I"m a little shocked too at the leap the level to trigger a crime has come to. So now...simple nudity == porn? In this case a nude person under 18 is now considered child porn?
It's worse than that.
This subject comes up, and we get all these crusading posters thinking we're talking about little children getting fucked.
Child porn does not have to include sex, molestation, or even nudity. All it takes to qualify as child porn is for someone to decide that the the camera is a little too centered on the genital region, or to decide the pose/expression looks too sexual. God-forbid a picture of a 17-year-old in a ballet leotard has a bit of camel toe and some prosecutor finds it arousing. That is essentially the definition of child porn - does the prosecutor find it arousing. And then there's the real insane kicker - it doesn't even have to be a child or even a real person. Is it an 18 or 19 or 20 year old that looks young? Child porn. Is it a DRAWING? Child porn.
I don't remember where I saw it, but last time one of these stories came up I came across a website with statistics on the photos from child porn prosecutions. The photos get categorized in some sort of levels system. The substantial majority of photos in child porn prosecutions are photos like the ones in this story, basic nudity or partial nudity or even fully clothed images that the prosecutor decided he got horny over, and that only a tiny percentage - some small single digit percent - were in the high classification involving "hardcore porn" meaning porn involving actual genital/oral/anal contact sexual activity. I don't remember the exact details, but it was about what it said. The substantial majority were classified in the lightest category like the photos in this story.
But heay, someone might download a drawing of a fictional-20-year-old-who-looks-17 wearing tight cloths and suggestive curves and a potentially suggestive pose, so lets outlaw the internet. We have to save the children, even when those children are fictional. And we most especially have to save the children by putting them in prison when the take naughty pictures of themselves.
Me? I'm an evil insane radical. I have this wacky idea that the police should spend a little more of their time going after people who actually molest flesh-and-blood real children, and a little less time sorting through photos from nudist colonies trying to decide which ones are innocent family photos and which ones make them horny meaning it's kiddyporn.
If you cannot permanently wipe, or temporarily disable, the manufacturer's keys and replace them with your own
The way the system works, wiping the chip's key or replacing it with your own is entirely pointless. There's no reason to ever do that.
By the way that key is called the PrivEK. It stands for Private Endorsement Key.
If you wipe or replace the PrivEK then as far as the rest of the Trusted Computing universe is concerned you have an invalid rejected chip. As far as the broader Trust system is concerned, you have no chip at all. Your chip is not Trusted, your computer is not Trusted. Any other computers using the Trust system will reject connections from your computer, and your computer will be unable to access any Trusted content. You're just as screwed as if you have no chip at all. You're locked out of the Trust system.
You CAN still you that chip for some limited local uses, like Bitlocker. However there's absolutely no need to wipe or replace the PrivEK for that. If you're just using the chip for Bitlocker and the like, then you're not really using the PrivEK anyway, or it doesn't matter what the PrivEK is set to.
If you wipe/change the PrivEK the you completely destroy the Trusted status and Trusted capabilities of the chip. And if you're not using the Trusted capabilities of the chip then there's no need to care about that key.
Now, if you want to discover manufacturer's keys, that's a different matter.
While that would be most amusing, grin, no. I was absolutely not suggesting anything of the sort.
I was saying that I want to know my master key in my chip. (Actually you have two keys locked in there, the PrivEK and the RSK Root Storage Key, but lets gloss over that and keep it simple).
If you do not know your master key then your computer can be locked against you. Your files on your computer can be locked so that you cannot read them or modify them or control them. It gets pretty technical and complicated, but in essence it makes your computer one big DRM machine. It spies on you and it sends those spy reports to other people, and it enforced Uber-DRM on your files software and network connections.
Either you DO use the Trust system and your computer gets locked down, or you do not use the Trust system and you get completely locked out of the Trust system and completely locked out of all Trusted files and completely locked out of all Trusted software and completely locked out any network service or network access that uses the Trust system. In the long term worst case your ISP could use the Trust system. If that ever happens then you have a choice - either Turn on the Trusted lockdown to get internet access and completely surrender ownership and control of your computer, or don't turn on the Trusted lockdown and not get internet access.
In the medium term, it might start happening with websites for example. A website may well want to make sure you don't run any sort of adblocker. They want to make sure the ads are displayed along with the webpage, or you don't get to view the website at all. The webserver sends a quick small Trust check-request to your computer. Either you have the Trust system on and it sends back a Trusted spy report on your system and you effectively surrender control and surrender ownership of your computer, or you don't get to view the website at all.
Either a Trusted lockdown, or a Trusted lockout.
I hope I explained it clearly enough. I'm half asleep and I'm brain-blurry:)
Of course the assumption that the owner will under no circumstances have the key is, strictly speaking, invalid... So what? Does it make passwords and dongles invalid security measures? No.
But that's not the sort of "security" that Trusted computing is about. Trusted Computing defines "security" in a bizarre irrational way.
Let me try this example. You have a vending machine selling soda or snacks. The normal meaning of security is that you have a bill-scanner and a coin-dete
My TPM is used solely as a master key store to secure the security suite.
In other words you've got a handgrenade on your desk, but you solely use the handle as a bottle opener.
Ooops, that should have been a car analogy. Chuckle.
The TPM is designed to be a trusted key store.
It's not merely a key store.
It is a key store designed with the added capability to secure keys even against owner's access, and it is attached to a system to securely log your system state (secure even against the owner), and attached to a remote attestation system to securely communicate those keys and that system log with other systems over the internet (secure even against the owner).
Locked out of the trust system? Go online with the Trust system? Does this actually mean anything?
Yes, it does. You may have a TPM, but they have not finished implementing the Trust system. They have not yet really turned the Trust system on. For example no one is using remote attestation for anything yet, and they haven't set up any Certificate Authorities yet. You've got an incomplete handgrenade on your desk and you're using the handle as a bottle opener. Yeah, at the moment it's harmless. It's incomplete and most of it is lying unused.
As for DRM-encrypted media, that is an entirely different issue. The TPM does not really alter that issue one way or another, which is to say that if you consume it, you deserve what you get.
I need sleep, so I'm going to gloss over the inactive parts of the Trust systems and the short term reality issues and I'll just jump to to the ultimate capability of the system and, if they succeed in rolling it out, the long term game-over point. For a nice round number let's call it in maybe a decade from now. I don't know if they can actually pull it off, I seriously hope they can't, but they have a VERY real VERY credible path planned to head in this direction....
Under the Trusted Computing system, internet access can be DRM'd. I don't merely mean the content and media on the internet, I mean the act of connecting to an ISP / connecting to the internet itself would be a DRM connection. "if you consume it, you deserve what you get" kinda becomes a problem when you're talking about "consuming" mere access to the 'net. And if that happens you have to fully activate and fully submit to the Trust system in order to get any internet access at all. A fully active handgrenade with the pin pulled.
I'll try to post tomorrow or something, the explanations I skipped over. It would help if you post a note saying whether you know about Remote Attestation or Certificate Authorities or Platform Configuration Registers, or anything else about Trusted Computing.
Yep, yep. But one thing.... "Id rather prefer a way to reset the master key (PrivEK) that does you no good. It's no better than a standard TPM for your purposes, and it is rejected as an invalid TPM by everyone else.
The issue is that you get screwed if other people have a standard TPM and you don't. Then those computers start refusing to talk to you, and various programs and data files refuse to run on your computer. You might go to some website and it does a Trust check to ensure you don't block the ads. If you don't have a standard TPM then you can't view the website.
You need to either prevent most other people from ending up with TPMs, or you need a standard option where lots of people know their PrivEK. A lesser fix is if you crack your chip to know your PrivEK(or some equivalent override), but in that case you are always under threat that they will detect that your system is jail-broken, in which case they revoke your PrivEK. Then you need to go buy a brand new PC with a new chip with a new PrivEK. Not fun.
secure a computer against the owner. Can you point me to a specific reference in the specification or other official matter regarding this design objective?
The entire TPM specification is filled with endless mandates that the owner must not be allowed to do X, must not be permitted allowed to access Y, must not be allowed to know his own keys/data Z. One example stands out in particular in TCPA Main TCG Architecture v1_1b.pdf on page 277 (page 267 by internal numbering) they explicitly discuss securing the system against attack by a "rogue owner". They explicitly refer to the owner as the enemy to be secured against.
The Protection Profile PC Client Specific Trusted Platform Module TPM Family 1.2 pp0030b.pdf page 95 section FPT_PHP.3 Resistance to physical attack explicitly says a PC Trusted system "shall resist physical manipulation and physical probing", "responding such that SFRs [security functionality requirements] are enforced". Physical tampering explicitly includes physical attack. It makes no specific statements on how physical attack resistance shall be implemented. The same document page 109 section O.Tamper_Resistance "requires the TPM to be resistant against identified physical tampering by an hostile user against the TSF [trusted system framework] by responding automatically such that SFRs [security functionality requirements] are always enforced". Note that the TPM's standard fallback method for ensuring security requirements is by terminating operation, denying all access, or even wiping keys. No access means no security violation.
There is a document called TPCPP - Trusted Platform Connection Protection Profile. The TPM specification says that the system is required to comply with the TPCPP. Based on the name of that document and the surrounding discussion, it strongly appears to be a physical security specification - the physical security of integrating the TPM with the motherboard system or other platform. Unfortunately I am unable to find this document on the Trusted Computing Group website, nor was I able to locate it with a few google searches. Very odd.
One of the documents, I think somewhere in the TCPA Main TCG Architecture v1_1b.pdf, they specify a TPM storage system for signed digital certificates for the hardware manufacturers to specify what kinds and levels of physical security have been applied. They also mention their intent for manufacturers to compete with each other to offer higher and higher levels of physical security.
And then there are multiple documents dedicated to the CA system, where the CA has the job of scanning your system and issuing certificates attesting to the logical and physical security conformance of your system. If they ever detect that your system is not compliant - meaning if you have successfully tampered with your computer - then they are required to revoke your system certificate. For practical purposes, they brick the Trust system of your computer. You then need to go out and buy a brand new PC with a brand new Trust chip on board.
