I will gladly sell you one for $499. I call it the jBrick.
The "approved" ways of enjoying this phone does not include sending or receiving any actual phone calls because, well, it's an actual brick. However you are permitted to use it to crack walnuts as much as you like and with no extra charges.
The Earth is Flat. It is 6000 years old. It was created in exactly 6 days, by an invisible sky wizard that looks kinda like Sean Connery in a white beard and robe.
Oh, and He wants you to give all your money to those preacher guys on TV.
Only an ignorant bigot who hates science would say the emperor has no clothes!
I have no idea whether you are a racist or not but you are clearly ignorant on this subject. The only question is whether you are a reasonable rational person who is merely uninformed in this area, or if you are some some fundie zealot who will rant and rave blindly defending dogma in the face of blatant proof it is incorrect.
If you dig in the arctic snow pack, you will find visible yearly layers. For half the year the snow surface bakes under the summer sun changing its texture, and it builds up a fine accumulation of dust and pollen blown in from across the globe. In particular this yearly dust layer is also loaded with traces of ash if there is any major volcanic explosion that year. It is trivial to see and count down these yearly layers. If you dig and count down 1929 layers you can find ash from the famous 79 A.D. Mt Vesuvius eruption that destroyed Pompeii. You can find the ash market from any and all major eruptions in history by counting down to the matching yearly snow layer.
The arctic pack has about 123,000 thousand layers. The antarctic pack has about 174,000 layers.
To any reasonable rational person that provides a "Beyond any Reasonable Doubt" standard of proof to a number of things. For starters, proof that the earth is at minimum 174,000 years old. It also proves that there was no Global Flood - at least not within the last 174,000 years anyway. The volcanic ash traces are also an accurate record of 174,000 years of global volcanic activity. And the pollen layers are an accurate 174,000 year record of pollen traces. And to address your pet-peeve with carbon dating, that these ancient pollen samples are one of many ways to prove and to calibrate carbon dating. Scientists check and cross validate timelines in hundreds if not thousands of different ways such as this.
Biologists, chemists, physicists, and other scientists do not just make crap up. Just because you dislike the clothes this emperor is wearing is not a reasonable or rational basis to claim that they do not exist. Just because the science conflicts with your favorite story of history is not a valid basis to put science into "scare quotes" and dismiss it as some sort of bogus "scienrhetoric" or "philosotific". Large areas of science do not become a gigantic conspiracy of lies just because you don't like the results.
Are you a reasonable rational person who will say "Oh, I'm not a scientists and I haven't studied this stuff" or are you going to stick with the Young Earther mob of ignorant dogma and rant that ANY and ALL evidence can be "interpreted" according to biases however one wishes to interpret it and that all scientists are in on some Grand Atheist Conspiracy to Kill God or somesuch?
I think multiple genesis is far more likely than all life coming from one single-celled organism.
I think the four elements earth-air-fire-water is far more likely than the periodic table of elements.
But all that proves is that I went to a lousy high school that failed to teach chemistry, or that I was home-schooled and my parents didn't know squat about chemistry.
The invention, Big Blue explains, eliminates the 'unnecessary inconvenience for both the customer and the cashier' that results when 'Paper or Plastic?' must be asked.
Bah! The "Paper or Plastic?" question, that's nothing. There is a far greater scourge that blights the daily lives of mankind! Behold *my* new invention to eliminate the unnecessary inconvenience for both the customer and the cashier of the dreaded... "Would you like fries with that?" question!
You gotta watch out on those bags. The (unsigned int) price is actually $4,294,967,295 each, but the display has a coding error treating it as a signed int.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
When done properly, trusted computing can be a great way to ensure system security. It can prevent root kits, exploits, virtual machines masquerading as our real OS, unauthorized access to files, etc
Imagine you say "these poisoned apples are bad", and someone answers that these poisoned apples give you wonderful vitamins and minerals. I hope you agree that would be a bit absurd.
That is what is going on here. There are companies that want to give everyone cyanide pills, so they make apples with cyanide pills in them. Then they advertise all these wonderful vitamins and minerals saying people should be buying and eating poisoned apples.
I don't know how much of the technical details you know about Trusted Computing. I'm not sure whether you actually support Trusted Computing itself, or if you are just enthusiastic about the great vitamins and minerals you heard about and were unaware that you could get all the exact same benefits WITHOUT Trusted Computing - that we could get all of the identical benefits from clean poison-free apples.
A completely agree with you that ensuring system security is good, that preventing root kits, exploits, virtual machines masquerading as our real OS, unauthorized access to files, etc and all good things. But you can get all of that from a normal CLEAN apple. You don't need any of the anti-owner aspects of Trusted Computing go get those legitimate and beneficial "vitamins and minerals".
