population anything related to the Bible is given at least a passive level of default acceptance... even when it's a State Governor and possible presidential candidate recounting their participation in an abhorrent violent crime, it is passively accepted as a non-story. Even when it's someone actually campaigning for presidential candidate nomination on video participating in a ritual for protection against witchcraft in the name of Jesus, it's a non-story. No reporter cites Exodus 22:18 Thou shalt not suffer a witch to live and asks whether there should be capitol punishment if a witch is caught.
No, there's NOT ONE case of "good solid advice" from the Bible being "lightly discarded". What we have in anything Biblical being deeply entrenched, with literally violent force from fanatics and passive acceptance by "moderates". What we have is an almost impossible series of struggles over endless centuries trying to dislodge the most toxic bits one-by-one.
If you want to argue your case you're going to have to do better than some empty handwave that there exists some sort of "good advice" being "lightly discarded". You're going to have to have to identify one or more examples of supposed "good advice". I rather suspect that any example you try to give will fall into at least one of three categories. Either (1) it was never particularly good advice (2) maybe it was "good advice" for a primitive barbaric society but it's not very good advice today, and/or (3) maybe it is "good advice" but it's a Golden-History fantasy to believe the advice was actually applied more in the past than it is today.
-
failure of border protection
Yep.
Indonesia made the mistake of allowing some of our religious loons enter their country...
and then we make the even bigger mistake of letting them come back.
-
Terrorists are a sometimes-maybe-sorta threat.
Even that is an overstatement.
Terrorists are a marginally greater threat than getting struck by lightning or killed by a falling vending machine, and less of a threat than bathtubs or death by falling out of bed.
-
Failure of Windows 8
Failure of Xbox One
Failure of Vista
Failure of the Kin
Failure of the Zune
Failure of Windows Phone 7
Failure of Windows Phone 8
Ummmm, what the fuck is a Kin?
[Checks Wikipedia Kin]
Kin was a mobile phone from Microsoft, manufactured by Sharp Corporation...
Microsoft invested two years and about US$1 billion developing the Kin platform.
How the fuck do you spend a billion dollars, and and fail so hard that a geek's geek had to google the name?
P.S.
You can add Bing to the list of failures, considering that "google" is now an English language dictionary verb synonym for "search", and "Bing" is just an annoying sound that hasn't earned dollar #1 of profit.
-
If Balmer's retirement goes past past schedule like everything else, it could happen right on time for Obama to take the position and snag the Nobel Prize for Economics too.
-
I'd be willing to quit his job for half that.
-
Even half a Jobs would turn Microsoft around from the stagnating business it has become.
In this economy, good luck finding even a part-time-Jobs.
-
It will be interesting to see how this affects Microsoft's stock price.
They'll go flying... like a chair through Windows.
-
Oh heavens, it must be happening again. I'm obviously experiencing a relapse of those terrible hallucinations that have plagued me for years.
Oh, wait, she's real after all.
Dude, you posted a photo of a laptop sitting on the armrest of an empty couch ;)
-
I found it surprising that it seemed to be saying that most of the devices responded in under a microsecond, while others were over 10ms.
I'm pretty sure it was a single device that was tested 227 times.
The spec actually says the host must send a 20 ms wake up signal, then wait quietly for 10 ms. If we start counting from the beginning of the quiet period (the end of the wake up signal) then you get the odd seeming result that the device is usually ready "instantly <1 ms" and sometimes takes 13 ms. But if we start counting from the beginning of the wake-up signal we get the more reasonable seeming result that the device usually completes waking up in <21 ms and sometimes took up to 33 ms. The device was in violation of the spec in the occasional cases where the it took >30 ms to complete the activation.
-
Atleast with the case of xHCI the 10ms is actually a minimum for both -- the specs do not indicate a maximum for the hardware to resume at all.
That's not how specifications work. Both sides are required to obey the spec for things to work. A minimum for one side is a maximum for the other side.
It's like we have a lunch break specification. The specification says that on a lunch break he must wait a minimum 30 minutes before sending the employee more work to do. This means the employee has a maximum 30 minutes to finish lunch.
