(C) They are stooges for Microsoft, who is using TCPA as a lever to push for the illegality of Linux, their deadliest competitor.
TCPA will be at best a distraction of open-source programming effort that could go towards something useful. At worse, open source OSes will, because an end-user can theoretically remove any DRM features, be classified as tools of unamerican hackers/terrorists, and be criminalized.
IMHO, GPL sofware would be FAR more attractive and accepted if the viral license didn't apply to library calls in the least.
IMHO, you'd be far more attractive and accepted if you gave me all your money.
What? That might ruin your plans for the whole rest of your existence? What a coincidence, because that's what'd happen to the GPL if you made libraries ineligible.
If programmers WANTED their code to be callable as a library from closed source, they have the LGPL.
Stick to C and the headers probably only contain facts which aren't copyrightable.
Wrong, doubly wrong. 1) Some facts are copyrightable- some ideas are too. A header file is only facts, but a whole CPP program file also only contains facts. Why, even the Harry Potter Vs the blood Prince and the Spiderman2 movie are 100% factual.
(Not ALL facts and ideas are copyrightable, but many people overinterpret that statement and decide that no ideas can be copyrighted, which is silly)
2) Anything you can do with C++ templates, I can do (more awkwardly) with C macros, including inject lots of executable code into the finished binary.
If they wrote their own headers that "just happened" to describe the interface
And if I "just happen" to invent a web-throwing superhero named Spiderman, I'm not infringing on Marvel's copyrights. What you're asking for is a thermodynamic miracle.
However I believe thay are totally impossible, for variety of reasons.
If you believe they're impossible, then you must also believe that Trusted Computing will never become an effective obstacle to widespred copyright infringement. But if that's true, then why are the content-publishing companies pushing for something that will never actually work?
Using DRM is purely counterproductive. It does absolutely nothing against P2P, and actually drives more people to resort to P2P.
Correction: DRM stops being counterproductive in the long run, because after all available PCs come with Trusted Computing and DRM, it will be impossible to run a P2p application. The only programs you can execute are those with a stamp of approval from a "Copyright noncircumvention" authority funded by the RIAA and other content providers.
But that's not what's happening. If I use a GPLed library in an application, unmodified, then in what way am I denying people access to the code of that library by not GPLing the rest of the application?
You aren't. But you are denying them access to the code of your own application, which is something you promised to supply at the time you used GPL code in your project. (If you didn't intend to make that promise, then you were simply breaking copyright law)
The fact that a lot of code is licensed GPLv2 ONLY and not v2 or later?
That's backwards. The facts you cited are reasons why it will take a long time for a new version of the GPL to be substantially adopted, and thus they are encouragement for the FSF to hurry up and get it out there. They don't do anything to explain why they haven't even published a draft GPLv3 yet.
Anybody who's taken contract law can tell you that,
That apparently doesn't include you. Do you remember the example the lectern gives about the man coming into a restaurant and asking for food, and how that consitutes agreement to a contract? Go back to your textbook if you can't remember.
Read the box. All of the box. Yes, even the smaller print.
I shall respond with plagiarism: "Your stating of something (an offer), does not constitute a contract. It never will. You can "say" anything you want, but unless I accept the offer, there is _absolutely_ nothing to be said for it."
Read the part where you have to agree to the EULA and Terms of Use.
That little text is illegal. I won't go into details, but it constitutes a breach of inalienable rights, and thus would be illegal even if part of a signed contract. Language like that is just unenforcable anywhere- you can't bindingly agree to something you haven't seen yet.
Note that an MMORPG is irrelevant to that, because as I described, you are contracting for use of their servers, not the client software (which you can keep and execute even if Blizzard terminates your account for nonpayment or wrongdoing)
Several states have tested EULAs, and by the by they are good contracts.
That's a lie. "Several" means, technically, between 5 and 8, and there have been fewer than 5. And the most prominent of those weren't testing EULAs in general at all, but rather similar concepts with much more inherent enforcability than typical Shrinkwrap and Clickwrap licensing. (The Blizzard case doesn't count, because it's not about EULAs. A Terms of Service is quite different from, and much more valid than, an EULA- even if the TOS was mislabeled as an EULA)
Blatently stolen from the article (emphasis mine - sorry for so many bold areas):
So yet again, I'm right, as the text you first linked and now pasted keeps on confirming. You can stop repeating it now... I really don't need the help. On the other hand, that text does contain "True shrink wrap EULAS have been tested in all jurisdictions", which is a 100% lie (ProCD was in one limited and non-conclusive jurisdiction!!). But in other parts, it tells the truth.
