Software engineers within a software company are most likely not IT workers. IT works on the infrastructure of a company. The enineers you speak of usually work on "manufacturing".
I have friends who call themselves IT consultants - they are so professional that they don't even have to write any software, ever... they make presentations about it and talk a lot. They don't care about being valued because they get paid loads.
Sounds to me like they are motivational speakers and marketing, not IT.
So basically what you are saying is that IT staff are motivated by getting the business running properly and efficiently, which management tends to not care about (and often finds inconvenient).
Well, of course management doesn't want an efficient company. If it were efficient, then they'd actually have to earn their salaries.
Of course. Users expect feedback to let them know that the mouse is working. My logitech portable mouse has a touch-sensitive pad instead of a scrollwheel... It would feel odd to not have it produce little clicking noises.
She's taking a trip to Canada to learn curling. Turns out that the hotel I was going to stay at was inadvertently double-booked. Satan shaid that she'd hapily trade the suite for my soul... I'm still deciding. I may go for the "share the bed" option, instead. I mean, a weekend with Elizabeth Hurley would be hot.
Some highly secure operating systems don't allow the CD tray to be opened on a running system by a non-privileged user, so they'd better have a lot of time if they don't want someone to notice....
This may come as a surprise to you, but there's not much you can do to stop someone from twiddling if they have physical access to the system. It is up to you to make sure that your server room or home is storing your computer in a secure manner.
TPM is not designed to prevent a physical compromise. However, it is designed with a tamper-resistent casing. Any attempts to retrieve the restricted keys from within the chip will usually result in its destruction.
Something else to consider: most hacking attempts don't have physical access to the server or computer in question. This is where the TPM can work successfully. And yet another thing: You don't need a CD to transfer data to a computer.
Then, if the box needs the recovery CD because it crashed, your only choice may be to wip the entire disk and reinstall. Also, if someone's cheap DVD drive ate your only signed install CD, you may succeed in locking yourself out.:)
If the box needs a recovery CD, then you can assign PCR checksums and store those locally on the recovery disk itself. If you are running a secure system, then you should be wise enough to keep several copies (and probably a few images) of recoverly CDs. You should also be wise enough to keep backups of your entire filesystem. Hence, such things shouldn't matter in the long run.
Assuming that something catastrphic occurs, and you no longer have any signed install disks, you can always disable TPM in the bios, install the new system, then re-enable the bios. Also, because TPM uses a "chain of trust" to validate everything during the boot sequence, you could disable the checks in the bootloader and do the same thing... or don't load/turn off the kernel driver.
I will agree with you the moment IBM permits me to know my key. If you are familiar with the technical details, I want at a minimum to know my PrivEK (Private Endorcement Key).
If you are familliar with the details, you would know that no one will know your private key. It is destroyed after being burned into the ROM. IBM does not store the private keys. They store public certificates to validate that key, and even then, only upon customer request.
One of the fundamental caveats within the TPM spec is that no one should know your key. Not even you. Why? Because if it is known, then it can be comprimised. And if it can be comprimised, then it is insecure. One might argue that this is security through obscurity, but it's also the foundation of asymmetrical crypto (well, that and hard math).
According to the documentation, the PrivEK is used solely for attestation. This is important for several things, for example "trusted SSL/TLS" & single-sign on validation. Basically, you want to make sure that you are communicating with an uncompromised box before giving it control.
Pretend, for a moment, that I am an unscrupulus person. If IBM were to give me my PrivEK (or if I were to obtain yours), couldn't I leverage my knowledge of cryptology & the TPM spec to create a TPM emulator? It would pretend to be the chip, and then expose the information which was trying to be protected. E.g. Attestation becomes useless.
This happens somewhat frequently with certificates even now. That is why we have CRLs... Keys become compromised, particularly when machines containing secure information are hacked. It is much harder to steal a key that you can't possibly have access to.
Knowing your PrivEK is the minimum sufficient to maintain full control of your computer, however including a mechanism for the owner wo securely obtain his RSK (Root Storage Key) as well would be a huge help
First, since PrivEK is only used to validate the TPM chip to other computers, you are surely misinformed. In a distopian future, the most PrivEK could do is prevent you from connecting to the Internet.
