Trecherous Computing lol

I'm writing a debate on Trusted Computing, and after remembering a flash that's more than likely been bumped off of 4chan's /f/, I decided to ack world4ch about it. Anyone have links to good rants or articles on TC that would provide for some solid pros and cons about the issue? You guys could also throw in what you think about TC, as I can quote discussion groups.


mewtnote (lol): I was about to write this on Jackie T. and the Violence in Video Games baloney, but some professor who's much more important than me has already done it. (Very well, I might add.)

Visited the obvious places, like wikipedia and the idiots at slashdot?

From the viewpoint of security, it'll be a boon. From the viewpoint of anybody not running a server, it's pretty fucking nasty.

Basically it's just moving DRM from software to hardware. So all it'll do is lock things up further away from the user, and make restrictions imposed 'from above' harder to change/remove. No pros.

Your computer is more secure if you're not allowed root access...

>>2
I've been reading a few articles, one headed by major pro-TC buisinesses (AMD, Microsoft, HP, IBM...), one from gnu.org spotting all the faults in the theory, and a few others. I doubt I can look it up at a library, being such a new topic.

These are good comments so far, however.

A debate, you say? Start by introducing facts. Most people are right next to clueless about these things since hardware-enforced DRM hasn't really bit them in the tender places quite yet. (Apart from the Sony/BMG stuff that is, and that's only software.)

Apart from that, exercise your google-fu. Reams and reams of text on these matters have been published on the 'net since 2000 -- prof E. Felten's freedom-to-tinker.org comes to mind.

>>4
Not if someone you definitely don't trust -is- allowed root access...

>>7
Sarcasm.

And yeah, I still need to do my research. I did, however, get it checked out today-  any comments you all would personally like to make on the matter can be used as "consumer feedback"

>>1
Simple:

Pros:
None

Cons:
Everything, to name a few: fucked in the ass in your own computer, everything you do is controlled and must be approved by somebody who is not the law, security breaches, no privacy, huge waste of bandwidth and everyone's Internet resources and backbones, and waste of computing power.

Unless you're $ony, m$, and the other motherfuckers behind digital rights infringement, in that case:

Pros:
You can assrape your customers (the people who's actually allowing your business to go on) and control their lives as in The Sims.

Cons:
None.


Solution? Kill the fucker who came up with this shit.

Trusted computing keeps the users honest, by enforcing the regulations instead of trusting the user to remember and respect them. It is easier for the user and better for the content producers.

The fact that people would no longer have entire control over their computer is a non-issue. Computers are becoming more and more important in our society everyday, and important things can not be left in chaos.
Look at cars: people can't build their own, and have to buy from a strictly regulated industry. It allows for safe roads.
Making sure that computers respect the law is the next level, because the information superhigways ought to be safe too.

>>5
These are good comments so far, however.

I regret to inform you that these aren't good comments. Thus far you've mostly heard the usual slashdot-grade "there are no pros" crowd. Like I said, it's fucking nasty if you're not running a server, but anyone who says there are no benefits is biased to uselessness. As someone writing a research paper, this should be obvious to you.

There are some benefits, the main one being security. If I run a server or some other system that I need to be as secure as possible, damn straight I'll reach for TC. We have encrypted connections over the internet, so the nodes themselves are the next step. TC will be an effective part of a larger solution, and ignoring it is completely retarded.

But, like I said, it's being pushed due to the interests of content providers; the security community invariably is always ignored, so it's not because of us, although the propaganda around TC will certainly proclaim it is. While it may benefit those of us interested in security, provided that we (and only we) hold the keys, content providers are going to try to use it to sodomize the consumer. Even though I see the benefits that TC can bring, I honestly dread its coming.

That's reality. The slashdot idiots can go fuck themselves.

>>11
They're good comments in that I can report on the opinion (albeit biased from propaganda) of the above-average consumer. Provides for another page+ of discussion. (You have a lot of good points, I'll more than likely use some.)

There are some benefits, the main one being security. If I run a server or some other system that I need to be as secure as possible, damn straight I'll reach for TC.
Right. Security implemented in hardware, where it's damn near impossible to examine the algorithms used or any backdoors which may be present.

While it may benefit those of us interested in security, provided that we (and only we) hold the keys
That is a completely unrealistic 'if'. And even then, why should I trust you with them?

Security should be implemented in software. I have yet to hear anything good about TC.

>>10
The fact that people would no longer have entire control over their computer is a non-issue.
You are either stupid, high, or the best troll ever. Go back to Cuba and leave computers alone you stupid lawyer shit. People can always make custom computers and OSes if you faggots keep trying to piss on our lives. MY computer is MINE, not yours or any of your faggot friends, I'm the only lord at home and I do with it anything I want that's legal, and it'll stay this way because I resist having some faggot corporation controlling what I do and installing their bullshit on MY system. As a matter of fact, I never buy or listen to the shitty music produced by sony, emi, and all these bastards, so I have no need for any of their crap.

BTW, I'm not a Slashdotter, a lunix fanboy, a long haired LSD taking hippie, an American, a nazi, or a privacy maniac.

Now, if you were a troll, you've succeeded, cheers :) . I've added extra insults to glorify your awesome trolling skills.


>>11
Another faggot. SECURITY POLICY: Not allowing bullshit from corporations to run on your system.


>>12
They're just restating whatever shit riaa, mpaa, and European leftards pull out of their asses. Above average consumers? They are above average trolls, or above average sony ball lickers. Their good points are that that whatever massive media companies say reach even here, and this is yet another reason to go out and kill the fuckers who came up with digital rights infringement.