And please don't throw ProCD back at me, I've read the whole ruling, and it's ludicrous (well, not the dissenting opinion of course). The Supreme Court would obliterate that in an afternoon.
In other words, EULAs are fine as long as they are standard EULAs.
That's not how law works. If that concept worked, then the Constitutional prohibition against unusual punishment would be meaningless... because if you do a lot of any punishment, it automatically becomes usual!
Similarly, the very first EULA was invalid because there was no reasonable common knowledge about what they might entail. Lawyers at that time who read them over knew this, and informed their clients. So by a process of induction, no EULAs are valid, because they all started from an environment where they were obviously nonbinding.
The reason is that if the EULA was not enforced at all, then you wouldn't actually be buying a license to the software, but rather the software itself.
Wrong wrong wrong. First off, there is no such thing as "Buying software". The phrase is semantically meaningless, except as an abbreviation as either "Buying a copy of software" or "Buying a copyright to software". In computer stores, it's possible to buy copies of software, just like music stores will sell you copies of songs. It's also possible to purchase the copyright to software or a song, but that's expensive and requires direct negotation with the current owner. Obviously, when most people talk about buying software, they really mean buying a copy of software.
You would have free reign to do whatever you liked (including installing on as many computers as you liked and passing out copies for Halloween).
That would only be possible if someone had bought the copyright to software, which almost never happens. In reality, people buy a copy of software, which enables them to keep that copy, look at it, and even make other copies, but only subject to Fair Use restrictions. (Fair Use includes the right to make whatever copies are required to use the software in the most normal way, which typically means installing on the hard drive and then loading into RAM)
When you buy a copy of a song on a music CD, there is no EULA attached. Yet it's still illegal to pass it out on Halloween (or upload it to Napster). That's just the default protection enjoyed by every copyrighted work, including software. Some elements of the software industry try to obscure this fact, and pretend that the EULA is the only thing that keeps blatant mass duplication from being completely legal. That's just a trick to get judges to approve EULA validity.
You can "say" anything you want, but unless I accept the offer, there is _absolutely_ nothing to be said for it.
Shrinkwrap can "say" anything it wants, but unless I accept the offer, there is _absolutely_ nothing to be said for it.
And tearing open the box does no more to constitute acceptance than does striding away down the sidewalk. Both activities are things you probably wanted to do anyway, and both are things which I (or the software publisher) have no legal way to forbid you from doing. The sidewalk is public property- I can't stop you from going there. And the the box, after all, is your physical property that you've already paid for- the publisher cannot stop you from destroying it, nor stipulate that destroying it binds you to some contract that you've never read nor signed.
Only Congress can, and the Constitution expressly prohibits Congress (or any agency it creates)
Lucky for us that the Congress isn't dominated by the same political party as the President who hired that Attorney General, one that's already evidenced distaste for quaint aspects of the Bill of Rights. Why, that situation would be horrible to imagine!
No, but it has to be overt. It can't be implicit. A contract which is only accepted implicitly isn't binding.
Correct, and fine. As you've already ignored, any action which would've been a felony without having recieved permission in the contract is an overt acceptance. Unlike invalid "implicit acceptances", a person can offer no other excuse for having performed those actions except as assenting to the contract.
Software distributed under the Gnu license, however, is advertised as "free.
False. It is advertised as "Free". (If you can't tell the difference, then ponder whether Photoshop can run on windows or Windows)
Heck, even the name of the controlling authority, the Free Software Foundation, contains the word "free."
Just because a copyright holder is publishing their works for a $0.00 charge (making it "free"), doesn't destroy their right to authorize each and every reproduction of the software. Many people ignore this, but it is technically illegal to redistribute commercial game demos, security updates from Microsoft, and so forth. Why, I can turn on my television and watch "The Simpsons" for free, but I don't get the right to redistribute copies.
