No, I have no ulterior motive. I do research, pure and simple, and don't have a horse in this race other than seeing what kinds of things this technology enables. And it does enable many things other than DRM. I know it seems to many people that the technology is all about DRM, but it really isn't. It can make a very tight DRM system, that's true - and if you don't like DRM you won't like that. But as I've said before, if you don't like DRM, don't use systems that have DRM - don't blame the technology that's enabling it, but which also has other uses.
As for thinking about other uses of trusted computing, you have to think about where it comes from and what it's really designed to do (and it's not DRM). Just think about the name for that matter: "Trusted Computing". Where has that kind of name been used before? In highly secure operating systems - the kind that the military uses are generically called "trusted systems" or "trusted operating systems". The Department of Defense standards for secure systems for many years was the TCSEC - Trusted Computing System Evaluation Criteria (known more commonly as the Orange Book). This dates back to the early 80's (with ideas from the late 70's) - long before DRM was even dreamed of. One of the key properties of these systems, that isn't in more standard operating systems, was the use of mandatory access controls - a security policy determined what was allowed and not allowed according to the owner of the system. So a user cannot take a "top secret" file and make it world readable, including to users that only have secret level clearance. This is enforcable if all your computing is taking place on a mainframe locked in a room somewhere, and people connect over dumb terminals. However, when we move to modern systems in a distributed environment, the data is processed outside of your managed secure enclave, and on a standard PC you have no way of control over what happens to it then. What if a user on a PC works with top secret data, but is running inside a VM? So they can copy the data over to someone with only secret clearance by, for example, taking a memory dump. The only way you can sensibly enforce security policies in a distributed environment is if you can trust the software environment on the other side of your network connection, and the only way to do that is to have hardware that allows you to do that - thus TPMs and remote attestation.
Incidentally, this past summer the Army said that all PC-class purchases by the Army had to include trusted computing hardware. You don't suppose they have something like this in mind, rather than keeping people from violating copyright, do you?
So, yes, you can also use this to make a very secure DRM system. You don't like DRM. I get that. But there are a huge number of other uses for the technology that are actually very useful.
Incidentally, the security policy that's enforced doesn't have to be centrally defined, as it would be in a military setting. It can be based on agreements between users - peer-to-peer security policies. This could keep the RIAA *out* of pulling some of the tricks that they do with P2P networks (disrupting with fake clients and the like). I imagine you'd think that's a pretty good thing, don't you?
Well, I don't agree with your position. I don't like DRM, and hence don't have any content that is DRM-protected (unless you count DVDs with CSS). I have that choice, and nothing about trusted computing is going to change that.
I also think it's simply off the deep end to say that "remote attestation is inherently evil". Being able to trust the configuration and software on another machine on the network is an incredibly useful thing. It might have some bad uses, but so does a lot of technology. I just get amazed when the same group of people who complain about judgements against Kazaa and P2P networks say "don't blame the technology for how some people use it" then turn around and say that the technology in TC is evil.
As for trust, I have 3 different systems that have TC hardware in them (a laptop and 2 desktop/server machines). Despite what you say, it does "allow the owner [me] to trust his [my] own property". Absolutely nothing in trusted computing means that my computer will disobey me - on the contrary, I am quite confident that these systems will do exactly what I ask them to do, and nothing more. And none of the things I'm interested in using trusted computing for require me to trust Microsoft or the RIAA or any other evil boogeyman. But I am interested in remote attestation.
So anyway, to wrap all this up, I think you're more than a little paranoid, and have delusions that the computing world is headed toward some centrally controlled and non-free destiny. I think that's silly, and nothing in what is happening now or in history leads me to believe that your worst-case scenario is even remotely likely. And so there you have our basic difference of opinion.
So, Microsoft does not claim that a purpose of "Trusted Computing" is to remove the user's control of his machine.
"Trusted Computing" cannot remove the user's control of his machine. It can remove control over some specific software if you choose to run that software, but the choice of whether or not to run the software is up to you. You don't have to run Windows at all if you don't want to, and all the "Trusted Computing" hardware in the world can't take that choice away from you - your machine will still work just as well using Linux as it does now.
Potentially, Microsoft COULD put code in Windows that would disable playing any media files except through their approved player (Windows Media Player, for example). That wouldn't be terribly hard to do - even without TC hardware they could make it require horrendous hacks in order to get any other player to run, and yet they don't do that. Why? Two reasons: first, they'd alienate a whole lot of people if the did so - bad business move. Second, the anti-trust people would be back down their throats in a second. So I don't think that's going to change, TC hardware or not. People will still be able to use WinAmp (or whatever it is people use these days - I don't use Windows, so I don't know...).
As for the OwnerOverride "feature": As much as I like the EFF on some things, their report on Trusted Computing really missed the mark. This "feature" is simply ridiculous - the whole point of attestation is to convince a remote entity of something. If you allow a "feature" that allows the owner/machine to lie, then attestation is completely pointless. The owner has the option of performing a correct/honest attestation, or refusing to do so - just not to give a forged attestation. There would be no "trust" left in "trusted computing" if this were possible...
With WGA, and especially with "Trusted Computing," Microsoft has or will have total control over those people's computers: the ability to decide what software they run, what software they don't run, what documents they access, etc.
