Particularly since they are currently undergoing some sort of bankruptcy proceedings -- they may be legally required to liquate the remaining merchandise before they comply with this particular court order.
Unless, of course, you can compromise the TPM too. The issue is that hardware can be compromised; the solution is to either design hardware that is difficult to compromise without creating faulty operation, or to have a secure manufacturing chain where everyone needs a minimum level of clearance to even enter the facilities.
Neither would I, considering that intelligence agencies have done this sort of thing in the past. There was a pipeline in Russia that (supposedly) exploded because a microchip design that Russian spies had copied from the USA had a malicious block. The Israeli air force seemed to mysteriously not be fired upon from enemy computerized antiaircraft installations, although there was never any official confirmation.
Hardware hacking is not new, and neither is malicious hardware hacking.
It is not too hard to create a block that is very difficult to route around, considering that the routing problem is NP-hard. It is one thing to tamper with a single block and hide something malicious in it, especially a large and complex block; it is something else entirely to try to rearrange in the interconnect between blocks without affecting the ability of the device to function. Your adversary in this case does not want to be obvious, and so they cannot ship devices that are less reliable as a result of the tampering, nor can they ship a device with a easy to detect form of tampering (like an extra block that would be obvious upon visual inspection).
There is a good bit of research on this topic, actually. I think the idea with the "block that takes over functionality" is that it is perhaps simple enough (and thus lower performance) that inserting malicious functions into it would be difficult to do without being detected. So, for example, you might have a very high performance DSP block that can do a 1024 point FFT in a few clock cycles, but that is going to be a lot of logic and leaves a lot of places for a malicious manufacturer to hide something; your fallback if extra circuitry was detected would be a less complex FFT circuit that takes thousands of clock cycles to do the FFT, and which would be harder to tamper with. Detecting hardware that has been tampered with is pretty hard, though, and that is where a lot of the research is.
It is not just about outsourcing; a chip fab in this country might have a worker who is on the payroll of the Chinese government, and who tampers with a chip layout just prior to manufacturing. It is pretty expensive to run a secure chip fab, and even if all chip fabs were domestic, you would still have a number of important computers (think of utilities, critical services, etc.) being manufactured at facilities where the employees might be engaging in sabotage of this sort.
'Hacker' carries a very negative connotation and it seems like, from this article, that some people are trying to perpetuate it.
"Some people?" More all, "almost everyone except hackers themselves." In a way, you can divide the population in four groups: hackers, non-hackers who respect hackers (a tiny minority), people who are annoyed by hackers and want to discredit them, and people who never knew what hacking was about and believed the mainstream media's attacks and propaganda about hackers. Even movies that have hackers as the protagonists seem to portray hackers as people who do nothing but break through security systems.
"Hacker" has become a synonym for "enemy of society" as far as most people are concerned.
It could be as simple as checking power consumption against the design of the hardware, and falling back on slower but logically equivalent hardware if something is wrong. When you can fit a billion transistors on a single microchip, that is not really asking too much.
People have been hacking hardware for a really long time, longer than they have been hacking software. My security engineering textbook lists a number of hardware hacks that were used for espionage, particularly side channel attacks and other signals intelligence. Creating hardware trojan horses is an old trick; you might even say it dates back as far as the Trojan war.
"A hardware hack could do [bad thing] or even [really bad thing]!" What about, "A hardware hack could free users from restriction systems?" or perhaps "A hardware hack could allow a mechanic to work on a transmission that was locked down by the manufacturer?"
Note that he did not say we have to like Adobe -- he said if you are worse than Adobe, you definitely have a problem. We can safely hate both Apple and Adobe, a fairly routine day on/.
Here I was, thinking that GNU was the premier userland, at least in terms of the number of users who depend on. Oh, wait, I see what you did there, you started a GPL-vs.-BSD license flamewar.
His work on Tor was the reason for his communication with Wikileaks. So as someone doing cryptography research, I have to be careful about who I speak with, because if I give details about my work to the wrong people, I could be "detained?"
The way I see it, OpenSolaris should have happened five years earlier, when people might have still cared. By the time Sun announced OpenSolaris, it was already an uphill battle to find open source developers who even cared about Solaris.
Unless I am confused, "Zones" are virtual machines. If you think there is no equivalent, I guess you are not familiar with Xen or KVM, or the dozens of other VMs out there. ZFS is available as a FUSE driver, and Linux already has attachable debugging, although perhaps not with "feature parity."
Do you even have to ask? Yes, we should have a right to repair, and a right to build interface devices.
People often talk about how wasteful Americans are and the problems of a throw-away society. If people were more willing to repair their devices, especially complex electronic devices (most of which fail because of simple and repairable problems, like a broken lead), we would be better off. Aside from less electronics in landfills (let's face it, few people actually dispose of electronics properly), people would not be spending their money so quickly, and presumable that would mean fewer debt problems (or they might just spend it elsewhere).
Of course, we will never see anyone other than a few activists pushing this sort of mentality -- corporations have enjoyed ever larger profits because people are unwilling and unable to repair their own equipment (or to find a local repairman to do it for them).
