So now Adblock Plus is monitoring how often the user visits each site? And now is negotiating with advertisers? Does this combination alarm anyone else?
I'm uninstalling ABP and going back to relying on etc/hosts and firewall filters.
You really do a good job, but defending "autorun" is just preposterous. This was always obviously a dire security hole, but Microsoft still (???) denies it is a bug. They responded to criticism only by adding another layer and making it harder to turn off. Automounting is a positive feature, but auto-execution by default is an anti-feature. Even if it were opt-in it would be bad design.
SECTION 11. Section 1702.226, Occupations Code, is... amended to read as follows:
Sec. 1702.1045 [1702.226]. PRIVATE SECURITY CONSULTING
COMPANY [CONSULTANT]. A person [An individual] acts as a private
security consulting company [consultant] for purposes of this
chapter if the person [individual]:
(1) consults, advises, trains, or specifies or
recommends products, services, methods, or procedures in the
security or loss prevention industry;
(2) provides a service described by Subdivision (1) on
an independent basis and without being affiliated with a particular
service or product; and
(3) meets the experience requirements established by
the board [commission].
Any good PC shop will advise the client about computer security, recommend products such as anti-virus and anti-spyware, recommend practices such as user account maintenance and restrictions, and so on.
Set up a Windows partition and a Linux partition, set it to boot to Windows by default, keep all your data on the Linux partition. How well would that work, I wonder.
Better: set up dual boot, and hide lilo or grub. Have it wait for a moment between BIOS and default OS, and if you press a certain F key combination it shows the choice; otherwise it goes right into innocent, typical-seeming Windows installation.
You'd still be subject to either having to unencrypt your real data or having the notebook confiscated if you refuse, if this is discovered - but if they don't know to look at the disk display applet in Windows, it's unlikely to be discovered. And you can disable that applet.
The news to watch here is not only that the printer makers are improving their "market control by technology" schemes. It's that a major IT site is carrying carefully crafted propaganda aimed at legitimizing the practice.
The article conflates actual "piracy", i.e. counterfeiting with false brand names, with competition in supplies for any given printer. Reverse engineering to make compatible cartridges, and refilling carts, are lumped into the category and called "priacy".
The author actually admits that the companies are trying to make money by the razors-and-blades trick, yet does not treat it as their own hard luck that it doesn't work without restricting customers. Instead, implicit throughout the article is an assumption that sellers are entitled to enforce whatever busines model they have chosen by technical tricks and anti-competitive practices, and that any attempt of buyers to evade the intent is something disreputable, illegitimate, and borderline or actually illegal ("piracy" etc.).
What's alarming here is that this set of assumptions and power relations is increasingly being legitimized in minds of the public. On a meta level this article is a warning sign. Look for attempts soon to get the "market-control by DRM" protected by law in expanded areas, hardware in addition to copyright and patent, under some mutant hypertrophism of intellectual property pretexts.
Those who perceive what's going on should fight back by raising people's awareness. Talk to non-techies and use the opposite terms and concepts, and undermine the corporate propaganda.
If it's to stop people blocking the sidewalk, doesn't the city already have adequate laws on that? They wouldn't have to refer to photography either.
A more plausible explanation is driving a wedge between professional and amateur journalism. With the chilling effect, there will be less recording of police misconduct, for example, and many of the 9.11 videos would not have been made.
benhocking "If the chip is secure, then no mere presentation can undermine its security. If it's not secure, then there's no security to undermine."
The TPM is designed to prevent the hardware owner from having access to at least one of the digital keys within it, and thereby to prevent the hardware owner from having control over software running in the "trusted", walled-off mode. It is therefore a DRM chip, not a "security" chip.
"Secure" in the sense you are using is from the key-holders' point of view, like the U.S. bases being "secure" against the rightful owners of the land who want to evict the occupiers.
It would be more correct to characterize the presentation as one which would help to restore security for the hardware owner whose device would otherwise be compromised by the euphemistically named "trusted computing" intrusions.
"Open source" is a generic term and as such not a proper object of trademark protection (see my other post below). But this does not mean it can be used for any random meaning. It just means it doesn't have to be used for your specific definition in particular.