Do you have any evidence that Microsoft wants to have "total control over" what software people run or don't run, or are you just letting your paranoia take control of you here? Microsoft has a clear business argument for not letting people run unpaid-for copies of Windows. They also have a clear business case for supporting people running whatever 3rd party, homebrew, or whatever other software that their customers want to run. That other software may or may not require a trusted environment in order to run. If it does, and you don't want to do that, then don't run the software. But it's your choice. If that means that you can't interoperate with their music store (because, after all, the Zune looks like it will be such a success... cough, cough...), then don't give their store any business. It really is that simple.
Don't underestimate the power of market forces and your power as a consumer - look at what happened to Sony with the rootkit fiasco or Intel with their "serial numbers" in Pentium-III processors. Both were pulled back after consumers (loudly) complained. By far the most successful online music store is iTunes - it is also has one of the least restrictive licensing and DRM components. Don't think that people in business don't see that and understand what it means.
On the other hand, if you're going to take an extremist stance like RMS, then don't expect market forces to help you out much. When a lot of people make noise, companies listen. When 4 ragged-looking people stand on a corner with some signs and look like loons, it probably won't have much impact.
Now *that* is where the trusted computing stuff can come in. With a system that correctly uses a TPM, the system can tell whether it's running in a VM or not - can't do that with any sort of assurance without hardware support...
No doubt that if "trusted computing" takes off, Microsoft will not allow DRM-protected media to be played inside a VM - whether you have the "ultimate" license that allows VMs for the basic system or not.
This patent is NOT for a remote entity to revoke a license. It's for the *client* (the USER) to revoke a patent in such a way that the remote service is assured that the license really has been removed.
If you want to "return" content that you bought or you want to transfer content to another machine, this allows you to do that.
In addition, this is standard DRM stuff. People might not like DRM (I don't particularly like DRM), but this particular patent allows a user to prove something useful in a DRM system, and in no way gives Microsoft control over your system.
Oh - and it has zip to do with TPMs and "Trusted Computing" in the sense of the Trusted Computing Group, other than the fact that TPMs might be used to make a DRM system which would use something like this. But you can make such a DRM system today, even without the hardware, just using Windows Media Player and the associated DRM.
The only universities I know of that do something like this are universities that feel the need to promote one particular viewpoint over others - primarily religious colleges. Almost all universities that are dedicated to open exchange of ideas go out of their way to say they will not do this. Here's an example from another university in Texas (this is TAMU): in the computer use policy it says "The University should not limit access to any information due to its content when it meets the standard of legality." Similar statements can be found in most university computer use policies. If they know that the mp3s they're blocking come from a site that exists to illegally serve up copyrighted content, then it would be understandable that they would block that (although the more pressing problem from a university standpoint is with people on campus serving up copyrighted content to others). But blocking the Village Voice? Come on, that's just ridiculous.
If the original poster reads this and wants some support from a faculty member in Texas, reply and let me know. I'm not at TAMU (despite using them as an example above) and I'm not in San Antonio, but if I can help I will...
Interesting opinions there. I'd suggest that you've got several things wrong however.
First, the ruling hasn't been suspended. The execution of the ruling has been suspended. The ruling itself stands until such a time as another court overturns it, which hasn't happened yet.
Second, while you certainly seem convinced that "case law is AGAINST this ruling," a lot of people who know an awful lot about the law disagree with you. In fact, a judge wrote a very clear ruling about why this NSA program IS unconstitutional.
Frankly, most of the citations you give are simply irrelevant. Pretty much everything you cite comes from before FISA, and FISA was in fact put in place precisely to counter those kinds of things. The one thing you have in there that is recent and might apply is the 2002 decision, from a sealed case, which does not necessarily speak to all of this specific program. For example, was this pure foreign surveillance (which the President most certainly has the authority to do), or is it domestic intelligence (where one endpoint of the conversation is in the U.S.), which is what the NSA program is doing (and which I'd argue is in a very straightforward way against FISA) - I think the only way you could possibly rule that this program is consitutional would be to rule that FISA itself is UNconstitutional. I think it's a serious stretch to say that will happen.
So we'll see how this goes - you seem quite convinced that the program is constitutional, and there are people who agree with you (primarily within the Bush Administration, but there are a few independent people who agree). I am quite convinced that the program is UNconstitutional, and there are probably significantly more people who would agree with that (and is what the most recent standing court decision says as well). Eventually this will make it's way to the Supreme Court, and the only opinion that will really matter in the end is what they say.
There's a blog of someone who claims to be a Microsoft employee working on the Zune project that says it DOES add DRM to otherwise non-DRMed files. Here's the quote:
"I made a song. I own it. How come, when I wirelessly send it to a girl I want to impress, the song has 3 days/3 plays?" Good question. There currently isn't a way to sniff out what you are sending, so we wrap it all up in DRM. We can't tell if you are sending a song from a known band or your own home recording so we default to the safety of encoding. And besides, she'll come see you three days later. . .
This is not an official Microsoft announcement, of course, but at least it claims to be from someone who knows.
As another note, I've got to agree with another poster here who pointed out that it wouldn't be Microsoft/Zune that was violating the CC license -- they just provide a tool. If you voluntarily use that tool to share CC-licensed material, then you are the one violating the CC license.