Second, the storage root key has no reason to leave the chip, encrypted or not. It is stored in non-volatile memory, and can be regenerated at will. Any place where it can be read by the CPU is less secure than its tamper-resistant case.
Finally, if you want to "maintain full control of your computer", all you have to do is disable the chip. (The laptop I am posting this from has a disabled TPM chip in it.)
It does bring up an interesting point, however... How do you transfer keys between computers? I'm guessing some mutation of the lockbox problem. I'll have to spend some time looking at the docs to figure that one out.
No, IMB's chips are exactly compliant with the Trusted Computing Group's specification and explicitly designed to be secure against the owner. The chips are explicitly boobytrapped to self destruct if you attempt to get at your keys.
Really? The way I like to think of it is that the chip will self destruct if someone else tries to get at my keys. I don't need to see them, so long as they exist and work. Hell, from a security perspective, it's better if I don't know them, or have them stored elsewhere, as I have already shown above.
And what bugs do we actually encounter? They make it seem like these are issues or limitations with say, XML, HTTP, or CSS
I'd say the article goes out of its way to say that they are bugs in IE... I mean, that's what it's about, and all. Nowhere did it say that there were issues with the standard. As a matter of fact, the author even asked people to post iother areas where IE breaks compliance with what they are planning to fix in IE7.
The bug list that they plan to fix:
Peekaboo bug
Guillotine bug
Duplicate Character bug
Border Chaos
No Scroll bug
3 Pixel Text Jog
Magic Creeping Text bug
Bottom Margin bug on Hover
Losing the ability to highlight text under the top border
IE/Win Line-height bug
Double Float Margin Bug
Quirky Percentages in IE
Duplicate indent
Moving viewport scrollbar outside HTML borders
1 px border style
Disappearing List-background
Fix width:auto
And improvements:
HTML 4.01 ABBR tag
Improved (though not yet perfect) fallback
CSS 2.1 Selector support (child, adjacent, attribute, first-child etc.)
CSS 2.1 Fixed positioning
Alpha channel in PNG images
Fix:hover on all elements
Background-attachment: fixed on all elements not just body
The only issues I've ever encountered were with compatibility between browsers.
That, as they say, would be the point. And this::WHOOSH:: would be the article flying waaaay over your head:
I want to be clear that our intent is to build a platform that fully complies with the appropriate web standards, in particular CSS 2 ( 2.1, once it's been Recommended). I think we will make a lot of progress against that in IE7 through our goal of removing the worst painful bugs that make our platform difficult to use for web developers.
Only now do the choose to fix these bugs when the possibility of being defeated is looming. Thanks Microsoft!
Eh. Better late than never... or something like that.
Oh... and to keep this post from being modded flamebait: I hate Micro$oft, those money-grubbing obnoxious f***tards. Ok. that should do the trick.
--
One mod's informative is another mod's flambait.
Actually, some would argue "+1 Paranoid" would be more adequate.
And still others would argue for "+1-1 Paranoid". This system will benefit all users equally, as the mods will get confused and thus waste their points.
Or, even better, it could evaluate the bonus based on other rankings. For instance, if the post has a "funny" "troll" or
"flambait" moderation, the points would count positive. "Insightful" & "Interesting" would mod down.
Their CD burning tool is nothing but K3B rebranded. So, they take a free OSS application, SCREW it & CRIPPLE it & even then the/. zealots don't say a WORD against it.
While this plays a larger role on servers... it can help deflect hack attempts as well. For instance, it can prevent your box from getting root-kitted, as all loadable modules would have to be certified before the kernel loads them. Furthermore, it can be used with webservers, to validate SSL/TLS. It can be used with checksums, trusted certificates, VPN... tons of stuff. Of course, all of this requires that both sides of the equation "know" each other. It's a far better solution than current methods.
I don't know too many details about how to set up certification in *nix as the support for TPM is largely experimental. However, it'll be hot once I learn how it all works.:)
My basic point, though, is that focusing only on the DRM aspects of TPM is building a straw man to incinerate in a flame war. This speaks nothing of Palladium, which uses a far more active & agressive system to accomplish the same goals. (Eg. palladium was largely designed around DRM, and cannot be user-disabled nearly as easily as TPM).