>>13
You shouldn't have bothered to explain that; anonymous "That's reality" #11 is a security expert therefore he'll not need to know this. He's probably happy as a fag in a rectal examination, securely browsing the Internet with Microsoft Internet Explorer 6 on a stock Windows XP system with the security tools provided by Microsoft, while listening to his Sony $30 music disc with Sony's nice looking, secure player. I'm sure he even disabled cookies for maximum privacy and security.

gnu.org's (they're incredibly biased, duh) hypotheticals in their TC discussion sound a lot like the Patriots and the plans for the Big Shell/Metal Gear buisiness from MGS2. (Dumb reference, but it's almost spot-on!)
http://www.gnu.org/philosophy/can-you-trust.html

Required reading is http://www.againsttcpa.com/

As a person I'm against it, mostly because it's very much a huge step to make anybody able to "use" computers regardless of wether they know anything about them or not. I would think of this as a good thing, but it imposes huge restrictions on people who know how to do things. On a "trusted" computer I may no longer run code that hasn't been screened and approved. This means I can't even write a small script to increase readability in my .txt files, I won't be able to make a small program, I won't be able to go from 0.0.1 to 0.0.2 without letting an authority, which I do not trust, inspect it first. Unprofessional programming would come to a complete halt, and the Open Source community would die and we'd never have anything like Firefox's numerous extensions or VLC ever again. Developing software would become so costly only people connected to corporations would be able to do it.

Well, you can run un-screened code in a "sandbox", but it won't be able to write to disk, access anything or do anything. You won't be able to study it's real effects or write advanced software. What could you do then? You could use an ages old computer from before the TA-era, which won't be able to connect to the internet because no computer will connect to an un-"trusted" computer.

>>15
I forgot to say as he was searching with MSN Search for a way to reduce the amount of "ENLARGE YOUR PENIS" popups he gets while securely browsing with industry standards, he realized his mom from above the garage was accidentally listening to his Sony music CD. He immediately called his local Sony representative to ask for a position on this issue, as she was illegally listening to music she did not buy. He then proceeded to acquire a special license for music broadcasting because he couldn't look at his face in a mirror if he didn't, even though the Sony lawyer I mean techie was generous enough to tell him buying an extra copy per neighbour would be enough. Afterwards, he proceeded to clear his Windows Media Series 9 media library for privacy. Aww man, what a hacker; that's security!

>>14
>>15
>>18

I'm on your side but for fucks sake, stop trolling. Ad hominems will get you nowhere, they'll only increase the amount of non-valuable text that the OP will have to wade through.

>>16
gnaa.org is biased and stupid (although I'll take a drunken hippy activist in a tree house over a maffia lawyer from a huge media corporation any day).


>>17
Fortunately, treacherous computing is inherently flawed, and not going to happen. It's not going to happen because I doubt AMD will assrape its customers that much having the great chance to go a step beyond and offer the only fast, unfagged processors; I doubt Microsoft will want to send massive loads of customers to the Linux and ReactOS communities; and I doubt it'll stay uncracked for too long.

Besides, what will developers do? Not allowing you to program your own computer is the faggest thing ever. A computer is useless for me if I can't write software for it, and useless for anyone if they can't use the software others write. Take all users, and substract the stupid Internet Explorer lusers. Now we have all the real users (and the only ones that matter to me). Whether they are running Windows or Linux, half of the software they're using most of the time is freeware (attn gnaa: I mean free software lol). Even if they aren't developers, computers wouldn't be nearly as useful without them. And that's another reason why this is just ridiculous, it's not going to happen.

I know I must've broken >>10's heart with this, as he was so excited with the idea of microsoft controlling his computer because he's way too retarded to think for himself, let alone fix the ugly mess he has done by browsing the Internet with industry standard Internet Explorer.

Shit, I just realized I forgot to say this:

Microsoft, Internet Explorer, and Windows Media are registered trademarks of Microsoft Corporation.

Lambs reading GayPC and similar magazines buying all the shit about treacherous computing probably need this, or they'll want to sue Anonymous.

>>13
Security implemented in hardware, where it's damn near impossible to examine the algorithms used or any backdoors which may be present.

Which can be said of current hardware. Do you know what your of the system bioses are doing? Did you reverse engineer every IC in your computer? Provided the algorithms are open, and implemented well (haha to both), TC will definitely add additional protection.

That is a completely unrealistic 'if'. And even then, why should I trust you with them?

I know, that's why I added that condition. While TC could be useful, it probably won't... except that all the major corporations that have IT infrastructure they depend on will scream bloody murder. If a backdoor was exploited, they'd sue the OEM, chip maker, etc, into the ground.

And you don't need to trust me. I'm not interested in your computer. I'm interested in the networks and systems I run. I suppose your nodes could unwittingly serve as part of an attack, but that's beyond my control.

Where'd you get the idea I want to control your box?

>>14
Another faggot. SECURITY POLICY: Not allowing bullshit from corporations to run on your system.

Another faggot. Where in my post do you get the idea I want other entities running my systems? Did you notice the comment about the keys?

GO SLASHBOT GOOOOOO!

Which can be said of current hardware. Do you know what your of the system bioses are doing? Did you reverse engineer every IC in your computer? Provided the algorithms are open, and implemented well (haha to both), TC will definitely add additional protection.
Implementing a working backdoor, in hardware, for contemporary encryption software and the like is much, much harder than simply adding a backdoor for a single known hardware implementation.

>If a backdoor was exploited, they'd sue the OEM, chip maker, etc, into the ground.
You are forgetting, they'd first have to actually know the backdoor was exploited. And who's to say it would be used against any corporations, instead of, say, 'terror suspects' (i.e. anyone the government doesn't like).

Where'd you get the idea I want to control your box?
I interpreted your 'we' as 'the security community', since you were trying to sound like an expert. If you meant it as the consumers themselves, I don't see how keys in hardware can be kept out of the hands of the manufacturer.

It seems as if you're saying 'TC could be totally useful, given [completely implausible set of conditions]'. Which isn't really a pro-TC argument at all.

In essence, TC is a whitelist for processes which you do not control.

