Yeah, well... the difference between $45/month and $0.50/day + $2.00 for Sundays amounts to a pretty significant charge for home delivery. Even assuming a 31 day month with five Sundays, I'd still pay almost as much for home delivery as I'd pay for the paper itself. There's no way in hell the destination charges are that much. It's not like Atlanta, GA is a small town.
Besides, I don't eat breakfast until after I've been at work for about an hour (I just can't get up that early), so I was just picking it up and carrying it to work anyway. Less expensive AND less in my laptop bag! Double bonus!
I used to get home delivery of the NYT (I live in Atlanta, GA). Then I got the post-introductory-discount bill. They were charging me something like $40/month! Yet, I can pick it up at the cafeteria where I work for fifty cents a day.
Wow, must be terrible to have someone holding a gun to your head, forcing you to read this site and this article.
Cos, ya'know.. otherwise.. if you disagree with the articles posted so much, one would think you'd either (1) skip that article completely or (2) stop visiting the site.
But, since you're apparently forced to read it, I guess that gives you a reason to bitch, cos.. you're... paying.... so much... for access to this content.... ??
Huh.
I was happy to see something like this posted here. Political subjects are rarely touched on the front page. If you think International Politics doesn't fall in to the category "stuff that matters," you're an idiot.
As part of TCG compliance, a TPM must be controlled by the user. The user must have the ability to turn it off, and compliant TPMs cannot have the ability to dictate what software can and cannot run.
I recommend reading the TCG FAQ, paying special attention to questions 29 and 30.
So you're saying someone patented the multiple authentication logon requirement?
You're crazy.
I personally own systems that I can set to require a passphrase, smart card and finger print in order to allow logon, system unlock, application launch for certain applications, file/folder encryption/decryption.
I certainly don't own that patent, and the company I work for consists of much more than patent lawyers sitting on ideas.
The FP reader in my laptop is heat-sensitive. It certainly has a greater variance than simply one degree plus or minus. However, if, for example, I am holding a cold bottle of water and put it down and place my finger on my FP reader, it will not accept the scan. If I rub my finger against my other hand to warm it up via friction and scan it again, my system will unlock.
This behaviour is consistent across many tests which eliminates the possibility that I am simply placing my finger off-center during the first scan attempt.
Can it still be beaten? Sure. I have yet to see much of anything that's unbeatable. But it definitely makes it harder.
Okay, let's say you buy a systemboard from Asus that has an 802.3 port on it. This 802.3 port, somehow or another, has been designed to transmit all your Ethernet activity back to the Asus mothership.
It's likely safe to say you wouldn't be happy about that. My question is: Do you boycott the IEEE for establishing the 802.3 standard or do you boycott Asus for implementing it in way you disagree with? Cos the former is what you're essentially doing. TCG is a SECURITY STANDARDS BODY. That's it. Nothing more. DRM is one possible use for a TPM, whether it's TCG compliant or not (which it certainly doesn't have to be to do what you seem to think TCG was established to do), much like writing a worm is one of a myriad ways you can use C++.
In fact, since we're now being completely unreasonable, while you're at it, why don't you boycott C++ and all other programming languages, and hell, digital technology in general since it could, at some point, be used in a way you disagree with? I mean, shit, if you disagree with flying planes in to buildings, you may as well boycott Boeing, too.
This has been a fun discussion, but I think I'm done now. Back to the US Open. Enjoy the rest of your weekend.
For most it will make much more sense to have passphrase protected private keys.
I completely agree with this statement. The level of security afforded via comprehensive use of a TCG compliant TPM is certainly not for everyone, and it may be more security than you need, which is fine. Sadly, people who do not need that level of security and don't understand what it is they're doing still use it, which can create more problems than anything else. My point is not that everyone should use this level of security. It is, rather, that TCG does not automatically mean "third party controlling your system and/or software" like most people seem to think. TCG is, again, essentially a standards body. You don't even need a TCG compliant TPM to enable hardware based DRM.
I think more people need to educate themselves on what this is before they automatically assume its evil, but that's, I'm sure, asking too much. TCG details security, nothing more. And TPMs, TCG compliant or not, are no more evil than ripping CDs. A given company's reason for using a TPM and their implementation of it may be evil, just like someone's reason for ripping CDs may be evil, like someone's reason for buying a gun may be evil. That doesn't make the technology evil, it makes that specific use of the technology evil.