What is happening here is that the employer (the computer) is obeying the spec. It's waiting the required minimum time, then sending a message "here's some work to do". The employee (the USB device) is late, still lingering out to lunch (in violation og the lunch rules) when he gets the work message. This employee (device) is responding "I'm not ready, I quit" and goes home (device disconnect).
-
You're welcome.
-
The same things a national security letter could, and almost certainly did, demand from Groklaw.
(A) All emails
(B) All account information for every account
(C) IP-addresses and any other data on hand that can be used to track ever Slashdot user
(D) to install a surveillance box on the network to scan and log every packet of everyone who views Slashdot (regardless of whether they post)
The would probably also demand (E) to copy the entire database of all posts by every user and all other publicly available information. Category E is stuff anyone can get merely by scanning the site over the internet, but doubtless they'd take it because they can and because it saves them a lot of work trying to crawl the entire website themselves.
And based on what happened with TOR recently, and based on the available information on the Lavabit situation, it seems very possible the government has moved beyond "passive listening" and has moved into the realm of forcing active code onto websites to attack/subvert visitors' machines. As I understand it, Lavabit was set up in such a way that the Lavabit servers literally didn't have access to the information the government would need to access the mails... that the only way the government could obtain useful information would be to hijack the Lavasoft servers and use them to actively extract the required information from visitors.
Note that the government has already beenhacking into cellphones and car ONSTAR type systems to turn on the microphones an use them as "roving wiretaps". Those aren't even National Security Letter level stuff, those are court cases of regular law enforcement doing it.
So yeah, no big shocker if they're demanding websites host attack code to trace people who's true IP address is hidden behind TOR or a proxy or otherwise hard to trace.
-
This may not be about secret magic security letters -- but again... how do we ever know.
The title of her farewell message is "Forced Exposure", the very first sentence is about Lavabit, and her discussion of privacy centers around government surveillance. She includes a link where "You'll find all the laws in the US related to privacy and surveillance there". And continues with "Not that anyone seems to follow any laws that get in their way these days. Or if they find they need a law to make conduct lawful, they just write a new law or reinterpret an old one and keep on going".
This is clearly isn't about creepy stalkers or corporate private investigators. This is Force-Of-Government "Forced Exposure".
She wouldn't abruptly shut down the site without explanation. The post she did leave is clearly an attempt at explanation, with a glaring hole where the actual reason would be. A hole with the exact size and shape of a government gag painfully wedged in her mouth.
-
But here is the horrible thing: even if /. has received a National Security Letter... They can't tell you.
Nope. But they can shut down abruptly, like Groklaw and Lavabit did. And they can put up a shutdown notice like Groklaw did, mentioning Lavabit like Groklaw did, and "inexplicably" lock out comments like Groklaw did. Hell, they could put up a page with nothing but a link to the Groklaw message.
I bet a LOT of people would be freaked and outraged by such an event.
I'm kinda hoping it turns into a whole chain of sites abruptly shutting down like Lavabit did. It might stir up a large part of the population if a lot of websites started shutting down in that manner. Hell, imagine the fallout if something like Wikipedia were to suddenly shut down with no explanation beyond a message like the one currently sitting on Groklaw. A message decrying government intrusion and total loss of privacy, and directly mentioning Lavabit. Hundreds of reporters asking why.... and the only answer fro the Wikimedia foundation is "Under advice of our lawyers we are unable to answer that question", and just directing the reporters back to the shutdown message.
-
They don't win unless we've stopped fighting. And we're a long, long way from that.
Yeah, no one starting to fight is about as far from "stopping" fighting as you can get.
Well, there's Snowden, Lavabit, and PJ. But 99.997% of us are snacking on Doritos and watching the news like it's a sports channel.
-
The stunning abruptness of the shutdown and the discussion of Lavabit screams at me that she was hit with an NSA letter. There's no way PJ would yank the plug without warning like that on some whim. Even comments were disabled. If PJ simply wanted to retire the project she would have wound things down gracefully. She would have encouraged the community to stay active. She would have given the community time to look for alternatives. She would have encouraged someone else to take up the job running a successor site.