Personally, I'd like to see a step towards the usage of whitelists instead of blackslists (especially for processes on my system), but I WANT TO BE IN CONTROL. I wouldn't be in control if the current ideas of the TC-system would be implemented.

There shouldn't be *ANY* white, pink, or orange lists of processes I do not control. I control *everything* that happens in my box. If there's any kind of list, it's MY list and it's written by ME or approved from a source I like to trust. And large corporations aren't a source I trust. I trust Windows 2000 to some degree, but I'd rather install an undocumented application I found on a red on black Russian website without a domain name that linked to in some obscure usenet newsgroup, than anything developed by sony, seriously.

>>25

I would also like to stress that I have reasons other than "I just want to be in control" for wanting to be in control. These range from what >>17 said to playing the music and videos that I ripped myself, aswell as the ones I downloaded.

>>10
>>Look at cars: people can't build their own, and have to buy from a strictly regulated industry. It allows for safe roads.

Congratulations on trotting out the oldest analogy in the book (computers are like cars) and failing at it. People CAN build their own. If they pass their MOT they're considered roadworthy. It's how you drive it that makes the roads safe or not.

>>10 is a loser

>>29 knows how to produce valuable contributions to a discussion.

Little else can be said; there's nothing good about treacherous computing. Good for its users and developers, that is. It's definitely good for a reduced set of huge media corporations. That's all there is. You can buy this, or buy what you read on microsoft.com, sony.com, riaa.com, and the thousands of shitty news sites and magazines sponsored by the former. Keep in mind I don't make more money if treacherous computing doesn't see the light, yet I think it's the devil, while the only ones supporting it are those who will 3. PROFIT (after 1. FUCK WITH EVERYBODY'S COMPUTER and 2. LOL), and the lambs who follow whatever they say so they get the illusion they are "experts".

I interpreted your 'we' as 'the security community', since you were trying to sound like an expert.

Uh, last I checked, the security community are usually employed to protect commercial IT infrastructure. You know, networks and things?

That computer you use at work? It probably has a disclaimer, right? That's because the company owns that computer, not you. When you're at work, you're using company property, company bandwidth, and company time. If there's a half-sane policy over there, you don't have administrator access on your work computer anyway, and chances are you don't have any expectation of privacy either.

What you do at home on your own computer isn't our concern, and I don't know where you got that idea. TC will fuck you over there (that's why I don't like it; consider the stifling effects), but I'm pointing out that TC could be very useful indeed in a corporate setting.

And while I'm no expert, this is how I earn my daily bread. Sorry for coming off as if I know something.

The way I see this is those giant compnaies in the TCG are just fucking themsleves by skyrocketing the cost for PCs. If you can't get FLOSS software life Firefox, Gimp, and OpenOffice, you'll ahev to buy crappy pay-to-use software that's overpriced. Plus, hardware is going to cost more with these chips implemented. So, say goodbye to a boatload of money, customers, and trust, Microsoft.

>>29
Then what about refuting >>10 ? Oh yeah I know you won't because his opinion (even if it differs from mine who oppose trusted computing because of its risks) was reasonable and sound. You're the only loser here for not following through.

While I agree with the thrust of your post, >>33, I think you're missing the bigger picture. Normal people don't use FOSS software. They use Windows, Word, and IE. Sometimes corporations do to. Otherwise, it's just us geeks.

And Gimp? You're outta your mind. Gimp is "crappy" when compared to the competition. Have you ever used Gimp, Photoshop, and Paint Shop Pro? Clearly not.

hardware is going to cost more with these chips implemented.

Newsflash: we don't suffer from a transistor deficits anymore. Quite the opposite; we have so many transistors now that designers are running out of ideas on how to use them.

>>32
Not root access? On MY work computer? You're clearly not a developer, am i rite? I *need* root access - furthermore, I need to be able to open my fucking box, toy with hardware, and do whatever I need to it, install any OS my company has licensed, and run everything. It's part of my job as a developer. I understand you might not want lusers to have full access to their work computer (or their home computer for that matter), but then again the company's tech division should have root access on theirs to fix all the crap they mess with and disallow them from using Internet Explorer (lol, I love to do this, they're so sad about it, oh man no MSIE nor OE lol lol).


>>33
I'm with you, but Gimp sucks major ass. Have you done graphics seriously? As in vector logos, layers, colouring, large images, special palettized images for games, etc.? I was so happy when I heard there was a free image workshop, and my disposition towards it couldn't have been better, but I tried it, and man, it has the worst interface ever, it lacks 30% of the features I need to just consider using it, it has several design flaws, and it looks as if the developers were trying to make your life worse on purpose. But let's not get offtopic.


>>35
Yes, so-called "Normal" users are actually lusers and suck. But why do I have to pay for them? Why can't we have a "luser switch" somewhere in the OS to enable all sorts of retarded checks and protections and be able to disable them if you want to USE your computer? (I consider "using" doing anything you can with it, from development to hacking. I like to use mine.)

And that statement about transistors is bull. Transistors don't grow on trees, and there's always something good to do with them every time costs go lower: cache memory. And if you want to overdo it, you can add more pipelines or several cores. You can do anything without fucking with customers or making it incompatible.

You're clearly not a developer, am i rite?

Guess what? Developers are less than 1% of most corporate populations. So how exactly does this refute what I said?

I know, I know, it's the "in" thing to think everyone else is a luser, and that they're a minority. MASTER OF THE OBVIOUS: you're the minority.

Come to think of it, I doubt you've ever worked in a corporate environment. If you had, this would be obvious.

>>37
But then the developers are the people who create your product, if you don't have a product to market, you're pretty fucked - so you'll have to see to it that their environment is such that they can work efficiently in it. NEWSFLASH! If I change a single line in a 5,000 line program I have to re-compile. I can't run the re-compiled program without people auditing it and certificates being created for it, neither can I get an accurate picture of how the program runs from within a sandbox or without it having a connection to the internet (web-based programming is all the hype now, you know).