Or, do you also believe that a free ticket to a movie entitles you to videotape it an upload to the internet?
sign that reads "FREE GAS." You go, you pump, you start to drive away, and then the attendant comes out and demands you pay him $1.69 a gallon.
Have you ever run a GPLed program? Do you know what they print on startup?
Copyright 2004. This is free software, covered by the General Public License, and you are welcome to change it and distribute copies under certain conditions. Click Help->License for details.
The solution to this is that I have to get your public key from you and tell my hardware that stuff signed by it is ok.
Wrong. I also need to tell my applications it's OK too. And I can't do that, because the apps refuse to run except in the pristine x.org environment. (Maybe they'll run, but they won't display any media or even web pages because of DRM)
Even if I hadn't read the specs, there are only two possibilities: 1) Either TCPA will prevent me from writing a modified display driver that can run normal programs, including viewers for DRM media like web pages. 2) Or TCPA is useless, and the Entertainment Technology industry wouldn't be trying to push it on is.
Since option 2 is self-evidently false, option 1 must be true.
What ISP in their right mind wants to force users to use IE
What ISP in their right mind wants to limit the range of software users can run, to reduce the cost of support requests? (A: nearly all of them)
More generally, what PC hardware vendor wants to limit the range of software users can execute? (A: all of them that offer complementary phone support)
The scary part of this is the remote attestation piece.
Yes, that's the scary part. It's also the only part that really matters, and the only reason the entertainment/technology industries are pushing Trusted Computing. If there was no remote attestation, the TC concept wouldn't even exist.
The scary part of this is the remote attestation piece.
The scary parts of atomic bombs are the blast and radiation. The rest isn't dangerous at all!
Good God man, actually take some time and learn about this stuff before you spout uninformed drivel everywhere.
Yes, I am presenting the worst-case scenario. I do this to stir the technology and entertainment consumers around the world to resist what otherwise could be an enticing change:
"Buy a hot new RIAA-subsized multimedia PC for just $299, and then get 66% off all music downloads for the next two years! Just ask for the TCPA-DRM special model!"
Only a combination of consumer antipathy and international fear of Microsoft's global dominance gives us a chance to avoid that fate. (And personally, I have a lot more faith in the paranoia of the Chinese government than in the strong principles of American consumers)
This does not impact your rights in anyway (unless you believe you have a right to control how someone else configures their software).
I believe I have the right, codified in law, to make small exerpts of copyrighted works for critical purposes. TCPA desires to specifically remove that ability from me.
Security that is solely-based on software is far easier to compromise than hardware-based
Wrong. Computer security is computer security, whether or not it's implemented in hardware or software. In both cases, you need a smart computer engineer and cryptologist to do the work.
Hardware implementations have the (small) advantage that hardware is more expensive to build, so the vendors will exercise a little more care before making a release.
Software has multiple advantages: it's design has fewer constraints from real-world physics, it's easier/quicker to study in an artificial environment for automated testing, and by far the most important, it can be replaced worldwide in a matter of hours if a security flaw is discovered.
Conversely, hardware that's found to be flawed can only be replaced expensively and after at least months of effort. (In fact, the best way to "patch" a hardware flaw is with a software fix, meaning you're back to relying on software security)
So weighing the advantages against each other, software comes out as the better place to build-in security. Either way, a mistake by the designing engineer puts you at risk, but with only one of them can the risk be affordably fixed.
The tenacity of your attempts to replace logic with rhetoric would be impressive if it wasn't so braindead.
Thinking back 2 years or so, I vaguely remember SiliconEntity pasting in the same kinds of screeds to Slashdot comments on the original introduction of TCPA. (Notice the knee-jerk mini-contradictions to conventional TCPA-wisdim) It really appears she has some personal stake in the success... wish we knew what it was! Alas, her comments/info don't reveal anything.
The P2P app will only connect with a trusted copy of the same application.
Wrong. It will only connect to other applications approved by the same people who signed your own app. That means either a commercial software publisher, or a 3rd party Verisign-style corporation. (Yes, there will be amateur open-source hobbists releasing and signing their own software, but no representative of the RIAA will install it)
So the question becomes: Does the RIAA have the legal and financial firepower to convince the signing authority to produce signatures for some modified version of the P2p app, and without notifying you?