I saw nothing in her post that I would call "false information". If she got an NSA letter and didn't mention it, that does not make any of what she wrote untrue. If PJ got an NSA letter with a legal gag order, she would obey it to the letter. But that can't stop her from shutting down the site to refuse to participate, and she knows the community is smart enough to see how utterly out of character such an abrupt shutdown is.
-
I downloaded it and tried the password 12345.
The file didn't open, but oddly my luggage did.
-
Oops, I meant to include the following link in my other post:
Here's the latest TPM Main Specification Level 2 Version 1.2 from the Trusted Computing Group
I dunno if you actually want to dig though that, it's pretty dense techno-jargon specifications for the microchip. I just wanted to include it as a official source for the specification-quotes in my post, and to generally back up my other claims and explanations.
-
In the end, it doesn't really matter who agrees with whom where. I want my keys. How do I get them?
Oh sorry, maybe I should have answered that sooner :)
Get yourself a sophisticated science laboratory and crack / acid-etch the chip open. Then use microscopic probes to extract the key directly out of the silicon circuitry.
Oh, and by the way the chips are explicitly designed to be attack resistant, meaning you have to be really careful the keys don't get damaged/wiped during the process.
Oh, and if you *do* manage to get your keys, you've got to be really careful that no one ever detects you doing anything the Trust system prohibits, like not obeying DRM. The PubEK is the public "name" for your PrivEK, and they can track you by it. They specified a revocation system they can use to effectively kill that key. You then need to go out and buy a new chip (perhaps even buy an entire new computer with a new key and new set of certificates), and crack that that chip open to get a new working key. And of course they'll revoke that key too if/when they detect your computer isn't securely locked down.
The entire point of the Trust system is for you to be able to "trust" that my computer will do what it says it will do, and only what it says it will do, and that my computer is secure against me meddling in that. And vice-versa, that I can trust that your computer is secure against you, and that it will do what I want it to do. For example you could agree to share personal information with some company. Under the Trust system you know that they don't know the Master Key to their own computer, so if their computer says that it will keep your personal information encrypted, then you can Trust that. If their computer says they will only use your personal information in an anonymous way to generate overall statistical data of all their customers, then you can Trust that their computer will enforce that. In theory.
Of course things will virtually always go in the exact opposite direction. A music service will sell you music files, and they will use the Trust system to ensure your computer strictly enforces that DRM against you. You don't have you master key, so when your computer says it will never allow you to read or copy the file (except through the approved DRM-enforcing-music-player), then they can Trust that your computer will never allow you to read or copy your music files. Some company can "rent" software to you, and they can Trust that your computer will never permit you to run that software, except during the paid rental time-span (and the computer would use a secure online date verification to enforce it). And my favorite example, websites using the Trust system to ensure you're not running any ad-blockers and that you can't right-click-save images or other content from the webpage.
The entire point of the Trust system falls apart if owners know or truly control their own computer's master keys. I can no longer Trust your computer, and you could no longer Trust my computer. That's why they set up an elaborate key-tracking and key-revocation revocation system. If you manage any sort of hardware hack to obtain control over your computer they can kill that key and establish your computer is no longer Trusted.
To clarify: The aspect on which BIOS4breakfast and Alsee disgree is that the former feels that there is not a restriction on obtaining keys as long as they are not obtained from the TPM module
You could simply "make up" a completely random key and there are some limited things you can do with it, but in general it isn't going to work. It's not a "valid" or "real" key. It will fail in critical chip operations such as Remote Attestation.
The best comparison is like buying a cellphone without a SIM card. Sure, you can make up your own phone number, and you can program phone numbers into the speed-dial memory and stuff, but in general a cell phone is designed for calling other cell phones,
I'll be quoting from this, the latest version from the Trusted Computing Group: TPM Main Specification Level 2 Version 1.2, Revision 116 Part 2 - Structures of the TPM
I'll paste quotes here in italics, key points in bold, and non-italics comments from myself in between.