To go with a car-comparission: I have to have a trusted mechanic audit my ENTIRE veichle after I change a sparkplug before I get to test if that was what was hindering the car from starting.

>>34
You are extremely naive if you believe it is a reasonable position that TC will, or even could lead to a 'safer' interweb.

>>32
I'm pointing out that TC could be very useful indeed in a corporate setting.
And I'm pointing out that it couldn't be, because you'd want your security in software.

>>37
Guess what? Developers are less than 1% of most corporate populations. So how exactly does this refute what I said?

So we have to fag up computers for lusers so they can feel safe browsing intarweb sites found with MSN Search with Internet Explorer? Get real. Would you ban metal knives because of children?

I'm in a minority. So what? Being in a majority doesn't make you smarter or better, and it often makes you stupider and worse.


>>38
I'm working right now (ok, I was a couple hours aog) in a corporate environment. One that's not fagged up by the likes of you.


>>41
Not only that, but you'd want your developers and techies to be able to control that security for their own purposes.


BTW, the microsoft consultant defending treacherous computing is the same Anonymous.

This thread is going TO THE MOON! A lot of good points here, many more refuted! I'll read 30-onward when I get more time.

Dude, the 30-onward posts are the good ones. ;)

>>35
I personally despise Gimp, but I was using it to make a point. FOSS and independent development in general will be completely destroyed, along with any of these companies supporting TC. These companies know that they can eek more money out of the consumer if it's a product as vital as a PC, and if the ability to build a PC is effectively eliminated, part and software costs will skyrocket so the corporations will make more money. While this is all great for corporations and IT techs around the world, the middleman is fucked and the economy will run dry from people overspending on their credit cards to get a decent computer. So enjoy your $400 Windows and $600 300gig HDD.

I doubt that will happen (fortunately!), treacherous computing is flawed as anything these "security consultants" and "media rights experts" pull out of their asses.

Even if that happens, we'll always have a rogue market, probably Chinese, now that China is getting better and tech savvy. One good thing about China is they never get on all fours and let media corporations to rape them in the ass with George Zimmer's cock. They develop their own standards and say "fuck-you" to "industry standards" bullshit. That's how the free CVCD was born, for example. I'm sure they'd be up for a rogue PC market, and with a thriving community of Windows developers abandoned by microsoft, ReactOS would be fully functional soon.

Life will find a way. To fuck all terrorist protections.

Hello, >>42. Born stupid?

So we have to fag up computers for lusers so they can feel safe browsing intarweb sites found with MSN Search with Internet Explorer?

I love the elitism here. The world isn't computers, you know. What do you know about disciplines outside of your world of electrons? Do you know how to design bridges? Represent a client in the court of law? Save a life while performing surgery? Or even something simpler like carpentry?

Let me spell this out for you:
a) Most people are not computer wizards. They specialize elsewhere.
b) They often make mistakes (as do people like you).
c) As a result there are major problems, like viruses.
d) The IT dept administers their machines for them anyway.

Would you ban metal knives because of children?

Hardly comparable. You seem to think that if TC is enabled on some machines in a corp environment, then zOMG IT'S ENABLED ON ALL OF THEM SHIT THE MAN IS TAKING OVER!!1!

You're a kid.

>>47
Have you read up on TC at all? The idea is that no computer without it is able to communicate with a computer that has it, therefore making all "safe" computers "safe".

This means that all computers must have it, because a computer that doesn't have it will not be able to produce software for a computer that does have it, connect to the internet or print a paper. Since no computer without TC is usable, all computers must have TC if it becomes industry standard.

Another thing to note: IT DOESN'T MATTER IF I'M NOT A DOCTOR, IF I CAN BUILD A CHAIR OR IF I CAN DESIGN A BRIDGE. Viruses, as you insinuate, are often created to pray on user un-awareness - the solution to this, though, isn't to lock down everything (just as the solution to traffic problems isn't to build 1m walls on the sides of all roads) but to inform the users who handle computers daily, and incorporate SOME software security solutions (such as stripping of executables from email attatchments).

Like you said, people often make mistakes, this is something which can not be helped. We'll have to live with it (or adapt TC and watch everything in the IT area stagnate).

Also, what >>46 said makes a lot of sense. The Chinese would not adopt any TC standard, and the rogue market would (as per the dynamics of capitalism) downright kill the TC market as those computers will be both cheaper and without idiotic restrictions and DRM.

I love the elitism here.

Look, I'm not an architect on surgeon or an attorney or a carpenter or whatever.
But I don't demand that architecture, surgery and law be made easy for somebody like me who lacks knowledge in those fields, and I understand that it is best left to the professionals.

So why should we make the computers "easy" (IE, dumbing them down to the point of uselessness) for people who specialize? I love how you throw your specialization logic around, then say that any moron should be able to use a computer.

So do we all at *least* agree upon the fact that because of TC, the more educated, specialized users are being punished (to certain lengths) simply because of the average joe computers consumer who, for instance, couldn't even tell you what the difference between a flash drive and a floppy drive???

(Veering away from analyzing world4ch user elitism, heh. That's for another thread. ;) )

The idea is that no computer without it is able to communicate with a computer that has it

Authoritative link on this? I think you've misunderstood what remote attestation does.

to inform the users who handle computers daily, and incorporate SOME software security solutions

All true, but ignores that TC is another layer of defence. At some point additional security is counter-productive, but I believe TC is a far more effective and transparent means of keeping the users from harming the network than, say, telling them everyday that viruses are bad, or worrying some dickhead is going to truck in an infected laptop on some part of the network.

>>50
I think we can all agree that TC is bad news for a home user.

>>47
He he, microsoft consultant is getting mad. Consultants don't do that, you know.

The world isn't computers, you know.
The world is anything and everything for the people who work on and for it.

What do you know about disciplines outside of your world of electrons?
What do you know about disciplines inside of my world of electrons?