As for my fingerprints, yeah, they're all over my laptop. Fortunately, my fingerprint reader isn't a piece of shit, so you're not going to beat it by simply taping a capture of my print on to your finger, or by carving it in to wax or imprinting it in to silly putty or a gummy bear, contrary to what seems to be a common misconception. Any decent fingerprint reader will protect against similar attacks.
Can you beat a fingerprint reader? Hell, maybe you can, and if you can, my hat is off to you. The only point I'm trying to make here is that TCG is not DRM, and there are many legitimate uses for a TPM, TCG compliant or not, that have nothing to do with keeping things _from_ the user. So if any anger or frustration is directed at the TCG, it's directed at the wrong place.
That being said, I'm going back to watching the US Open now. Enjoy your Sunday (or whatever day it is in your timezone) and go Phil!
Actually, I think you've been listening to a bit too much FUD. The only reason I know as much about TCG as I do is because I'm a data security specialist for a multinational technology company, and regularly teach classes on the use of TCG compliant TPMs for enhanced security of a user's data.
There is, for the user, no security you can obtain with a TPM that you cannot easily obtain in a multitude of other ways.
You should, then, become a consultant and take this uninformed opinion to the myriad of companies worldwide who are investing millions in TCG hardware to ensure corporate data on laptops is as secure as it can possibly be.
In fact, I have a TCG TPM on my laptop's systemboard that uses PKI to protect 1024bit AES keys used to encrypt my critical data, and even to protect snapshots of my fingerprint for biometric authentication. Think you could get your fingerpint snapshots on to my system? Yeah, if you're good enough. No firewall is bulletproof. Think you can get your fingerprint snapshots in to my TPM? You can't.
Interestingly, I can rip CDs on this laptop, I can play MP3s on this laptop... I still have to run a firewall and NAV to ensure I don't get viruses and, by gosh, I can even clear the chip in the BIOS! The only thing my TPM is protecting me from is data theft. Which, strangely enough, is exactly what it was designed to do!
Ripe for abuse?? Okay, I posted the following to anther person who seems to think that TCG and DRM are the same thing. It seems to work here as well:
If a company chooses to take a TPM and write code around it to make it serve that purpose, then it does, and by all means, boycott that company. But I say again, boycotting anything TCG is simply pointless.
You're essentially thinking the same way people who implement DRM are thinking, only in reverse: MP3s can be used for legal backups, but they can also be used to facilitate piracy. As such, we must find a way to eliminate the ripping of our CDs. That's seriously flawed, and I'm fairly certain you would agree.
A specific company's implementation of a TCG compliant TPM could be used to implement DRM on some level, therefore we must find a way to eliminate TCG compliant TPMs.
I'm sorry, that's just as stupid.
Now, you're not talking about music piracy, but hardware level security for authorized programs. This is still a specific implementation of a TCG compliant TPM, and if a company does decide to put that kind of an implementation on their systems, I would certainly stay away from it.
Here's the thing: There are tons of non-system control, non-take-control-of-your-music uses for TCG TPMs. Both IBM and HP use TCG TPMs on some systems and the implementation code for those TPMs is absolutely nothing like what you're describing.
So I say again: Saying TCG is a bad idea because someone could use a TCG compliant TPM for a purpose with which you disagree is absolutely idiotic.
but it all come down to control of your music your system
No, it doesn't.
If a company chooses to take a TPM and write code around it to make it serve that purpose, then it does, and by all means, boycott that company. But I say again, boycotting anything TCG is simply pointless.
You're essentially thinking the same way people who implement DRM are thinking, only in reverse: MP3s can be used for legal backups, but they can also be used to facilitate piracy. As such, we must find a way to eliminate the ripping of our CDs. That's seriously flawed, and I'm fairly certain you would agree.
A specific company's implementation of a TCG compliant TPM could be used to implement DRM on some level, therefore we must find a way to eliminate TCG compliant TPMs.
I also told them why.... I will not buy DRM..TCPA....Copy controlled disks...ect
TCPA is actually now TCG, Trusted Computing Group, and doesn't have anything to do with DRM. It's essentially a standards body that specifies compliance for hardware security modules, or TPMs (Trusted Platform Modules), which also don't have to have anything to do with DRM. For example, IBM makes desktop and laptop computers with TCG compliant TPMs on the systemboard which exist for the sole purpose of providing security for your data, not ensuring that you install only "trusted" software or don't violate this copyright or whatever, and cannot, in fact, be used for that function.
