No it isn't. The Xbox encrypted the BIOS image stored in flash.
Granted, the Xbox has that extra protection.
But none of these technologies claims to protect against hardware tampering. The advertised goal of TCPA is to protect against software attacks (viruses, keyloggers etc). As a side effect, it also makes it impractical for end-users to run unsafe applications (or unauthorized operating systems).
Even without the bios encryption, the Xbox could have prevented users from running Linux too easily (without modding the hardware).
the first application that boots up, typically the BIOS (...) can refuse to allow any application to start which isn't signed by one of the keys securely stored in the TPM.
You don't need a TPM for this (see the Xbox, for example). It is safe to just put an unprotected public key in the bios and use it to check the signatures that come with the applications.
If you read the TCG official docs, you'll see that remote attestation (signed hashes of the hardware and of the bootloader can be encrypted and then checked by the OS or sent through the internet) is an official feature of TCG/TPM/TCPA.
But signed with which key ?
As the OP mentions, TPMs currently don't ship with a pre-installed key.
If it was up to me, I'd switch all computers to TAI for their internal clocks and time tags. Conversion to UTC or local time would be done as needed for human consumption.
Not so easy, and not so useful:
TAI is not widely available. You'd need to convince all NTP root servers to switch to TAI.
In order to convert from TAI to UTC, computers needs to know about leap second announcements. So you'd need to extend NTP or design a parallel infrastructure to distribute that information.
Non-networked computers, even ones with a built-in atomic clock, would need to be patched whenever the IERS announces a leap second (only 6 months in advance AFAIK).
Looks like it would be easier to make GPS mandatory on all computers (the GPS signal contains both TAI-19s and the current offset).
Surely the real problem is (...) the ad hoc, non-general solutions to time representation we've been using due to very small address spaces that are rapidly falling by the wayside.
No, unless you are using a base-60 computer. Y2K is soooo 20th century.
The problem is that programmers don't expect tm_sec to be more than 59, although man ctime does mention leap seconds.
Maybe they should have quotas on their patent rejection rate too, not just on the number of applications rubberstamped per second.
Or maybe society should decide how many monopolies it is reasonable to grant per year worldwide. 100 sounds right (that's a lot more than Nobel prizes). But of course that would put a cap on the rate of innovation, right ?
Any intelligent life out there is either long dead or at least 100 million years ahead of us.
This is more or less the Fermi paradox, i.e. the first civilization which develops the ability to colonize space, will do it in no time.
If this is correct then we can only expect to discover ruins from civilizations advanced enough to build artifacts that will last for millions of years. Like stars arranged in patterns which spell "ET was here".
Known short-range effects, examples
on
Tinfoil Hat House
·
· Score: 1
there's next to no evidence EMF/EMI causes anything in people
Actually all radio workers, including HAMs and radar technicians, are routinely taught about the short-range thermal effects of RF power.
This form compares simulated exposures with the recommended limits. It says you should not stand at less than 6 feet from an antenna transmitting 100W at 900MHz, or less than 6 inches from a cellphone transmitting 1W.
The uncertainty is about possible long-range non-thermal effects.
The plasmid is inserted into a cell, and "the cell then executes the set of instructions."
Wow, sounds like the end of life as we know it.
it might be used in three to five years to make devices that could detect bioterrorism chemicals.
Yeah, did I tell you about my DNA-based
Cellular Autonomous Terminator ? It's very good at searching&destroying living organisms, and it already has a stealth mode, night vision and laser-based target designation. Gimme funding and I'll see what I can do about homeland security.
another team led by Weiss showed they could insert DNA into cells to make them behave like digital circuits.
But we don't need life to produce nice regular chemical patterns. See e.g. reaction-diffusion systems. The whole point of synthetic biology would be self-assembly self-replication. So wake me up with sexy headlines when we know how to compile some Turing-complete language to DNA.
Until then, editors should have a rule about anti-terror plugs in articles, e.g. "three times and you're out".
There are two independent things you can do with a digital ID card.
Store fingerprint data, digitally signed by the government. This is similar to having a government stamp over the photograph in your passport, except it can be checked automatically (fingerprint scanner, face recognition), and the stamp cannot be forged (cryptography). The scanner thinks "I see this fingerprint, and it matches the fingerprint in the card, and I see a signature saying that the fingerprint is recognized by the french government".