There is a Master Key locked inside the Trust chip. (Actually your Master Key is more like two critical keys locked inside the chip, but gloss over that detail for simplicity). Now imagine you buy a Trusted Computer, except I say you now have the option to get a printed copy of your Master Key along with that purchase. You you can take a Trusted Computer exactly as you can today, without that printed key. Or you can take one with a printed key, and you can burn it. Or you take the printed key and drop it in a safety deposit box. It is EXACTLY identical to Trusted Computing today, exactly identical hardware with exactly identical capabilities to secure your computer for you. The only difference is that, if you want it, you might know the Master Key to your own computer.
Now I as you, in the above described situation, with identical hardware with identical capabilities, is it capable of protecting just as well against root kits? Is it capable of protecting just as well against exploits? Is it capable of giving you the EXACT same protection against unauthorized file access, and every other benefit you had in mind?
The only difference is that other people can't be assured of your computer being secure against you. If you desired to get a printed key along with your computer purchase, and if you choose to do so, you have the capability of fully controlling the security system on your own computer. You cannot be locked out of your own files, your own system cannot be locked against you, because you possess your Master Key, if you want it.
Such a system gives you ALL of the security benefits of Trusted Computing and none of the anti-owner aspects. The only "problem" with such a system is that it is a clean apple - the only "problem" is that it is useless for things like DRM because the owner is in control, because the owner could unlock things like DRM files if he wanted.
The difference is that in Windows, Microsoft is the one who decides what's trusted, in Linux, the user does.
No. The way Trusted Computing operates on Linux and Windows is identical. The owner does not have the power to override the system and declare that HE trusts something unless he knows the Master Key locking down his system. You can have applications like BitLocker on both Windows and Linux, applications which show off the "vitamins and minerals" aspects of the system, but on Linux the operation of the Trusted security system is exactly as secure against the owner as it is on Windows. Are are just as screwed on Linux as you are on Windows when
The issue that demands that approach is that the computer has no way of knowing who the owner is.
I understand what you mean, however I just dug up the reference for you:
tcg_specification_1_1b.pdf Section 9.3, internal page numbering 267, adobe PDF reader shows it as 277'th page: This feature prevents a rogue Owner from... [attack vector details]
So no, this is not merely an ill-phrased reference to a generic attacker. The design intent of the chip was indeed anti-owner security, and the authors of the specification explicitly considered owners as an enemy.
They could easily have made a pro-owner chip with that possessed ALL of the same pro-owner security benefits. But they didn't. The design features and stated design requirements strictly exceed that of a pro-owner design. They precisely converge on an anti-owner target in all respects. All of the features and stated requirements are precisely the features and requirements of a DRM-enforcement-engine, no more and no less. Well, technically a few features are directed to privacy considerations, but I submit that those features are in fact design requirements directed to a commercially viable DRM-enforcement engine. To the limited extent features and requirements go beyond defining a DRM-enforcement engine, they are carefully crafted to public relations issues that would obstruct adoption. And let me be clear here - to the extent it does address privacy I'd say it is clearly privacy theater. It is adequate to present passable public relations cover for such for privacy issues, without really caring about the enforcement or security of such things.
As far as the computer is concerned, whoever boots it IS the owner. If the computer has been stolen or hacked, it cannot know that,
Actually it has a special "Take_Ownership" operation, which you pretty much preform at first boot to gain control and set security options and obtain owner authentication credentials. Yes, someone else can potentially swipe the machine and force a new Take_Ownership operation, but that wipes ALL of the previous configuration and wipes ALL control and ALL access to any formerly existing keys and protected data. If that happens, there is effectively no theat at all to the previous "Ownership", other than someone grabbing the machine and wiping all your data. After such a Take_Ownership reset it may as well be a new machine actually owned by the thief.
There is no way to guard against intrusion without regarding the CURRENT user as a possible attacker.
Actually my main suggestion on the subject is that they can stick with everything about the current exact design, except that when you buy the machine they give you a printed copy of the chip's Master Key - the PrivEKey. To get really technical there is good reason the chip should add an option to export the Root Storage Key encrypted to the PrivEK. Then, if someone wishes to, they could just burn their printed key and it would be exactly like buying the current chips. Or you can keep your master key and drop it in your bank vault safety deposit box. Then you would get ALL of the pro-owner benefits, but by having your key available you could still maintain control of your computer and escape ALL of the anti-owner issues of Trusted Computing.
I hope I was clear and reasonable in everything I wrote - I'm half asleep right now. Chuckle. No.... more like 85% unconscious at the moment:) Need to sleeeeeeeep now.
Imagine I'm a company installing home security systems. It obviously allows you to come in through the front door in my approed manner, but this security system is designed to be secure against even you, the owner of your home. It is explicitly designed so that even YOU can't break through the front door or any of the window, it is designed such that even YOU can't install a back door in your home, even if you want one. It is designed such that even you can't dig a basement tunnel to the outside, even if you want one. Obviously a system secure against THE OWNER is going to be extremely secure against burglars trying to get in.