Think of it like this: I've got GPG on my system, and I get some content under a contract that it won't be transmitted in encrypted form (why? I don't know, it's just an example, ok?). If I then e-mail it after encrypting with GPG, who has violated the license agreement? Me, or the makers of GPG?
Evolution isn't a scientific truth. It's a theory.
Just like the theory of gravity, but I'm not particularly worried that I'm going to float up and smack my head on the ceiling any time soon....
Lets' face it - IBM thinkpads have never been speed demons, and they are the butt-ugliest, clunky-looking laptops out there.
Wow. I know that looks are subjective, but I've never heard anyone call a ThinkPad "ugly" or "clunky" before reading this (and a couple of other postings here -- but there are also a lot of people here who disagree with you).
I've got a T42, and it's sleek (pretty much the opposite of "clunky") and I really like the way it looks. I had a Dell before this -- now that was a clunky and ugly machine. Compared to the HPs and Toshibas that I see in stores areound here, the Thinkpad frankly puts the others to shame looks-wise...
Re:Missing features wishlist
on
Google Calendar
·
· Score: 0, Redundant
Well, the Google developers wanted to add that feature, but didn't have a "To-Do" list to add that to, so....
The ability to easily (and "officially santioned") multiboot is fantastic for me. Especially if it worked with free OS loaders for Linux and the BSDs as well.
My own situation: I'm a faculty member with both research and teaching labs in computer security, where we often muck about with various settings and try different combinations of machines on a network. If I could have one piece of hardware which would boot (without fighting with it too much) Mac OS X, different Windows flavors, Linux, the BSD's, and Solaris x86, that would be fantastic. Right now I have separate (and seriously aging) hardware for Apple stuff. Stick a 300 gig drive on that baby and have a bunch of partitions.... hmmmm...
When it's time for a lab upgrade, this will be something I have to look at very seriously. The "official blessing" does mean something to me -- I wouldn't want to invest in 15 machines for a lab and then have Apple come back later and throw in incompatibilities because they decide they don't like the unofficial multiboot solutions (think about what they've done with the iPod and Real as far as incompatibilities).
Now if that hardware would just support virtualization (Xen or something) to make this even easier, I'd be one seriously happy camper.
"Trusted" computing is all about hiding the hardware state from the user.
That's completely wrong. There's nothing in TCPA/TCG that hides hardware state of the PC platform (as opposed to values within the TPM) from the user. In fact, the whole point is to make measurements of the hardware state accessible to the user in a trusted way. That's what the PCR's are. You can look at the PCRs and know if the system booted in a way you recognize -- if there's a VM sandwiched in there somewhere, you'd know it.
Man, are you always this much of a dick, or did you just get up on the wrong side of the bed this morning?
Yes, there will be support costs. Will it be more for Linux than Windows? I doubt it. From all of the stories I hear from my non-technical friends about the amount of time they spend on the phone with Dell support for their Windows machines, I find it hard to believe that Linux would be any worse. Probably would be less time, actually, since people buying a Linux system would likely be more competent than the average person buying a Windows system (see, I supported that speculation with exactly the same amount of data that you supported your wild speculation with).
All that aside, are you trying to suggest that the people at Dell did a good study of the expected cost of support for their Linux and Windows machines, the cost of the software, and then came up with exactly the same figure for the Linux and Windows machines? Don't you think that pushes credibility just a bit far?
The pricing on these systems is really strange. Do this: Go to the Dell Linux workstations link in the article. There are three systems there. Now navigate back to the small business Dell Precision desktop workstations, and you'll find an almost identical page, with the same three workstations, but with Windows XP Pro installed. How much do you have to pay for Windows -- or rather, how much do you save by getting a Linux workstation? Nothing! Two of the three systems are exactly the same price regardless of whether you get the Linux or the Windows version. The other system is actually a few dollars cheaper with Windows XP.
Now how can that make sense? And why would anyone buy a Linux workstation from Dell if they're paying the "Microsoft tax" anyway?
Except, of course, "protect" the boot sector from modification (and no more booting from disk or CD, either), which is exactly what they'll do.
Ok, if you think that's the way it will work, please show me where in the TCG or other trusted platform documentation that it says anything about stopping something from booting or running.
That's simply not part of the trusted platform concept. A trusted platform will still boot anything, whether Linux, Windows, FreeBSD, a VMWare platform,... All the trusted platform can do is keep you from accessing data that is locked to some other configuration.
Not only that, but they intend to lock out the capabilityt o export (No Copy/Paste, etc), so you need to buy Word for EVERYBODY who needs to read the document.
No, that's just silly. They (meaning Microsoft) have no intention of locking out export or other capabilities. That would be a supremely stupid business move, and they're certainly aware of that. What they will do is give the creator of a document the ability to protect a document in this way. But it's the document creator that's in control, not Microsoft. The only difference between this and what you can do now (for example, with printing and cut/paste disabled for a PDF document) is that what's done now is ultimately hackable, and this won't be. But be honest -- how many protected documents are actually hacked now? Do you really think that the addition of hardware to make this unhackable is all of a sudden going to make everyone lock down their documents when they don't do so now?