So final summary, yes the system is designed to be security against the owner, yes it is explicitly hostile and considers "rogue owner"s to be the enemy. Yes, they say there should be physical security. No, I have not been able to locate any specific mandates on how physical security shall be implemented. Yes, they explicitly have a system in place for manufacturers to specify types and levels of physical security that is present. Yes, they explicitly want manufacturers to compete for higher levels of security. Yes, they explicitly certify your compliance and level of physical security before you fully activate the system. Yes it will still be possible (difficult but possible) to succeed in physically attacking your system. They have a system and mandate in place to watch for such violations(*), with a mandate to revoke your system. So go ahead and physically override your computer, and then you can go buy an entire new PC when they revoke your syste
I would say that the law (i.e. the government) has no business meddling with "marriage"
I agree that would fix the problem as I see it. I have no opposition to that as a solution, though I don't really push for it either. I have pretty significant libertarian leanings, but I think libertarianism can at times get a bit radical with the "nuke the universe and contract will rebuild and fix everything" fundamentalism:)
Anywho, the fact is that marriage law does currently exist. And so long as it does, I believe my constitutional argument stands. None of the law, marriage law or otherwise, can examine race gender or religion as a basis for differential government treatment. This is why the interracial marriage bans were invalidated. The law, marriage law or otherwise, cannot examine race as a basis to grant or deny applicants. The law, marriage law or otherwise, cannot examine gender as a basis to grant or deny applicants. Any marriage law trying to deny gay marriages fails for the same reason a marriage law trying to deny interracial marriage fails.
Prop. 8 was not an "equal rights issue".
The law was attempting to engage in gender based discrimination, identical to the race based discrimination to exclude interracial marriage. There is no means to identify and exclude mixed race couples without examining their races. There is no means to identify and exclude same gender couples without examining their genders.
If what the opponents of Prop. 8 really wanted was equal rights (because, yes, there are some crucial legal differences between "marriage" and "civil union"), they should have pushed for a proposition of their own, declaring legal equality of marriage and civil union
If what [mixed race couples] really wanted was equal rights (because, yes, there are some crucial legal differences between "marriage" and "civil union"), they should have pushed for a proposition of their own, declaring legal equality of marriage and civil union?????
Do you not see a problem with that?
By demanding that the definition of "marriage" be extended to cover gay couples, what they are effectively trying to do is change every contract out there written with the word "marriage" in them
By demanding that the definition of "marriage" be extended to cover [mixed race] couples, what they are effectively trying to do is change every contract out there written with the word "marriage" in them?????
Do you not see a problem with that?
Maybe you think that's a good thing, changing other people's agreements, after the fact
Sometimes parties run into unforeseen implications of what they did write into their contract.
If someone writes a contract about serving alcohol, and that contract obviously has some clause referring to minors, and if the legally defined age for "minors" changes, then the effects of that contract obviously have an unanticipated adjustment to apply that new age threshold.
With interracial or gay marriage it's even more fundamental. Nothing actually changes.
Some parties may think interracial couples are marriages and other parties may think interracial couples are not marriages. So long as their contract is relying upon the legal definition of marriage, and so long as the law is defining what marriage is, then those parties are contracting to the legal definition of marriage no matter what that is and no matter what they would wish it to be.
At the time a contract is written someone may dislike interracial couples getting married. His state may currently have a law on the books containing text saying that interracial couples do not constitute a valid marriage. He may assume that means that interracial couples are not marriages. He is in error. The portion of the state law claiming interracial couples are not married is unconstitutional. That segment of text in the law is invalid. That segment of text is legally null and void. It doesn't actually exist. It's not actually law and it ha
Trusted Computing is built on an entire tree of keys. You're right that the master pair of keys (PrivEK and RSK) never leave the chip. You're right that reading RAM will not give you a simple full crack of the Trust system on your computer. However by reading RAM you can snatch the lower levels keys peicemeal, and you can read out decrypted files piecemeal. For example you play some DRM music and do a RAM grab. If you're lucky that RAM grab will give you the key to decrypt all of the DRM music files on your computer, or if your less lucky you may just get the decrypted version of the particular song you were playing at the time.
Actually I have been collecting notes on some more powerful more promising attacks on Trusted Computing, but this RAM technique is certainly nice and easy addition to the anti-TrustedComputing toolbox.
Then explain why I cant have my private key to the TPM I may own?
Precisely. The intent is to secure the computer against the owner. If you know your key then you can unlock and control your computer.
Or, who knows the proper private key to unlock any TPM?
No one. The way the system is set up there is no master unlocking key. There are keys you can use to create new unlocked phony TPMs, but they are mostly useless towards an existing TPM.
I'll give a super simplified rundown of how it works. They manufacture the chip. The chip generates a completely random key. The key has a public half and a secret half. The secret half of the key is locked in the chip. No one knows it, no one is ever permitted to see it. The manufacturer uses their key to sign the public half of the chip's key. The chip loads and stores this signature. This signature "proves" that the chip's key is a real TPM key. It "proves" that the master key to this chip *is* locked inside a chip, and that no one has ever seen it, and that the chip will never willingly permit anyone to ever see it.
The master key is locked inside the chip. No one knows it, no one can unlock the chip.
Actually I just thought of something. The technical specification does permit an optional feature - manufacturers are permitted to include something called Maintenance. If a manufacture does include the maintenance capability, then the maintenance key could indeed be used to unlock all chips of that particular model from that particular manufacturer. The manufacturer would be in possession of this key. The specification mandates that the manufacturer is forbidden to ever use this key in this manner.
If you did manage to break into a manufacturer and steal/copy this key, then with physical access you could activate maintenance mode, read out the maintenance data (the TPM chip self destructs in the process ), and use the key to decrypt the maintenance data. That gives you the keys - the soul of the chip. You could then unlock all data stored on that computer, and you can use those keys to reincarnate the TPM in a new chip or in software. The reincarnated TPM would be unlocked.
Even if you did manage to get into the manufacture to snatch tat key, it's probably going to be locked inside a TPM itself. You'd have to physically rip open that TPM to unlock it, to get the maintenance key. You would have the benefit that physically ripping one chip would then allow you to easily unlock an unlimited number more chips of that model.
If you could snatch the manufacture's signing key then you could "manufacture" unlocked TPMs at will. That's no good for unlocking existing systems, but most of the time a shiny new unlocked TPM is just as good. This key is also likely to be locked inside a TPM.
There's one more key of significance, the very top master key to the whole system. While this is theoretically the most powerful key, it actually turns out to be pretty much useless. It's the master key used to sign/certify manufacturer's keys. With this key you can create your own hone manufacturer key, which you can then use to create phony new TPMs - unlocked new TPMs. The reason this doesn't really work is because they will quickly realize you are making phony manufacturer keys, and there are a small number of real manufacturer keys. They can simply publish a list of the real manufacturer keys. Your fake manufacturer keys are not on the list, they get rejected,and any phony TPMs you made with it will be rejected. So if you snatch the MASTER master key to everything then you could create total chaos for a while, but they could quickly shut you down.
Actually if you snatch a manufacturer key or a manufacturer's maintenance key, then they could shut you down by revoking ALL affected chips. They could revoke all chips of that model, or all chips ever made by that manufacturer. However that is the nuclear option. Thousands or even millions of random innocent people would wake up one morning to find the chip in THEIR comp
A TPM is a piece of hardware that signs bits in the name of hardware manufacturer.
If a hardware manufacturer wants to sign bits, they are welcome to do so.
Once they sell some hardware to me, that hardware is my property. I have every right to melt my property into slag if I wish. I have every right to take a chainsaw to it in half and glue the pieces together sideways in a piece of abstract art. I also have every right unscrew MY computer and carefully rip open MY chips inside and read out MY keys. Simple basic property rights.
My computer, my chip, and most significantly MY PrivEK and RSK keys.
I have no need for the manufacturer's keys. They have those keys locked safely in their hardware at their manufacturing plant, and I don't need them. All I need is to read MY keys out of MY chip. I have every right to read them out if I wish.
I then have my keys. Game over. The whole argument becomes pointless. Your Trusted Computing Remote Attestation completely falls apart, and all of your arguments fail. It doesn't matter why you wanted Trusted Computing, I have every right to read my keys out of my computer if I wish, it's over you lose. Arguing over it is pointless, and trying to wage a war over it is pointless and destructive.
why would you ever want to utter such a statement? Do you derive pleasure from lying to people?
Yes, sometimes.
For example there have been a number of times people have put up poorly designed webservers. Sites that inadvertently/cluelessly serve incomplete or defective pages in response to certain browser user agent strings. Websites that display fine and work as intended if you "lie" and send a user agent string emulating the most common Internet Explorer user agent.
It's my computer and it is perfectly legitimate to emulate my system for interoperability and other purposes.
Seriously, if you could do that, this fact would destroy the genuine usefulness of TPM for people that do want to use it for whatever purpose.
False.
Considering otherwise identical hardware, an option allowing owner to knowing his own keys does not alter the security capabilities of the hardware to secure the computer FOR the owner. It preserves all security benefits for the owner of the computer. All it does is eliminate the ability to secure the computer against the owner. The anti-owner security features of Trusted Computing only DIMINISH security anyway. It is always physically possible for an owner to rip open their chip and read out their key, invalidating that entire security model. Assuming that a remote computer is secure against the owner is an invalid assumption. Any security application built upon an invalid security assumption is going to fail. The the extent anyone actually buys into the Trusted Computing Remote Attestation security model, they wind up with a flawed system and WORSE security than had they not relied on that invalid assumption. People will try to rely on Remote Attestation, other people will have read out their master key, the Remote Attestation will be insecure, and security will fail.
Advertising Remote Attestation as a valid useful security system is HARMFUL. People will expect it to work, and it won't. Security will fail the moment they expect it to work and they try to rely on it.
If all you want to say is "I'm Joe Schmoe and I certify that this computer runs unmodified Joe Schmoe's Little Distro", you can certainly do that, no TPM required. No one would trust such a statement but I gather it's OK
Actually there is value in doing that with an owner-controlled TPM (meaning the owner may know his key). First of all it retains the full security value if it is the owner himself remotely querying his own computer remotely. Secondly, other people still receive the exact same assurance as they would receive under your plan. Namely, they receive assurance that the system has not been infected or otherwise modified without the owner's knowledge.
I think any security offered by TPM would be against remote exploits.
That's the public relations image they are pushing.
I'm a programmer and I've read the technical specification from cover to cover, all 332 pages. It is designed like a prison "security system" (secure against the occupant), not like a home security system (secure for the occupant).