I really think they do.
We can "trust" the bad-guys' computers to do our will.
Why exactly would a "bad-guy" knowingly and willingly execute software that does your will? Concievably he might do so if there was no other choice, but it's difficult to imagine how that could happen. Only if a group more legally and financially powerful forced it onto them. (So maybe the federal government will write a P2P app that both music publishers and listeners will enjoy? Hmm...)
I can "trust" that MY software running on the RIAA's computer is similarly my original code
No you can't. The RIAA has the money and contracts to give orders to the people holding the keys with which the software was signed. You don't have that level of influence yourself.
I might want only a limited set of applications accessing a certian storage area.
You can accomplish all those things in a 100% software implementation of priviledge separation. No special TCPA hardware is needed.
However, if you did have the special hardware, you would still need modified TCPA-aware applications and OS to make it work.
So let's consider the two paths towards reaching your goal: A) A modified OS that restricts which of your applications are allowed to access which parts of your file system. B) A completely new PC and peripherals that have more expensive TCPA-compliant hardware, plus everything already listed in (A)
Hopefully, you can see that the cost (in both money and complexity, which translates to opportunity for errors) of A+B is higher than the cost for A alone.
The only thing TCPA's hardware modules do that couldn't be accomplished with pure software is make reverse engineering prohibitively expensive. It's designed solely to prevent you from knowing how to fully control your own PC.
Re:Finally ready for the main stream
on
TCPA Support in Linux
·
· Score: 2, Informative
You can also use TCPA to turn your Linux box into a hardware-reinforced installation of your choice.
If you have the technical brainpower to use TCPA + Linux to build yourself a secure hardware platform, you could also more easily build an equally secure all-software Linux platform.
The only advantage the TCPA gets from using hardware is it's a big barrier-to-entry for reverse engineers with physical access to the machine: they can't just load it up into an emulator/debugger, they also have to dissect the CPU under an electron microscope.
TCPA, at its core, is a way for you to prove to remote companies that you haven't modified the behavior of your own computer. It accomplishes this with a combination of cryptography and tamper-resistant chips.
Slashdot Mirror
There's also:
(C) They are stooges for Microsoft, who is using TCPA as a lever to push for the illegality of Linux, their deadliest competitor.
TCPA will be at best a distraction of open-source programming effort that could go towards something useful. At worse, open source OSes will, because an end-user can theoretically remove any DRM features, be classified as tools of unamerican hackers/terrorists, and be criminalized.
IMHO, GPL sofware would be FAR more attractive and accepted if the viral license didn't apply to library calls in the least.
IMHO, you'd be far more attractive and accepted if you gave me all your money.
What? That might ruin your plans for the whole rest of your existence? What a coincidence, because that's what'd happen to the GPL if you made libraries ineligible.
If programmers WANTED their code to be callable as a library from closed source, they have the LGPL.
Stick to C and the headers probably only contain facts which aren't copyrightable.
Wrong, doubly wrong.
1) Some facts are copyrightable- some ideas are too. A header file is only facts, but a whole CPP program file also only contains facts. Why, even the Harry Potter Vs the blood Prince and the Spiderman2 movie are 100% factual.
(Not ALL facts and ideas are copyrightable, but many people overinterpret that statement and decide that no ideas can be copyrighted, which is silly)
2) Anything you can do with C++ templates, I can do (more awkwardly) with C macros, including inject lots of executable code into the finished binary.
If they wrote their own headers that "just happened" to describe the interface
And if I "just happen" to invent a web-throwing superhero named Spiderman, I'm not infringing on Marvel's copyrights. What you're asking for is a thermodynamic miracle.
However I believe thay are totally impossible, for variety of reasons.
If you believe they're impossible, then you must also believe that Trusted Computing will never become an effective obstacle to widespred copyright infringement. But if that's true, then why are the content-publishing companies pushing for something that will never actually work?
Using DRM is purely counterproductive. It does absolutely nothing against P2P, and actually drives more people to resort to P2P.