A refusal to buy anything TCPA (which is actually TCG) is pointless. You're boycotting the wrong thing.
It's nice that there's so much useful documentation on Linux out there. No matter what problem I'm having, the Linux community has documented just about everything incredibly well. And they never ask how helpful they were when they were no help at all. That's nice too.
I'm glad someone said this. It seems like there's a big misconception about Linux or OSS in general not being well-documented. I recently wanted to set up a radius server for EAP-TTLS. The amount of documentation on programs like FreeRadius is amazing. I found four different walkthroughs for configuring EAP-TTLS using FreeRadius/OpenSSL.
I don't have a monitor hooked up to the server, which is fantastic. I telnet in via OpenSSH, for which there is also tons of documentation. It's also a DHCP server, which I found incredibly easy to set up, thanks to extensive information online.
I admit to not being terribly proficient with Linux but I've used it to varying degrees since my first copy of Redhat 5.1, and virtually every time I've thought "Hmm, I wonder how I..." I pretty much just have to google (or even yahoo, back in the day) for it a bit and there's all the info I need.
Exactly. In Eddie Izzard's standup show "Dressed to Kill" he makes a very similar statement. Basically that the number of people you kill determines how society responds to you. Everything from killing one and going to jail, killing twenty and getting put in a mental institution, up to killing millions and we suddenly don't really know how to deal with death on that level. It goes from "You killed ten people! That's terrible!" to "You killed twenty million people? You must get up very early in the morning!"
It's a comedy show, so obviously it's not precise, but it's an interesting point.
Smiliar things happen when specific people die as well. For example, the football player cum soldier (Pat Tillman, I think is his name). Many United States residents have died in Afghanistan and Iraq. To most of us, they are anonymous people. We didn't know them. The only thing we know is that they died in battle, we feel bad for a bit and Newsweek publishes their names or a news program reads them. Many of them have done a great deal of noble things in their lives which we'll never hear about.
But someone with even a slight bit of name recognition dies and it's national news. It's covered by every major TV news outlet and Newsweek does a four page story. Why? Did he sacrifice more? No. Is his death more tragic? Certainly not. But the response is huge; it's a horrible, horrible tale of heroism ending in tragedy fit for a made-for-TV movie.
Meanwhile, a wonderful woman no less heroic but anonymous to everyone but her family and friends comes home draped with a flag and she's a statistic.
Slashdot Mirror
Star Wars Episode III: ROTS.
Yeah, that's likely pretty accurate.
My bitch doesn't have an attitude. I slapped that out of her long ago.
Thanks for the concern though!
Besides, I don't eat breakfast until after I've been at work for about an hour (I just can't get up that early), so I was just picking it up and carrying it to work anyway. Less expensive AND less in my laptop bag! Double bonus!
What a bunch of bastards. Great paper though.
That's too bad. You're missing a lot of good content.
Cos, ya'know.. otherwise.. if you disagree with the articles posted so much, one would think you'd either (1) skip that article completely or (2) stop visiting the site.
But, since you're apparently forced to read it, I guess that gives you a reason to bitch, cos.. you're ... paying.... so much... for access to this content.... ??
Huh.
I was happy to see something like this posted here. Political subjects are rarely touched on the front page. If you think International Politics doesn't fall in to the category "stuff that matters," you're an idiot.
Eh, both. What the hell, right?
As part of TCG compliance, a TPM must be controlled by the user. The user must have the ability to turn it off, and compliant TPMs cannot have the ability to dictate what software can and cannot run.
I recommend reading the TCG FAQ, paying special attention to questions 29 and 30.
Dude, you gotta learn to be more careful. Damn.
Bingo. The person who moded that troll is an idiot.
You'd like to think that!
You're crazy.
I personally own systems that I can set to require a passphrase, smart card and finger print in order to allow logon, system unlock, application launch for certain applications, file/folder encryption/decryption.
I certainly don't own that patent, and the company I work for consists of much more than patent lawyers sitting on ideas.
No it wouldn't.