Just to prove the point, in TCPA Main TCG Architecture v1_1b.pdf on page 277 of the pdf (page 267 by internal numbering) the spec explicitly explains how the system is designed to be secure against attack by a "rogue owner". It is nonsensical to refer to a home security system secured against attack by a "rogue home owner". No, the TPM system is designed to secure computers against owners, just like a prison is secured against attack by rogue inmates.
A prison is indeed pretty well secure against outside attackers - it it is secure against the owner then it is equally secure against a hostile non-owner. But that does not diminish the fact that it is specifically a prison secured against the owner, and that they could have designed a legitimate security system secure for the owner without any of the anti-owner aspects. It is an anti-owner prison security system trying to hide under a pro-owner "home security system" public relations mask.
They know a lot of people object to this anti-owner design, and they are well aware of how public criticism killed off their first attempt. Remember the Pentium CPU Serial Numbers issue from a few years ago? And all the public complaints and controversy? And how Intel had to drop it like a hot potato? Well, various Intel documents show that the CPU Serial Numbers was merely the first step in rolling out exactly this sort of system.
They saw what a public relations disaster that was, even when it was merely CPU serial number without even any of the DRM or anti-owner security crap implemented yet. So they put together the Trusted Computing Platform Alliance, which morphed into the Trusted Computing Group. They formed a sweeping strategy to get almost the entire computer industry involved. They have spent tens or hundreds of millions of dollars to cloak and confuse all the negative aspects of the system and spent a fortune to spin Trusted Computing as sugar and spice and everything nice.
They have wrapped the system up in so many layers of complexity and chocolate-coating and public relations half-truths that it is almost impossible to understand exactly what the system does do or doesn't do unless you are a programmer and you spend hours studying the design.
There is one fundamental point they can't cover up or confuse: Under their system each computer is locked down under it's own a pair of security keys (the PrivEK and RSK keys), and the owner is absolutely forbidden to ever obtain or control his keys locking down his own computer.
If you don't know the master keys locking your computer, then your computer is locked against you. You don't control your computer. You no longer truly own your computer. The Trusted Computing Group has the ultimate control and ultimate ownership. If they ever discover that you somehow have cracked open the security chip on your computer and obtained the master keys to control your computer, then they have a key revocation system. For all practical purposes they kill your keys and kill your chip, and you have to go buy an entire new computer with a new security chip with a new security code, a new computer that is secure against you. You could try to rip your master key out of this computer too, but again if they ever spot that you have increased control of your computer they'll just revoke that key too, and make you buy yet another new computer.
The mantra I keep hearing is "all bets are off once an attacker has physical access" which makes sense.
That mantra is essentially true, however have documented increasing levels of physical security. Increasing levels of tamper resistance and self-des
The Slashdot community is made up of varied views on everything, but yes the majority here do object to the TPM.
That said, the grandparent post did not mention the TPM. He described some features similar to the TPM, but that's kinda like saying a home security system is similar to a prison security system. Both might have bars on the windows, but they are fundamentally different designs. Designing a security system to protect and benefit the person living there (a home security system) involves fundamentally different design considerations than designing a security system to be secure against the person living there (a prison).
The TPM is specifically designed to secure the computer against the owner. The TPM technical specification explicitly discusses how the system is designed to be secure against attack by a "rogue owner". The TPM is designed like a prison, not like a home security system. It is nonsensical to speak of a "rogue home owner" "attacking" his own home. The owner is by definition fully authorized and completely entitled to do anything he like with his own home. The TPM is not merely designed to keep attackers out, it is additionally designed to confine and control the owner of the computer, it is explicitly designed to treat the owner as the enemy, it is explicitly designed to lock the master key away from the owner, it is explicitly designed to prevent the owner from overriding his own security settings, and there are integrated design features and supplemental specifications for those in control of the system to revoke your TPM key and effectively brick the system if they ever detect that you have gained control over the security system locking down your computer. If they revoke the key to your TPM you are effectively locked out of the Trust system, and you have to go buy a whole new computer if you ever want to go online with the Trust system ever again.
I would like to point out one thing.... if you build a prison, yes that prison is indeed going to be pretty secure at keeping attackers out. Yes, the Trusted Computing system does indeed offer various benefits for securing your computer for you.... securing your computer against remote attackers. A system designed to be secure even against the owner will of course be equally work against a non-owner attacker. But the fact that the TPM has some benefits FOR the owner does not alter the fact that it is first and foremost a prison designed to be secure against the owner.
With trivial modification the TPM could be changed from prison technology into home security technology. With trivial modification you can retain ALL of the chip's capabilities to secure the computer FOR the owner while eliminating the owner-hostile aspects. If the owner were permitted to know his personal master key if he wanted it, then otherwise identical hardware would maintain identical capabilities to protect the owner, but by knowing his master key the owner would have the power to control and override his own security at will. If the owner knows his master key, then the computer can no longer be locked against the owner. An owner cannot be locked out of his own files if he knows his master key locking his computer.
If you are forbidden to know your master key to your computer then the "security system" is actually security against you, it is security restraining and controlling you just as it restrains and controls any attacker.
The proper response to Trusted Computing and the TPM is simple: I want my key. No key, no sale.
if the attacker has physical access to your box, you're screwed!
Yeah... especially if you're the RIAA/MPAA and the "attacker" is the owner having physical access to his own box.
I love these stories on physical-access attacks. They are great techniques for an owner to get around hostile Trusted Computing on his own computer. Cold-boot or warm-boot your own computer and read your data and your keys out of your RAM, even when Trusted Computing tries to deny you this sort of access to your own keys and data.
Perhaps it will be less confusion to you if you think "same gender marriage" rather than "gay marriage". You are not actually trying to deny gays the right to marry - you are fine with a gay woman marrying a gay man.
What you are trying to do is IDENTICAL to the interracial marriage situation, based on gender rather than race. Note that the two sections below are identical, except that I substituted gender for race, and I wrote one with "they want" and the other with "you want".
=======RACE======= Some people wanted to (and still want to!) deny interracial marriage.
They want the law to examine the GENDERS of marriage applicants. They want the law to DISCRIMINATE different treatment of marriage applicants based on that racial examination, approving the applicants they like and denying the applicants they don't like.
That is unconstitutional. You cannot use race, gender, or religion as basis to discriminate treatment under the law.
=======GENDER=======
You want to deny same gender marriage.
You would need the law to examine the GENDERS of marriage applicants. You would need the law to DISCRIMINATE different treatment of marriage applicants based on that racial examination, approving the applicants you like and denying the applicants you don't like.
That is unconstitutional. You cannot use race, gender, or religion as basis to discriminate treatment under the law.
Trying to deny same gender marriages is legally identical to trying to deny mixed race marriages. You are merely swapping gender examination and gender-based discrimination for racial examination and race-based discrimination.
==============
See? No difference, nothing more than race based discrimination vs gender based discrimination.
In 1968 lots of stats had laws denying mixed race marriages, and they were all found unconstitutional, null and void. The legal basis and constitutional issues are identical. Trying to deny same gender marriages or trying to deny mixed faith marriages is no more constitutional than trying to deny interracial marriage. There is simply no way to write a constitutionally valid law that does what you want it to do.
You probably agree that the law should be blind to race, gender, and religion. You are just running into a logical contradiction between that and what you want to put into marriage law. You can't have both. You either need to give up on banning same-ender marriage, or you need to abandon the principal of racial, gender, and religious equality under the law... and you would also have to successfully amend the Constitution to allow race/gender/religious discimination in the law.
Oh come now.... lets be generous and make it a round trip ticket with a year layover. There is the remote possibility that he would actually learn something.
I agree the Iran comment was unfair, but I did find it funny. Anywho...
California had a vote, and the gay marriage opponents were the majority.
In 1968 the public polling on interracial marriage was 20% approve, 74% disapprove.
In fact interracial marriage only reached 50% a democratic majority vote support in 1994.
No, you do not get to 51%-majority-vote on civil rights and Constitutional issues. The reason the interracial marriage bans were nationally struck down in 1968 was because of the Equal Protection Clause of the US Constitution. The law cannot use race, gender, or religion as a basis for discriminating different governmental treatment. It is impossible to write a constitutionally valid law excluding interracial marriage because the law cannot examine the races of individuals applying for marriage, and use that as a basis to discriminate which applications are approved by law or rejected by law. In exactly the same way and for exactly the same reason, it is impossible to write a valid marriage law that excludes gay couples. It is wrong and unconstitutional for the law to examine the genders of marriage applicants as a basis to discriminate legally approved marriages vs legally denied marriages.
You probably agree that the law should be blind to race, gender, and religion. Wanting to to make an exception for marriage law, wanting to the law to examine the genders of marriage applicants in order to deny gay marriages, that is legally no different than examining the races of marriage applicants to exclude interracial marriage.
You can't have both. You can't have the law be blind to race/gender/religion, and simultaneously have the law examine the genders of marriage applicants to exclude matching-gender marriage applications.
We don't hate gay people. We just think there is value in having marriages be only between opposite sex people.
Do you have any doubt that some opponent of interracial marriage said essentially the same thing at some point? Why would your comment there have any more weight than the equivalent comment on racial marriage have had then?
There is almost no argument against gay marriage that doesn't translate directly into an identical argument that was used somewhere somewhen by someone against interracial marriage. Virtually the only line of argument unique to gay marriage are those relating to the inability of a gay couple to directly conceive children. And all of those arguments fall flat at the mention of infertile couples and postmenopausal women and the like. We routinely grant marriages to couples who will not or cannot conceive children on their own.
Go ahead, try it as a game. Aside from fertility, see how many gay marriage arguments you can think of, and for each one try translating gender into race and any other minimally necessary translations, and see how many of your own arguments could equally have been claimed against interracial marriage.
Rather than talking about "smart people", I will personally refer to computer programmers (which presumably would be the smart people he intended to refer to).
As a group computer programmers, gay or not, are far more accepting of gays and gay marriage than the average public. As a group, programmers are far less religious or religiously fundamentalist than the average public. Even the slightest familiarity with Slashdot should be sufficient to essentially establish those two points.