If something is advertised with a false description, this is actionable under law other than trademark law, such as consumer protection, fraud and contract law (and maybe some laws that ought to exist but don't). You don't need a trademark for this purpose.
Trademarks are intended to designate brand names within a generic category. You don't get to monopolize the generic description for this purpose, but you don't need to in order to assure the public that the product fits the generic description.
"Open Source" is a generic descriptive term and as such not eligible for trademark protection when used for its generic descriptive meaning. Trademark law does not allow monopolizing ordinary language terms. That is probably why OSI abandoned its application.
The fact that it would be beneficial to the cause of OSS or other political arguments are irrelevant. You don't get to monopolize a term unless it departs from ordinary language, either in the term itself not coinciding with a generic term, or in being used for something that would never ordinarily be described that way.
"Thus far, Mozilla has done nothing but good things (in my opinion).... I trust them... because they have earned that trust with their actions.... So, with regard to this Google deal, I'm going to give them the benefit of the doubt, and assume that they are making decisions that benefit the community. So far, we have no evidence of anything shady about the deal."
I disagree. There is plenty that is shady in Mozilla and it's increasing.
Basically, there is a force within the Mozilla Foundation that's dedicated to selling out the users to data-mining, and a counterforce of devs and users who are still idealistic. This conflict appears occasionally in debates about particular features, and more importantly in the browser's evolving features.
I don't have the relevant links handy here at work but I'll recount some of this from memory.
* They disabled first the image confirmation feature (whether to accept images from particular sites), and then removed the ability to easily find out image urls without leaving the page.
* They added support for the "ping" attribute in links, which notifies a server other than the link destination when the user clicks the link - and defended it with the nonsensical argument "you may hate this, but sites will do it anyway by other means, therefore it's better to make it easy for them". It would have been on by default if not for protests.
* Prefetching feature (applied to top results in Google searches for example) makes network requests without user notification or initiation, and it would have been on by default if not for protests.
* "Live bookmarks" feature in FF2 makes network requests without the user requesting them.
* In FF2, RSS icons are requested without notification or consent from users.
* Firefox 2 retrieves a page from the remote server whenever the user makes a bookmark; there is no notice to the user about this, and there's no way to turn it off.
* Anti-phishing feature in FF2 has optional feature to send every URL visited to Google.
* Something in Firefox 2 makes a network request at startup, even if home page is blank, all auto-updates are turned off, anti-phishing feature is off, etc.. This is reported in a thread on Mozillazine and I've personally confirmed it. It is still unexplained by M.F oundation.
The point is that this trend is increasing fast. I have no choice but to conclude that Firefox users have been sold out in the secret deal.
Actually you're right on target. Dance moves are a method (albeit arguably a means to their own, not some other end) and as such more suitable for patent than copyright.
What ought to torpedo this copyright troll is this: independent invention is a complete defense in copyright law. If the alleged infringers can make a plausible argument that they're not doing this guy's dance, but some other dance that happens to resemble it but comes from another source (the dancers' own invention; tradition; or anyone other than the plaintiff) - then they should be vindicated.
The "doing it badly" aspect should help the defendants, not the plaintiff.
I don't mind that it's a dupe. However, it is mis-titled.
It's not about Vista security. It's about Vista DRM.
The difference is that security is about the owner of the hardware establishing and protecting his control over it, while DRM is about a party A trying to claim some control over hardware belonging to another party B, on grounds that some pattern of bytes which A or a third party owns is currently instantiated, or might at some time be instantiated on B's hardware. When used for DRM, the term "security" becomes a meretricious euphemism designed to mislead an audience about who is securing what from whom.
This page says something about the nature of Vista. It shows the six privilege levels:
Trusted Installer
System
High
Medium
Low
Untrusted
The owner of the computer, even with root ("Administrator") status, can have at most only the third privilege level.
Are you content to be only a tenant in a system where someone else retains ultimate control? If you prefer to own your own copy of an OS, you will have to choose free software over Vista.
I haven't examined everything on that page, but most of it reinforces my point. Most of the exploits fall in one of the categories:
* User installs some software and it turns out to be trojaned, or different than it purported to be in some way that's undesirable to the user.
* Exploits that rely on user having ActiveX enabled (with or without confirmation, warnings etc.)