An Endorsement Key (EK) has two parts, the public part and the private part. The private part the part in control, the public part allows anyone to verify signatures. The PrivEK is the highest level master key of a TPM. It's primary function is to sign messages sent out of the TPM to other people over the internet. PrivEKs are forbidden to ever exist outside a TPM. Anyone receiving a proper PrivEK -signed-message therefore knows that the message could only have been generated inside a TPM, secure under the controls and limitations of the TPM, and secure against tampering by anyone (including the owner).
Note that the PrivEK gets signed by a manufacturer key, securely identifying it as a genuine PrivEK securely locked inside a TPM. The manufacturer key is itself signed by the Trusted Computing Group's master key, authenticating the manufacturer key as a valid key of belonging to a valid and compliant manufacturer. If the Trusted Computing Group ever revokes a manufacturer's key then all TPMs made by that manufacturer are lo longer Trusted... for practical purposes those chips can be considered "dead". If some manufacturer's chips are found to be insecure the Trusted Computing Group can "close the security hole" by effectively killing all of those chips in one shot. And this is exactly how the Trusted Computing Group prohibits any manufacturer from making a non-compliant chip that allowed the owner to obtain control of his system.
5. Endorsement Key Creation
Start of informative comment
The TPM contains a 2048-bit RSA key pair called the endorsement key (EK). The public
portion of the key is the PUBEK and the private portion the PRIVEK. Due to the nature of
this key pair, both the PUBEK and the PRIVEK have privacy and security concerns.
The TPM has the EK generated before the end customer receives the platform. The Trusted
Platform Module Entity (TPME) that causes EK generation is also the entity that will create
and sign the EK credential attesting to the validity of the TPM and the EK. The TPME is
typically the TPM manufacturer.
So the chip's top key, the PrivEK, is inside the chip before the customer buys the computer or other device. This is generally done by the manufacturer.
You can skip/skim over this next section, I'm just including it to preserve continuity in copy/pasting from the source document.
The TPM can generate the EK internally using the TPM_CreateEndorsementKey or by using
an outside key generator. The EK needs to indicate the genealogy of the EK generation.
Subsequent attempts to either generate an EK or insert an EK must fail.
If the data structure TPM_ENDORSEMENT_CREDENTIAL is stored on a platform after an
Owner has taken ownership of that platform, it SHALL exist only in storage to which access
is controlled and is available to authorized entities.
End of
informative comment
1.
The EK MUST be a 2048-bit RSA key
a.
The public portion of the key is the PUBEK
b.
The private portion of the key is the PRIVEK
Here's where we start getting to the critical point you wanted, whether the owner is allowed to get his key:
c.
The PRIVEK SHALL exist only in a TPM-shielded location.
2.
Access to the PRIVEK and PUBEK MUST only be via TPM protected capabilities
a.
The protected capabilities MUST require TPM Owner authentication or operator
physical presence
3.
The generation of the EK may use a process external to the TPM and
TPM_CreateEndorsementKeyPair
a.
The external generation MUST res
My favorite was this geeky one for a can of Uranium Ore:
"I purchased this product 4.47 Billion Years ago and when I opened it today, it was half empty."
-
You can't say that a dead body filled with bullets was a suicide or a hunting accident in NYC.
Sure you can:
Dick Cheney was visiting the city.
-
store and assist with generating crypto keys and perform platform validation so that you can, e.g., validate that your boot loader is not tampered with before it will release those keys. Hardware support for protecting against evil maid and transparent full disk encryption. That's such a bummer! Why would anyone want that?
That's all swell, and I'll be more than happy to jump on board when they offer a system that does that without being designed to secure the computer against the owner in the process. There are lots of ways to do that, but the simplest example is that I'd be satisfied if they allowed the owners to get a printed copy of their chip-master-keys, the Private Endorsement Key and Storage Root Key. That would preserved 100% of the functionality you just listed, while ensuring owners had the final say to fix/overdrive any threat of the computer being secured against the owner. Simply drop the printed keys in a safety deposit box at your local bank vault.
There have been a number of other proposals to fix the problem, such as the EFF's OwnerOverride system, but the Trusted Computing Group has categorically REFUSED to address any of the anti-owner aspects of the system. Enforcing the anti-owner design aspects are their first priority.
-