You had some good comments about the complexity of getting this to work right, and I'd bet that the first iteration or two will have some problems. But then you went back to Microsoft-paranoia when you said:
And of course if I use Linux, I'm {censored} out of luck. If Linux will even RUN on the systems anymore, since Microsoft doesn't sign it to be trusted.
You're going to run Linux under Window????? Otherwise, what in the world would Microsoft have to say about it? There is no way (nada, zip, nothing) that any trusted platform could ever stop Linux from running. It's not designed for that and it simply doesn't have the capability for this. You might not be able to access data from Windows partitions from a Linux boot, but Linux would happily run and do everything it does now. Nothing will ever stop that.
You say that like the RIAA would think it's a bad thing. I know someone who works on some of the infrastructure issues with iTunes, and he tells me that Apple makes extremely little money off an iTunes sale. Most of the purchase price goes to the record label and RIAA. So they get money coming in, they don't have to worry about physical distribution or even paying for the electronic distribution infrastructure, and the music is locked up in a DRM format so you can't even do things like buy "used music" any more. Just sit back and rake in money. And they can even complain that CD sales are down, so they must be being cheated -- sniff, sniff... pooor widdle RIAA.
I'd bet the RIAA would love it if you didn't buy CDs any more.
I suspect that what you really mean is that TPMs can be used remove privacy, but only if software is executed that performs whatever operation removes privacy.
This is equivalent to your statement under the assumption that software is only executed with the consent of the user. However, as we all know, there are some problems with this assumption.
Yes, I would mostly agree with that. Technically, it doesn't have to be true. You could have an operating system that required the user to specifically authenticate to the TPM each time the endorsement key or some other identifying value is used. Then you wouldn't have to worry about rogue software (think spyware) exposing you without your knowing it.
However, in practice, I can't see that happening, and I think the reality of the situation will be exactly like you describe. Operating systems will mostly likely cache your TPM authentication so they don't have to bother you every time, and once it makes this "ease of use" compromise, then rogue software could also make use of it.
The user does not have access to the actual keys, but does have complete control of when and how they are used. Nothing happens in a trusted platform without the owner of the platform authorizing it.
While the bulk of the article makes it sound like TPMs will destroy all privacy (which isn't true), here's an important sentence:
Users will still control how much of their identity they wish to reveal -- in fact, for complex technical reasons, the TPM will actually also make truly anonymous connections possible, if that's what both ends of the conversation agree on.
Yes, TPMs can be used to remove privacy, but only with your consent. They can also, with the consent of the parties involved, give you much stronger privacy than is possible without a TPM.
I've talked to people in many of the major companies that are behind the Trusted Computing Group, and they're well aware of this issue. I spent a bit of time talking to the head of the trusted computing project at AMD, and he understands very well the lessons of the Intel CPU serial number fiasco of a few years ago, and the TCG has include technological features to protect user's privacy. Is this because they are great privacy guardians? No, I don't think so -- I don't think this guy is going to be the next president of EPIC or anything. I think it's a strictly business decision: They see that people won't accept the technology unless it protects privacy (just see the tone of the article this Slashdot story is about), so they've put in measures in order to make it more acceptable.
Some technical details: The current TPM specification is version 1.2. Prior to 1.2 there was an "officially supported" pricacy mechanism based around the idea of a PrivacyCA -- basically, you got pseudonymous credentials (a certificate) from a PrivacyCA, and used that in transactions. You could get a different certificate for each person you interacted with, so transactions weren't linkable, or you could even get multiple certificates to use with the same person so that you had different identities to use with them. The problem being that you still had to show your unique ID to the PrivacyCA, so you had to trust them not to link all your transactions together. However, version 1.2 introduced a stronger notion into the standard: direct anonymous attestation. With this, your anonymity is protected with cryptographic means, without the need to trust any other party. Of course, when you authenticate, the site you are interacting with has to agree that it will accept such anonymous and untracable identities. Some sites will probably allow that (discussion boards, etc.) and some probably won't (banks, credit cards, etc.). But that's a market decision, not a technological one. You have the power, with the technology, of having even stronger anonymity than you have today, so the market needs to insist on merchants using that. As was seen with the serial number in the Pentium III, enough people care about privacy to make industry sit up an pay attention.
IIRC, the attempts to make key escrow mandatory with Clipper were on Clinton's watch. The sooner we quit believing that one party or another is interested in freedom, the sooner we have a chance to preserve the dwindling amount of it we have left.
The last comment is right on, and in fact the Clipper project illustrates quite well that neither party can be trusted. The Clipper chip was actually a Bush I administration project -- initiated and developed before Clinton came into office. It was pretty much a done-deal, and it was announced a few months after Clinton took office. So it was developed by one party, it could have been stopped or at least questioned somewhat by the other party, and both parties pushed it forward.
And the scariest part of it all is that the "voice of reason" at the time was actually John Ashcroft. Yikes.
To pass this off as a bug "of which they were unaware" is horribly inaccurate.
The software hides itself -- by design, not as a bug.
The software makes itself difficult to remove -- by design, not as a bug.
The software places itself in fundamental system areas, like accessing the CD, compromising those areas -- by design, not as a bug.
No, the problem isn't a bug. The problem is a company thinking they have the right to get into places on my system that they have no business being, and then hiding to make it difficult to clean.