It doesn't matter if the card can be copied, as long as signatures cannot be forged.
As you point out, authentication is still based on biometry only. But as I explained, this avoids the requirement for an online database.
Strong authentication. This requires a tamper-resistant smartcard with a private key ("something you have"). The scanner thinks "I see a smartcard, and it convinces me (through a challenge-response cryptographic protocol) that it knows the private key which matches this public key, and I see a digital certificate signed by the government saying that this is the public key of the card holder".
Presumably such cards cannot be copied too easily. And you can forge a card containing whatever keypair you want, but you can't forge the certificate unless you know the private key of the government.
The system still needs to deal with attacks where the scanner only sees a dummy card which somehow relays the challenge-response to a legitimate card plugged in some trojaned PC.
The combination of both techniques should be pretty effective if you ask George Orwell.
How hard is it to foolfingerprintscanners ? Yes I know, your scanner is better than mine, won't accept dead limbs, etc. And anyone caught with silicone on their fingertip will be sent to Guantanamo.
Flashing your pinky is definitely more convenient than spelling your name or getting a card out of your wallet. But that's identification, not authentication.
And are you certain that nobody can pick up your hair from the pavement, clone it in their kitchen, then spray it at a crime scene ?
In related news, hand-transplant surgeons, fearing that their profession might become illegal under the proposed biometric ID plan, are protesting worldwide.
without online verification it's impossible to revoke or expire IDs.
Put an expiration date in the card, and digitally sign it together with the fingerprint data.
Revoked IDs can be downloaded off-line. The average size of the list would be (lifetime of the card in years) * (numbers of revocations per year), i.e much smaller than the whole list of valid IDs. In an online system, how would you expect airport screeners to deal with telecom failures ? Keep everybody waiting in line ?
Of course we are discussing "the right way" here. Governments and vendors can still screw it up.
How is this better than 'fingerprint = something you are'
The more factors you check, the better (for security, not necessarily for human rights)
Something you are (biometry)
Something you have (badge, ID, smartcard)
Something you know (password)
an insecure card to a (hopefully) secure biometric
Cards do asymmetric cryptography.
Biometry is public-key cryptography (as in "public domain"). Identification, not authentication.
The ID card would probably contain fingerprint data and a digital signature saying that the government recognizes the fingerprint as that of one of its citizens.
The fingerprint doesn't even need to be connected to the person's identity.
Without that, how could scanners at airports and other public locations decide to accept or reject a person based on her fingerprint ? Send it to a big-brother-esque central database, uh ?
OK, the scanner still needs to download a list of revocated IDs from time to time.
ID + fingerprint = something you have + something you are.
the use of computers to generate proofs is causing mathematicians to 're-examine the foundations of their discipline.'
They should be concerned about the use of computers to generate new formulas and conjectures, which is where the creativity is.
critics of computer-aided proofs say that the proofs are hard to verify due to the large number of steps and hence, may be inherently flawed.
Bullshit. Computer-aided proofs are also computer-verified. And only computers generate useful computer-verified proofs, because most humans are too proud to submit themselves to such unforgiving examination. (And because it takes an awful lot of boring work, too).
What you loose is the elegance of a short proof. But a nice-looking proof can be incorrect too (e.g. a geometric figure which doesn't cover all cases.)
The article sounds a bit like Microsoft PR saying they are investing in state-of-the art techniques to produce bug-free software. Which is good. But be sure to read the full credits.
Perimeter-based: Use triangulation, antenna arrays or similar tricks to check that the source is located within an authorized area. See how the SETI guys can differentiate transmissions from ground sources, satellites, our galaxy, infinity and beyond.
"DLP" (Digital Light Processing) is the Texas Instruments tech based on Digital Micromirror Devices (DMD).
A DMD is an array of small (10um), digitally controled mirrors etched in a chip-like package. Greyscale is produced by switching each mirror on and off thousands of times per second (yes, mechanical parts wear differently at that scale).
In single-DMD projectors, colors are created by spinning a wheel with coloured RGB sectors in the light path. Early consumer DLP projectors were plagued with the so-called "rainbow effect": the wheel was too slow (two RGB cycles per frame), allowing some people to notice the alternating R,G,B components.
Professional DLP projectors have one DMD per color channel in order to avoid the rainbow effect. But some users still feel that "something is wrong with the light" even when looking at static images. This is hard to explain since the greyscale scanning is much, much faster (kHz range) than persistence of vision. So it will be interesting to see whether an unusal percentage of moviegoers feel sick or get seizures at digital theatres.