* Exploits that rely on unpatched defects in other (non-browser) applications such as Windows Media Player initiating network connections.
* Zero-day vulnerabilities such as WMF before it was patched, which I specifically excluded from my statement, and which are rare as I stated.
There have hardly ever been any "true drive-by infections" meaning that the user gets them without actively downloading and running executables and without ActiveX/IE. Maybe there are some on the linked page but they are so outnumbered by the user-initiated examples, I could not find one before writing this.
I agree that there are risks for the typical user which are not risks for the knowledgable user, such as misrepresentation of software and other products. Your work is valuable in protecting typical users who leave the default settings. My point was only that they are not true drive-by risks such that a techie user has to avoid certain sites - instead they are almost all avoidable by good configuration, smart practices and patching up to date.
You shouldn't have to avoid sites entirely because of the kind of so-called "risk" that Edelman refers to.
Just ask, what does this "risk" consist of, exactly? If you read Edelman's articles carefully, or watch his videos, you'll find that the supposed hazards always involve (a) clicking "OK" when a page offers to download or run some software (b) using a browser with ActiveX, VBScript, Java or other random-code-execution turned on or (c) some combination - plus using a root account.
If your software is patched up to date and configured properly, and you know what you're doing and follow safe practices, there's no reason to ever fear any web page. The only vulnerability in that case is a remotely-exploitable, unpatched browser flaw that you don't know about or can't work around (0-day) and those are very rare on Mozilla browsers.
Everything listed is in the category of bolting on accessories to deal with the consequences of underlying problems. Not the overhaul that would be needed to remove the causes and become more like other OS's.
The "take ownership" feature in the TC spec only establishes a secondary digital key for the owner of the hardware. The "root of trust" or "attestation" key is embedded when the TPM (TC chip) is manufactured and it is never subject to control by the eventual owner of the hardware.
By saying that retention of ultimate control by an outside party, by means of their posession of a key mathematiclly related to the one in the chip, together with the hardware owner's inability to access, blank, or rewrite all the keys in the chip in his own hardware - this is indeed the "Crux of all the 'evil' potential that Trusted Computing has", as you state.
However, you've apparently been misled about the meaning of the so-called "take ownership" feature in the TC specification. It's true that it should not be executed until after the machine has passed to th end-purchaser and that the seller would retain an improper degree of control if it were executed before sale. In fact, the machine might not even be fully usable by anyone else. But at most this procedure establishes only a secondary key and does not affect the one installed at the factory.
And *that* fact is the true "Crux of all the 'evil' potential that Trusted Computing has". It is a feature of the whole scheme, and enables all the true purposes, including DRM, vendor lock-in and censorship.
I jsut wanted to clarify that the danger you allude to is not mitigated by anything in the spec.
Both Yahoo and Google this year have introduced a mind-blowing number of new services that make it easy to accuse either of spreading themselves too thin.... The difference between the two is that Google has at least devoted the resources to improving upon their key product (search), while Yahoo has a difficult time defining what their key product is.
Assuming the country also allow freedom to express and identity thief, what is such a bad thing of removing annomity? Yes, I really want to know and read the assumption. So, educate me.
If you mean "assuming the requirement is not abused", that would not be a serious question. Every coercive power over others is always abused, to the greatest degree that interested parties can get away with. The whole problem of freedom is minimizing the opportunities for such abuse.
Of course no one objects to a prohibition of spreading malware. Here are a few of the more obvious problems with the removal-of-anonymity part.
Government doesn't like opinions you express, you get hassled, prosecuted or worse on some other pretext.
Employer doesn't like opinions you express, you lose the job (on some other pretext).
This law is later followed by laws restricting what may be said - e.g. against racism or offending certain groups, as in Europe.
Chilling effect on what people are willing to express, because of above items (self censorship).
It later leads to an "internet license" requirement which is designed to keep disfavored people offline.
Cyber-bullying, as in Korea recently, by hostile people who can find out your physical address.
Site operators make deals with advertisers, and then your entire online history is sold and lives forever in corporate databases.
Someone uses your credentials and whatever they do is legally attributed to you.
When you complain of others' behavior online, the authorities say "Sorry we can't help; despite the law we couldn't identify that person" - maybe they just didn't want to take the trouble. But if you break the law you are prosecuted.