A common component of all anti-spyware legislation and attempts that I'm aware of is that everything has to include a reasonable and effective uninstall procedure, that clears out the software. Sony didn't have this -- again by design.
No, that's not right. I think you're probably confused with the argument that Double-DES doesn't appreciably increase security -- because of a meet-in-the-middle attack, known plaintext attacks on Double-DES have complexity 2^56+2^56. That's why you never hear of "Double-DES" -- there's really no point. However, that's not true with Triple-DES, which is why it is used. As some other posters have pointed out, the complexity of breaking 3DES is around 2^112. That's unbreakable by a brute force attack using any conceivable technology. Your linear combination of complexities would be pretty easily breakable using something like the EFF's Deep Crack machine.
Slashdot Mirror
No, I have no ulterior motive. I do research, pure and simple, and don't have a horse in this race other than seeing what kinds of things this technology enables. And it does enable many things other than DRM. I know it seems to many people that the technology is all about DRM, but it really isn't. It can make a very tight DRM system, that's true - and if you don't like DRM you won't like that. But as I've said before, if you don't like DRM, don't use systems that have DRM - don't blame the technology that's enabling it, but which also has other uses.
As for thinking about other uses of trusted computing, you have to think about where it comes from and what it's really designed to do (and it's not DRM). Just think about the name for that matter: "Trusted Computing". Where has that kind of name been used before? In highly secure operating systems - the kind that the military uses are generically called "trusted systems" or "trusted operating systems". The Department of Defense standards for secure systems for many years was the TCSEC - Trusted Computing System Evaluation Criteria (known more commonly as the Orange Book). This dates back to the early 80's (with ideas from the late 70's) - long before DRM was even dreamed of. One of the key properties of these systems, that isn't in more standard operating systems, was the use of mandatory access controls - a security policy determined what was allowed and not allowed according to the owner of the system. So a user cannot take a "top secret" file and make it world readable, including to users that only have secret level clearance. This is enforcable if all your computing is taking place on a mainframe locked in a room somewhere, and people connect over dumb terminals. However, when we move to modern systems in a distributed environment, the data is processed outside of your managed secure enclave, and on a standard PC you have no way of control over what happens to it then. What if a user on a PC works with top secret data, but is running inside a VM? So they can copy the data over to someone with only secret clearance by, for example, taking a memory dump. The only way you can sensibly enforce security policies in a distributed environment is if you can trust the software environment on the other side of your network connection, and the only way to do that is to have hardware that allows you to do that - thus TPMs and remote attestation.
Incidentally, this past summer the Army said that all PC-class purchases by the Army had to include trusted computing hardware. You don't suppose they have something like this in mind, rather than keeping people from violating copyright, do you?
So, yes, you can also use this to make a very secure DRM system. You don't like DRM. I get that. But there are a huge number of other uses for the technology that are actually very useful.
Incidentally, the security policy that's enforced doesn't have to be centrally defined, as it would be in a military setting. It can be based on agreements between users - peer-to-peer security policies. This could keep the RIAA *out* of pulling some of the tricks that they do with P2P networks (disrupting with fake clients and the like). I imagine you'd think that's a pretty good thing, don't you?
Well, I don't agree with your position. I don't like DRM, and hence don't have any content that is DRM-protected (unless you count DVDs with CSS). I have that choice, and nothing about trusted computing is going to change that.
I also think it's simply off the deep end to say that "remote attestation is inherently evil". Being able to trust the configuration and software on another machine on the network is an incredibly useful thing. It might have some bad uses, but so does a lot of technology. I just get amazed when the same group of people who complain about judgements against Kazaa and P2P networks say "don't blame the technology for how some people use it" then turn around and say that the technology in TC is evil.
As for trust, I have 3 different systems that have TC hardware in them (a laptop and 2 desktop/server machines). Despite what you say, it does "allow the owner [me] to trust his [my] own property". Absolutely nothing in trusted computing means that my computer will disobey me - on the contrary, I am quite confident that these systems will do exactly what I ask them to do, and nothing more. And none of the things I'm interested in using trusted computing for require me to trust Microsoft or the RIAA or any other evil boogeyman. But I am interested in remote attestation.
So anyway, to wrap all this up, I think you're more than a little paranoid, and have delusions that the computing world is headed toward some centrally controlled and non-free destiny. I think that's silly, and nothing in what is happening now or in history leads me to believe that your worst-case scenario is even remotely likely. And so there you have our basic difference of opinion.
"Trusted Computing" cannot remove the user's control of his machine. It can remove control over some specific software if you choose to run that software, but the choice of whether or not to run the software is up to you. You don't have to run Windows at all if you don't want to, and all the "Trusted Computing" hardware in the world can't take that choice away from you - your machine will still work just as well using Linux as it does now.
Potentially, Microsoft COULD put code in Windows that would disable playing any media files except through their approved player (Windows Media Player, for example). That wouldn't be terribly hard to do - even without TC hardware they could make it require horrendous hacks in order to get any other player to run, and yet they don't do that. Why? Two reasons: first, they'd alienate a whole lot of people if the did so - bad business move. Second, the anti-trust people would be back down their throats in a second. So I don't think that's going to change, TC hardware or not. People will still be able to use WinAmp (or whatever it is people use these days - I don't use Windows, so I don't know...).