"2K" means the resolution is 2048 lines, i.e. not so much better than HDTV. Eventually the industry will move to 4K, which some say is required to match the resolution of film. Will 2K movies be priced 50% (or 75%) lower than 4K ones ?
Bottom line: Expect lots of flamewars a la CD-versus-vynil in the near future.
Slashdot Mirror
Sure, but in a world with TCPA fully deployed, clearing your TPM key would mean opting out of the digital world.
You'd lose the media and software that you licensed for that particular computer.
You'd lose your own documents (or maybe only have access to lower quality "export" formats).
You'd lose access to the net (because your ISP would not recognize your computer anymore).
AC
Granted, the Xbox has that extra protection.
But none of these technologies claims to protect against hardware tampering. The advertised goal of TCPA is to protect against software attacks (viruses, keyloggers etc). As a side effect, it also makes it impractical for end-users to run unsafe applications (or unauthorized operating systems).
Even without the bios encryption, the Xbox could have prevented users from running Linux too easily (without modding the hardware).
You don't need a TPM for this (see the Xbox, for example). It is safe to just put an unprotected public key in the bios and use it to check the signatures that come with the applications.
But signed with which key ?
As the OP mentions, TPMs currently don't ship with a pre-installed key.
Not so easy, and not so useful:
Looks like it would be easier to make GPS mandatory on all computers (the GPS signal contains both TAI-19s and the current offset).
AC
No, unless you are using a base-60 computer. Y2K is soooo 20th century.
The problem is that programmers don't expect tm_sec to be more than 59, although man ctime does mention leap seconds.
Examiners are on a quota system.
Maybe they should have quotas on their patent rejection rate too, not just on the number of applications rubberstamped per second.
Or maybe society should decide how many monopolies it is reasonable to grant per year worldwide. 100 sounds right (that's a lot more than Nobel prizes). But of course that would put a cap on the rate of innovation, right ?
What would you rather spend time auditing for security vulnerabilities ?
This is more or less the Fermi paradox, i.e. the first civilization which develops the ability to colonize space, will do it in no time.
If this is correct then we can only expect to discover ruins from civilizations advanced enough to build artifacts that will last for millions of years. Like stars arranged in patterns which spell "ET was here".
Actually all radio workers, including HAMs and radar technicians, are routinely taught about the short-range thermal effects of RF power.
This form compares simulated exposures with the recommended limits. It says you should not stand at less than 6 feet from an antenna transmitting 100W at 900MHz, or less than 6 inches from a cellphone transmitting 1W.
The uncertainty is about possible long-range non-thermal effects.
Wow, sounds like the end of life as we know it.
it might be used in three to five years to make devices that could detect bioterrorism chemicals.
Yeah, did I tell you about my DNA-based Cellular Autonomous Terminator ? It's very good at searching&destroying living organisms, and it already has a stealth mode, night vision and laser-based target designation. Gimme funding and I'll see what I can do about homeland security.
another team led by Weiss showed they could insert DNA into cells to make them behave like digital circuits.
OK, now that sounds interesting. But the March 8 paper is about robustness of feedback loops in biological systems. Directed evolution of a genetic circuit does have logic gates though.
But we don't need life to produce nice regular chemical patterns. See e.g. reaction-diffusion systems. The whole point of synthetic biology would be self-assembly self-replication. So wake me up with sexy headlines when we know how to compile some Turing-complete language to DNA.
Until then, editors should have a rule about anti-terror plugs in articles, e.g. "three times and you're out".
If not, I'll stick with the drivers from unichrome.sourceforge.net.
I don't know about XGI, but the VIA "open source" drivers contain at least one binary object (libddmpeg.so). "Source", they said ?
And you get a Godwin award, of course.
There are two independent things you can do with a digital ID card.
It doesn't matter if the card can be copied, as long as signatures cannot be forged.
As you point out, authentication is still based on biometry only. But as I explained, this avoids the requirement for an online database.
Presumably such cards cannot be copied too easily. And you can forge a card containing whatever keypair you want, but you can't forge the certificate unless you know the private key of the government.
The system still needs to deal with attacks where the scanner only sees a dummy card which somehow relays the challenge-response to a legitimate card plugged in some trojaned PC.