An operating system which is secure against the computer OWNER wanting to install "rootkit" violating DRM-enforcement security is also going to be secure against an attacker installing a rootkit violating the owner's security.
There is a rather critical difference between a system with the design goal of being secure against the owner and one with the design goal of being secure for the owner, but the anti-owner system must necessarily encompass all of the capabilities of the pro-owner system.
So everything they say about the TPM and BitLocker is pretty well true, and there are doubtless many people supporting the TPM and Trusted Computing for these legitimate pro-owner purposes like BitLocker, but these pro-owner benefits cannot legitimately be used to defend and justify the TPM and Trusted Computing. You could get all of these same benefits from a nearly identical system secure against attacks but not secure against the owner. BitLocker doesn't make use of the anti-owner aspects of the TPM, BitLocker doesn't require any of the anti-owner aspects of the TPM, the benefits of BitLocker cannot be used to justify those anti-owner aspects of the TPM and the Trusted Computing platform BitLocker is built upon.
The TPM uses two master keys (PrivEKey and RSKey), but I'm going to explain it like one key and oversimplify the details. The master key controls all aspects of locking the computer, and the certification of all of the locks. This key is locked in the silicon. The number one priority in the TPM design is that the master key is forbidden to leave the chip. In particular the owner is forbidden to know his own master key, and is forbidden to gain control of this key. The use of this key is strictly controlled by the chip.
Since an attacker can't get at this key, he can't read any of the encrypted files. An attacker can't modify any protected data without invalidating the master-key-certified checksums authenticating that data. An attacker can't change any of the security policies for the system, other than possibly by erasing a current security policy - which erases the lower level data keys for that policy - and with those data keys gone it is impossible to decrypt the data protected by that security policy - all associates files and data are irretrievably lost. So an attacker trying to alter a security rule effectively wipes all files and data covered by that rule. Another feature, called Remote Attestation, is that the chip also keeps a careful log of the hardware and software running on the machine - the owner can remotely request this log over the internet. The Master Key securely certifies this report. The owner can then remotely examine the this log and the precise state of his machine, the owner assure that it has not been tampered with, and that is running the exact unmodified software the owner wants it to be running. Without the Master key an attacker cannot falsify this report, so the owner can be 100% sure he is securely communicating with the chip and that everything it is secure against everyone else. The owner can also send secret messages to the chip, messages that can only be decoded by the Master Key. Attackers cannot get the key, so it is impossible for attackers to read or modify these messages. The owner can communicate with his computer, completely secure against any attacker.
Now I'm going to do pretty much a copy-paste job on
YOU get real. Heh. Most ad-supported websites WANT you to go away if you're blocking ads. There are ALREADY websites attempting to lock people out by using javascript and other tactics to detect ad-blockers. There are already tons of websites that block you out if you don't register - like the New York Times. Websites that would but HAPPY for adview enforcement and proper registration enforcement, websites that would be HAPPY for you and your ad-blocking-phony-registration-leecher ass to go take a hike. Sites that consider such people to be unwanted traffic, burning their valuable bandwidth.
Seriously, a substantial chunk of the internet would JUMP at the chance to lock people out non-compliant for those and other reasons. To block deep linking, to block bandwidth sucking cross-site leaching of content, to enforce all sorts of terms-of-use policies, to DRM page content, and for probably a hundred reasons I haven't thought of. The only reason they can't do it is because currently zero-percent of visitors have a Trust-validation available on their computer.
My email client should say, 'Hey, if you trust it, I trust it, its your email.' Ditto for my office package.
I 100% agree that is how things SHOULD be. But if it worked like that, then your boss couldn't send you an email tagged with features like "do not forward" or "self destruct on a certain date". You can't enforce those types of "features"... you can't enforce those rules... if the owner has control of his own computer.
What possible motivation would there be for my email client or office package to have that policy?
Because it offers OTHER people features that they want - features that get carried out when their file is on your computer - features like mail that self destucts on some date, like office files revise themselves to the latest official company data, office files that cannot be leaked outside the company. Features that cannot be enforced if you are permitted to control your own computer. Other people will create files that use these sorts of features.
And you "want" your software to have that sort of loony policy because if you don't, then you can't access the files at all. The files are encrypted and unreadable. If you don't opt-in, then you are locked out.
In the extreme long term case, you could need this hardware and these policies to get internet access at all. They've already created exactly that - it's called Trusted Network Connect. It is currently targeted at internal corporate networks. The company network checks that your computer is compliant - checks the "health" of your computer - checks that you have the proper firewalls and virus scanners in place - checks that you are not infected with any virus or trojan - checks that your computer is compliant with all company policies - and you are only permitted a connection to the network if you pass the "health check".