As for the OwnerOverride "feature": As much as I like the EFF on some things, their report on Trusted Computing really missed the mark. This "feature" is simply ridiculous - the whole point of attestation is to convince a remote entity of something. If you allow a "feature" that allows the owner/machine to lie, then attestation is completely pointless. The owner has the option of performing a correct/honest attestation, or refusing to do so - just not to give a forged attestation. There would be no "trust" left in "trusted computing" if this were possible...
With WGA, and especially with "Trusted Computing," Microsoft has or will have total control over those people's computers: the ability to decide what software they run, what software they don't run, what documents they access, etc.
Do you have any evidence that Microsoft wants to have "total control over" what software people run or don't run, or are you just letting your paranoia take control of you here? Microsoft has a clear business argument for not letting people run unpaid-for copies of Windows. They also have a clear business case for supporting people running whatever 3rd party, homebrew, or whatever other software that their customers want to run. That other software may or may not require a trusted environment in order to run. If it does, and you don't want to do that, then don't run the software. But it's your choice. If that means that you can't interoperate with their music store (because, after all, the Zune looks like it will be such a success... cough, cough...), then don't give their store any business. It really is that simple.
Don't underestimate the power of market forces and your power as a consumer - look at what happened to Sony with the rootkit fiasco or Intel with their "serial numbers" in Pentium-III processors. Both were pulled back after consumers (loudly) complained. By far the most successful online music store is iTunes - it is also has one of the least restrictive licensing and DRM components. Don't think that people in business don't see that and understand what it means.
On the other hand, if you're going to take an extremist stance like RMS, then don't expect market forces to help you out much. When a lot of people make noise, companies listen. When 4 ragged-looking people stand on a corner with some signs and look like loons, it probably won't have much impact.
Now *that* is where the trusted computing stuff can come in. With a system that correctly uses a TPM, the system can tell whether it's running in a VM or not - can't do that with any sort of assurance without hardware support...
No doubt that if "trusted computing" takes off, Microsoft will not allow DRM-protected media to be played inside a VM - whether you have the "ultimate" license that allows VMs for the basic system or not.
Come on. At least *try* to read the thing.
This patent is NOT for a remote entity to revoke a license. It's for the *client* (the USER) to revoke a patent in such a way that the remote service is assured that the license really has been removed.
If you want to "return" content that you bought or you want to transfer content to another machine, this allows you to do that.
In addition, this is standard DRM stuff. People might not like DRM (I don't particularly like DRM), but this particular patent allows a user to prove something useful in a DRM system, and in no way gives Microsoft control over your system.
Oh - and it has zip to do with TPMs and "Trusted Computing" in the sense of the Trusted Computing Group, other than the fact that TPMs might be used to make a DRM system which would use something like this. But you can make such a DRM system today, even without the hardware, just using Windows Media Player and the associated DRM.
The only universities I know of that do something like this are universities that feel the need to promote one particular viewpoint over others - primarily religious colleges. Almost all universities that are dedicated to open exchange of ideas go out of their way to say they will not do this. Here's an example from another university in Texas (this is TAMU): in the computer use policy it says "The University should not limit access to any information due to its content when it meets the standard of legality." Similar statements can be found in most university computer use policies. If they know that the mp3s they're blocking come from a site that exists to illegally serve up copyrighted content, then it would be understandable that they would block that (although the more pressing problem from a university standpoint is with people on campus serving up copyrighted content to others). But blocking the Village Voice? Come on, that's just ridiculous.
If the original poster reads this and wants some support from a faculty member in Texas, reply and let me know. I'm not at TAMU (despite using them as an example above) and I'm not in San Antonio, but if I can help I will...
Interesting opinions there. I'd suggest that you've got several things wrong however.
First, the ruling hasn't been suspended. The execution of the ruling has been suspended. The ruling itself stands until such a time as another court overturns it, which hasn't happened yet.
Second, while you certainly seem convinced that "case law is AGAINST this ruling," a lot of people who know an awful lot about the law disagree with you. In fact, a judge wrote a very clear ruling about why this NSA program IS unconstitutional.
Frankly, most of the citations you give are simply irrelevant. Pretty much everything you cite comes from before FISA, and FISA was in fact put in place precisely to counter those kinds of things. The one thing you have in there that is recent and might apply is the 2002 decision, from a sealed case, which does not necessarily speak to all of this specific program. For example, was this pure foreign surveillance (which the President most certainly has the authority to do), or is it domestic intelligence (where one endpoint of the conversation is in the U.S.), which is what the NSA program is doing (and which I'd argue is in a very straightforward way against FISA) - I think the only way you could possibly rule that this program is consitutional would be to rule that FISA itself is UNconstitutional. I think it's a serious stretch to say that will happen.
So we'll see how this goes - you seem quite convinced that the program is constitutional, and there are people who agree with you (primarily within the Bush Administration, but there are a few independent people who agree). I am quite convinced that the program is UNconstitutional, and there are probably significantly more people who would agree with that (and is what the most recent standing court decision says as well). Eventually this will make it's way to the Supreme Court, and the only opinion that will really matter in the end is what they say.