The combination of both techniques should be pretty effective if you ask George Orwell.
Flashing your pinky is definitely more convenient than spelling your name or getting a card out of your wallet. But that's identification, not authentication.
And are you certain that nobody can pick up your hair from the pavement, clone it in their kitchen, then spray it at a crime scene ?
In related news, hand-transplant surgeons, fearing that their profession might become illegal under the proposed biometric ID plan, are protesting worldwide.
Put an expiration date in the card, and digitally sign it together with the fingerprint data.
Revoked IDs can be downloaded off-line. The average size of the list would be (lifetime of the card in years) * (numbers of revocations per year), i.e much smaller than the whole list of valid IDs. In an online system, how would you expect airport screeners to deal with telecom failures ? Keep everybody waiting in line ?
Of course we are discussing "the right way" here. Governments and vendors can still screw it up.
How is this better than 'fingerprint = something you are'
The more factors you check, the better (for security, not necessarily for human rights)
Something you are (biometry)
Something you have (badge, ID, smartcard)
Something you know (password)
an insecure card to a (hopefully) secure biometric
Cards do asymmetric cryptography.
Biometry is public-key cryptography (as in "public domain"). Identification, not authentication.
The ID card would probably contain fingerprint data and a digital signature saying that the government recognizes the fingerprint as that of one of its citizens. The fingerprint doesn't even need to be connected to the person's identity.
Without that, how could scanners at airports and other public locations decide to accept or reject a person based on her fingerprint ? Send it to a big-brother-esque central database, uh ? OK, the scanner still needs to download a list of revocated IDs from time to time.
ID + fingerprint = something you have + something you are.
the use of computers to generate proofs is causing mathematicians to 're-examine the foundations of their discipline.'
They should be concerned about the use of computers to generate new formulas and conjectures, which is where the creativity is.
critics of computer-aided proofs say that the proofs are hard to verify due to the large number of steps and hence, may be inherently flawed.
Bullshit. Computer-aided proofs are also computer-verified. And only computers generate useful computer-verified proofs, because most humans are too proud to submit themselves to such unforgiving examination. (And because it takes an awful lot of boring work, too).
What you loose is the elegance of a short proof. But a nice-looking proof can be incorrect too (e.g. a geometric figure which doesn't cover all cases.)
The article sounds a bit like Microsoft PR saying they are investing in state-of-the art techniques to produce bug-free software. Which is good. But be sure to read the full credits.
Active denial: Microwave the intruder's rig.
The Right Way: Use crypto, of course.
Meanwhile, a man swims across the Atlantic ocean at 80km/day, and a woman rows through the Pacific at 110km/day.
And remember the fly-eating robot which crawls 5m/day. I bet I could do better.
I won't welcome our new UAV masters until one of them completes the International Aerial Robotics Competition.
This faq suggests the projectors are DLP 2K.
"DLP" (Digital Light Processing) is the Texas Instruments tech based on Digital Micromirror Devices (DMD).
A DMD is an array of small (10um), digitally controled mirrors etched in a chip-like package. Greyscale is produced by switching each mirror on and off thousands of times per second (yes, mechanical parts wear differently at that scale).
In single-DMD projectors, colors are created by spinning a wheel with coloured RGB sectors in the light path. Early consumer DLP projectors were plagued with the so-called "rainbow effect": the wheel was too slow (two RGB cycles per frame), allowing some people to notice the alternating R,G,B components.
Professional DLP projectors have one DMD per color channel in order to avoid the rainbow effect. But some users still feel that "something is wrong with the light" even when looking at static images. This is hard to explain since the greyscale scanning is much, much faster (kHz range) than persistence of vision. So it will be interesting to see whether an unusal percentage of moviegoers feel sick or get seizures at digital theatres.
"2K" means the resolution is 2048 lines, i.e. not so much better than HDTV. Eventually the industry will move to 4K, which some say is required to match the resolution of film. Will 2K movies be priced 50% (or 75%) lower than 4K ones ?
Bottom line: Expect lots of flamewars a la CD-versus-vynil in the near future.
Most probably, they have reinvented faster than light communication, but they daren't claim it.
Anyone still storing information on dead trees ?
Let the manufacturers raise ink prices so that I can get a 3-in-1 printer/scanner/copier for free and use only the scanner function.
Or maybe people are worrying that they can't stockpile printers and cartridges before inkjets start tracking everything we print too.