So setting aside his "smartness" reference, yes, perspective Google employees are indeed particularly likely to be gay or to be affirmatively concerned with gay-as-a-civil-rights-issue, and for Google to have an almost nonexistent problem of religious fundamentalists wanting avoiding a gay marriage state.
One could engage in some interesting discussion and speculation why the gay-acceptance/gay-rights correlation and unreligious correlation are true for programmers as a group, but the whys don't really matter to this particular point.
Yeah, you really need to work on your reading comprehension. Nowhere did he say or imply "majority".
Although I will point out that such majorities are rapidly approaching. In the US approval of interracial marriage polled at about 20% when it the Supreme Court legalized it nationwide, and approval of interracial marriage only broke the 50% majority approval level in 1994.
In the US acceptance of gay marriage is rising about TWICE as fast as interracial marriage gained acceptance. Acceptance of gay marriage will hit majority level in California within a year or so, and it will have nationwide majority acceptance not long after that.
It's a simple fact of demographics. The younger generation overwhelmingly accepts gay marriage as a civil rights and equal rights issue, and opposition is overwhelmingly concentrated in the older and senior generation. Some in the older generation are slowly becoming more comfortable with the idea, and those that aren't are just plain dying out at a faster rate. It is the exact same thing that happened with interracial marriage. The war is effectively over. The younger generation wins, PERIOD. Even if that means they have to bury the older generation to do it.
I haven't looked into any sort of international figures on gay marriage, but it is blatantly obvious that things are only going in one direction. A slow steady stream of countries are switching to recognize gay marriage as an equal rights civil rights issue. It's a clear step by step progression towards majority.
I'm sure Islamic theocratic nations will in particular steadfastly remain on the no-gay-marriage side for the foreseeable future, however I would not exactly consider them a positive credit for the team of nations denying gay marriage.
The law has absolutely no business examining the race, gender, or religion of people to discriminate different treatment under the law. In the US it is impossible to write a constitutionally valid marriage law excluding interracial marriage because the law should not and CANNOT examine the races of marriage applicants as a basis to grant or deny marriages. In the exact same way and for the exact same reason, it is impossible to write a constitutionally marriage law excluding gay marriage because the law should not and cannot examine the genders of marriage applicants as a basis to grant or deny marriages.
You probably agree that the law should be blind to race and gender and religion, yet you run into a logical conflict when you want marriage law to examine races to ban interracial marriage or you want the law to examine genders to ban gay marriage.
California will remain a no gay marriage state for generations to come.
Population demographics indicates otherwise. The younger generation is overwhelmingly in support of gay marriage as an equal rights civil rights issue, and opposition is overwhelmingly in the older generation and particularly senior citizens. The exact same thing happened with interracial marriage. The older generation slowly abandons the old discrimination, or they simply die out at a faster rate. Acceptance of gay marriage is rising by about 1.5% to 2% yearly. That is about double the rate that interracial marriage gained acceptance.
Deeply Catholic immigrants notwithstanding, California is currently on the cusp of crossing over the 50% acceptance level, and the rest of the country will cross the 50% level in just a few years.
Some significant data points - when the Supreme Court nationally legalized interracial marriage in 1968 it only polled about a 20% approval. The approval numbers for interracial marriage only crossed above the 50% mark in 1994. Public opinion on gay marriage is advancing so fast its threatening to leave the court system in the dust. It took 26 years for court legalized interracial marriage to reach 50% public acceptance. Gay marriage is beginning to look like it may be democratically approved before the Supreme Court even gets around to examining the constitutional arguments.
For what it's worth, 1) the process for amending the national constitution is roughly comparable to the difficult process you describe for NL constitutional amendments. The US constitution has only been amended f fairly small number of times in the last 200-odd years; and 2) we don't really take state constitutions particularly seriously around here. State laws and state constitutions are subject to the US constitution, and that is where the question will ultimately have to go. The Contents of the California constitution won't mean squat when we get around to dealing with the issue at the US Constitutional level.
Populationwise, California as part of the US is about equivalent to Gelderland province as a fraction of the Netherlands. Imagine Gelderland had a constitution relating to local laws, and that the Gelderland constitution was subject to the Netherlands' constitution. Screwing around with the Gelderland constitution would just be a big-sounding way of fighting over local laws. In a fundamentally national issue, any local battles and local results will be temporary and irrelevant once the battle really gets up to the national level.
And yes it does make a constitution change slow as molasses
Even slower over here.
Individuals battle city and county government in court for for the right to marry. The local court fights and overrules the local government. The state courts fight and overrule the local courts. The state legislature fights and passes a law to overrule the state court. It goes to the state supreme court ruling the law violates the state constitution. A public inititive to change the state constitution to overrule the state supreme court. [[Note we are currently here]] A state court battle over bizarre issues for whether the state amendment was valid or not. It then moves to the federal courts... and the federal appeals courts... and then the US Supreme Court. And the US Supreme Court can either rule gay marriages nationally legal or not, or may rule on some stupid detail and send the issue back to the lower courts.... which just repeats several of the steps until the Supreme Court does actually rule on the real issue.
Oh.... and I forgot that the national legislature already has passed a law trying to overrule the lower courts and attempting to premptively overrule the federal courts. And of course THAT law is going to have to be litigated in the federal courts. And the national legislature will get involved again when federal courts start ruling.
But anyway, we haven't even begun anything for amending the real US Constitution. It will probably be a couple of years before we have an official Constitutional position on the issue, and only then that one side or the other would seriously try to initiate the difficult amendment process. And even then, it is almost certain to fail no matter which way things go. There are enough people in the middle and on both sides opposed to the drastic step of Constitutional Amendment to deadlock any amendment attempt by either side.
So essentially we're waiting for the Supreme Court to hand down a US Constitutional ruling on the issue. And of course the US Constitution doesn't currently explicitly address the issue, meaning the judges will have to interpret and fuzzy principles and fuzzy rights from various sections of the constitution, so there will be enough wiggle room for judges to apply creative ideology in their reasoning. So the liberal judges will rule one way, and the conservative judges will rule the other way, and the one judge who is kinda-sorta in the middle will point to some random spot in the constitution and single handedly make up a rule for the nation. And any attempt to amend the Constitution to change that is going to fail.
But in the long run even that isn't going to matter. It's a simple matter of population demographics. The younger generation is overwhelmingly in support or gay marriage, with the opposition being primarily by the older gener
if Google is going to discriminate against those who actually have faith
Whether it's gay marriage or interracial marriage at issue, your statement is ridiculous.
First of all, many people of faith agree with Google and support gay marriage, just as many people of faith supported interracial marriage. (In fact "those who actually have faith" currently support gay marriage at about DOUBLE the rate they supported interracial marriage when it was nationally legalized in 1968.)
Secondly, it's hysterical how people try to claim that REMOVING discrimination from the law is discrimination. A marriage law that examines the races of marriage applicants as a basis to legally grant or deny that marriage application is discrimination. REMOVING the examination of race from marriage applications, treating marriage applications identically regardless of the races of individuals involved, that is by definition an absence of discimination. A marriage law that examines the genderss of marriage applicants as a basis to legally grant or deny that marriage application is discrimination. REMOVING the examination of gender from marriage applications, treating marriage applications identically regardless of the genders of individuals involved, that is by definition an absence of discimination.
Your post is not different, and it is just as comical, as someone wanting to prohibit interracial marriage and whinging that HE is somehow being discriminated against because Google opposes the ban on interracial marriage. Absolutely no difference whatsoever.
That means that obviously he must be excluded if you want to have diversity. Everyone knows that the only way to have diversity is to exclude members of LDS or other organizations that believe something contrary to the accepted standard.
What a load of crap.
He did not say anyone must be excluded from anything. He mentioned someone's affiliation with a group/ideology, which can at times provide useful context. If someone is a Scientologist, I am going to be rather skeptical of anything they say regarding psychologists. If someone is a member of the KKK, well then my personal choice is not to waste much time on their ideological-bullshit on anything relating to race.
Note that my comment here really shouldn't be taken as relating to the LDS in particular. I am specifically bitch-slapping at the parent poster trying to make some persecuted-by-diversity whine.
If some asshat wants to prohibit interracial marriage, I respect their right to believe what they want and I respect their right to speak, however that does not mean I have to respect THEM and it does not mean I have to respect that belief. If someone wants to prohibit interracial marriage, then they are an asshole, an idiot, and I will neither tolerate not permit them to attempt to use the force of government to legally discriminate/oppress others.
Tolerance of speech, tolerance of beliefs, but no, no tolerance of that sort abusing of physical or legal force against others.
If some asshat wants to prohibit gay marriage, I respect their right to believe what they want and I respect their right to speak, however that does not mean I have to respect THEM and it does not mean I have to respect that belief. If someone wants to prohibit gay marriage.... well lets be generous and say they have not properly considered the logic and legal basis and Constitutional Rights of what they wish to do. I will neither tolerate not permit them to attempt to use the force of government to legally discriminate/oppress others.
Legally, Constitutionally, there is no difference between the cases of interracial marriage and gay marriage.
The law should not, must not, and under the Constitution CANNOT, discriminate legal treatment on the basis of race, gender, or religion.
You can no more write a marriage law denying gay marriages for the exact same reason you can't write a law denying interracial marriages. There's just no way to write a Constitutionally valid law to accomplish it. The law cannot examine the races of marriage applicants as a basis to discriminate which applications to approve and which to reject. You cannot examine the genders of marriage applicants to discriminate which applications to approve and which to reject.
The law must be blind to race, gender, and religion. The law must ignore such factors for all civil rights and in all legal treatment.
Almost everyone will agree with the statement hat the law should be blind to race gender and religion, and then they choke on the logic of actually living up to that princpal, they choke on logic when it comes to actually making marriage law blind to race gender and religion. They just really really dislike interracial/gay marriage, so let's just throw Equal Protection out the window, lets have marriage law discriminate on the basis of race/gender/religion just because interracial/gay marriages are really icky and I really really don't want those people getting married - screw civil rights and screw equal protection under the law.
Slashdot Mirror
album covers by Blind Faith and the Scorpions
You forgot Led Zeppelin.
And Poland.
Imagine if someone today tried to publish an album with one of those covers? It would be almost as big a deal as Janet Jackson's right nipple.
-
I"m a little shocked too at the leap the level to trigger a crime has come to.
So now...simple nudity == porn? In this case a nude person under 18 is now considered child porn?