... too many more but I don't have time. Others can follow up.
The clue is in this line: "The two companies have also agreed to develop technologies to make it easier for users to run both Suse Linux and Microsoft's Windows on their computers."
Remember the recent MSoft/Xen collaboration? MS is making a version of Windows that can serve as the hypervisor that other OS's run on top of. Microsoft's interest here is to make sure Windows is at the bottom layer so they can enforce DRM, "trusted computing" and ultimate control of the box, and collect fees when everyone is using virtual Linux etc.. What they want to prevent is a future where free software is at the bottom of the stack and virtual Windows instances are brought up when needed.
That's my guess. To make this happen they have to get their hooks into at least one big Linux distro so they can say, here, you can run virtual Linux on Windows.
Whenever you see the word "trust" in name or catch-phrase for computer hardware these days, to tell whether it's really for security or whether it its for a DRM scheme, you have to ask, Who is trusting whom to de what?
To meet any reasonsable security policy one would need a "yes" to each of the questions: Is the source code for the encryption routines provided? Is a complete API provided? And can the owner of the hardware verifiably replace every digital key in the device?
If the answer to any of these is no, I would have to assume it is backdoored and maybe part of a DRM scheme.
And a "feature" can be a bug. One reason the holdouts have avoided SP2 is that Microsoft intentionally degraded the networking with SP2. Yes it's fixable, but not perfectly, and I'm not sure I care to bother with it.
This is one of the long-planned milestones on my migration to another OS (references to which have become a cliché in this connection).
Many of the fixes aren't even needed for a lean-and-mean XP configuration, so the time to an "upgrade or exposure" choice may be longer than this month.
If the copyright cartel enforcers are required to have downloaded copies from the alleged infringer in order to maintain a suit, then something like Peer Guardian becomes more effective: p2p'ers can be seen online, yet they're safe as long as they can succeed in blocking connections to or from all the enforcers' addresses.
If on the other hand, the enforcers can maintain a suit without showing that they downloaded copies from the alleged infringer, then they really have no logical way of proving that what the p2p'er was sharing was infringing, rather than something with the same name and maybe filesize.
Motion for Summary Judgment means asking the judge to dismiss the case now, because there is (and i may recall this inexactly, but this is the essence of it) "no genuine issue of material fact or law". In other words, defendant says, there are no relevant facts in dispute, and on the known facts the law is in my favor. So please dismiss.
Discovery is a process where each side submits lists of documents and other evidence (worded as broadly as they can get away with) and the court will force the other side to supply what's listed, if it's arguably relevant to proving or disproving a claim (or counterclaim, bla bla).
Courts generally supposed to frown on "fishing expeditions". Theoretically you have to have some evidentiary basis for a suit in the first place, before you can use the suit to compel discovery. Who knows what the RIAA can get away with, though.
(not a lawyer, did the jd, but this is not legal advice, yada yada)
Slashdot Mirror
So now Adblock Plus is monitoring how often the user visits each site? And now is negotiating with advertisers? Does this combination alarm anyone else?
I'm uninstalling ABP and going back to relying on etc/hosts and firewall filters.
You really do a good job, but defending "autorun" is just preposterous. This was always obviously a dire security hole, but Microsoft still (???) denies it is a bug. They responded to criticism only by adding another layer and making it harder to turn off. Automounting is a positive feature, but auto-execution by default is an anti-feature. Even if it were opt-in it would be bad design.
What about this section?
Any good PC shop will advise the client about computer security, recommend products such as anti-virus and anti-spyware, recommend practices such as user account maintenance and restrictions, and so on.
Various applications of "Trusted Computing" would approximately fit the requirements. The TPMs are already on a large percentange of motherboards.
The next generation of TC is supposed to go into the CPU (according to news reports a few years ago).
Can we be sure the USG hasn't already co-opted Intel and AMD to help out with this sort of thing?
Better: set up dual boot, and hide lilo or grub. Have it wait for a moment between BIOS and default OS, and if you press a certain F key combination it shows the choice; otherwise it goes right into innocent, typical-seeming Windows installation.
You'd still be subject to either having to unencrypt your real data or having the notebook confiscated if you refuse, if this is discovered - but if they don't know to look at the disk display applet in Windows, it's unlikely to be discovered. And you can disable that applet.