The TPM boot protocol is burned permanently into ROM on the bios. It cannot be replaced. However, machines equipped with TPM do have the option to disable TPM after the flashable part of the BIOS has been verified by the TPM chip. It works sort of like a "chain of trust".
The boot ROM verifies the BIOS. If the bios chooses to, it can verify the bootloader. The bootloader then must verify the kernel, and the kernel is responsible for verifying everything else. If you don't want it to work, you stop the verification at some point, and the entire system becomes untrusted.
The GGP was telling the truth when he said the TPM chip is used passively. It doesn't actively do anything to your system, only what you ask it to. The spec itself (interesting read, btw) details how it works, and other than the boot ROM, TPM is completely disabled if you don't use it. My ThinkPad R51 has a bios option specifically for that. (It will remain off until TPM goes into mainline Linux, after which I will be using it to verify my boot sequence).
Basically, TPM is like a hammer. It has many good potential uses. However, we shouldn't get pissed off at the manufacturer when someone smashes a window with it. We should get pissed off with the user. (Hah. using/. groupthink against itself!)
Manufacturers don't ship TPMs with pre-installed keys, and they don't issue certificates. Nobody wants to touch that stuff with a ten foot poll. I know, I've tried to get a computer with a certified TPM for research purposes, but they're just not available.
Actually, the ones shipped with IBM (now Lenovo) laptops (at least) do have the pre-installed keys. However, you have to ask for the certificate at the time of purchase. The secure key is always used on the TPM chip, to generate the keys used to authenticate & encrypt the binaries/etc that go into it. Other than that, your post was spot on.
IBM uses their TPM modules to enhance security, not to create DRM. Think about it: What does IBM sell? Servers. Business Machines. Why would they give a rats ass about Joe Blow downloading copyrightd music off the internet?
Sure, it can be used to seal corporate memos and such... but I'd consider that part of "business". TPM is a tool, not a restriction. Unlike palladium, it only provides basic cryptology functions. So, while it can be used to implement TC, it's main purpose is alot less devious. It can be used to run a "trusted" operating system (e.g. the one you originally built), and thus make more static guarentees concering, say password authentication. In addition, you don't have to worry about compromising your private keys, either... They can all be stored in a safe manner on your HDD.
Concerning IBM and TPM, I'd say its ok to remove your tinfoil hat. It it were Apple or MS and TPM, different ballgame.
Or when my employer wants to make me take a drug test even though I don't even so much as smoke cigerettes or drink alchohol and my job involves me sitting at a desk reading and writing things of little consequence.
Aww, come on. Slashdot's not really that bad, is it?
Note that it provides congress with a power, it does not provide the people with a right
Yes, but that power is being abused... It says copyright for limited times... If I can pass retroactive copyright bills (Copyright Act of 1976, Copyright Term Extension Act) then can one really say that term is limited? (Note: the Copyright Act of 1976 had it's good parts).
Importantly, it has the clause "to promote the Progress of Science and useful Arts" - once copyright is no longer filling that role, it should not be in place...
Rebuttal: How does a software patent (amongst other things) promote science? Art? What about content which is still copyrighted, but not "profitable"? It will be locked up, and eventually age until it's destroyed. (See the story behind Eldred vs. Ashcroft).
And, to bring this post somewaht more back to the OP topic... When the media protected by DRM finally does enter the public domain, how will we access it and make it freely accessable to everyone? If the publisher doesn't create a DRM-less copy, we'll have to devise tools to crack the DRM, and if that DRM is still used by copyrighted media... WHOOPS! Just broke the DMCA!
For the most part, I agree. This is one of the reasons why I advocate making pluggable components, and why the GP was proposing compile-time removal of code:)
3) Code bloat tends to make maintainance hell.
4) Code bloat contributes to cycle bloat (something you said yourself that you cared about, almost contradictory to your previous point).
Yes and no. It depends on how well the underlying system is written. For instance, the KDE codebase is considered "bloated", and yet it's incredably easy to follow. (Once you know the base functionality in kdelibs, of course).
Of course, you will always have some small errors popping up in the code, but the devs are only human. One of the funniest ones I can think of from KDE was the flickering of new tooltips on rendering... It turned out that someone had added an "update" call in a function where it shouldn't have been.