Do you know how to design bridges? etcetera
No, because that's not my speciality, but I do know one thing: you don't do it with treacherous computing or MSIE.

Most people are not computer wizards.
People using my custom built and configured computers aren't computer wizards either, and by following my advice and using my configuration they aren't having problems, and OMG, they're using untrusted computing!

They often make mistakes (as do people like you).
I make mistakes. I fix my mistakes. Then I proceed to fix mistakes made by lusers which take up a good part of my time :P . And treacherous computing is a mistake.

As a result there are major problems, like viruses.
Getting a virus, maybe. But viruses don't exist because they are a "mistake". They're some way of "natural selection" for computer users which I do not approve.

The IT dept administers their machines for them anyway.
And can you tell me how will the people who knows do their fucking job if they can't do anything? How will a mechanic fix his car if he has to get bill gates and sony music's approval (as if they were any trusted authority) for every fucking screw he wants to touch?

You seem to think that if TC is enabled on some machines in a corp environment, then zOMG IT'S ENABLED ON ALL OF THEM SHIT THE MAN IS TAKING OVER!!1!
You can't disable treacherous computing, moron. The second they're out, they'll want everything to be under their hand. There won't be something like a "non-TC computer", just like there's nothing like a "non-DRM windows mierda player". Mierda is Spanish for shit.

You're a kid.
Not that young I'm afraid, but I wish I were, to have more time to write against treacherous computing and dismantle the arguments of "professional business consultants", "security experts", and "information technologies lawyers" like you.


>>51
Do you want maximum security? Throw your computer out of your window and start using industry standard paper. Talk about trusted computing. No viruses, no kewl screensavers Bill Clinton emailed you to your Hotmail account, no data loss. That's just one step forwards from treacherous computing.

>>49
Statement of truth.

>>52
Statement of truth.

So the bottom line is, treacherous computing sucks hairy, greasy king kong balls, end of the story.

>>53
Oh and BTW, I'm not a "security expert". I'm a developer, and I just know how to not get screwed. My security policies for my home network could be described in 6 KB, and I haven't gotten any problem in ages (despite the kind of sites I usually visit and the kind of things I usually deal with).

Another BTW, if Windows Vista becomes useless because of treacherous computing, I'll join ReactOS and see how can I help making a free Windows. Perhaps you'll have to use ReactOS one day, and perhaps you'll benefit from this elitist asshole's $0.02.

He he, microsoft consultant is getting mad. Consultants don't do that, you know.

Ah, brillant assumption! Truly, you are psychic.

Do you use gentoo by any chance?

>>52
It is only bad news for the home thief.

>>56
And those who want to run anything Microsoft doesn't want you to.

>>55
No, I actually use a heavily tuned version of Windows 2000 (legal BTW) as my primary OS.

>>56
With this statement you show your ignorance or bad intentions. It's a terrible security policy (security by obscuring, and security the one in charge of a computer can't control or override) which is bad for everyone including corporations; it's a violation of several rights which is bad for everyone including corporations (although bullshit lawyers don't seem to care for this one); it's a lame obstacle and a pain in the arse for developers and techs - the ones who matter most as they are writing the software everyone else uses; and it's crappy and unfair especially for the legit home user who does nothing wrong and is still controlled, slowed down, and disturbed by all this shit.

microsoft just wants a dream machine who will only run "trustworthy software", as in "microsoft software" and "digital rights infringement". Everything else is "unsafe". Maybe this model is fine for worthless lusers who may very well get a simple box to run Windows XP and browse their interweb with MSIE. But you can't do this to PCs. PCs are used for much, much more than this luser bullshit, and just because the world is full of lusers who make up for 60% of users, we can't fag up PCs and screw the rest. You know why? Because the ones doing software - including that shitty MSIE you love to use - NEED a real computer without that microsoft shit (tm) to work.

If you can't see this, your opinion in this thread is worth nothing, gb2/partners.microsoft.com and enjoy your security. (We all know microsoft was always famous for their strong, well thought security policies and reliability, so it must be trusted the security of every computer in the world.)

Since we've already heard Microsoft's view in this thread from a particular Anonymous, we should read what the GNAA has to say about this. It's actually a balanced and serious opinion which throws some light to the topic.

http://www.gnu.org/philosophy/can-you-trust.html

>>58
You call people lusers, you must be a real computer expert. How impressive.

So basically you are saying that it is a good thing that current computers make stealing easy right?

>>60
Yes, just like it is a good thing that current knives make murdering easy. If it weren't easy, they would be useless. Being easy is a side effect from being useful. Would you penalize legit users for it? And why should I care? Not only music piracy is not my problem, but fucking with me is most surely not the solution.

>>61
We've already agreed that TC is generally bad news for home computing, yet most your arguments only appear to target that segment. In the corporation, most users don't need, nor should have, administrator access.

Trucking out that "security by obscurity" mantra shows that you aren't familiar with developing trustable systems. The algorithm and implementation is best when open, obviously, but it's only one part of a layered solution. If you put all your eggs in one basket, so to speak, you're begging for it.

>>61
The way you put it, given enough bullshit and spin-doctoring, you could convince the NRA to rally against TC!

I like the points made thusfar. It'll definitely be included into the paper.

>>61
Except that I don't see the harm in preventing the users from stealing what they obviously can't. If there was a way to prevent a knife from killing people, it would definitely be made mandatory on all knives, why shouldn't it be the same with computers, since they have the ability to prevent stealing?

>>62
In the corporation, most users don't need, nor should have, administrator access.
BINGO! You're talking about restricted users and administrator access. That's EXACTLY what we have NOW in any operating system, including Windows NT. See how we don't need treacherous computing at all?