The news to watch here is not only that the printer makers are improving their "market control by technology" schemes. It's that a major IT site is carrying carefully crafted propaganda aimed at legitimizing the practice.
The article conflates actual "piracy", i.e. counterfeiting with false brand names, with competition in supplies for any given printer. Reverse engineering to make compatible cartridges, and refilling carts, are lumped into the category and called "priacy".
The author actually admits that the companies are trying to make money by the razors-and-blades trick, yet does not treat it as their own hard luck that it doesn't work without restricting customers. Instead, implicit throughout the article is an assumption that sellers are entitled to enforce whatever busines model they have chosen by technical tricks and anti-competitive practices, and that any attempt of buyers to evade the intent is something disreputable, illegitimate, and borderline or actually illegal ("piracy" etc.).
What's alarming here is that this set of assumptions and power relations is increasingly being legitimized in minds of the public. On a meta level this article is a warning sign. Look for attempts soon to get the "market-control by DRM" protected by law in expanded areas, hardware in addition to copyright and patent, under some mutant hypertrophism of intellectual property pretexts.
Those who perceive what's going on should fight back by raising people's awareness. Talk to non-techies and use the opposite terms and concepts, and undermine the corporate propaganda.
If it's to stop people blocking the sidewalk, doesn't the city already have adequate laws on that? They wouldn't have to refer to photography either.
A more plausible explanation is driving a wedge between professional and amateur journalism. With the chilling effect, there will be less recording of police misconduct, for example, and many of the 9.11 videos would not have been made.
benhocking "If the chip is secure, then no mere presentation can undermine its security. If it's not secure, then there's no security to undermine."
The TPM is designed to prevent the hardware owner from having access to at least one of the digital keys within it, and thereby to prevent the hardware owner from having control over software running in the "trusted", walled-off mode. It is therefore a DRM chip, not a "security" chip.
"Secure" in the sense you are using is from the key-holders' point of view, like the U.S. bases being "secure" against the rightful owners of the land who want to evict the occupiers.
It would be more correct to characterize the presentation as one which would help to restore security for the hardware owner whose device would otherwise be compromised by the euphemistically named "trusted computing" intrusions.
"Open source" is a generic term and as such not a proper object of trademark protection (see my other post below). But this does not mean it can be used for any random meaning. It just means it doesn't have to be used for your specific definition in particular. If something is advertised with a false description, this is actionable under law other than trademark law, such as consumer protection, fraud and contract law (and maybe some laws that ought to exist but don't). You don't need a trademark for this purpose. Trademarks are intended to designate brand names within a generic category. You don't get to monopolize the generic description for this purpose, but you don't need to in order to assure the public that the product fits the generic description.
"Open Source" is a generic descriptive term and as such not eligible for trademark protection when used for its generic descriptive meaning. Trademark law does not allow monopolizing ordinary language terms. That is probably why OSI abandoned its application.
The fact that it would be beneficial to the cause of OSS or other political arguments are irrelevant. You don't get to monopolize a term unless it departs from ordinary language, either in the term itself not coinciding with a generic term, or in being used for something that would never ordinarily be described that way.
"Thus far, Mozilla has done nothing but good things (in my opinion). ... I trust them... because they have earned that trust with their actions. ... So, with regard to this Google deal, I'm going to give them the benefit of the doubt, and assume that they are making decisions that benefit the community. So far, we have no evidence of anything shady about the deal."
I disagree. There is plenty that is shady in Mozilla and it's increasing.
Basically, there is a force within the Mozilla Foundation that's dedicated to selling out the users to data-mining, and a counterforce of devs and users who are still idealistic. This conflict appears occasionally in debates about particular features, and more importantly in the browser's evolving features.
I don't have the relevant links handy here at work but I'll recount some of this from memory.
* They disabled first the image confirmation feature (whether to accept images from particular sites), and then removed the ability to easily find out image urls without leaving the page.
* They added support for the "ping" attribute in links, which notifies a server other than the link destination when the user clicks the link - and defended it with the nonsensical argument "you may hate this, but sites will do it anyway by other means, therefore it's better to make it easy for them". It would have been on by default if not for protests.
