Trecherous Computing lol

I'm writing a debate on Trusted Computing, and after remembering a flash that's more than likely been bumped off of 4chan's /f/, I decided to ack world4ch about it. Anyone have links to good rants or articles on TC that would provide for some solid pros and cons about the issue? You guys could also throw in what you think about TC, as I can quote discussion groups.


mewtnote (lol): I was about to write this on Jackie T. and the Violence in Video Games baloney, but some professor who's much more important than me has already done it. (Very well, I might add.)

Visited the obvious places, like wikipedia and the idiots at slashdot?

From the viewpoint of security, it'll be a boon. From the viewpoint of anybody not running a server, it's pretty fucking nasty.

Basically it's just moving DRM from software to hardware. So all it'll do is lock things up further away from the user, and make restrictions imposed 'from above' harder to change/remove. No pros.

Your computer is more secure if you're not allowed root access...

>>2
I've been reading a few articles, one headed by major pro-TC buisinesses (AMD, Microsoft, HP, IBM...), one from gnu.org spotting all the faults in the theory, and a few others. I doubt I can look it up at a library, being such a new topic.

These are good comments so far, however.

A debate, you say? Start by introducing facts. Most people are right next to clueless about these things since hardware-enforced DRM hasn't really bit them in the tender places quite yet. (Apart from the Sony/BMG stuff that is, and that's only software.)

Apart from that, exercise your google-fu. Reams and reams of text on these matters have been published on the 'net since 2000 -- prof E. Felten's freedom-to-tinker.org comes to mind.

>>4
Not if someone you definitely don't trust -is- allowed root access...

>>7
Sarcasm.

And yeah, I still need to do my research. I did, however, get it checked out today-  any comments you all would personally like to make on the matter can be used as "consumer feedback"

>>1
Simple:

Pros:
None

Cons:
Everything, to name a few: fucked in the ass in your own computer, everything you do is controlled and must be approved by somebody who is not the law, security breaches, no privacy, huge waste of bandwidth and everyone's Internet resources and backbones, and waste of computing power.

Unless you're $ony, m$, and the other motherfuckers behind digital rights infringement, in that case:

Pros:
You can assrape your customers (the people who's actually allowing your business to go on) and control their lives as in The Sims.

Cons:
None.


Solution? Kill the fucker who came up with this shit.

Trusted computing keeps the users honest, by enforcing the regulations instead of trusting the user to remember and respect them. It is easier for the user and better for the content producers.

The fact that people would no longer have entire control over their computer is a non-issue. Computers are becoming more and more important in our society everyday, and important things can not be left in chaos.
Look at cars: people can't build their own, and have to buy from a strictly regulated industry. It allows for safe roads.
Making sure that computers respect the law is the next level, because the information superhigways ought to be safe too.

>>5
These are good comments so far, however.

I regret to inform you that these aren't good comments. Thus far you've mostly heard the usual slashdot-grade "there are no pros" crowd. Like I said, it's fucking nasty if you're not running a server, but anyone who says there are no benefits is biased to uselessness. As someone writing a research paper, this should be obvious to you.

There are some benefits, the main one being security. If I run a server or some other system that I need to be as secure as possible, damn straight I'll reach for TC. We have encrypted connections over the internet, so the nodes themselves are the next step. TC will be an effective part of a larger solution, and ignoring it is completely retarded.

But, like I said, it's being pushed due to the interests of content providers; the security community invariably is always ignored, so it's not because of us, although the propaganda around TC will certainly proclaim it is. While it may benefit those of us interested in security, provided that we (and only we) hold the keys, content providers are going to try to use it to sodomize the consumer. Even though I see the benefits that TC can bring, I honestly dread its coming.

That's reality. The slashdot idiots can go fuck themselves.

>>11
They're good comments in that I can report on the opinion (albeit biased from propaganda) of the above-average consumer. Provides for another page+ of discussion. (You have a lot of good points, I'll more than likely use some.)