Correction: DRM stops being counterproductive in the long run, because after all available PCs come with Trusted Computing and DRM, it will be impossible to run a P2p application. The only programs you can execute are those with a stamp of approval from a "Copyright noncircumvention" authority funded by the RIAA and other content providers.
But that's not what's happening. If I use a GPLed library in an application, unmodified, then in what way am I denying people access to the code of that library by not GPLing the rest of the application?
You aren't. But you are denying them access to the code of your own application, which is something you promised to supply at the time you used GPL code in your project. (If you didn't intend to make that promise, then you were simply breaking copyright law)
The fact that a lot of code is licensed GPLv2 ONLY and not v2 or later?
That's backwards. The facts you cited are reasons why it will take a long time for a new version of the GPL to be substantially adopted, and thus they are encouragement for the FSF to hurry up and get it out there. They don't do anything to explain why they haven't even published a draft GPLv3 yet.
Anybody who's taken contract law can tell you that,
That apparently doesn't include you. Do you remember the example the lectern gives about the man coming into a restaurant and asking for food, and how that consitutes agreement to a contract? Go back to your textbook if you can't remember.
it seems that I'm reading about some inane aspect of a search engine that I will never use. I
Hey, Amazon just released a cool new feature to their A9 search engine! I can see my house from here. I bet you'll like it.
Read the box.
All of the box.
Yes, even the smaller print.
I shall respond with plagiarism: "Your stating of something (an offer), does not constitute a contract. It never will. You can "say" anything you want, but unless I accept the offer, there is _absolutely_ nothing to be said for it."
Read the part where you have to agree to the EULA and Terms of Use.
That little text is illegal. I won't go into details, but it constitutes a breach of inalienable rights, and thus would be illegal even if part of a signed contract. Language like that is just unenforcable anywhere- you can't bindingly agree to something you haven't seen yet.
Note that an MMORPG is irrelevant to that, because as I described, you are contracting for use of their servers, not the client software (which you can keep and execute even if Blizzard terminates your account for nonpayment or wrongdoing)
Several states have tested EULAs, and by the by they are good contracts.
That's a lie. "Several" means, technically, between 5 and 8, and there have been fewer than 5. And the most prominent of those weren't testing EULAs in general at all, but rather similar concepts with much more inherent enforcability than typical Shrinkwrap and Clickwrap licensing. (The Blizzard case doesn't count, because it's not about EULAs. A Terms of Service is quite different from, and much more valid than, an EULA- even if the TOS was mislabeled as an EULA)
Blatently stolen from the article (emphasis mine - sorry for so many bold areas):
So yet again, I'm right, as the text you first linked and now pasted keeps on confirming. You can stop repeating it now... I really don't need the help. On the other hand, that text does contain "True shrink wrap EULAS have been tested in all jurisdictions", which is a 100% lie (ProCD was in one limited and non-conclusive jurisdiction!!). But in other parts, it tells the truth.
And please don't throw ProCD back at me, I've read the whole ruling, and it's ludicrous (well, not the dissenting opinion of course). The Supreme Court would obliterate that in an afternoon.
In other words, EULAs are fine as long as they are standard EULAs.
That's not how law works. If that concept worked, then the Constitutional prohibition against unusual punishment would be meaningless... because if you do a lot of any punishment, it automatically becomes usual!
Similarly, the very first EULA was invalid because there was no reasonable common knowledge about what they might entail. Lawyers at that time who read them over knew this, and informed their clients. So by a process of induction, no EULAs are valid, because they all started from an environment where they were obviously nonbinding.
The reason is that if the EULA was not enforced at all, then you wouldn't actually be buying a license to the software, but rather the software itself.
Wrong wrong wrong. First off, there is no such thing as "Buying software". The phrase is semantically meaningless, except as an abbreviation as either "Buying a copy of software" or "Buying a copyright to software". In computer stores, it's possible to buy copies of software, just like music stores will sell you copies of songs. It's also possible to purchase the copyright to software or a song, but that's expensive and requires direct negotation with the current owner. Obviously, when most people talk about buying software, they really mean buying a copy of software.
You would have free reign to do whatever you liked (including installing on as many computers as you liked and passing out copies for Halloween).