This is not an official Microsoft announcement, of course, but at least it claims to be from someone who knows.
As another note, I've got to agree with another poster here who pointed out that it wouldn't be Microsoft/Zune that was violating the CC license -- they just provide a tool. If you voluntarily use that tool to share CC-licensed material, then you are the one violating the CC license.
Think of it like this: I've got GPG on my system, and I get some content under a contract that it won't be transmitted in encrypted form (why? I don't know, it's just an example, ok?). If I then e-mail it after encrypting with GPG, who has violated the license agreement? Me, or the makers of GPG?
Evolution isn't a scientific truth. It's a theory. Just like the theory of gravity, but I'm not particularly worried that I'm going to float up and smack my head on the ceiling any time soon....
Wow. I know that looks are subjective, but I've never heard anyone call a ThinkPad "ugly" or "clunky" before reading this (and a couple of other postings here -- but there are also a lot of people here who disagree with you).
I've got a T42, and it's sleek (pretty much the opposite of "clunky") and I really like the way it looks. I had a Dell before this -- now that was a clunky and ugly machine. Compared to the HPs and Toshibas that I see in stores areound here, the Thinkpad frankly puts the others to shame looks-wise...
Well, the Google developers wanted to add that feature, but didn't have a "To-Do" list to add that to, so....
The ability to easily (and "officially santioned") multiboot is fantastic for me. Especially if it worked with free OS loaders for Linux and the BSDs as well.
My own situation: I'm a faculty member with both research and teaching labs in computer security, where we often muck about with various settings and try different combinations of machines on a network. If I could have one piece of hardware which would boot (without fighting with it too much) Mac OS X, different Windows flavors, Linux, the BSD's, and Solaris x86, that would be fantastic. Right now I have separate (and seriously aging) hardware for Apple stuff. Stick a 300 gig drive on that baby and have a bunch of partitions.... hmmmm...
When it's time for a lab upgrade, this will be something I have to look at very seriously. The "official blessing" does mean something to me -- I wouldn't want to invest in 15 machines for a lab and then have Apple come back later and throw in incompatibilities because they decide they don't like the unofficial multiboot solutions (think about what they've done with the iPod and Real as far as incompatibilities).
Now if that hardware would just support virtualization (Xen or something) to make this even easier, I'd be one seriously happy camper.
That's completely wrong. There's nothing in TCPA/TCG that hides hardware state of the PC platform (as opposed to values within the TPM) from the user. In fact, the whole point is to make measurements of the hardware state accessible to the user in a trusted way. That's what the PCR's are. You can look at the PCRs and know if the system booted in a way you recognize -- if there's a VM sandwiched in there somewhere, you'd know it.
Ah, of course, that explains it. Dell probably told Redhat to match their deal with Microsoft, so the costs would come out the same.
Too bad you can't buy a "no-OS" system and pay neither Redhat nor Microsoft.
Man, are you always this much of a dick, or did you just get up on the wrong side of the bed this morning?
Yes, there will be support costs. Will it be more for Linux than Windows? I doubt it. From all of the stories I hear from my non-technical friends about the amount of time they spend on the phone with Dell support for their Windows machines, I find it hard to believe that Linux would be any worse. Probably would be less time, actually, since people buying a Linux system would likely be more competent than the average person buying a Windows system (see, I supported that speculation with exactly the same amount of data that you supported your wild speculation with).
All that aside, are you trying to suggest that the people at Dell did a good study of the expected cost of support for their Linux and Windows machines, the cost of the software, and then came up with exactly the same figure for the Linux and Windows machines? Don't you think that pushes credibility just a bit far?
The pricing on these systems is really strange. Do this: Go to the Dell Linux workstations link in the article. There are three systems there. Now navigate back to the small business Dell Precision desktop workstations, and you'll find an almost identical page, with the same three workstations, but with Windows XP Pro installed. How much do you have to pay for Windows -- or rather, how much do you save by getting a Linux workstation? Nothing! Two of the three systems are exactly the same price regardless of whether you get the Linux or the Windows version. The other system is actually a few dollars cheaper with Windows XP.
Now how can that make sense? And why would anyone buy a Linux workstation from Dell if they're paying the "Microsoft tax" anyway?
Ok, if you think that's the way it will work, please show me where in the TCG or other trusted platform documentation that it says anything about stopping something from booting or running.
That's simply not part of the trusted platform concept. A trusted platform will still boot anything, whether Linux, Windows, FreeBSD, a VMWare platform, ... All the trusted platform can do is keep you from accessing data that is locked to some other configuration.
No, that's just silly. They (meaning Microsoft) have no intention of locking out export or other capabilities. That would be a supremely stupid business move, and they're certainly aware of that. What they will do is give the creator of a document the ability to protect a document in this way. But it's the document creator that's in control, not Microsoft. The only difference between this and what you can do now (for example, with printing and cut/paste disabled for a PDF document) is that what's done now is ultimately hackable, and this won't be. But be honest -- how many protected documents are actually hacked now? Do you really think that the addition of hardware to make this unhackable is all of a sudden going to make everyone lock down their documents when they don't do so now?