There are some benefits, the main one being security. If I run a server or some other system that I need to be as secure as possible, damn straight I'll reach for TC.
Right. Security implemented in hardware, where it's damn near impossible to examine the algorithms used or any backdoors which may be present.

While it may benefit those of us interested in security, provided that we (and only we) hold the keys
That is a completely unrealistic 'if'. And even then, why should I trust you with them?

Security should be implemented in software. I have yet to hear anything good about TC.

>>10
The fact that people would no longer have entire control over their computer is a non-issue.
You are either stupid, high, or the best troll ever. Go back to Cuba and leave computers alone you stupid lawyer shit. People can always make custom computers and OSes if you faggots keep trying to piss on our lives. MY computer is MINE, not yours or any of your faggot friends, I'm the only lord at home and I do with it anything I want that's legal, and it'll stay this way because I resist having some faggot corporation controlling what I do and installing their bullshit on MY system. As a matter of fact, I never buy or listen to the shitty music produced by sony, emi, and all these bastards, so I have no need for any of their crap.

BTW, I'm not a Slashdotter, a lunix fanboy, a long haired LSD taking hippie, an American, a nazi, or a privacy maniac.

Now, if you were a troll, you've succeeded, cheers :) . I've added extra insults to glorify your awesome trolling skills.


>>11
Another faggot. SECURITY POLICY: Not allowing bullshit from corporations to run on your system.


>>12
They're just restating whatever shit riaa, mpaa, and European leftards pull out of their asses. Above average consumers? They are above average trolls, or above average sony ball lickers. Their good points are that that whatever massive media companies say reach even here, and this is yet another reason to go out and kill the fuckers who came up with digital rights infringement.

>>13
You shouldn't have bothered to explain that; anonymous "That's reality" #11 is a security expert therefore he'll not need to know this. He's probably happy as a fag in a rectal examination, securely browsing the Internet with Microsoft Internet Explorer 6 on a stock Windows XP system with the security tools provided by Microsoft, while listening to his Sony $30 music disc with Sony's nice looking, secure player. I'm sure he even disabled cookies for maximum privacy and security.

gnu.org's (they're incredibly biased, duh) hypotheticals in their TC discussion sound a lot like the Patriots and the plans for the Big Shell/Metal Gear buisiness from MGS2. (Dumb reference, but it's almost spot-on!)
http://www.gnu.org/philosophy/can-you-trust.html

Required reading is http://www.againsttcpa.com/

As a person I'm against it, mostly because it's very much a huge step to make anybody able to "use" computers regardless of wether they know anything about them or not. I would think of this as a good thing, but it imposes huge restrictions on people who know how to do things. On a "trusted" computer I may no longer run code that hasn't been screened and approved. This means I can't even write a small script to increase readability in my .txt files, I won't be able to make a small program, I won't be able to go from 0.0.1 to 0.0.2 without letting an authority, which I do not trust, inspect it first. Unprofessional programming would come to a complete halt, and the Open Source community would die and we'd never have anything like Firefox's numerous extensions or VLC ever again. Developing software would become so costly only people connected to corporations would be able to do it.

Well, you can run un-screened code in a "sandbox", but it won't be able to write to disk, access anything or do anything. You won't be able to study it's real effects or write advanced software. What could you do then? You could use an ages old computer from before the TA-era, which won't be able to connect to the internet because no computer will connect to an un-"trusted" computer.

>>15
I forgot to say as he was searching with MSN Search for a way to reduce the amount of "ENLARGE YOUR PENIS" popups he gets while securely browsing with industry standards, he realized his mom from above the garage was accidentally listening to his Sony music CD. He immediately called his local Sony representative to ask for a position on this issue, as she was illegally listening to music she did not buy. He then proceeded to acquire a special license for music broadcasting because he couldn't look at his face in a mirror if he didn't, even though the Sony lawyer I mean techie was generous enough to tell him buying an extra copy per neighbour would be enough. Afterwards, he proceeded to clear his Windows Media Series 9 media library for privacy. Aww man, what a hacker; that's security!