Deploying such a system on general home internet access would obviously be problematical - but there are about a dozen good reasons why ISPs would be motivated to do exactly that. In fact at a computer conference of internet providers, a Homeland Security official was a keynote speaker and proposed exactly this sort of thing to help secure the national Information Infrastructure against Terrorist Cyber Attack - he even mentioned Osama bin Laden by name - and the audience applauded his speech. I could probably google up the link to it if you want to see it.
If this Trusted Computing stuff does get fully rolled out, it will be a boil-the-frog situation. It is business adoption first and the most harmless unobjectionable features first. Right now it's just BitLocker and corporate networks going for the Trusted Mail stuff and Trusted network Connect. If/when Microsoft actually deploys the Trusted application platform, you'll see music sales for it and Netflix-type offerings for video, and a variety of sites with extra optional features available
The "owner" or the "end-user"? Those are two extremely different situations.
Correct.
As the *owner*, I want the chip to secure the system against the user.
I agree 100%.
And as I was saying, this chip is designed to be secure against the owner.
The chip says the -end user- has no control.
Yeah. And the chip ALSO says the owner has no control, beyond the choice to opt-in or opt-out of some particular set of handcuffs, where "opt-out" equals LOCKED-out.
He who defines the handcuffs owns the system.
Exactly.
And **Someone** has to define what those handcuffs are. **SOMEONE** is in control. To me, that person is the *OWNER*.
It SHOULD be. But it isn't. The handcuffs are defined by the programmer. If you attempt to patch or modify the program in any way, the chip locks you out of the keys you need for whatever it was you were trying to do. If you are non-compliant or you opt out, you cannot run the program you wanted to run, you cannot play the music file or read the email you want to read, and your internet connections can and will be rejected by the other end of the link (a website can reject noncompliant browsers, online games will reject connections from noncompliant players, etc).
In addition, note that such applications rely upon a large support structure in (and beyond) the operating system. In almost all cases such programs will be built on top of Microsoft's Trust support platform. So if you are not running a compliant Microsoft Trust support platform, you are locked out of an entire universe of software and locked out of an entire universe of file types and locked out of an entire universe of internet protocols. Microsoft gets to define, regulate, and completely control the underlying playfield for an entire universe of applications and filetypes and internet protocols --- oh and Microsoft pretty well gets this total control over hardware too. Any hardware of software that is non-compliant cannot read or touch anything within this Trust wall. And the system has multiple avenues to REVOKE and lock out hardware and drivers and software that is later deemed to be "insecure". If your video card driver is found to have a bug allowing the owner to seize control, Microsoft can revoke it. It stops working, until you accept the new properly locked-down driver version they will force on you. If your video card hardware is found to be insecure against you, they will either force down a driver to lock over the hardware hole if they can, or they can just revoke the hardware itself. And note that we are not just talking about Microsoft here - if the MPAA has a problem with your video driver or your video hardware, well it will still work in general but it will refuse to play video disks until you "fix" your unapproved video driver or your unapproved video card.
There is nothing in the design of the chip that prevents us from assigning those rights to the guy or gal or enterprise who buys the hardware.
The design of the chip DOES prevent that. It is impossible to assign rights or powers to someone else when the system doesn't give them to YOU in the first place.
You want to run some Trusted program or you want to access some Trusted file or you want to connect to some Trust-using computer over the internet - you are presented a pair of handcuffs. You can opt-in and wear them, or opt-out and get locked out. YOU have no rights or control over anything, except to opt-in or opt-out. You cannot "assign" rights or control that you don't have in the first place. The overarching rule of Trusted Computing is that YOU are not permitted to know the master key controlling your computer. The chip holds that key, the chip refuses to permit you to know or control that key. The chip accepts a pair of handcuffs defined by someone else, and gives you an opt-in opt-out choice. Opt out and the chip locks down and you're locked out. Opt in, and the chip holds the key locking your handcuffs. YOU c
Slashdot Mirror
I will gladly sell you one for $499. I call it the jBrick.
The "approved" ways of enjoying this phone does not include sending or receiving any actual phone calls because, well, it's an actual brick. However you are permitted to use it to crack walnuts as much as you like and with no extra charges.
-
if you want news, please go to CNN.com. Ah, damned, they don't want their stories being diluted by facts either...
You're absolutely right. People should go to Fox News instead.
-
€ is your friend
Cool. Some of us never had a friend before.
P.S. :)
Minor geeky fun test: figuring how to write € without getting € instead
And no, <ecode> is not a solution, that destroys your text layout.
-
They are good for one free app from the app store.
Would that include the "I'm Rich" app?
(assuming it gets re-listed, of course)
-
Don't forget that giant invisible Sean Connery needed to take a break after 6 days of work.
Just because God is imiscient imipresent and impotent doesn't mean He doesn't get tired.
He is Mysterious like that.
-
The Earth is Flat.
It is 6000 years old.
It was created in exactly 6 days,
by an invisible sky wizard that looks kinda like Sean Connery in a white beard and robe.
Oh, and He wants you to give all your money to those preacher guys on TV.