You had some good comments about the complexity of getting this to work right, and I'd bet that the first iteration or two will have some problems. But then you went back to Microsoft-paranoia when you said:
You're going to run Linux under Window????? Otherwise, what in the world would Microsoft have to say about it? There is no way (nada, zip, nothing) that any trusted platform could ever stop Linux from running. It's not designed for that and it simply doesn't have the capability for this. You might not be able to access data from Windows partitions from a Linux boot, but Linux would happily run and do everything it does now. Nothing will ever stop that.
You say that like the RIAA would think it's a bad thing. I know someone who works on some of the infrastructure issues with iTunes, and he tells me that Apple makes extremely little money off an iTunes sale. Most of the purchase price goes to the record label and RIAA. So they get money coming in, they don't have to worry about physical distribution or even paying for the electronic distribution infrastructure, and the music is locked up in a DRM format so you can't even do things like buy "used music" any more. Just sit back and rake in money. And they can even complain that CD sales are down, so they must be being cheated -- sniff, sniff... pooor widdle RIAA.
I'd bet the RIAA would love it if you didn't buy CDs any more.
Yes, I would mostly agree with that. Technically, it doesn't have to be true. You could have an operating system that required the user to specifically authenticate to the TPM each time the endorsement key or some other identifying value is used. Then you wouldn't have to worry about rogue software (think spyware) exposing you without your knowing it.
However, in practice, I can't see that happening, and I think the reality of the situation will be exactly like you describe. Operating systems will mostly likely cache your TPM authentication so they don't have to bother you every time, and once it makes this "ease of use" compromise, then rogue software could also make use of it.
The user does not have access to the actual keys, but does have complete control of when and how they are used. Nothing happens in a trusted platform without the owner of the platform authorizing it.
Users will still control how much of their identity they wish to reveal -- in fact, for complex technical reasons, the TPM will actually also make truly anonymous connections possible, if that's what both ends of the conversation agree on.
Yes, TPMs can be used to remove privacy, but only with your consent. They can also, with the consent of the parties involved, give you much stronger privacy than is possible without a TPM.
I've talked to people in many of the major companies that are behind the Trusted Computing Group, and they're well aware of this issue. I spent a bit of time talking to the head of the trusted computing project at AMD, and he understands very well the lessons of the Intel CPU serial number fiasco of a few years ago, and the TCG has include technological features to protect user's privacy. Is this because they are great privacy guardians? No, I don't think so -- I don't think this guy is going to be the next president of EPIC or anything. I think it's a strictly business decision: They see that people won't accept the technology unless it protects privacy (just see the tone of the article this Slashdot story is about), so they've put in measures in order to make it more acceptable.
Some technical details: The current TPM specification is version 1.2. Prior to 1.2 there was an "officially supported" pricacy mechanism based around the idea of a PrivacyCA -- basically, you got pseudonymous credentials (a certificate) from a PrivacyCA, and used that in transactions. You could get a different certificate for each person you interacted with, so transactions weren't linkable, or you could even get multiple certificates to use with the same person so that you had different identities to use with them. The problem being that you still had to show your unique ID to the PrivacyCA, so you had to trust them not to link all your transactions together. However, version 1.2 introduced a stronger notion into the standard: direct anonymous attestation. With this, your anonymity is protected with cryptographic means, without the need to trust any other party. Of course, when you authenticate, the site you are interacting with has to agree that it will accept such anonymous and untracable identities. Some sites will probably allow that (discussion boards, etc.) and some probably won't (banks, credit cards, etc.). But that's a market decision, not a technological one. You have the power, with the technology, of having even stronger anonymity than you have today, so the market needs to insist on merchants using that. As was seen with the serial number in the Pentium III, enough people care about privacy to make industry sit up an pay attention.
The last comment is right on, and in fact the Clipper project illustrates quite well that neither party can be trusted. The Clipper chip was actually a Bush I administration project -- initiated and developed before Clinton came into office. It was pretty much a done-deal, and it was announced a few months after Clinton took office. So it was developed by one party, it could have been stopped or at least questioned somewhat by the other party, and both parties pushed it forward.
And the scariest part of it all is that the "voice of reason" at the time was actually John Ashcroft. Yikes.
To pass this off as a bug "of which they were unaware" is horribly inaccurate.
The software hides itself -- by design, not as a bug.
The software makes itself difficult to remove -- by design, not as a bug.
The software places itself in fundamental system areas, like accessing the CD, compromising those areas -- by design, not as a bug.
No, the problem isn't a bug. The problem is a company thinking they have the right to get into places on my system that they have no business being, and then hiding to make it difficult to clean.
A common component of all anti-spyware legislation and attempts that I'm aware of is that everything has to include a reasonable and effective uninstall procedure, that clears out the software. Sony didn't have this -- again by design.
No, that's not right. I think you're probably confused with the argument that Double-DES doesn't appreciably increase security -- because of a meet-in-the-middle attack, known plaintext attacks on Double-DES have complexity 2^56+2^56. That's why you never hear of "Double-DES" -- there's really no point. However, that's not true with Triple-DES, which is why it is used. As some other posters have pointed out, the complexity of breaking 3DES is around 2^112. That's unbreakable by a brute force attack using any conceivable technology. Your linear combination of complexities would be pretty easily breakable using something like the EFF's Deep Crack machine.