That would only be possible if someone had bought the copyright to software, which almost never happens. In reality, people buy a copy of software, which enables them to keep that copy, look at it, and even make other copies, but only subject to Fair Use restrictions. (Fair Use includes the right to make whatever copies are required to use the software in the most normal way, which typically means installing on the hard drive and then loading into RAM)
When you buy a copy of a song on a music CD, there is no EULA attached. Yet it's still illegal to pass it out on Halloween (or upload it to Napster). That's just the default protection enjoyed by every copyrighted work, including software. Some elements of the software industry try to obscure this fact, and pretend that the EULA is the only thing that keeps blatant mass duplication from being completely legal. That's just a trick to get judges to approve EULA validity.
You can "say" anything you want, but unless I accept the offer, there is _absolutely_ nothing to be said for it.
Shrinkwrap can "say" anything it wants, but unless I accept the offer, there is _absolutely_ nothing to be said for it.
And tearing open the box does no more to constitute acceptance than does striding away down the sidewalk. Both activities are things you probably wanted to do anyway, and both are things which I (or the software publisher) have no legal way to forbid you from doing. The sidewalk is public property- I can't stop you from going there. And the the box, after all, is your physical property that you've already paid for- the publisher cannot stop you from destroying it, nor stipulate that destroying it binds you to some contract that you've never read nor signed.
the person paying for th
Only Congress can, and the Constitution expressly prohibits Congress (or any agency it creates)
Lucky for us that the Congress isn't dominated by the same political party as the President who hired that Attorney General, one that's already evidenced distaste for quaint aspects of the Bill of Rights. Why, that situation would be horrible to imagine!
Correct, and fine. As you've already ignored, any action which would've been a felony without having recieved permission in the contract is an overt acceptance. Unlike invalid "implicit acceptances", a person can offer no other excuse for having performed those actions except as assenting to the contract.
Software distributed under the Gnu license, however, is advertised as "free.
False. It is advertised as "Free". (If you can't tell the difference, then ponder whether Photoshop can run on windows or Windows)
Heck, even the name of the controlling authority, the Free Software Foundation, contains the word "free."
Just because a copyright holder is publishing their works for a $0.00 charge (making it "free"), doesn't destroy their right to authorize each and every reproduction of the software. Many people ignore this, but it is technically illegal to redistribute commercial game demos, security updates from Microsoft, and so forth. Why, I can turn on my television and watch "The Simpsons" for free, but I don't get the right to redistribute copies.
Or, do you also believe that a free ticket to a movie entitles you to videotape it an upload to the internet?
sign that reads "FREE GAS." You go, you pump, you start to drive away, and then the attendant comes out and demands you pay him $1.69 a gallon.
Have you ever run a GPLed program? Do you know what they print on startup?
The solution to this is that I have to get your public key from you and tell my hardware that stuff signed by it is ok.
Wrong. I also need to tell my applications it's OK too. And I can't do that, because the apps refuse to run except in the pristine x.org environment. (Maybe they'll run, but they won't display any media or even web pages because of DRM)
Even if I hadn't read the specs, there are only two possibilities:
1) Either TCPA will prevent me from writing a modified display driver that can run normal programs, including viewers for DRM media like web pages.
2) Or TCPA is useless, and the Entertainment Technology industry wouldn't be trying to push it on is.
Since option 2 is self-evidently false, option 1 must be true.
Don't ask me why, I barely could bring myself to answering this one, OK?
Next time you start to post something, think back to that feeling and really focus on it... and then maybe you'll stop typing.
What ISP in their right mind wants to force users to use IE
What ISP in their right mind wants to limit the range of software users can run, to reduce the cost of support requests? (A: nearly all of them)
More generally, what PC hardware vendor wants to limit the range of software users can execute? (A: all of them that offer complementary phone support)
Yes, that's the scary part. It's also the only part that really matters, and the only reason the entertainment/technology industries are pushing Trusted Computing. If there was no remote attestation, the TC concept wouldn't even exist.
The scary part of this is the remote attestation piece.
The scary parts of atomic bombs are the blast and radiation. The rest isn't dangerous at all!
Good God man, actually take some time and learn about this stuff before you spout uninformed drivel everywhere.