I have been finding that Linux compatible hardware is becoming pretty easy to obtain. Certain companies are still on the "bad list" -- Broadcom certainly stands out -- but for the most part, I have no problems anymore. Of course, I do not demand particularly high performance 3D graphics, so maybe that is why...
Was it specifically bad to turn in Manning? No, things are no black and white. From where I sit, though, Wikileaks is doing a good thing by exposing government lies -- we cannot trust the government to be honest about classified documents, which is why we need Wikileaks. If these guys are fighting against Wikileaks, that means they are pitted against those of us who want a more open government.
What worries me is that these guys are not required to abide by the constitution; they voluntarily collect information, and then turn it over to the government, which allows the government to obtain evidence that it would not otherwise be able to collect. These "fourth party" arrangements have been discussed in the past, and just because they are not hot news items anymore does not mean they are less worrysome.
Hundreds of years? More like hundreds of thousands of years. I am not aware of any ciphertext only attacks on AES, and with a 256 bit key, that would be one hell of a brute force attack.
First those scientists tell our kids that they are just monkeys, and now they are telling them that they should be having sex! Just look at how they are trying to destroy our society!
More net neutrality FUD. Net neutrality is not regulation of the Internet, it is regulation of businesses that provide access to the Internet, in particular requirements that those businesses provide nondiscriminatory access.
As for your lovely examples of competition for TV and Internet...what has it gotten you? In my home town (a major urban area with millions of residents), the competition between cable TV companies has not resulted in better service; in fact, the service is absolutely terrible, and has been getting worse during a period of increasing competition. You are still required to use particular equipment to access the cable TV system (none of the providers, last I checked, allowed any "unauthorized" equipment). During prime time, there are frequently outages, particularly on "On Demand" channels. At least once in my memory, a disagreement between one of the cable providers and a particular channel resulted in the channel becoming unavailable for that provider's subscribers.
That is exactly the sort of situation that net neutrality regulations are designed to protect consumers from. There is no technical reason why ISPs can't dictate which equipment you use to access the Internet, or block access to particular hosts who fail to pay up, or even block access to particular services (imagine if your ISP said that you need to pay extra to use SSH -- much in the same way that many cell phone companies demand an extra fee to allow you to send a fax over their network). "The market will solve it" just does not seem very plausible, considering how well "the market" has done in providing decent cable and cellular service.
Particularly since they are currently undergoing some sort of bankruptcy proceedings -- they may be legally required to liquate the remaining merchandise before they comply with this particular court order.
A copyright ruling...but it is good for freedom...
Head explodes
Unless, of course, you can compromise the TPM too. The issue is that hardware can be compromised; the solution is to either design hardware that is difficult to compromise without creating faulty operation, or to have a secure manufacturing chain where everyone needs a minimum level of clearance to even enter the facilities.
Neither would I, considering that intelligence agencies have done this sort of thing in the past. There was a pipeline in Russia that (supposedly) exploded because a microchip design that Russian spies had copied from the USA had a malicious block. The Israeli air force seemed to mysteriously not be fired upon from enemy computerized antiaircraft installations, although there was never any official confirmation.
Hardware hacking is not new, and neither is malicious hardware hacking.
It is not too hard to create a block that is very difficult to route around, considering that the routing problem is NP-hard. It is one thing to tamper with a single block and hide something malicious in it, especially a large and complex block; it is something else entirely to try to rearrange in the interconnect between blocks without affecting the ability of the device to function. Your adversary in this case does not want to be obvious, and so they cannot ship devices that are less reliable as a result of the tampering, nor can they ship a device with a easy to detect form of tampering (like an extra block that would be obvious upon visual inspection).
There is a good bit of research on this topic, actually. I think the idea with the "block that takes over functionality" is that it is perhaps simple enough (and thus lower performance) that inserting malicious functions into it would be difficult to do without being detected. So, for example, you might have a very high performance DSP block that can do a 1024 point FFT in a few clock cycles, but that is going to be a lot of logic and leaves a lot of places for a malicious manufacturer to hide something; your fallback if extra circuitry was detected would be a less complex FFT circuit that takes thousands of clock cycles to do the FFT, and which would be harder to tamper with. Detecting hardware that has been tampered with is pretty hard, though, and that is where a lot of the research is.
It is not just about outsourcing; a chip fab in this country might have a worker who is on the payroll of the Chinese government, and who tampers with a chip layout just prior to manufacturing. It is pretty expensive to run a secure chip fab, and even if all chip fabs were domestic, you would still have a number of important computers (think of utilities, critical services, etc.) being manufactured at facilities where the employees might be engaging in sabotage of this sort.
'Hacker' carries a very negative connotation and it seems like, from this article, that some people are trying to perpetuate it.
"Some people?" More all, "almost everyone except hackers themselves." In a way, you can divide the population in four groups: hackers, non-hackers who respect hackers (a tiny minority), people who are annoyed by hackers and want to discredit them, and people who never knew what hacking was about and believed the mainstream media's attacks and propaganda about hackers. Even movies that have hackers as the protagonists seem to portray hackers as people who do nothing but break through security systems.