-
Yep, and it's often easier to read than SMS-speak.
-
I've downloaded/been_reading some PUA materials. Anything you'd particularly recommend?
-
As your spending approaches zero what does penis size approach?
Your own empty palm.
-
Only an ignorant bigot who hates science would say the emperor has no clothes!
I have no idea whether you are a racist or not but you are clearly ignorant on this subject. The only question is whether you are a reasonable rational person who is merely uninformed in this area, or if you are some some fundie zealot who will rant and rave blindly defending dogma in the face of blatant proof it is incorrect.
If you dig in the arctic snow pack, you will find visible yearly layers. For half the year the snow surface bakes under the summer sun changing its texture, and it builds up a fine accumulation of dust and pollen blown in from across the globe. In particular this yearly dust layer is also loaded with traces of ash if there is any major volcanic explosion that year. It is trivial to see and count down these yearly layers. If you dig and count down 1929 layers you can find ash from the famous 79 A.D. Mt Vesuvius eruption that destroyed Pompeii. You can find the ash market from any and all major eruptions in history by counting down to the matching yearly snow layer.
The arctic pack has about 123,000 thousand layers. The antarctic pack has about 174,000 layers.
To any reasonable rational person that provides a "Beyond any Reasonable Doubt" standard of proof to a number of things. For starters, proof that the earth is at minimum 174,000 years old. It also proves that there was no Global Flood - at least not within the last 174,000 years anyway. The volcanic ash traces are also an accurate record of 174,000 years of global volcanic activity. And the pollen layers are an accurate 174,000 year record of pollen traces. And to address your pet-peeve with carbon dating, that these ancient pollen samples are one of many ways to prove and to calibrate carbon dating. Scientists check and cross validate timelines in hundreds if not thousands of different ways such as this.
Biologists, chemists, physicists, and other scientists do not just make crap up. Just because you dislike the clothes this emperor is wearing is not a reasonable or rational basis to claim that they do not exist. Just because the science conflicts with your favorite story of history is not a valid basis to put science into "scare quotes" and dismiss it as some sort of bogus "scienrhetoric" or "philosotific". Large areas of science do not become a gigantic conspiracy of lies just because you don't like the results.
Are you a reasonable rational person who will say "Oh, I'm not a scientists and I haven't studied this stuff" or are you going to stick with the Young Earther mob of ignorant dogma and rant that ANY and ALL evidence can be "interpreted" according to biases however one wishes to interpret it and that all scientists are in on some Grand Atheist Conspiracy to Kill God or somesuch?
-
I think multiple genesis is far more likely than all life coming from one single-celled organism.
I think the four elements earth-air-fire-water is far more likely than the periodic table of elements.
But all that proves is that I went to a lousy high school that failed to teach chemistry, or that I was home-schooled and my parents didn't know squat about chemistry.
-
From my homepage, I appear to be Paris Hilton.
Oh wait... hold on... I need to go edit my profile.
-
Im in ur africa eating ur CO2
-
The invention, Big Blue explains, eliminates the 'unnecessary inconvenience for both the customer and the cashier' that results when 'Paper or Plastic?' must be asked.
Bah! The "Paper or Plastic?" question, that's nothing. There is a far greater scourge that blights the daily lives of mankind! Behold *my* new invention to eliminate the unnecessary inconvenience for both the customer and the cashier of the dreaded... "Would you like fries with that?" question!
-
You gotta watch out on those bags. The (unsigned int) price is actually $4,294,967,295 each, but the display has a coding error treating it as a signed int.
-
I'm sure there's a lot of people twinking out there
If Parish Hilton were twinked out any harder she'd pop.
-
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Lessig Predicts Cyber 9/11 Event, Restrictive Laws</title>
<link rel="stylesheet" type="text/css" media="screen, projection" href="//images.slashdot.org/core-tidied.css?T_2_5_0_214a">
<link rel="stylesheet" type="text/css" media="screen, projection" href="//images.slashdot.org/comments.css?T_2_5_0_214a">
<!--[if IE]><link rel="stylesheet" type="text/css" media="screen, projection" href="//images.slashdot.org/iestyles.css?T_2_5_0_214a"><![endif]-->
<link rel="stylesheet" type="text/css" media="print" href="//images.slashdot.org/print.css?T_2_5_0_214a">
<link rel="stylesheet" type="text/css" media="handheld" href="//images.slashdot.org/handheld.css?T_2_5_0_214a">
[copy-paste of NINE MORE PAGES of the HTML SOURCE for your post]
Me To!
-
Maybe God could Twitter that twit in the White House.
-
Quick! Someone go lobby congress for more science funding on behalf of the Hollywood studios!
It would probably work.
-
When done properly, trusted computing can be a great way to ensure system security. It can prevent root kits, exploits, virtual machines masquerading as our real OS, unauthorized access to files, etc
Imagine you say "these poisoned apples are bad", and someone answers that these poisoned apples give you wonderful vitamins and minerals. I hope you agree that would be a bit absurd.