It's worse than that.
This subject comes up, and we get all these crusading posters thinking we're talking about little children getting fucked.
Child porn does not have to include sex, molestation, or even nudity. All it takes to qualify as child porn is for someone to decide that the the camera is a little too centered on the genital region, or to decide the pose/expression looks too sexual. God-forbid a picture of a 17-year-old in a ballet leotard has a bit of camel toe and some prosecutor finds it arousing. That is essentially the definition of child porn - does the prosecutor find it arousing. And then there's the real insane kicker - it doesn't even have to be a child or even a real person. Is it an 18 or 19 or 20 year old that looks young? Child porn. Is it a DRAWING? Child porn.
I don't remember where I saw it, but last time one of these stories came up I came across a website with statistics on the photos from child porn prosecutions. The photos get categorized in some sort of levels system. The substantial majority of photos in child porn prosecutions are photos like the ones in this story, basic nudity or partial nudity or even fully clothed images that the prosecutor decided he got horny over, and that only a tiny percentage - some small single digit percent - were in the high classification involving "hardcore porn" meaning porn involving actual genital/oral/anal contact sexual activity. I don't remember the exact details, but it was about what it said. The substantial majority were classified in the lightest category like the photos in this story.
But heay, someone might download a drawing of a fictional-20-year-old-who-looks-17 wearing tight cloths and suggestive curves and a potentially suggestive pose, so lets outlaw the internet. We have to save the children, even when those children are fictional. And we most especially have to save the children by putting them in prison when the take naughty pictures of themselves.
Me? I'm an evil insane radical. I have this wacky idea that the police should spend a little more of their time going after people who actually molest flesh-and-blood real children, and a little less time sorting through photos from nudist colonies trying to decide which ones are innocent family photos and which ones make them horny meaning it's kiddyporn.
-
If you cannot permanently wipe, or temporarily disable, the manufacturer's keys and replace them with your own
The way the system works, wiping the chip's key or replacing it with your own is entirely pointless. There's no reason to ever do that.
By the way that key is called the PrivEK. It stands for Private Endorsement Key.
If you wipe or replace the PrivEK then as far as the rest of the Trusted Computing universe is concerned you have an invalid rejected chip. As far as the broader Trust system is concerned, you have no chip at all. Your chip is not Trusted, your computer is not Trusted. Any other computers using the Trust system will reject connections from your computer, and your computer will be unable to access any Trusted content. You're just as screwed as if you have no chip at all. You're locked out of the Trust system.
You CAN still you that chip for some limited local uses, like Bitlocker. However there's absolutely no need to wipe or replace the PrivEK for that. If you're just using the chip for Bitlocker and the like, then you're not really using the PrivEK anyway, or it doesn't matter what the PrivEK is set to.
If you wipe/change the PrivEK the you completely destroy the Trusted status and Trusted capabilities of the chip. And if you're not using the Trusted capabilities of the chip then there's no need to care about that key.
Now, if you want to discover manufacturer's keys, that's a different matter.
While that would be most amusing, grin, no. I was absolutely not suggesting anything of the sort.
I was saying that I want to know my master key in my chip. (Actually you have two keys locked in there, the PrivEK and the RSK Root Storage Key, but lets gloss over that and keep it simple).
If you do not know your master key then your computer can be locked against you. Your files on your computer can be locked so that you cannot read them or modify them or control them. It gets pretty technical and complicated, but in essence it makes your computer one big DRM machine. It spies on you and it sends those spy reports to other people, and it enforced Uber-DRM on your files software and network connections.
Either you DO use the Trust system and your computer gets locked down, or you do not use the Trust system and you get completely locked out of the Trust system and completely locked out of all Trusted files and completely locked out of all Trusted software and completely locked out any network service or network access that uses the Trust system. In the long term worst case your ISP could use the Trust system. If that ever happens then you have a choice - either Turn on the Trusted lockdown to get internet access and completely surrender ownership and control of your computer, or don't turn on the Trusted lockdown and not get internet access.
In the medium term, it might start happening with websites for example. A website may well want to make sure you don't run any sort of adblocker. They want to make sure the ads are displayed along with the webpage, or you don't get to view the website at all. The webserver sends a quick small Trust check-request to your computer. Either you have the Trust system on and it sends back a Trusted spy report on your system and you effectively surrender control and surrender ownership of your computer, or you don't get to view the website at all.
Either a Trusted lockdown, or a Trusted lockout.
I hope I explained it clearly enough. I'm half asleep and I'm brain-blurry :)
Of course the assumption that the owner will under no circumstances have the key is, strictly speaking, invalid... So what? Does it make passwords and dongles invalid security measures? No.
But that's not the sort of "security" that Trusted computing is about. Trusted Computing defines "security" in a bizarre irrational way.
Let me try this example. You have a vending machine selling soda or snacks. The normal meaning of security is that you have a bill-scanner and a coin-dete
My TPM is used solely as a master key store to secure the security suite.
In other words you've got a handgrenade on your desk, but you solely use the handle as a bottle opener.
Ooops, that should have been a car analogy. Chuckle.
The TPM is designed to be a trusted key store.
It's not merely a key store.
It is a key store designed with the added capability to secure keys even against owner's access, and it is attached to a system to securely log your system state (secure even against the owner), and attached to a remote attestation system to securely communicate those keys and that system log with other systems over the internet (secure even against the owner).
Locked out of the trust system? Go online with the Trust system? Does this actually mean anything?
Yes, it does. You may have a TPM, but they have not finished implementing the Trust system. They have not yet really turned the Trust system on. For example no one is using remote attestation for anything yet, and they haven't set up any Certificate Authorities yet. You've got an incomplete handgrenade on your desk and you're using the handle as a bottle opener. Yeah, at the moment it's harmless. It's incomplete and most of it is lying unused.
As for DRM-encrypted media, that is an entirely different issue. The TPM does not really alter that issue one way or another, which is to say that if you consume it, you deserve what you get.
I need sleep, so I'm going to gloss over the inactive parts of the Trust systems and the short term reality issues and I'll just jump to to the ultimate capability of the system and, if they succeed in rolling it out, the long term game-over point. For a nice round number let's call it in maybe a decade from now. I don't know if they can actually pull it off, I seriously hope they can't, but they have a VERY real VERY credible path planned to head in this direction....
Under the Trusted Computing system, internet access can be DRM'd. I don't merely mean the content and media on the internet, I mean the act of connecting to an ISP / connecting to the internet itself would be a DRM connection. "if you consume it, you deserve what you get" kinda becomes a problem when you're talking about "consuming" mere access to the 'net. And if that happens you have to fully activate and fully submit to the Trust system in order to get any internet access at all. A fully active handgrenade with the pin pulled.
I'll try to post tomorrow or something, the explanations I skipped over. It would help if you post a note saying whether you know about Remote Attestation or Certificate Authorities or Platform Configuration Registers, or anything else about Trusted Computing.
-
Yep, yep. But one thing.... "Id rather prefer a way to reset the master key (PrivEK) that does you no good. It's no better than a standard TPM for your purposes, and it is rejected as an invalid TPM by everyone else.
The issue is that you get screwed if other people have a standard TPM and you don't. Then those computers start refusing to talk to you, and various programs and data files refuse to run on your computer. You might go to some website and it does a Trust check to ensure you don't block the ads. If you don't have a standard TPM then you can't view the website.
You need to either prevent most other people from ending up with TPMs, or you need a standard option where lots of people know their PrivEK. A lesser fix is if you crack your chip to know your PrivEK(or some equivalent override), but in that case you are always under threat that they will detect that your system is jail-broken, in which case they revoke your PrivEK. Then you need to go buy a brand new PC with a new chip with a new PrivEK. Not fun.
-
secure a computer against the owner. Can you point me to a specific reference in the specification or other official matter regarding this design objective?
The entire TPM specification is filled with endless mandates that the owner must not be allowed to do X, must not be permitted allowed to access Y, must not be allowed to know his own keys/data Z. One example stands out in particular in TCPA Main TCG Architecture v1_1b.pdf on page 277 (page 267 by internal numbering) they explicitly discuss securing the system against attack by a "rogue owner". They explicitly refer to the owner as the enemy to be secured against.
The Protection Profile PC Client Specific Trusted Platform Module TPM Family 1.2 pp0030b.pdf page 95 section FPT_PHP.3 Resistance to physical attack explicitly says a PC Trusted system "shall resist physical manipulation and physical probing", "responding such that SFRs [security functionality requirements] are enforced". Physical tampering explicitly includes physical attack. It makes no specific statements on how physical attack resistance shall be implemented. The same document page 109 section O.Tamper_Resistance "requires the TPM to be resistant against identified physical tampering by an hostile user against the TSF [trusted system framework] by responding automatically such that SFRs [security functionality requirements] are always enforced". Note that the TPM's standard fallback method for ensuring security requirements is by terminating operation, denying all access, or even wiping keys. No access means no security violation.
There is a document called TPCPP - Trusted Platform Connection Protection Profile. The TPM specification says that the system is required to comply with the TPCPP. Based on the name of that document and the surrounding discussion, it strongly appears to be a physical security specification - the physical security of integrating the TPM with the motherboard system or other platform. Unfortunately I am unable to find this document on the Trusted Computing Group website, nor was I able to locate it with a few google searches. Very odd.
One of the documents, I think somewhere in the TCPA Main TCG Architecture v1_1b.pdf, they specify a TPM storage system for signed digital certificates for the hardware manufacturers to specify what kinds and levels of physical security have been applied. They also mention their intent for manufacturers to compete with each other to offer higher and higher levels of physical security.
And then there are multiple documents dedicated to the CA system, where the CA has the job of scanning your system and issuing certificates attesting to the logical and physical security conformance of your system. If they ever detect that your system is not compliant - meaning if you have successfully tampered with your computer - then they are required to revoke your system certificate. For practical purposes, they brick the Trust system of your computer. You then need to go out and buy a brand new PC with a brand new Trust chip on board.