* Prefetching feature (applied to top results in Google searches for example) makes network requests without user notification or initiation, and it would have been on by default if not for protests.
* "Live bookmarks" feature in FF2 makes network requests without the user requesting them.
* In FF2, RSS icons are requested without notification or consent from users.
* Firefox 2 retrieves a page from the remote server whenever the user makes a bookmark; there is no notice to the user about this, and there's no way to turn it off.
* Anti-phishing feature in FF2 has optional feature to send every URL visited to Google.
* Something in Firefox 2 makes a network request at startup, even if home page is blank, all auto-updates are turned off, anti-phishing feature is off, etc.. This is reported in a thread on Mozillazine and I've personally confirmed it. It is still unexplained by M.F oundation.
The point is that this trend is increasing fast. I have no choice but to conclude that Firefox users have been sold out in the secret deal.
Actually you're right on target. Dance moves are a method (albeit arguably a means to their own, not some other end) and as such more suitable for patent than copyright.
What ought to torpedo this copyright troll is this: independent invention is a complete defense in copyright law. If the alleged infringers can make a plausible argument that they're not doing this guy's dance, but some other dance that happens to resemble it but comes from another source (the dancers' own invention; tradition; or anyone other than the plaintiff) - then they should be vindicated.
The "doing it badly" aspect should help the defendants, not the plaintiff.
I don't mind that it's a dupe. However, it is mis-titled.
It's not about Vista security. It's about Vista DRM.
The difference is that security is about the owner of the hardware establishing and protecting his control over it, while DRM is about a party A trying to claim some control over hardware belonging to another party B, on grounds that some pattern of bytes which A or a third party owns is currently instantiated, or might at some time be instantiated on B's hardware. When used for DRM, the term "security" becomes a meretricious euphemism designed to mislead an audience about who is securing what from whom.
This page says something about the nature of Vista. It shows the six privilege levels:
The owner of the computer, even with root ("Administrator") status, can have at most only the third privilege level.
Are you content to be only a tenant in a system where someone else retains ultimate control? If you prefer to own your own copy of an OS, you will have to choose free software over Vista.
I haven't examined everything on that page, but most of it reinforces my point. Most of the exploits fall in one of the categories:
* User installs some software and it turns out to be trojaned, or different than it purported to be in some way that's undesirable to the user.
* Exploits that rely on user having ActiveX enabled (with or without confirmation, warnings etc.)
* Exploits that rely on unpatched defects in other (non-browser) applications such as Windows Media Player initiating network connections.
* Zero-day vulnerabilities such as WMF before it was patched, which I specifically excluded from my statement, and which are rare as I stated.
There have hardly ever been any "true drive-by infections" meaning that the user gets them without actively downloading and running executables and without ActiveX/IE. Maybe there are some on the linked page but they are so outnumbered by the user-initiated examples, I could not find one before writing this.
I agree that there are risks for the typical user which are not risks for the knowledgable user, such as misrepresentation of software and other products. Your work is valuable in protecting typical users who leave the default settings. My point was only that they are not true drive-by risks such that a techie user has to avoid certain sites - instead they are almost all avoidable by good configuration, smart practices and patching up to date.
You shouldn't have to avoid sites entirely because of the kind of so-called "risk" that Edelman refers to.
Just ask, what does this "risk" consist of, exactly? If you read Edelman's articles carefully, or watch his videos, you'll find that the supposed hazards always involve (a) clicking "OK" when a page offers to download or run some software (b) using a browser with ActiveX, VBScript, Java or other random-code-execution turned on or (c) some combination - plus using a root account.
If your software is patched up to date and configured properly, and you know what you're doing and follow safe practices, there's no reason to ever fear any web page. The only vulnerability in that case is a remotely-exploitable, unpatched browser flaw that you don't know about or can't work around (0-day) and those are very rare on Mozilla browsers.
Everything listed is in the category of bolting on accessories to deal with the consequences of underlying problems. Not the overhaul that would be needed to remove the causes and become more like other OS's.
You've almost got it, but not quite.
The "take ownership" feature in the TC spec only establishes a secondary digital key for the owner of the hardware. The "root of trust" or "attestation" key is embedded when the TPM (TC chip) is manufactured and it is never subject to control by the eventual owner of the hardware.