5) Most people do not have emmense hard drives (you may have a 250GB hd, but my mom's computer has a 40GB, and my sister's laptop, only a 20GB. Hell, my work desktop machine's hard drive is only 6GB, though I often will bring in an external) [but I guess this point doesn't really matter, because Linux isn't your mom, your work, or your sister's Operating System now is it;)].
Mostly true. What should be emphasized is both Gnome & KDE are trying to compete with "those other OS's" these days. So, anything which is not "mom and pop" friendly could be concieved as a bad thing.
Concerning HDD space, I have a laptop with a 20 GB drive, and the entire install takes up only about 6 GB total. That includes a full KDE install (along with several versions of the multimedia that comes with it), all of linux, and whatever else gentoo saw fit to put on it... And this is compared to my base Winows install, which is about 2Gigs in the "C:\Windows" directory alone. Installing the plethora of applications that you get within a full Gnome or KDE install would push that number much higher. than the paltry 6 GB...
In other words, while it is an issue, I think it's a bit overrated.;)
Slashdot Mirror
You know, that's not really fair to the monkeys.
It doesn't. The strong force does, however, overpower weak & electromagnetic forces, along with gravity, at incredably short distances.
Don't you remember discussing if the food was real?
Everybody duck! ::WHOOSH::
Software engineers within a software company are most likely not IT workers. IT works on the infrastructure of a company. The enineers you speak of usually work on "manufacturing".
I have friends who call themselves IT consultants - they are so professional that they don't even have to write any software, ever... they make presentations about it and talk a lot. They don't care about being valued because they get paid loads.
Sounds to me like they are motivational speakers and marketing, not IT.
Well, of course management doesn't want an efficient company. If it were efficient, then they'd actually have to earn their salaries.
ZAM! I'm on a roll today.
I believe that would be "Who can write english well"
da-da-dump *ching*
Of course. Users expect feedback to let them know that the mouse is working. My logitech portable mouse has a touch-sensitive pad instead of a scrollwheel... It would feel odd to not have it produce little clicking noises.
She's taking a trip to Canada to learn curling. Turns out that the hotel I was going to stay at was inadvertently double-booked. Satan shaid that she'd hapily trade the suite for my soul... I'm still deciding. I may go for the "share the bed" option, instead. I mean, a weekend with Elizabeth Hurley would be hot.
This may come as a surprise to you, but there's not much you can do to stop someone from twiddling if they have physical access to the system. It is up to you to make sure that your server room or home is storing your computer in a secure manner.
TPM is not designed to prevent a physical compromise. However, it is designed with a tamper-resistent casing. Any attempts to retrieve the restricted keys from within the chip will usually result in its destruction.
Something else to consider: most hacking attempts don't have physical access to the server or computer in question. This is where the TPM can work successfully. And yet another thing: You don't need a CD to transfer data to a computer.
Then, if the box needs the recovery CD because it crashed, your only choice may be to wip the entire disk and reinstall. Also, if someone's cheap DVD drive ate your only signed install CD, you may succeed in locking yourself out. :)
If the box needs a recovery CD, then you can assign PCR checksums and store those locally on the recovery disk itself. If you are running a secure system, then you should be wise enough to keep several copies (and probably a few images) of recoverly CDs. You should also be wise enough to keep backups of your entire filesystem. Hence, such things shouldn't matter in the long run.
Assuming that something catastrphic occurs, and you no longer have any signed install disks, you can always disable TPM in the bios, install the new system, then re-enable the bios. Also, because TPM uses a "chain of trust" to validate everything during the boot sequence, you could disable the checks in the bootloader and do the same thing... or don't load/turn off the kernel driver.
If you are familliar with the details, you would know that no one will know your private key. It is destroyed after being burned into the ROM. IBM does not store the private keys. They store public certificates to validate that key, and even then, only upon customer request.
One of the fundamental caveats within the TPM spec is that no one should know your key. Not even you. Why? Because if it is known, then it can be comprimised. And if it can be comprimised, then it is insecure. One might argue that this is security through obscurity, but it's also the foundation of asymmetrical crypto (well, that and hard math).