So final summary, yes the system is designed to be security against the owner, yes it is explicitly hostile and considers "rogue owner"s to be the enemy. Yes, they say there should be physical security. No, I have not been able to locate any specific mandates on how physical security shall be implemented. Yes, they explicitly have a system in place for manufacturers to specify types and levels of physical security that is present. Yes, they explicitly want manufacturers to compete for higher levels of security. Yes, they explicitly certify your compliance and level of physical security before you fully activate the system. Yes it will still be possible (difficult but possible) to succeed in physically attacking your system. They have a system and mandate in place to watch for such violations(*), with a mandate to revoke your system. So go ahead and physically override your computer, and then you can go buy an entire new PC when they revoke your syste
I would say that the law (i.e. the government) has no business meddling with "marriage"
I agree that would fix the problem as I see it. :)
I have no opposition to that as a solution, though I don't really push for it either. I have pretty significant libertarian leanings, but I think libertarianism can at times get a bit radical with the "nuke the universe and contract will rebuild and fix everything" fundamentalism
Anywho, the fact is that marriage law does currently exist. And so long as it does, I believe my constitutional argument stands. None of the law, marriage law or otherwise, can examine race gender or religion as a basis for differential government treatment. This is why the interracial marriage bans were invalidated. The law, marriage law or otherwise, cannot examine race as a basis to grant or deny applicants. The law, marriage law or otherwise, cannot examine gender as a basis to grant or deny applicants. Any marriage law trying to deny gay marriages fails for the same reason a marriage law trying to deny interracial marriage fails.
Prop. 8 was not an "equal rights issue".
The law was attempting to engage in gender based discrimination, identical to the race based discrimination to exclude interracial marriage. There is no means to identify and exclude mixed race couples without examining their races. There is no means to identify and exclude same gender couples without examining their genders.
If what the opponents of Prop. 8 really wanted was equal rights (because, yes, there are some crucial legal differences between "marriage" and "civil union"), they should have pushed for a proposition of their own, declaring legal equality of marriage and civil union
If what [mixed race couples] really wanted was equal rights (because, yes, there are some crucial legal differences between "marriage" and "civil union"), they should have pushed for a proposition of their own, declaring legal equality of marriage and civil union?????
Do you not see a problem with that?
By demanding that the definition of "marriage" be extended to cover gay couples, what they are effectively trying to do is change every contract out there written with the word "marriage" in them
By demanding that the definition of "marriage" be extended to cover [mixed race] couples, what they are effectively trying to do is change every contract out there written with the word "marriage" in them?????
Do you not see a problem with that?
Maybe you think that's a good thing, changing other people's agreements, after the fact
Sometimes parties run into unforeseen implications of what they did write into their contract.
If someone writes a contract about serving alcohol, and that contract obviously has some clause referring to minors, and if the legally defined age for "minors" changes, then the effects of that contract obviously have an unanticipated adjustment to apply that new age threshold.
With interracial or gay marriage it's even more fundamental. Nothing actually changes.
Some parties may think interracial couples are marriages and other parties may think interracial couples are not marriages. So long as their contract is relying upon the legal definition of marriage, and so long as the law is defining what marriage is, then those parties are contracting to the legal definition of marriage no matter what that is and no matter what they would wish it to be.
At the time a contract is written someone may dislike interracial couples getting married. His state may currently have a law on the books containing text saying that interracial couples do not constitute a valid marriage. He may assume that means that interracial couples are not marriages. He is in error. The portion of the state law claiming interracial couples are not married is unconstitutional. That segment of text in the law is invalid. That segment of text is legally null and void. It doesn't actually exist. It's not actually law and it ha
Trusted Computing is built on an entire tree of keys. You're right that the master pair of keys (PrivEK and RSK) never leave the chip. You're right that reading RAM will not give you a simple full crack of the Trust system on your computer. However by reading RAM you can snatch the lower levels keys peicemeal, and you can read out decrypted files piecemeal. For example you play some DRM music and do a RAM grab. If you're lucky that RAM grab will give you the key to decrypt all of the DRM music files on your computer, or if your less lucky you may just get the decrypted version of the particular song you were playing at the time.
Actually I have been collecting notes on some more powerful more promising attacks on Trusted Computing, but this RAM technique is certainly nice and easy addition to the anti-TrustedComputing toolbox.
-
Then explain why I cant have my private key to the TPM I may own?
Precisely. The intent is to secure the computer against the owner. If you know your key then you can unlock and control your computer.
Or, who knows the proper private key to unlock any TPM?
No one.
The way the system is set up there is no master unlocking key. There are keys you can use to create new unlocked phony TPMs, but they are mostly useless towards an existing TPM.
I'll give a super simplified rundown of how it works. They manufacture the chip. The chip generates a completely random key. The key has a public half and a secret half. The secret half of the key is locked in the chip. No one knows it, no one is ever permitted to see it. The manufacturer uses their key to sign the public half of the chip's key. The chip loads and stores this signature. This signature "proves" that the chip's key is a real TPM key. It "proves" that the master key to this chip *is* locked inside a chip, and that no one has ever seen it, and that the chip will never willingly permit anyone to ever see it.
The master key is locked inside the chip. No one knows it, no one can unlock the chip.
Actually I just thought of something. The technical specification does permit an optional feature - manufacturers are permitted to include something called Maintenance. If a manufacture does include the maintenance capability, then the maintenance key could indeed be used to unlock all chips of that particular model from that particular manufacturer. The manufacturer would be in possession of this key. The specification mandates that the manufacturer is forbidden to ever use this key in this manner.
If you did manage to break into a manufacturer and steal/copy this key, then with physical access you could activate maintenance mode, read out the maintenance data (the TPM chip self destructs in the process ), and use the key to decrypt the maintenance data. That gives you the keys - the soul of the chip. You could then unlock all data stored on that computer, and you can use those keys to reincarnate the TPM in a new chip or in software. The reincarnated TPM would be unlocked.
Even if you did manage to get into the manufacture to snatch tat key, it's probably going to be locked inside a TPM itself. You'd have to physically rip open that TPM to unlock it, to get the maintenance key. You would have the benefit that physically ripping one chip would then allow you to easily unlock an unlimited number more chips of that model.
If you could snatch the manufacture's signing key then you could "manufacture" unlocked TPMs at will. That's no good for unlocking existing systems, but most of the time a shiny new unlocked TPM is just as good. This key is also likely to be locked inside a TPM.
There's one more key of significance, the very top master key to the whole system. While this is theoretically the most powerful key, it actually turns out to be pretty much useless. It's the master key used to sign/certify manufacturer's keys. With this key you can create your own hone manufacturer key, which you can then use to create phony new TPMs - unlocked new TPMs. The reason this doesn't really work is because they will quickly realize you are making phony manufacturer keys, and there are a small number of real manufacturer keys. They can simply publish a list of the real manufacturer keys. Your fake manufacturer keys are not on the list, they get rejected,and any phony TPMs you made with it will be rejected. So if you snatch the MASTER master key to everything then you could create total chaos for a while, but they could quickly shut you down.
Actually if you snatch a manufacturer key or a manufacturer's maintenance key, then they could shut you down by revoking ALL affected chips. They could revoke all chips of that model, or all chips ever made by that manufacturer. However that is the nuclear option. Thousands or even millions of random innocent people would wake up one morning to find the chip in THEIR comp
A TPM is a piece of hardware that signs bits in the name of hardware manufacturer.
If a hardware manufacturer wants to sign bits, they are welcome to do so.
Once they sell some hardware to me, that hardware is my property. I have every right to melt my property into slag if I wish. I have every right to take a chainsaw to it in half and glue the pieces together sideways in a piece of abstract art. I also have every right unscrew MY computer and carefully rip open MY chips inside and read out MY keys. Simple basic property rights.
My computer, my chip, and most significantly MY PrivEK and RSK keys.
I have no need for the manufacturer's keys. They have those keys locked safely in their hardware at their manufacturing plant, and I don't need them. All I need is to read MY keys out of MY chip. I have every right to read them out if I wish.
I then have my keys. Game over. The whole argument becomes pointless. Your Trusted Computing Remote Attestation completely falls apart, and all of your arguments fail. It doesn't matter why you wanted Trusted Computing, I have every right to read my keys out of my computer if I wish, it's over you lose. Arguing over it is pointless, and trying to wage a war over it is pointless and destructive.
why would you ever want to utter such a statement? Do you derive pleasure from lying to people?
Yes, sometimes.
For example there have been a number of times people have put up poorly designed webservers. Sites that inadvertently/cluelessly serve incomplete or defective pages in response to certain browser user agent strings. Websites that display fine and work as intended if you "lie" and send a user agent string emulating the most common Internet Explorer user agent.
It's my computer and it is perfectly legitimate to emulate my system for interoperability and other purposes.
Seriously, if you could do that, this fact would destroy the genuine usefulness of TPM for people that do want to use it for whatever purpose.
False.
Considering otherwise identical hardware, an option allowing owner to knowing his own keys does not alter the security capabilities of the hardware to secure the computer FOR the owner. It preserves all security benefits for the owner of the computer. All it does is eliminate the ability to secure the computer against the owner. The anti-owner security features of Trusted Computing only DIMINISH security anyway. It is always physically possible for an owner to rip open their chip and read out their key, invalidating that entire security model. Assuming that a remote computer is secure against the owner is an invalid assumption. Any security application built upon an invalid security assumption is going to fail. The the extent anyone actually buys into the Trusted Computing Remote Attestation security model, they wind up with a flawed system and WORSE security than had they not relied on that invalid assumption. People will try to rely on Remote Attestation, other people will have read out their master key, the Remote Attestation will be insecure, and security will fail.
Advertising Remote Attestation as a valid useful security system is HARMFUL. People will expect it to work, and it won't. Security will fail the moment they expect it to work and they try to rely on it.
If all you want to say is "I'm Joe Schmoe and I certify that this computer runs unmodified Joe Schmoe's Little Distro", you can certainly do that, no TPM required. No one would trust such a statement but I gather it's OK
Actually there is value in doing that with an owner-controlled TPM (meaning the owner may know his key). First of all it retains the full security value if it is the owner himself remotely querying his own computer remotely. Secondly, other people still receive the exact same assurance as they would receive under your plan. Namely, they receive assurance that the system has not been infected or otherwise modified without the owner's knowledge.
I think any security offered by TPM would be against remote exploits.
That's the public relations image they are pushing.
I'm a programmer and I've read the technical specification from cover to cover, all 332 pages. It is designed like a prison "security system" (secure against the occupant), not like a home security system (secure for the occupant).