The algorithm and implementation is best when open, obviously, but it's only one part of a layered solution.
A security system will be as strong as the single strongest layer. If you have enough power to break it, you have enough power to break the rest. Morever, you can't consider "secure" something that's completely out of your control and knowledge, and in the hands of a few greedy corporations (note: I'm not a communist hippy. There are good corporations, and bad corporations. Bad corporations are the ones trying to fuck you in the ass, and good corporations are the ones which don't cause any trouble).


>>63
you could convince the NRA to rally against TC!
Lol, hey, I'll join them!


>>64
I don't see the harm in preventing the users from stealing what they obviously can't
You don't see harm because you're probably an Internet Explorer user, but there IS harm: it makes computers useless for the ones who create software and mess with it, and becomes a pain in the ass for a shitload of home users.

If there was a way to prevent a knife from killing people, it would definitely be made mandatory on all knives
But there isn't because it would render knives useless. It's the same with computers.

treacherous computing is like banning streets to end with street gangs. It's flawed from the start, if you can't see this you're blind (but this we already knew, as you must be a religious follower of microsoft), and the ones who are behind treacherous computing know this, but they still try to go on, because they don't care for streets, and they have found in gangs the perfect excuse to take over the world's computers and force users to pay buckets of money for everything and do only whatever they want them doing.

treacherous computing would leave 95% of the world's computers in the hands of half a dozen corporations, how can you be so irresponsible? How can you trust a few shitty corporations who are infamous for their disrespect of users, freedom, competition, capitalism, and the law, and are being trialed over and over because of it? Go back to Cuba for fuck's sake!

You don't see harm because you're probably an Internet Explorer user
[...]Go back to Cuba for fuck's sake!
Let's not resort to name-calling.

it makes computers useless for the ones who create software and mess with it, and becomes a pain in the ass for a shitload of home users.
How the hell preventing people from stealing causes that?

But there isn't because it would render knives useless. It's the same with computers.
Way not to understand the argument. If there was a way to make knives useful to cut meat and useless to kill people, then such a security would be mandatory. Of course it's not technically possible, I just ask you to consider what would happen if it were possible, because computersss change the deal - they can permit legal uses and prevent illegal ones.


You are comparing large corporations to street gangs. That's not a very mature or realistic view of the world. Corporations are kept in check by the consumers and the governments.
Sure, some corporations want to prevent you from stealing music and movies. You call that greedy? If they were installing security devices in brick-and-mortar shops to prevent stealing, you definitely wouldn't call that greedy, you'd say it is the right thing to do.

>>65
See how we don't need treacherous computing at all?

Not exactly. Let's say I have a document I absolutely do not want to leave the organization. How would you reliably prevent that from happening with the current system?

A security system will be as strong as the single strongest layer.

Which could well be TC.

Morever, you can't consider "secure" something that's completely out of your control and knowledge

Which is why I quite clearly (twice already) have stated I'm only interested in TC unless the only people holding the keys to the systems is the corporate entity that owns the machines. The IT and legal departments, right?

Of course, we can't be 100% certain what Windows, Oracle, zOS, SAP, etc, are doing either, and most people don't look at OSS code (they rely on reputation), so I'm not certain how much of a change it'll be. Not that I'm in favour of other entities being in the picture.

TC if the only

fixed

>>67
Let's say I have a document I absolutely do not want to leave the organization.
It may not be printed, because someone might take that paper version with them out the door. It might not be displayed on a monitor, because someone might make a photograph. Etcetera. Hell, nobody can even see it, because they might memorize it!

>>66
>> [...] can permit legal uses and prevent illegal ones.
Ignoring your assumption that illegal acts are always immoral and should therefore be prevented (which is really the most flawed part of your argument), computers cannot permit all legal uses while also preventing illegal ones.

You also apparently have a naive view of corporations.

I smell trolls.

Ignoring your assumption that illegal acts are always immoral and should therefore be prevented (which is really the most flawed part of your argument), computers cannot permit all legal uses while also preventing illegal ones.

Then do what we do in democracy: push for laws that make it legal to steal your entertainment. Whatever your opinion is on this topic, the current laws must be enforced, and TC is one of the many good means to enforce them. But until you make stealing legal, you are only saying that you think we should not make things that make the law easier to apply because you want it to be easily breakable.

Which is why I quite clearly (twice already) have stated I'm only interested in TC unless the only people holding the keys to the systems is the corporate entity that owns the machines. The IT and legal departments, right?

Owning the keys ≠ controlling the implementation. Who knows what you get for free with your TC deal?

I smell trolls.
Trolls? On the largest debate in /comp/?

[...] push for laws that make it legal to steal your entertainment.
I try. Besides, it's inevitable. The current intellectual property situation is not stable, with the cost of copying at virtually zero, and yet completely artificial limits to distribution. It's all very different from physical property, and any similarities exist mostly in the wording people use.

Whatever your opinion is on this topic, the current laws must be enforced, [...]
...while not limiting the computers' usefulness or, more particularly, our freedoms. This is where the knive analogy comes in again.

>>66
Let's not resort to name-calling.
Name-calling or truth-stating depending on how you look at it. And what I meant by these is that you don't seem to have computer insight (therefore you shouldn't be talking about tc, much less defending it), and I think you'd be happier living on Cuba (where good fidel has his "trusted citizens" policy) than in Western countries.

How the hell preventing people from stealing causes that?
treacherous computing will prevent hackers from working and developers from working without asking for permission on every step. (Note: "hackers" doesn't mean what you saw on TV and the movies, and no they don't break into hospital networks.) You don't know how a developer works; before supporting something as terrible as treacherous computing, you should know.

Way not to understand the argument. If there was a way to make knives useful to cut meat and useless to kill people, then such a security would be mandatory.
Problem is, there's no way to make computers useful to real users and developers and useless to do what microsoft and riaa don't want you doing.

because computersss change the deal - they can permit legal uses and prevent illegal ones.
You are wrong. Here's some truth:
1. Legal is what's defined by the law, not the treacherous computing corporations
2. It's legal to develop
3. It's legal to run custom software
4. It's legal to copy data for private use
treacherous computing breaks all four points. treacherous computing not only prevents illegal ones, it prevents legit users from doing legal things.