Yes, I am presenting the worst-case scenario. I do this to stir the technology and entertainment consumers around the world to resist what otherwise could be an enticing change:
Only a combination of consumer antipathy and international fear of Microsoft's global dominance gives us a chance to avoid that fate. (And personally, I have a lot more faith in the paranoia of the Chinese government than in the strong principles of American consumers)
This does not impact your rights in anyway (unless you believe you have a right to control how someone else configures their software).
I believe I have the right, codified in law, to make small exerpts of copyrighted works for critical purposes. TCPA desires to specifically remove that ability from me.
Security that is solely-based on software is far easier to compromise than hardware-based
Wrong. Computer security is computer security, whether or not it's implemented in hardware or software. In both cases, you need a smart computer engineer and cryptologist to do the work.
Hardware implementations have the (small) advantage that hardware is more expensive to build, so the vendors will exercise a little more care before making a release.
Software has multiple advantages: it's design has fewer constraints from real-world physics, it's easier/quicker to study in an artificial environment for automated testing, and by far the most important, it can be replaced worldwide in a matter of hours if a security flaw is discovered.
Conversely, hardware that's found to be flawed can only be replaced expensively and after at least months of effort. (In fact, the best way to "patch" a hardware flaw is with a software fix, meaning you're back to relying on software security)
So weighing the advantages against each other, software comes out as the better place to build-in security. Either way, a mistake by the designing engineer puts you at risk, but with only one of them can the risk be affordably fixed.
The tenacity of your attempts to replace logic with rhetoric would be impressive if it wasn't so braindead.
Thinking back 2 years or so, I vaguely remember SiliconEntity pasting in the same kinds of screeds to Slashdot comments on the original introduction of TCPA. (Notice the knee-jerk mini-contradictions to conventional TCPA-wisdim) It really appears she has some personal stake in the success... wish we knew what it was! Alas, her comments/info don't reveal anything.
The P2P app will only connect with a trusted copy of the same application.
Wrong. It will only connect to other applications approved by the same people who signed your own app. That means either a commercial software publisher, or a 3rd party Verisign-style corporation. (Yes, there will be amateur open-source hobbists releasing and signing their own software, but no representative of the RIAA will install it)
So the question becomes: Does the RIAA have the legal and financial firepower to convince the signing authority to produce signatures for some modified version of the P2p app, and without notifying you?
I really think they do.
We can "trust" the bad-guys' computers to do our will.
Why exactly would a "bad-guy" knowingly and willingly execute software that does your will? Concievably he might do so if there was no other choice, but it's difficult to imagine how that could happen. Only if a group more legally and financially powerful forced it onto them. (So maybe the federal government will write a P2P app that both music publishers and listeners will enjoy? Hmm...)
I can "trust" that MY software running on the RIAA's computer is similarly my original code
No you can't. The RIAA has the money and contracts to give orders to the people holding the keys with which the software was signed. You don't have that level of influence yourself.
I might want only a limited set of applications accessing a certian storage area.
You can accomplish all those things in a 100% software implementation of priviledge separation. No special TCPA hardware is needed.
However, if you did have the special hardware, you would still need modified TCPA-aware applications and OS to make it work.
So let's consider the two paths towards reaching your goal:
A) A modified OS that restricts which of your applications are allowed to access which parts of your file system.
B) A completely new PC and peripherals that have more expensive TCPA-compliant hardware, plus everything already listed in (A)
Hopefully, you can see that the cost (in both money and complexity, which translates to opportunity for errors) of A+B is higher than the cost for A alone.
The only thing TCPA's hardware modules do that couldn't be accomplished with pure software is make reverse engineering prohibitively expensive. It's designed solely to prevent you from knowing how to fully control your own PC.
You can also use TCPA to turn your Linux box into a hardware-reinforced installation of your choice.
If you have the technical brainpower to use TCPA + Linux to build yourself a secure hardware platform, you could also more easily build an equally secure all-software Linux platform.
The only advantage the TCPA gets from using hardware is it's a big barrier-to-entry for reverse engineers with physical access to the machine: they can't just load it up into an emulator/debugger, they also have to dissect the CPU under an electron microscope.
TCPA, at its core, is a way for you to prove to remote companies that you haven't modified the behavior of your own computer. It accomplishes this with a combination of cryptography and tamper-resistant chips.