Just to prove the point, in TCPA Main TCG Architecture v1_1b.pdf on page 277 of the pdf (page 267 by internal numbering) the spec explicitly explains how the system is designed to be secure against attack by a "rogue owner". It is nonsensical to refer to a home security system secured against attack by a "rogue home owner". No, the TPM system is designed to secure computers against owners, just like a prison is secured against attack by rogue inmates.
A prison is indeed pretty well secure against outside attackers - it it is secure against the owner then it is equally secure against a hostile non-owner. But that does not diminish the fact that it is specifically a prison secured against the owner, and that they could have designed a legitimate security system secure for the owner without any of the anti-owner aspects. It is an anti-owner prison security system trying to hide under a pro-owner "home security system" public relations mask.
They know a lot of people object to this anti-owner design, and they are well aware of how public criticism killed off their first attempt. Remember the Pentium CPU Serial Numbers issue from a few years ago? And all the public complaints and controversy? And how Intel had to drop it like a hot potato? Well, various Intel documents show that the CPU Serial Numbers was merely the first step in rolling out exactly this sort of system.
They saw what a public relations disaster that was, even when it was merely CPU serial number without even any of the DRM or anti-owner security crap implemented yet. So they put together the Trusted Computing Platform Alliance, which morphed into the Trusted Computing Group. They formed a sweeping strategy to get almost the entire computer industry involved. They have spent tens or hundreds of millions of dollars to cloak and confuse all the negative aspects of the system and spent a fortune to spin Trusted Computing as sugar and spice and everything nice.
They have wrapped the system up in so many layers of complexity and chocolate-coating and public relations half-truths that it is almost impossible to understand exactly what the system does do or doesn't do unless you are a programmer and you spend hours studying the design.
There is one fundamental point they can't cover up or confuse:
Under their system each computer is locked down under it's own a pair of security keys (the PrivEK and RSK keys), and the owner is absolutely forbidden to ever obtain or control his keys locking down his own computer.
If you don't know the master keys locking your computer, then your computer is locked against you. You don't control your computer. You no longer truly own your computer. The Trusted Computing Group has the ultimate control and ultimate ownership. If they ever discover that you somehow have cracked open the security chip on your computer and obtained the master keys to control your computer, then they have a key revocation system. For all practical purposes they kill your keys and kill your chip, and you have to go buy an entire new computer with a new security chip with a new security code, a new computer that is secure against you. You could try to rip your master key out of this computer too, but again if they ever spot that you have increased control of your computer they'll just revoke that key too, and make you buy yet another new computer.
The mantra I keep hearing is "all bets are off once an attacker has physical access" which makes sense.
That mantra is essentially true, however have documented increasing levels of physical security. Increasing levels of tamper resistance and self-des
Warning label:
-
I thought Slashdot was against the TPM chip?
The Slashdot community is made up of varied views on everything, but yes the majority here do object to the TPM.
That said, the grandparent post did not mention the TPM. He described some features similar to the TPM, but that's kinda like saying a home security system is similar to a prison security system. Both might have bars on the windows, but they are fundamentally different designs. Designing a security system to protect and benefit the person living there (a home security system) involves fundamentally different design considerations than designing a security system to be secure against the person living there (a prison).
The TPM is specifically designed to secure the computer against the owner. The TPM technical specification explicitly discusses how the system is designed to be secure against attack by a "rogue owner". The TPM is designed like a prison, not like a home security system. It is nonsensical to speak of a "rogue home owner" "attacking" his own home. The owner is by definition fully authorized and completely entitled to do anything he like with his own home. The TPM is not merely designed to keep attackers out, it is additionally designed to confine and control the owner of the computer, it is explicitly designed to treat the owner as the enemy, it is explicitly designed to lock the master key away from the owner, it is explicitly designed to prevent the owner from overriding his own security settings, and there are integrated design features and supplemental specifications for those in control of the system to revoke your TPM key and effectively brick the system if they ever detect that you have gained control over the security system locking down your computer. If they revoke the key to your TPM you are effectively locked out of the Trust system, and you have to go buy a whole new computer if you ever want to go online with the Trust system ever again.
I would like to point out one thing.... if you build a prison, yes that prison is indeed going to be pretty secure at keeping attackers out. Yes, the Trusted Computing system does indeed offer various benefits for securing your computer for you.... securing your computer against remote attackers. A system designed to be secure even against the owner will of course be equally work against a non-owner attacker. But the fact that the TPM has some benefits FOR the owner does not alter the fact that it is first and foremost a prison designed to be secure against the owner.
With trivial modification the TPM could be changed from prison technology into home security technology. With trivial modification you can retain ALL of the chip's capabilities to secure the computer FOR the owner while eliminating the owner-hostile aspects. If the owner were permitted to know his personal master key if he wanted it, then otherwise identical hardware would maintain identical capabilities to protect the owner, but by knowing his master key the owner would have the power to control and override his own security at will. If the owner knows his master key, then the computer can no longer be locked against the owner. An owner cannot be locked out of his own files if he knows his master key locking his computer.
If you are forbidden to know your master key to your computer then the "security system" is actually security against you, it is security restraining and controlling you just as it restrains and controls any attacker.
The proper response to Trusted Computing and the TPM is simple:
I want my key. No key, no sale.
-
if the attacker has physical access to your box, you're screwed!
Yeah... especially if you're the RIAA/MPAA and the "attacker" is the owner having physical access to his own box.
I love these stories on physical-access attacks. They are great techniques for an owner to get around hostile Trusted Computing on his own computer. Cold-boot or warm-boot your own computer and read your data and your keys out of your RAM, even when Trusted Computing tries to deny you this sort of access to your own keys and data.
-
So, begin gay is a race, gender or religion?
Perhaps it will be less confusion to you if you think "same gender marriage" rather than "gay marriage". You are not actually trying to deny gays the right to marry - you are fine with a gay woman marrying a gay man.
What you are trying to do is IDENTICAL to the interracial marriage situation, based on gender rather than race. Note that the two sections below are identical, except that I substituted gender for race, and I wrote one with "they want" and the other with "you want".
=======RACE=======
Some people wanted to (and still want to!) deny interracial marriage.
They want the law to examine the GENDERS of marriage applicants. They want the law to DISCRIMINATE different treatment of marriage applicants based on that racial examination, approving the applicants they like and denying the applicants they don't like.
That is unconstitutional. You cannot use race, gender, or religion as basis to discriminate treatment under the law.
=======GENDER=======
You want to deny same gender marriage.
You would need the law to examine the GENDERS of marriage applicants. You would need the law to DISCRIMINATE different treatment of marriage applicants based on that racial examination, approving the applicants you like and denying the applicants you don't like.
That is unconstitutional. You cannot use race, gender, or religion as basis to discriminate treatment under the law.
Trying to deny same gender marriages is legally identical to trying to deny mixed race marriages. You are merely swapping gender examination and gender-based discrimination for racial examination and race-based discrimination.
==============
See? No difference, nothing more than race based discrimination vs gender based discrimination.
In 1968 lots of stats had laws denying mixed race marriages, and they were all found unconstitutional, null and void. The legal basis and constitutional issues are identical. Trying to deny same gender marriages or trying to deny mixed faith marriages is no more constitutional than trying to deny interracial marriage. There is simply no way to write a constitutionally valid law that does what you want it to do.
You probably agree that the law should be blind to race, gender, and religion. You are just running into a logical contradiction between that and what you want to put into marriage law. You can't have both. You either need to give up on banning same-ender marriage, or you need to abandon the principal of racial, gender, and religious equality under the law... and you would also have to successfully amend the Constitution to allow race/gender/religious discimination in the law.
-
Just curious, how do we define wrong in an unambiguous, culturally- and time-insensitive manner?
Oh, that's easy:
I do what I want and you do what I tell you.
;)
-
one-way ticket to Iran.
Oh come now.... lets be generous and make it a round trip ticket with a year layover. There is the remote possibility that he would actually learn something.
-
I agree the Iran comment was unfair, but I did find it funny. Anywho...
California had a vote, and the gay marriage opponents were the majority.
In 1968 the public polling on interracial marriage was 20% approve, 74% disapprove.
In fact interracial marriage only reached 50% a democratic majority vote support in 1994.
No, you do not get to 51%-majority-vote on civil rights and Constitutional issues. The reason the interracial marriage bans were nationally struck down in 1968 was because of the Equal Protection Clause of the US Constitution. The law cannot use race, gender, or religion as a basis for discriminating different governmental treatment. It is impossible to write a constitutionally valid law excluding interracial marriage because the law cannot examine the races of individuals applying for marriage, and use that as a basis to discriminate which applications are approved by law or rejected by law. In exactly the same way and for exactly the same reason, it is impossible to write a valid marriage law that excludes gay couples. It is wrong and unconstitutional for the law to examine the genders of marriage applicants as a basis to discriminate legally approved marriages vs legally denied marriages.
You probably agree that the law should be blind to race, gender, and religion. Wanting to to make an exception for marriage law, wanting to the law to examine the genders of marriage applicants in order to deny gay marriages, that is legally no different than examining the races of marriage applicants to exclude interracial marriage.
You can't have both. You can't have the law be blind to race/gender/religion, and simultaneously have the law examine the genders of marriage applicants to exclude matching-gender marriage applications.
We don't hate gay people. We just think there is value in having marriages be only between opposite sex people.
Do you have any doubt that some opponent of interracial marriage said essentially the same thing at some point? Why would your comment there have any more weight than the equivalent comment on racial marriage have had then?
There is almost no argument against gay marriage that doesn't translate directly into an identical argument that was used somewhere somewhen by someone against interracial marriage. Virtually the only line of argument unique to gay marriage are those relating to the inability of a gay couple to directly conceive children. And all of those arguments fall flat at the mention of infertile couples and postmenopausal women and the like. We routinely grant marriages to couples who will not or cannot conceive children on their own.
Go ahead, try it as a game. Aside from fertility, see how many gay marriage arguments you can think of, and for each one try translating gender into race and any other minimally necessary translations, and see how many of your own arguments could equally have been claimed against interracial marriage.
-
I think he kinda butchered his point.
Rather than talking about "smart people", I will personally refer to computer programmers (which presumably would be the smart people he intended to refer to).
As a group computer programmers, gay or not, are far more accepting of gays and gay marriage than the average public. As a group, programmers are far less religious or religiously fundamentalist than the average public. Even the slightest familiarity with Slashdot should be sufficient to essentially establish those two points.