The FP reader in my laptop is heat-sensitive. It certainly has a greater variance than simply one degree plus or minus. However, if, for example, I am holding a cold bottle of water and put it down and place my finger on my FP reader, it will not accept the scan. If I rub my finger against my other hand to warm it up via friction and scan it again, my system will unlock.
This behaviour is consistent across many tests which eliminates the possibility that I am simply placing my finger off-center during the first scan attempt.
Can it still be beaten? Sure. I have yet to see much of anything that's unbeatable. But it definitely makes it harder.
Okay, let's say you buy a systemboard from Asus that has an 802.3 port on it. This 802.3 port, somehow or another, has been designed to transmit all your Ethernet activity back to the Asus mothership.
It's likely safe to say you wouldn't be happy about that. My question is: Do you boycott the IEEE for establishing the 802.3 standard or do you boycott Asus for implementing it in way you disagree with? Cos the former is what you're essentially doing. TCG is a SECURITY STANDARDS BODY. That's it. Nothing more. DRM is one possible use for a TPM, whether it's TCG compliant or not (which it certainly doesn't have to be to do what you seem to think TCG was established to do), much like writing a worm is one of a myriad ways you can use C++.
In fact, since we're now being completely unreasonable, while you're at it, why don't you boycott C++ and all other programming languages, and hell, digital technology in general since it could, at some point, be used in a way you disagree with? I mean, shit, if you disagree with flying planes in to buildings, you may as well boycott Boeing, too.
This has been a fun discussion, but I think I'm done now. Back to the US Open. Enjoy the rest of your weekend.
Yes it is.
For most it will make much more sense to have passphrase protected private keys.
I completely agree with this statement. The level of security afforded via comprehensive use of a TCG compliant TPM is certainly not for everyone, and it may be more security than you need, which is fine. Sadly, people who do not need that level of security and don't understand what it is they're doing still use it, which can create more problems than anything else. My point is not that everyone should use this level of security. It is, rather, that TCG does not automatically mean "third party controlling your system and/or software" like most people seem to think. TCG is, again, essentially a standards body. You don't even need a TCG compliant TPM to enable hardware based DRM.
I think more people need to educate themselves on what this is before they automatically assume its evil, but that's, I'm sure, asking too much. TCG details security, nothing more. And TPMs, TCG compliant or not, are no more evil than ripping CDs. A given company's reason for using a TPM and their implementation of it may be evil, just like someone's reason for ripping CDs may be evil, like someone's reason for buying a gun may be evil. That doesn't make the technology evil, it makes that specific use of the technology evil.
As for my fingerprints, yeah, they're all over my laptop. Fortunately, my fingerprint reader isn't a piece of shit, so you're not going to beat it by simply taping a capture of my print on to your finger, or by carving it in to wax or imprinting it in to silly putty or a gummy bear, contrary to what seems to be a common misconception. Any decent fingerprint reader will protect against similar attacks.
Can you beat a fingerprint reader? Hell, maybe you can, and if you can, my hat is off to you. The only point I'm trying to make here is that TCG is not DRM, and there are many legitimate uses for a TPM, TCG compliant or not, that have nothing to do with keeping things _from_ the user. So if any anger or frustration is directed at the TCG, it's directed at the wrong place.
That being said, I'm going back to watching the US Open now. Enjoy your Sunday (or whatever day it is in your timezone) and go Phil!
There is, for the user, no security you can obtain with a TPM that you cannot easily obtain in a multitude of other ways.
You should, then, become a consultant and take this uninformed opinion to the myriad of companies worldwide who are investing millions in TCG hardware to ensure corporate data on laptops is as secure as it can possibly be.
In fact, I have a TCG TPM on my laptop's systemboard that uses PKI to protect 1024bit AES keys used to encrypt my critical data, and even to protect snapshots of my fingerprint for biometric authentication. Think you could get your fingerpint snapshots on to my system? Yeah, if you're good enough. No firewall is bulletproof. Think you can get your fingerprint snapshots in to my TPM? You can't.
Interestingly, I can rip CDs on this laptop, I can play MP3s on this laptop... I still have to run a firewall and NAV to ensure I don't get viruses and, by gosh, I can even clear the chip in the BIOS! The only thing my TPM is protecting me from is data theft. Which, strangely enough, is exactly what it was designed to do!
Shocking.
If a company chooses to take a TPM and write code around it to make it serve that purpose, then it does, and by all means, boycott that company. But I say again, boycotting anything TCG is simply pointless.