That is what is going on here. There are companies that want to give everyone cyanide pills, so they make apples with cyanide pills in them. Then they advertise all these wonderful vitamins and minerals saying people should be buying and eating poisoned apples.
I don't know how much of the technical details you know about Trusted Computing. I'm not sure whether you actually support Trusted Computing itself, or if you are just enthusiastic about the great vitamins and minerals you heard about and were unaware that you could get all the exact same benefits WITHOUT Trusted Computing - that we could get all of the identical benefits from clean poison-free apples.
A completely agree with you that ensuring system security is good, that preventing root kits, exploits, virtual machines masquerading as our real OS, unauthorized access to files, etc and all good things. But you can get all of that from a normal CLEAN apple. You don't need any of the anti-owner aspects of Trusted Computing go get those legitimate and beneficial "vitamins and minerals".
There is a Master Key locked inside the Trust chip. (Actually your Master Key is more like two critical keys locked inside the chip, but gloss over that detail for simplicity). Now imagine you buy a Trusted Computer, except I say you now have the option to get a printed copy of your Master Key along with that purchase. You you can take a Trusted Computer exactly as you can today, without that printed key. Or you can take one with a printed key, and you can burn it. Or you take the printed key and drop it in a safety deposit box. It is EXACTLY identical to Trusted Computing today, exactly identical hardware with exactly identical capabilities to secure your computer for you. The only difference is that, if you want it, you might know the Master Key to your own computer.
Now I as you, in the above described situation, with identical hardware with identical capabilities, is it capable of protecting just as well against root kits? Is it capable of protecting just as well against exploits? Is it capable of giving you the EXACT same protection against unauthorized file access, and every other benefit you had in mind?
The only difference is that other people can't be assured of your computer being secure against you. If you desired to get a printed key along with your computer purchase, and if you choose to do so, you have the capability of fully controlling the security system on your own computer. You cannot be locked out of your own files, your own system cannot be locked against you, because you possess your Master Key, if you want it.
Such a system gives you ALL of the security benefits of Trusted Computing and none of the anti-owner aspects. The only "problem" with such a system is that it is a clean apple - the only "problem" is that it is useless for things like DRM because the owner is in control, because the owner could unlock things like DRM files if he wanted.
The difference is that in Windows, Microsoft is the one who decides what's trusted, in Linux, the user does.
No. The way Trusted Computing operates on Linux and Windows is identical. The owner does not have the power to override the system and declare that HE trusts something unless he knows the Master Key locking down his system. You can have applications like BitLocker on both Windows and Linux, applications which show off the "vitamins and minerals" aspects of the system, but on Linux the operation of the Trusted security system is exactly as secure against the owner as it is on Windows. Are are just as screwed on Linux as you are on Windows when
The issue that demands that approach is that the computer has no way of knowing who the owner is.
I understand what you mean, however I just dug up the reference for you:
tcg_specification_1_1b.pdf
Section 9.3, internal page numbering 267, adobe PDF reader shows it as 277'th page:
This feature prevents a rogue Owner from... [attack vector details]
So no, this is not merely an ill-phrased reference to a generic attacker. The design intent of the chip was indeed anti-owner security, and the authors of the specification explicitly considered owners as an enemy.
They could easily have made a pro-owner chip with that possessed ALL of the same pro-owner security benefits. But they didn't. The design features and stated design requirements strictly exceed that of a pro-owner design. They precisely converge on an anti-owner target in all respects. All of the features and stated requirements are precisely the features and requirements of a DRM-enforcement-engine, no more and no less. Well, technically a few features are directed to privacy considerations, but I submit that those features are in fact design requirements directed to a commercially viable DRM-enforcement engine. To the limited extent features and requirements go beyond defining a DRM-enforcement engine, they are carefully crafted to public relations issues that would obstruct adoption. And let me be clear here - to the extent it does address privacy I'd say it is clearly privacy theater. It is adequate to present passable public relations cover for such for privacy issues, without really caring about the enforcement or security of such things.
As far as the computer is concerned, whoever boots it IS the owner. If the computer has been stolen or hacked, it cannot know that,
Actually it has a special "Take_Ownership" operation, which you pretty much preform at first boot to gain control and set security options and obtain owner authentication credentials. Yes, someone else can potentially swipe the machine and force a new Take_Ownership operation, but that wipes ALL of the previous configuration and wipes ALL control and ALL access to any formerly existing keys and protected data. If that happens, there is effectively no theat at all to the previous "Ownership", other than someone grabbing the machine and wiping all your data. After such a Take_Ownership reset it may as well be a new machine actually owned by the thief.
There is no way to guard against intrusion without regarding the CURRENT user as a possible attacker.