You are comparing large corporations to street gangs.
I wasn't comparing large corporations to street gangs (reread my post), but now that you mention it, I trust a street gang to defend my interests over riaa, mpaa and sony any day.

Corporations are kept in check by the consumers and the governments.
HAHAHAHAHAHA

some corporations want to prevent you from stealing music and movies. You call that greedy?
They don't want to prevent me from stealing music and movies. With treacherous computing, they want to prevent me from doing things they don't like, be them legal or not. This includes running software and being in control of my computer. You're incredibly ingenuous and gullible not to realize this. For example, take microsoft. They don't sell media. They sell OSes. To a certain extent, music piracy helped them. There are more and easier ways to download music illegally on Windows than any other OS. And Windows is what they sell, not music. Why are them on the treacherous computing campaign? Because that way they can hurt their most feared competition ever: free software. microsoft doesn't want me to develop my own tools or use my friend's, they want me to buy $400 professional business industry standard software solutions made by them.

If they were installing security devices in brick-and-mortar shops to prevent stealing, you definitely wouldn't call that greedy, you'd say it is the right thing to do.
Yes, because:
1. The shops aren't mine
2. They only prevent people from stealing, but they don't prevent me from using the shops in any way
3. They don't prevent shop owners from controlling their shops and modifying them in any way they want
4. They don't touch my balls


>>67
Let's say I have a document I absolutely do not want to leave the organization. How would you reliably prevent that from happening with the current system?
You can't, either in this system, bill gates' treacherous computing, or anything. It's a problem inherent to information. If you can't trust your employees, you're bound to fail. Read what >>69 said.

Which could well be TC.
treacherous computing is not a security layer, it's a rights infringement layer, and it's by no means secure, because as I said, it's ruled by somebody that's not you or your company's authority, and it's obscure security.

I'm only interested in TC unless the only people holding the keys to the systems is the corporate entity that owns the machines
Man, then you are not interested in treacherous computing, end of the story. There's no way to get rid of the bullshit microsoft and media corporations will build into treacherous computing, and there's no way for you to be the one in control. In fact, you must be constantly updating your keys and rules (which is done in the background and without your approval) for treacherous computing software to work. treacherous computing will stay out of your control and be an impediment for your own developed corporate software and IT department, don't doubt it.


>>69
You also apparently have a naive view of corporations.
That's a major understatement.


I smell trolls.
In MY vagina?


>>70
the current laws must be enforced, and TC is one of the many good means to enforce them
Fail. treacherous computing has nothing to do with the law, and it's ruled by maffia organizations who aren't the law but want to be. In fact, it should be illegal.


>>72
Truth

>>73
Your large post would be great if it didn't had one fatal flaw: there will definitely be some testing frameworks available to develop and test your applications without an external authorization server. Therefore, it does not prevents you from developing.

treacherous computing is not a security layer, it's a rights infringement layer
Looks like you've learned your 1984-style of argumentation very well. You are just searching excuses to continue being a thief. Too bad it won't be technically possible anymore in a few years, eh?

>>74
there will definitely be some testing frameworks available to develop and test your applications without an external authorization server
Absolutely useless: they'll still be protected, and you still can't release free software naturally and decently

Looks like you've learned your 1984-style of argumentation very well. You are just searching excuses to continue being a thief.
Looks like you've learned your 2005 Bush-style of argumentation very well. Anybody against treacherous computing is because he wants to be a thief.

I wouldn't be bothered if treacherous computing somehow prevented piracy without affecting me in any way. I am bothered because I am affected (corporations controlling my computer, anti-developer policies, anti-free software policies, not being able to do what I want which is legal, background shit, no privacy, system complication, etc).

Too bad it won't be technically possible anymore in a few years, eh?
Ha ha ha, you're a funny troll or have the mentality of a 10 years old who was told by pops Bill what to think and what to say. Tell you what, I'd rather let you, suited consultants and corporations think it's impossible. That way they'll stop inventing new shit to fuck me in the ass as I don't have anything to do with them or piracy.

You are just searching excuses to continue being a thief. Too bad it won't be technically possible anymore in a few years, eh?

So here's one thing I wonder about. Suppose there are two video files: One contains a recording of a children's birthday party. Another contains a decent quality movie, ripped and thus as unprotected as the first file (it might be a recording of the movie being played on a screen, if you think TC will make direct ripping too difficult). Now, consumers should be able to view the first file, or you'd risk outrage. But according to your post, the second file cannot be watched anymore ('not technically possible anymore'). So either:
(1) TC includes an AI capable of detecting illegal media playback (LOL), or
(2) User made media/software/etc will become completely impossible to view/use (LOL, try forcing that on people).

Conclusion: TC cannot really be used against piracy.

This is for the pro-TC, anti-pirate Anonymous:

TC and current DRM technologies prevent me from using them in LEGAL ways. I can not buy a CD, rip it into OGG, put it on my webserver and stream the music from my home while I'm in school. This is all fully legal, but isn't possible with legally bought CDs because of DRM. At the moment I download any album I buy so that I can do exactly this. This legal use would be impossible with TC, and therefore it prevents me from EXPERIENCING MEDIA even though I'M NOT A PIRATE. One does not need to be a thief, as you so gently put it, to think ill of TC.

In addition to preventing free software from spreading, TC does prevent it from being developed. About half of all current applications are web-applications which require access to internet and other computers to function. Thus, I need internet access to test my programs (I'm a developer. I write a web based gui for a document handling system at the moment, and yes - its' the function our clients have been requesting the most), and TC won't let me do this.

I'm another web developer. Naturally, as anyone with knowledge of this matter that doesn't work for microsoft would, I oppose TC.

>>69
It might not be displayed on a monitor, because someone might make a photograph.