According to the documentation, the PrivEK is used solely for attestation. This is important for several things, for example "trusted SSL/TLS" & single-sign on validation. Basically, you want to make sure that you are communicating with an uncompromised box before giving it control.
Pretend, for a moment, that I am an unscrupulus person. If IBM were to give me my PrivEK (or if I were to obtain yours), couldn't I leverage my knowledge of cryptology & the TPM spec to create a TPM emulator? It would pretend to be the chip, and then expose the information which was trying to be protected. E.g. Attestation becomes useless.
This happens somewhat frequently with certificates even now. That is why we have CRLs... Keys become compromised, particularly when machines containing secure information are hacked. It is much harder to steal a key that you can't possibly have access to.
Knowing your PrivEK is the minimum sufficient to maintain full control of your computer, however including a mechanism for the owner wo securely obtain his RSK (Root Storage Key) as well would be a huge help
First, since PrivEK is only used to validate the TPM chip to other computers, you are surely misinformed. In a distopian future, the most PrivEK could do is prevent you from connecting to the Internet.
Second, the storage root key has no reason to leave the chip, encrypted or not. It is stored in non-volatile memory, and can be regenerated at will. Any place where it can be read by the CPU is less secure than its tamper-resistant case.
Finally, if you want to "maintain full control of your computer", all you have to do is disable the chip. (The laptop I am posting this from has a disabled TPM chip in it.)
It does bring up an interesting point, however... How do you transfer keys between computers? I'm guessing some mutation of the lockbox problem. I'll have to spend some time looking at the docs to figure that one out.
No, IMB's chips are exactly compliant with the Trusted Computing Group's specification and explicitly designed to be secure against the owner. The chips are explicitly boobytrapped to self destruct if you attempt to get at your keys.
Really? The way I like to think of it is that the chip will self destruct if someone else tries to get at my keys. I don't need to see them, so long as they exist and work. Hell, from a security perspective, it's better if I don't know them, or have them stored elsewhere, as I have already shown above.
And what bugs do we actually encounter? They make it seem like these are issues or limitations with say, XML, HTTP, or CSS
I'd say the article goes out of its way to say that they are bugs in IE... I mean, that's what it's about, and all. Nowhere did it say that there were issues with the standard. As a matter of fact, the author even asked people to post iother areas where IE breaks compliance with what they are planning to fix in IE7.
The bug list that they plan to fix:
And improvements:
The only issues I've ever encountered were with compatibility between browsers.
That, as they say, would be the point. And this ::WHOOSH:: would be the article flying waaaay over your head:
Only now do the choose to fix these bugs when the possibility of being defeated is looming. Thanks Microsoft!
Eh. Better late than never... or something like that.
Oh... and to keep this post from being modded flamebait: I hate Micro$oft, those money-grubbing obnoxious f***tards. Ok. that should do the trick.
--
One mod's informative is another mod's flambait.
It seems to be that it would be better for the analogy to have some form of processing happening in the middle, then send "return packets"...
Well, if we took the time to actually read the article, we have no chance of getting our opinions modded t3h gl0r10us +5 Insightful.
And still others would argue for "+1-1 Paranoid". This system will benefit all users equally, as the mods will get confused and thus waste their points.
Or, even better, it could evaluate the bonus based on other rankings. For instance, if the post has a "funny" "troll" or "flambait" moderation, the points would count positive. "Insightful" & "Interesting" would mod down.
It appears that one just did!
I don't know too many details about how to set up certification in *nix as the support for TPM is largely experimental. However, it'll be hot once I learn how it all works. :)
My basic point, though, is that focusing only on the DRM aspects of TPM is building a straw man to incinerate in a flame war. This speaks nothing of Palladium, which uses a far more active & agressive system to accomplish the same goals. (Eg. palladium was largely designed around DRM, and cannot be user-disabled nearly as easily as TPM).
*whoosh* That's the sound of a high-flying joke going... ;)
The boot ROM verifies the BIOS. If the bios chooses to, it can verify the bootloader. The bootloader then must verify the kernel, and the kernel is responsible for verifying everything else. If you don't want it to work, you stop the verification at some point, and the entire system becomes untrusted.