You're essentially thinking the same way people who implement DRM are thinking, only in reverse: MP3s can be used for legal backups, but they can also be used to facilitate piracy. As such, we must find a way to eliminate the ripping of our CDs. That's seriously flawed, and I'm fairly certain you would agree.
A specific company's implementation of a TCG compliant TPM could be used to implement DRM on some level, therefore we must find a way to eliminate TCG compliant TPMs.
I'm sorry, that's just as stupid.
Now, you're not talking about music piracy, but hardware level security for authorized programs. This is still a specific implementation of a TCG compliant TPM, and if a company does decide to put that kind of an implementation on their systems, I would certainly stay away from it.
Here's the thing: There are tons of non-system control, non-take-control-of-your-music uses for TCG TPMs. Both IBM and HP use TCG TPMs on some systems and the implementation code for those TPMs is absolutely nothing like what you're describing.
So I say again: Saying TCG is a bad idea because someone could use a TCG compliant TPM for a purpose with which you disagree is absolutely idiotic.
No, it doesn't.
If a company chooses to take a TPM and write code around it to make it serve that purpose, then it does, and by all means, boycott that company. But I say again, boycotting anything TCG is simply pointless.
You're essentially thinking the same way people who implement DRM are thinking, only in reverse: MP3s can be used for legal backups, but they can also be used to facilitate piracy. As such, we must find a way to eliminate the ripping of our CDs. That's seriously flawed, and I'm fairly certain you would agree.
A specific company's implementation of a TCG compliant TPM could be used to implement DRM on some level, therefore we must find a way to eliminate TCG compliant TPMs.
I'm sorry, that's just as stupid.
TCPA is actually now TCG, Trusted Computing Group, and doesn't have anything to do with DRM. It's essentially a standards body that specifies compliance for hardware security modules, or TPMs (Trusted Platform Modules), which also don't have to have anything to do with DRM. For example, IBM makes desktop and laptop computers with TCG compliant TPMs on the systemboard which exist for the sole purpose of providing security for your data, not ensuring that you install only "trusted" software or don't violate this copyright or whatever, and cannot, in fact, be used for that function.
A refusal to buy anything TCPA (which is actually TCG) is pointless. You're boycotting the wrong thing.
Would that provide case law that could be used against the gun industry or other industries?
Software doesn't pirate games... People do.
I'm glad someone said this. It seems like there's a big misconception about Linux or OSS in general not being well-documented. I recently wanted to set up a radius server for EAP-TTLS. The amount of documentation on programs like FreeRadius is amazing. I found four different walkthroughs for configuring EAP-TTLS using FreeRadius/OpenSSL.
I don't have a monitor hooked up to the server, which is fantastic. I telnet in via OpenSSH, for which there is also tons of documentation. It's also a DHCP server, which I found incredibly easy to set up, thanks to extensive information online.
I admit to not being terribly proficient with Linux but I've used it to varying degrees since my first copy of Redhat 5.1, and virtually every time I've thought "Hmm, I wonder how I..." I pretty much just have to google (or even yahoo, back in the day) for it a bit and there's all the info I need.
Buffalo Spammer gonna get jailed tonight, get jailed tonight, get jailed tonight!
Buffalo Spammer gonna get jailed tonight, ha ha, go to hell!
Thank you, I'm here all week.
Even the Semantic Web is no match for the power of the slashdot!
It's a comedy show, so obviously it's not precise, but it's an interesting point.
Smiliar things happen when specific people die as well. For example, the football player cum soldier (Pat Tillman, I think is his name). Many United States residents have died in Afghanistan and Iraq. To most of us, they are anonymous people. We didn't know them. The only thing we know is that they died in battle, we feel bad for a bit and Newsweek publishes their names or a news program reads them. Many of them have done a great deal of noble things in their lives which we'll never hear about.
But someone with even a slight bit of name recognition dies and it's national news. It's covered by every major TV news outlet and Newsweek does a four page story. Why? Did he sacrifice more? No. Is his death more tragic? Certainly not. But the response is huge; it's a horrible, horrible tale of heroism ending in tragedy fit for a made-for-TV movie.
Meanwhile, a wonderful woman no less heroic but anonymous to everyone but her family and friends comes home draped with a flag and she's a statistic.