Which is clearly intentional, and thus fodder for the legal department. However, TC prevents people from accidentally sending the document where it shouldn't go; it provides quite a large roadblock.

>>71
Owning the keys ≠ controlling the implementation. Who knows what you get for free with your TC deal?

The same can be said for the BIOS and the rest of the hardware. Truth is, none of us really knows what goes on in that layer. We just trust it's not doing something we don't. So what's your point?

>>79

TC introduces too many negative effects to make it a useful solution to the "accidentally sending important documents to the enemies"-problem, just read this thread about the developer-situation. Alternatives to it could be to use the already built in password-protection in MS Word or having competent employees.

I think >>71's point was that we shouldn't add a restrictive layer which does not satisfy a need appropriately and is a potential security risk.

>>79
However, TC prevents people from accidentally sending the document where it shouldn't go
It may be accidental, or "accidental", just like taking a picture.

Current technology may prevent this as well, only that you don't know it.


The same can be said for the BIOS and the rest of the hardware.
With the difference they're not controlled by craposoft or doing anything shitty, and if it did, we'd realize soon enough - the hard thing would be not to realize it. If you're not a sysadmin or a dev you have no authority to talk about this because you don't know how it is. Oh, and you still won't own the keys. You may own subkeys for your documents, but all you do runs under billy's and riaa's keys and rules and with their knowledge, so you're not only not increasing your corporate security, but you're already fucking it because you're revealing private data to absolutely shitty corporations infamous for their evil intentions.

>>81
Current technology may prevent this as well, only that you don't know it.

Like what? Adobe's PDF encryption? Hardly comparable. Keys and pgp? Not transparent, and a lot easier to circumvent (copy resulting plaintext).

Feel free to link me to a robust solution.

With the difference they're not controlled by craposoft

You ignored my post regarding windows, oracle, etc. Nobody has ever fully disassembled them either. Now what's the Fortune 500 running?

Oh, and you still won't own the keys.

I'll wait for actual implementations before deciding. I know I'm being hopelessly naive here, but I can hope. Since businesses in general would be interested in this, I'm hoping Adam Smith's Invisible Hand will work here, at least for some line of machines.

>>82
Like what?
Right now I can think of enforcing PGP for all external email in your SMTP server, or a simple XUL application to serve sensible documents which are never downloaded like normal files, and I'm sure there's better - I'll ask the security department tomorrow.

Even if nobody fully disassembled Windows and Oracle, like I said, we'd realize soon enough that either is fucking with us. Too many users with too much knowledge to let it pass, rest assured. As a matter of fact, all of microsoft's OS protection schemes are caught, studied, and cracked even before the OS is officially released.

I know I'm being hopelessly naive here, but I can hope.
You can have hopes for world peace, free porn, all Japanese games being localized, or winning the lottery, but believe me here, you can't have any hopes that treacherous computing will be one bit good for anybody who is not riaa or microsoft.

Right now I can think of enforcing PGP for all external email in your SMTP server

Doesn't cover laptops, usb drives, cd/dvds, etc. The solution you propose is a default-open policy, because rather than taking care of the problem at the source, you're trying to plug them as they come up.

Too many users with too much knowledge to let it pass, rest assured.

Same could be said for TC.

As a matter of fact, all of microsoft's OS protection schemes are caught, studied, and cracked even before the OS is officially released.

Different problem. Either the OS runs, or it doesn't. That makes hunting for the proverbial needle a whole lot easier. Now, what else might the software be doing?

You can have hopes for world peace

I don't think it's that far out there. As I said, other IT departments would no doubt be

Crud. Well, you get the idea: there's a lot of money to be made by catering to businesses.

>>84
|Same could be said for TC.
No, because Oracle isn't mandatory on all computers.

|Now, what else might the software be doing?
As a matter of fact, all of microsoft's OS protection schemes are caught, studied, and cracked even before the OS is officially released.

>>84
There's no possible "default-closed" policy. Not even treacherous computing for reasons mentioned in previous posts.

OSes and other often cracked software don't just work or not work. Their protection schemes are much more complex. Again, are you a Linux or Windows hacker? You have no clue of what are you talking about, so either learn it (you're welcome to ask, don't be afraid of anything and give it a couple of years) or stop writing about things you don't know.

>>86
No, because Oracle isn't mandatory on all computers.

I fail to see the connection between the line you are replying to, and your reply. Please reread the line directly above the line you replied to: "Too many users with too much knowledge to let it pass, rest assured."

How does that connect Oracle and TC? If anything, it's closer to Windows and TC, since Windows is quite pervasive.

>>87
There's no possible "default-closed" policy.

And you say I don't know what I'm talking about...

>>87
When was the last time you entered a Windows serial? Wait, just about any product!

Most products make the mistake of letting you know very soon after the check that it failed. Makes hunting down the cause with a debugger relatively easy. It's a far cry from figuring out every function in a piece of software, which is what you'll need to do if you're not certain what you're looking for.

Is the software hiding data in-channel? Is it saving certain data in its data files? Is it dumping it somewhere on disk? Is it performing some kind of timing attack? Maybe a buffer overflow when calling a library function? Or another one of the myriad possibilities?

Please enter the serial: _

FCKGW-RHQQ2-YXRKT-8TG6W-2B7Q8, just like everybody else.

That ain't a crack. So someone claims all MS's protection schemes are broken, yet everyone is using serialz?

Actually, MS have broken a lot of their protection schemes on their own. Example: "Everyone must activate their products with us now, that will completely stop piracy and infringement of user licenses. Um. Except corporate customers. We'll make versions of Windows and Office that don't require activation, and trust system builders and network administrators never to release them to the public, because they're all so honest and incorruptible. Yes, that will work."

Even MS's Update Nazi program ("No updates for you!") was cracked within hours, and if it hadn't been, then automatic updates still worked perfectly. GOOD JOB GUYS!