So setting aside his "smartness" reference, yes, perspective Google employees are indeed particularly likely to be gay or to be affirmatively concerned with gay-as-a-civil-rights-issue, and for Google to have an almost nonexistent problem of religious fundamentalists wanting avoiding a gay marriage state.
One could engage in some interesting discussion and speculation why the gay-acceptance/gay-rights correlation and unreligious correlation are true for programmers as a group, but the whys don't really matter to this particular point.
-
Yeah, you really need to work on your reading comprehension. Nowhere did he say or imply "majority".
Although I will point out that such majorities are rapidly approaching. In the US approval of interracial marriage polled at about 20% when it the Supreme Court legalized it nationwide, and approval of interracial marriage only broke the 50% majority approval level in 1994.
In the US acceptance of gay marriage is rising about TWICE as fast as interracial marriage gained acceptance. Acceptance of gay marriage will hit majority level in California within a year or so, and it will have nationwide majority acceptance not long after that.
It's a simple fact of demographics. The younger generation overwhelmingly accepts gay marriage as a civil rights and equal rights issue, and opposition is overwhelmingly concentrated in the older and senior generation. Some in the older generation are slowly becoming more comfortable with the idea, and those that aren't are just plain dying out at a faster rate. It is the exact same thing that happened with interracial marriage. The war is effectively over. The younger generation wins, PERIOD. Even if that means they have to bury the older generation to do it.
I haven't looked into any sort of international figures on gay marriage, but it is blatantly obvious that things are only going in one direction. A slow steady stream of countries are switching to recognize gay marriage as an equal rights civil rights issue. It's a clear step by step progression towards majority.
I'm sure Islamic theocratic nations will in particular steadfastly remain on the no-gay-marriage side for the foreseeable future, however I would not exactly consider them a positive credit for the team of nations denying gay marriage.
The law has absolutely no business examining the race, gender, or religion of people to discriminate different treatment under the law. In the US it is impossible to write a constitutionally valid marriage law excluding interracial marriage because the law should not and CANNOT examine the races of marriage applicants as a basis to grant or deny marriages. In the exact same way and for the exact same reason, it is impossible to write a constitutionally marriage law excluding gay marriage because the law should not and cannot examine the genders of marriage applicants as a basis to grant or deny marriages.
You probably agree that the law should be blind to race and gender and religion, yet you run into a logical conflict when you want marriage law to examine races to ban interracial marriage or you want the law to examine genders to ban gay marriage.
-
California will remain a no gay marriage state for generations to come.
Population demographics indicates otherwise. The younger generation is overwhelmingly in support of gay marriage as an equal rights civil rights issue, and opposition is overwhelmingly in the older generation and particularly senior citizens. The exact same thing happened with interracial marriage. The older generation slowly abandons the old discrimination, or they simply die out at a faster rate. Acceptance of gay marriage is rising by about 1.5% to 2% yearly. That is about double the rate that interracial marriage gained acceptance.
Deeply Catholic immigrants notwithstanding, California is currently on the cusp of crossing over the 50% acceptance level, and the rest of the country will cross the 50% level in just a few years.
Some significant data points - when the Supreme Court nationally legalized interracial marriage in 1968 it only polled about a 20% approval. The approval numbers for interracial marriage only crossed above the 50% mark in 1994. Public opinion on gay marriage is advancing so fast its threatening to leave the court system in the dust. It took 26 years for court legalized interracial marriage to reach 50% public acceptance. Gay marriage is beginning to look like it may be democratically approved before the Supreme Court even gets around to examining the constitutional arguments.
-
For what it's worth,
1) the process for amending the national constitution is roughly comparable to the difficult process you describe for NL constitutional amendments. The US constitution has only been amended f fairly small number of times in the last 200-odd years; and
2) we don't really take state constitutions particularly seriously around here. State laws and state constitutions are subject to the US constitution, and that is where the question will ultimately have to go. The Contents of the California constitution won't mean squat when we get around to dealing with the issue at the US Constitutional level.
Populationwise, California as part of the US is about equivalent to Gelderland province as a fraction of the Netherlands. Imagine Gelderland had a constitution relating to local laws, and that the Gelderland constitution was subject to the Netherlands' constitution. Screwing around with the Gelderland constitution would just be a big-sounding way of fighting over local laws. In a fundamentally national issue, any local battles and local results will be temporary and irrelevant once the battle really gets up to the national level.
And yes it does make a constitution change slow as molasses
Even slower over here.
Individuals battle city and county government in court for for the right to marry.
The local court fights and overrules the local government.
The state courts fight and overrule the local courts.
The state legislature fights and passes a law to overrule the state court.
It goes to the state supreme court ruling the law violates the state constitution.
A public inititive to change the state constitution to overrule the state supreme court.
[[Note we are currently here]]
A state court battle over bizarre issues for whether the state amendment was valid or not.
It then moves to the federal courts...
and the federal appeals courts...
and then the US Supreme Court. And the US Supreme Court can either rule gay marriages nationally legal or not, or may rule on some stupid detail and send the issue back to the lower courts.... which just repeats several of the steps until the Supreme Court does actually rule on the real issue.
Oh.... and I forgot that the national legislature already has passed a law trying to overrule the lower courts and attempting to premptively overrule the federal courts. And of course THAT law is going to have to be litigated in the federal courts. And the national legislature will get involved again when federal courts start ruling.
But anyway, we haven't even begun anything for amending the real US Constitution. It will probably be a couple of years before we have an official Constitutional position on the issue, and only then that one side or the other would seriously try to initiate the difficult amendment process. And even then, it is almost certain to fail no matter which way things go. There are enough people in the middle and on both sides opposed to the drastic step of Constitutional Amendment to deadlock any amendment attempt by either side.
So essentially we're waiting for the Supreme Court to hand down a US Constitutional ruling on the issue. And of course the US Constitution doesn't currently explicitly address the issue, meaning the judges will have to interpret and fuzzy principles and fuzzy rights from various sections of the constitution, so there will be enough wiggle room for judges to apply creative ideology in their reasoning. So the liberal judges will rule one way, and the conservative judges will rule the other way, and the one judge who is kinda-sorta in the middle will point to some random spot in the constitution and single handedly make up a rule for the nation. And any attempt to amend the Constitution to change that is going to fail.
But in the long run even that isn't going to matter. It's a simple matter of population demographics. The younger generation is overwhelmingly in support or gay marriage, with the opposition being primarily by the older gener
What about highly intelligent people - they would have undue influence as well.
What planet are you living on?
And can I immigrate?
-
if Google is going to discriminate against those who actually have faith
Whether it's gay marriage or interracial marriage at issue, your statement is ridiculous.
First of all, many people of faith agree with Google and support gay marriage, just as many people of faith supported interracial marriage.
(In fact "those who actually have faith" currently support gay marriage at about DOUBLE the rate they supported interracial marriage when it was nationally legalized in 1968.)
Secondly, it's hysterical how people try to claim that REMOVING discrimination from the law is discrimination. A marriage law that examines the races of marriage applicants as a basis to legally grant or deny that marriage application is discrimination. REMOVING the examination of race from marriage applications, treating marriage applications identically regardless of the races of individuals involved, that is by definition an absence of discimination. A marriage law that examines the genderss of marriage applicants as a basis to legally grant or deny that marriage application is discrimination. REMOVING the examination of gender from marriage applications, treating marriage applications identically regardless of the genders of individuals involved, that is by definition an absence of discimination.
Your post is not different, and it is just as comical, as someone wanting to prohibit interracial marriage and whinging that HE is somehow being discriminated against because Google opposes the ban on interracial marriage. Absolutely no difference whatsoever.
-
That means that obviously he must be excluded if you want to have diversity.
Everyone knows that the only way to have diversity is to exclude members of LDS or other organizations that believe something contrary to the accepted standard.
What a load of crap.
He did not say anyone must be excluded from anything.
He mentioned someone's affiliation with a group/ideology, which can at times provide useful context. If someone is a Scientologist, I am going to be rather skeptical of anything they say regarding psychologists. If someone is a member of the KKK, well then my personal choice is not to waste much time on their ideological-bullshit on anything relating to race.
Note that my comment here really shouldn't be taken as relating to the LDS in particular. I am specifically bitch-slapping at the parent poster trying to make some persecuted-by-diversity whine.
If some asshat wants to prohibit interracial marriage, I respect their right to believe what they want and I respect their right to speak, however that does not mean I have to respect THEM and it does not mean I have to respect that belief. If someone wants to prohibit interracial marriage, then they are an asshole, an idiot, and I will neither tolerate not permit them to attempt to use the force of government to legally discriminate/oppress others.
Tolerance of speech, tolerance of beliefs, but no, no tolerance of that sort abusing of physical or legal force against others.
If some asshat wants to prohibit gay marriage, I respect their right to believe what they want and I respect their right to speak, however that does not mean I have to respect THEM and it does not mean I have to respect that belief. If someone wants to prohibit gay marriage.... well lets be generous and say they have not properly considered the logic and legal basis and Constitutional Rights of what they wish to do. I will neither tolerate not permit them to attempt to use the force of government to legally discriminate/oppress others.
Legally, Constitutionally, there is no difference between the cases of interracial marriage and gay marriage.
The law should not, must not, and under the Constitution CANNOT, discriminate legal treatment on the basis of race, gender, or religion.
You can no more write a marriage law denying gay marriages for the exact same reason you can't write a law denying interracial marriages. There's just no way to write a Constitutionally valid law to accomplish it. The law cannot examine the races of marriage applicants as a basis to discriminate which applications to approve and which to reject. You cannot examine the genders of marriage applicants to discriminate which applications to approve and which to reject.
The law must be blind to race, gender, and religion. The law must ignore such factors for all civil rights and in all legal treatment.
Almost everyone will agree with the statement hat the law should be blind to race gender and religion, and then they choke on the logic of actually living up to that princpal, they choke on logic when it comes to actually making marriage law blind to race gender and religion. They just really really dislike interracial/gay marriage, so let's just throw Equal Protection out the window, lets have marriage law discriminate on the basis of race/gender/religion just because interracial/gay marriages are really icky and I really really don't want those people getting married - screw civil rights and screw equal protection under the law.
-