By saying that retention of ultimate control by an outside party, by means of their posession of a key mathematiclly related to the one in the chip, together with the hardware owner's inability to access, blank, or rewrite all the keys in the chip in his own hardware - this is indeed the "Crux of all the 'evil' potential that Trusted Computing has", as you state.
However, you've apparently been misled about the meaning of the so-called "take ownership" feature in the TC specification. It's true that it should not be executed until after the machine has passed to th end-purchaser and that the seller would retain an improper degree of control if it were executed before sale. In fact, the machine might not even be fully usable by anyone else. But at most this procedure establishes only a secondary key and does not affect the one installed at the factory.
And *that* fact is the true "Crux of all the 'evil' potential that Trusted Computing has". It is a feature of the whole scheme, and enables all the true purposes, including DRM, vendor lock-in and censorship.
I jsut wanted to clarify that the danger you allude to is not mitigated by anything in the spec.
So... Yahoo is smooth and Google is crunchy?
If you mean "assuming the requirement is not abused", that would not be a serious question. Every coercive power over others is always abused, to the greatest degree that interested parties can get away with. The whole problem of freedom is minimizing the opportunities for such abuse.
Of course no one objects to a prohibition of spreading malware. Here are a few of the more obvious problems with the removal-of-anonymity part.
The clue is in this line: "The two companies have also agreed to develop technologies to make it easier for users to run both Suse Linux and Microsoft's Windows on their computers."
Remember the recent MSoft/Xen collaboration? MS is making a version of Windows that can serve as the hypervisor that other OS's run on top of. Microsoft's interest here is to make sure Windows is at the bottom layer so they can enforce DRM, "trusted computing" and ultimate control of the box, and collect fees when everyone is using virtual Linux etc.. What they want to prevent is a future where free software is at the bottom of the stack and virtual Windows instances are brought up when needed.
That's my guess. To make this happen they have to get their hooks into at least one big Linux distro so they can say, here, you can run virtual Linux on Windows.
Whenever you see the word "trust" in name or catch-phrase for computer hardware these days, to tell whether it's really for security or whether it its for a DRM scheme, you have to ask, Who is trusting whom to de what?
To meet any reasonsable security policy one would need a "yes" to each of the questions: Is the source code for the encryption routines provided? Is a complete API provided? And can the owner of the hardware verifiably replace every digital key in the device?
If the answer to any of these is no, I would have to assume it is backdoored and maybe part of a DRM scheme.
With Microsoft it can!
And a "feature" can be a bug. One reason the holdouts have avoided SP2 is that Microsoft intentionally degraded the networking with SP2. Yes it's fixable, but not perfectly, and I'm not sure I care to bother with it.
This is one of the long-planned milestones on my migration to another OS (references to which have become a cliché in this connection).
Many of the fixes aren't even needed for a lean-and-mean XP configuration, so the time to an "upgrade or exposure" choice may be longer than this month.
This could be important.
If the copyright cartel enforcers are required to have downloaded copies from the alleged infringer in order to maintain a suit, then something like Peer Guardian becomes more effective: p2p'ers can be seen online, yet they're safe as long as they can succeed in blocking connections to or from all the enforcers' addresses.
If on the other hand, the enforcers can maintain a suit without showing that they downloaded copies from the alleged infringer, then they really have no logical way of proving that what the p2p'er was sharing was infringing, rather than something with the same name and maybe filesize.
Motion for Summary Judgment means asking the judge to dismiss the case now, because there is (and i may recall this inexactly, but this is the essence of it) "no genuine issue of material fact or law". In other words, defendant says, there are no relevant facts in dispute, and on the known facts the law is in my favor. So please dismiss.
Discovery is a process where each side submits lists of documents and other evidence (worded as broadly as they can get away with) and the court will force the other side to supply what's listed, if it's arguably relevant to proving or disproving a claim (or counterclaim, bla bla).
Courts generally supposed to frown on "fishing expeditions". Theoretically you have to have some evidentiary basis for a suit in the first place, before you can use the suit to compel discovery. Who knows what the RIAA can get away with, though.
(not a lawyer, did the jd, but this is not legal advice, yada yada)