The GGP was telling the truth when he said the TPM chip is used passively. It doesn't actively do anything to your system, only what you ask it to. The spec itself (interesting read, btw) details how it works, and other than the boot ROM, TPM is completely disabled if you don't use it. My ThinkPad R51 has a bios option specifically for that. (It will remain off until TPM goes into mainline Linux, after which I will be using it to verify my boot sequence).
Basically, TPM is like a hammer. It has many good potential uses. However, we shouldn't get pissed off at the manufacturer when someone smashes a window with it. We should get pissed off with the user. (Hah. using /. groupthink against itself!)
Actually, the ones shipped with IBM (now Lenovo) laptops (at least) do have the pre-installed keys. However, you have to ask for the certificate at the time of purchase. The secure key is always used on the TPM chip, to generate the keys used to authenticate & encrypt the binaries/etc that go into it. Other than that, your post was spot on.
Sure, it can be used to seal corporate memos and such... but I'd consider that part of "business". TPM is a tool, not a restriction. Unlike palladium, it only provides basic cryptology functions. So, while it can be used to implement TC, it's main purpose is alot less devious. It can be used to run a "trusted" operating system (e.g. the one you originally built), and thus make more static guarentees concering, say password authentication. In addition, you don't have to worry about compromising your private keys, either... They can all be stored in a safe manner on your HDD.
Concerning IBM and TPM, I'd say its ok to remove your tinfoil hat. It it were Apple or MS and TPM, different ballgame.
Dude... Gary wasn't trying to be funny. He's a few cubes down pulling out his hair while screaming "I'm FREAKIN OUT dude!"
Aww, come on. Slashdot's not really that bad, is it?
Yes, but that power is being abused... It says copyright for limited times... If I can pass retroactive copyright bills (Copyright Act of 1976, Copyright Term Extension Act) then can one really say that term is limited? (Note: the Copyright Act of 1976 had it's good parts).
Importantly, it has the clause "to promote the Progress of Science and useful Arts" - once copyright is no longer filling that role, it should not be in place...
Rebuttal: How does a software patent (amongst other things) promote science? Art? What about content which is still copyrighted, but not "profitable"? It will be locked up, and eventually age until it's destroyed. (See the story behind Eldred vs. Ashcroft).
And, to bring this post somewaht more back to the OP topic... When the media protected by DRM finally does enter the public domain, how will we access it and make it freely accessable to everyone? If the publisher doesn't create a DRM-less copy, we'll have to devise tools to crack the DRM, and if that DRM is still used by copyrighted media... WHOOPS! Just broke the DMCA!
For the most part, I agree. This is one of the reasons why I advocate making pluggable components, and why the GP was proposing compile-time removal of code :)
3) Code bloat tends to make maintainance hell.
4) Code bloat contributes to cycle bloat (something you said yourself that you cared about, almost contradictory to your previous point).
Yes and no. It depends on how well the underlying system is written. For instance, the KDE codebase is considered "bloated", and yet it's incredably easy to follow. (Once you know the base functionality in kdelibs, of course).
Of course, you will always have some small errors popping up in the code, but the devs are only human. One of the funniest ones I can think of from KDE was the flickering of new tooltips on rendering... It turned out that someone had added an "update" call in a function where it shouldn't have been.
5) Most people do not have emmense hard drives (you may have a 250GB hd, but my mom's computer has a 40GB, and my sister's laptop, only a 20GB. Hell, my work desktop machine's hard drive is only 6GB, though I often will bring in an external) [but I guess this point doesn't really matter, because Linux isn't your mom, your work, or your sister's Operating System now is it ;)].
Mostly true. What should be emphasized is both Gnome & KDE are trying to compete with "those other OS's" these days. So, anything which is not "mom and pop" friendly could be concieved as a bad thing.
Concerning HDD space, I have a laptop with a 20 GB drive, and the entire install takes up only about 6 GB total. That includes a full KDE install (along with several versions of the multimedia that comes with it), all of linux, and whatever else gentoo saw fit to put on it... And this is compared to my base Winows install, which is about 2Gigs in the "C:\Windows" directory alone. Installing the plethora of applications that you get within a full Gnome or KDE install would push that number much higher. than the paltry 6 GB...
In other words, while it is an issue, I think it's a bit overrated. ;)