Actually my main suggestion on the subject is that they can stick with everything about the current exact design, except that when you buy the machine they give you a printed copy of the chip's Master Key - the PrivEKey. To get really technical there is good reason the chip should add an option to export the Root Storage Key encrypted to the PrivEK. Then, if someone wishes to, they could just burn their printed key and it would be exactly like buying the current chips. Or you can keep your master key and drop it in your bank vault safety deposit box. Then you would get ALL of the pro-owner benefits, but by having your key available you could still maintain control of your computer and escape ALL of the anti-owner issues of Trusted Computing.
I hope I was clear and reasonable in everything I wrote - I'm half asleep right now. Chuckle. No.... more like 85% unconscious at the moment :) Need to sleeeeeeeep now.
-
:D Good one.
-
Imagine I'm a company installing home security systems.
It obviously allows you to come in through the front door in my approed manner, but this security system is designed to be secure against even you, the owner of your home. It is explicitly designed so that even YOU can't break through the front door or any of the window, it is designed such that even YOU can't install a back door in your home, even if you want one. It is designed such that even you can't dig a basement tunnel to the outside, even if you want one. Obviously a system secure against THE OWNER is going to be extremely secure against burglars trying to get in.
An operating system which is secure against the computer OWNER wanting to install "rootkit" violating DRM-enforcement security is also going to be secure against an attacker installing a rootkit violating the owner's security.
There is a rather critical difference between a system with the design goal of being secure against the owner and one with the design goal of being secure for the owner, but the anti-owner system must necessarily encompass all of the capabilities of the pro-owner system.
So everything they say about the TPM and BitLocker is pretty well true, and there are doubtless many people supporting the TPM and Trusted Computing for these legitimate pro-owner purposes like BitLocker, but these pro-owner benefits cannot legitimately be used to defend and justify the TPM and Trusted Computing. You could get all of these same benefits from a nearly identical system secure against attacks but not secure against the owner. BitLocker doesn't make use of the anti-owner aspects of the TPM, BitLocker doesn't require any of the anti-owner aspects of the TPM, the benefits of BitLocker cannot be used to justify those anti-owner aspects of the TPM and the Trusted Computing platform BitLocker is built upon.
The TPM uses two master keys (PrivEKey and RSKey), but I'm going to explain it like one key and oversimplify the details. The master key controls all aspects of locking the computer, and the certification of all of the locks. This key is locked in the silicon. The number one priority in the TPM design is that the master key is forbidden to leave the chip. In particular the owner is forbidden to know his own master key, and is forbidden to gain control of this key. The use of this key is strictly controlled by the chip.
Since an attacker can't get at this key, he can't read any of the encrypted files. An attacker can't modify any protected data without invalidating the master-key-certified checksums authenticating that data. An attacker can't change any of the security policies for the system, other than possibly by erasing a current security policy - which erases the lower level data keys for that policy - and with those data keys gone it is impossible to decrypt the data protected by that security policy - all associates files and data are irretrievably lost. So an attacker trying to alter a security rule effectively wipes all files and data covered by that rule. Another feature, called Remote Attestation, is that the chip also keeps a careful log of the hardware and software running on the machine - the owner can remotely request this log over the internet. The Master Key securely certifies this report. The owner can then remotely examine the this log and the precise state of his machine, the owner assure that it has not been tampered with, and that is running the exact unmodified software the owner wants it to be running. Without the Master key an attacker cannot falsify this report, so the owner can be 100% sure he is securely communicating with the chip and that everything it is secure against everyone else. The owner can also send secret messages to the chip, messages that can only be decoded by the Master Key. Attackers cannot get the key, so it is impossible for attackers to read or modify these messages. The owner can communicate with his computer, completely secure against any attacker.
Now I'm going to do pretty much a copy-paste job on
[websites] ram ads down our throats? Get real...
YOU get real. Heh. Most ad-supported websites WANT you to go away if you're blocking ads. There are ALREADY websites attempting to lock people out by using javascript and other tactics to detect ad-blockers. There are already tons of websites that block you out if you don't register - like the New York Times. Websites that would but HAPPY for adview enforcement and proper registration enforcement, websites that would be HAPPY for you and your ad-blocking-phony-registration-leecher ass to go take a hike. Sites that consider such people to be unwanted traffic, burning their valuable bandwidth.
Seriously, a substantial chunk of the internet would JUMP at the chance to lock people out non-compliant for those and other reasons. To block deep linking, to block bandwidth sucking cross-site leaching of content, to enforce all sorts of terms-of-use policies, to DRM page content, and for probably a hundred reasons I haven't thought of. The only reason they can't do it is because currently zero-percent of visitors have a Trust-validation available on their computer.
My email client should say, 'Hey, if you trust it, I trust it, its your email.' Ditto for my office package.
I 100% agree that is how things SHOULD be.
But if it worked like that, then your boss couldn't send you an email tagged with features like "do not forward" or "self destruct on a certain date". You can't enforce those types of "features"... you can't enforce those rules... if the owner has control of his own computer.