"Hacker" has become a synonym for "enemy of society" as far as most people are concerned.
It could be as simple as checking power consumption against the design of the hardware, and falling back on slower but logically equivalent hardware if something is wrong. When you can fit a billion transistors on a single microchip, that is not really asking too much.
People have been hacking hardware for a really long time, longer than they have been hacking software. My security engineering textbook lists a number of hardware hacks that were used for espionage, particularly side channel attacks and other signals intelligence. Creating hardware trojan horses is an old trick; you might even say it dates back as far as the Trojan war.
"A hardware hack could do [bad thing] or even [really bad thing]!" What about, "A hardware hack could free users from restriction systems?" or perhaps "A hardware hack could allow a mechanic to work on a transmission that was locked down by the manufacturer?"
Note that he did not say we have to like Adobe -- he said if you are worse than Adobe, you definitely have a problem. We can safely hate both Apple and Adobe, a fairly routine day on /.
Here I was, thinking that GNU was the premier userland, at least in terms of the number of users who depend on. Oh, wait, I see what you did there, you started a GPL-vs.-BSD license flamewar.
His work on Tor was the reason for his communication with Wikileaks. So as someone doing cryptography research, I have to be careful about who I speak with, because if I give details about my work to the wrong people, I could be "detained?"
Would you perhaps like to explain to me and people like me how "Zones" are different from "virtual machines?"
The way I see it, OpenSolaris should have happened five years earlier, when people might have still cared. By the time Sun announced OpenSolaris, it was already an uphill battle to find open source developers who even cared about Solaris.
Unless I am confused, "Zones" are virtual machines. If you think there is no equivalent, I guess you are not familiar with Xen or KVM, or the dozens of other VMs out there. ZFS is available as a FUSE driver, and Linux already has attachable debugging, although perhaps not with "feature parity."
No, but perhaps the codebase is cleaner and has fewer bugs? Clearly, someone is interested in it.
Perhaps because you want to get your power from a device that does not have USB outputs?
Do you even have to ask? Yes, we should have a right to repair, and a right to build interface devices.
People often talk about how wasteful Americans are and the problems of a throw-away society. If people were more willing to repair their devices, especially complex electronic devices (most of which fail because of simple and repairable problems, like a broken lead), we would be better off. Aside from less electronics in landfills (let's face it, few people actually dispose of electronics properly), people would not be spending their money so quickly, and presumable that would mean fewer debt problems (or they might just spend it elsewhere).
Of course, we will never see anyone other than a few activists pushing this sort of mentality -- corporations have enjoyed ever larger profits because people are unwilling and unable to repair their own equipment (or to find a local repairman to do it for them).
I have been finding that Linux compatible hardware is becoming pretty easy to obtain. Certain companies are still on the "bad list" -- Broadcom certainly stands out -- but for the most part, I have no problems anymore. Of course, I do not demand particularly high performance 3D graphics, so maybe that is why...
Was it specifically bad to turn in Manning? No, things are no black and white. From where I sit, though, Wikileaks is doing a good thing by exposing government lies -- we cannot trust the government to be honest about classified documents, which is why we need Wikileaks. If these guys are fighting against Wikileaks, that means they are pitted against those of us who want a more open government.
What worries me is that these guys are not required to abide by the constitution; they voluntarily collect information, and then turn it over to the government, which allows the government to obtain evidence that it would not otherwise be able to collect. These "fourth party" arrangements have been discussed in the past, and just because they are not hot news items anymore does not mean they are less worrysome.
Hundreds of years? More like hundreds of thousands of years. I am not aware of any ciphertext only attacks on AES, and with a 256 bit key, that would be one hell of a brute force attack.
intellectual discussion
Which /. have you been reading?
First those scientists tell our kids that they are just monkeys, and now they are telling them that they should be having sex! Just look at how they are trying to destroy our society!
More net neutrality FUD. Net neutrality is not regulation of the Internet, it is regulation of businesses that provide access to the Internet, in particular requirements that those businesses provide nondiscriminatory access.
As for your lovely examples of competition for TV and Internet...what has it gotten you? In my home town (a major urban area with millions of residents), the competition between cable TV companies has not resulted in better service; in fact, the service is absolutely terrible, and has been getting worse during a period of increasing competition. You are still required to use particular equipment to access the cable TV system (none of the providers, last I checked, allowed any "unauthorized" equipment). During prime time, there are frequently outages, particularly on "On Demand" channels. At least once in my memory, a disagreement between one of the cable providers and a particular channel resulted in the channel becoming unavailable for that provider's subscribers.
That is exactly the sort of situation that net neutrality regulations are designed to protect consumers from. There is no technical reason why ISPs can't dictate which equipment you use to access the Internet, or block access to particular hosts who fail to pay up, or even block access to particular services (imagine if your ISP said that you need to pay extra to use SSH -- much in the same way that many cell phone companies demand an extra fee to allow you to send a fax over their network). "The market will solve it" just does not seem very plausible, considering how well "the market" has done in providing decent cable and cellular service.