What possible motivation would there be for my email client or office package to have that policy?
Because it offers OTHER people features that they want - features that get carried out when their file is on your computer - features like mail that self destucts on some date, like office files revise themselves to the latest official company data, office files that cannot be leaked outside the company. Features that cannot be enforced if you are permitted to control your own computer. Other people will create files that use these sorts of features.
And you "want" your software to have that sort of loony policy because if you don't, then you can't access the files at all. The files are encrypted and unreadable. If you don't opt-in, then you are locked out.
In the extreme long term case, you could need this hardware and these policies to get internet access at all. They've already created exactly that - it's called Trusted Network Connect. It is currently targeted at internal corporate networks. The company network checks that your computer is compliant - checks the "health" of your computer - checks that you have the proper firewalls and virus scanners in place - checks that you are not infected with any virus or trojan - checks that your computer is compliant with all company policies - and you are only permitted a connection to the network if you pass the "health check".
Deploying such a system on general home internet access would obviously be problematical - but there are about a dozen good reasons why ISPs would be motivated to do exactly that. In fact at a computer conference of internet providers, a Homeland Security official was a keynote speaker and proposed exactly this sort of thing to help secure the national Information Infrastructure against Terrorist Cyber Attack - he even mentioned Osama bin Laden by name - and the audience applauded his speech. I could probably google up the link to it if you want to see it.
If this Trusted Computing stuff does get fully rolled out, it will be a boil-the-frog situation. It is business adoption first and the most harmless unobjectionable features first. Right now it's just BitLocker and corporate networks going for the Trusted Mail stuff and Trusted network Connect. If/when Microsoft actually deploys the Trusted application platform, you'll see music sales for it and Netflix-type offerings for video, and a variety of sites with extra optional features available
The "owner" or the "end-user"? Those are two extremely different situations.
Correct.
As the *owner*, I want the chip to secure the system against the user.
I agree 100%.
And as I was saying, this chip is designed to be secure against the owner.
The chip says the -end user- has no control.
Yeah. And the chip ALSO says the owner has no control, beyond the choice to opt-in or opt-out of some particular set of handcuffs, where "opt-out" equals LOCKED-out.
He who defines the handcuffs owns the system.
Exactly.
And **Someone** has to define what those handcuffs are. **SOMEONE** is in control. To me, that person is the *OWNER*.
It SHOULD be. But it isn't.
The handcuffs are defined by the programmer. If you attempt to patch or modify the program in any way, the chip locks you out of the keys you need for whatever it was you were trying to do. If you are non-compliant or you opt out, you cannot run the program you wanted to run, you cannot play the music file or read the email you want to read, and your internet connections can and will be rejected by the other end of the link (a website can reject noncompliant browsers, online games will reject connections from noncompliant players, etc).
In addition, note that such applications rely upon a large support structure in (and beyond) the operating system. In almost all cases such programs will be built on top of Microsoft's Trust support platform. So if you are not running a compliant Microsoft Trust support platform, you are locked out of an entire universe of software and locked out of an entire universe of file types and locked out of an entire universe of internet protocols. Microsoft gets to define, regulate, and completely control the underlying playfield for an entire universe of applications and filetypes and internet protocols --- oh and Microsoft pretty well gets this total control over hardware too. Any hardware of software that is non-compliant cannot read or touch anything within this Trust wall. And the system has multiple avenues to REVOKE and lock out hardware and drivers and software that is later deemed to be "insecure". If your video card driver is found to have a bug allowing the owner to seize control, Microsoft can revoke it. It stops working, until you accept the new properly locked-down driver version they will force on you. If your video card hardware is found to be insecure against you, they will either force down a driver to lock over the hardware hole if they can, or they can just revoke the hardware itself. And note that we are not just talking about Microsoft here - if the MPAA has a problem with your video driver or your video hardware, well it will still work in general but it will refuse to play video disks until you "fix" your unapproved video driver or your unapproved video card.
There is nothing in the design of the chip that prevents us from assigning those rights to the guy or gal or enterprise who buys the hardware.
The design of the chip DOES prevent that.
It is impossible to assign rights or powers to someone else when the system doesn't give them to YOU in the first place.
You want to run some Trusted program or you want to access some Trusted file or you want to connect to some Trust-using computer over the internet - you are presented a pair of handcuffs. You can opt-in and wear them, or opt-out and get locked out. YOU have no rights or control over anything, except to opt-in or opt-out. You cannot "assign" rights or control that you don't have in the first place. The overarching rule of Trusted Computing is that YOU are not permitted to know the master key controlling your computer. The chip holds that key, the chip refuses to permit you to know or control that key. The chip accepts a pair of handcuffs defined by someone else, and gives you an opt-in opt-out choice. Opt out and the chip locks down and you're locked out. Opt in, and the chip holds the key locking your handcuffs. YOU c