>>14
>>15
>>18

I'm on your side but for fucks sake, stop trolling. Ad hominems will get you nowhere, they'll only increase the amount of non-valuable text that the OP will have to wade through.

>>16
gnaa.org is biased and stupid (although I'll take a drunken hippy activist in a tree house over a maffia lawyer from a huge media corporation any day).


>>17
Fortunately, treacherous computing is inherently flawed, and not going to happen. It's not going to happen because I doubt AMD will assrape its customers that much having the great chance to go a step beyond and offer the only fast, unfagged processors; I doubt Microsoft will want to send massive loads of customers to the Linux and ReactOS communities; and I doubt it'll stay uncracked for too long.

Besides, what will developers do? Not allowing you to program your own computer is the faggest thing ever. A computer is useless for me if I can't write software for it, and useless for anyone if they can't use the software others write. Take all users, and substract the stupid Internet Explorer lusers. Now we have all the real users (and the only ones that matter to me). Whether they are running Windows or Linux, half of the software they're using most of the time is freeware (attn gnaa: I mean free software lol). Even if they aren't developers, computers wouldn't be nearly as useful without them. And that's another reason why this is just ridiculous, it's not going to happen.

I know I must've broken >>10's heart with this, as he was so excited with the idea of microsoft controlling his computer because he's way too retarded to think for himself, let alone fix the ugly mess he has done by browsing the Internet with industry standard Internet Explorer.

Shit, I just realized I forgot to say this:

Microsoft, Internet Explorer, and Windows Media are registered trademarks of Microsoft Corporation.

Lambs reading GayPC and similar magazines buying all the shit about treacherous computing probably need this, or they'll want to sue Anonymous.

>>13
Security implemented in hardware, where it's damn near impossible to examine the algorithms used or any backdoors which may be present.

Which can be said of current hardware. Do you know what your of the system bioses are doing? Did you reverse engineer every IC in your computer? Provided the algorithms are open, and implemented well (haha to both), TC will definitely add additional protection.

That is a completely unrealistic 'if'. And even then, why should I trust you with them?

I know, that's why I added that condition. While TC could be useful, it probably won't... except that all the major corporations that have IT infrastructure they depend on will scream bloody murder. If a backdoor was exploited, they'd sue the OEM, chip maker, etc, into the ground.

And you don't need to trust me. I'm not interested in your computer. I'm interested in the networks and systems I run. I suppose your nodes could unwittingly serve as part of an attack, but that's beyond my control.

Where'd you get the idea I want to control your box?

>>14
Another faggot. SECURITY POLICY: Not allowing bullshit from corporations to run on your system.

Another faggot. Where in my post do you get the idea I want other entities running my systems? Did you notice the comment about the keys?

GO SLASHBOT GOOOOOO!

Which can be said of current hardware. Do you know what your of the system bioses are doing? Did you reverse engineer every IC in your computer? Provided the algorithms are open, and implemented well (haha to both), TC will definitely add additional protection.
Implementing a working backdoor, in hardware, for contemporary encryption software and the like is much, much harder than simply adding a backdoor for a single known hardware implementation.

>If a backdoor was exploited, they'd sue the OEM, chip maker, etc, into the ground.
You are forgetting, they'd first have to actually know the backdoor was exploited. And who's to say it would be used against any corporations, instead of, say, 'terror suspects' (i.e. anyone the government doesn't like).

Where'd you get the idea I want to control your box?
I interpreted your 'we' as 'the security community', since you were trying to sound like an expert. If you meant it as the consumers themselves, I don't see how keys in hardware can be kept out of the hands of the manufacturer.

It seems as if you're saying 'TC could be totally useful, given [completely implausible set of conditions]'. Which isn't really a pro-TC argument at all.

In essence, TC is a whitelist for processes which you do not control.

Personally, I'd like to see a step towards the usage of whitelists instead of blackslists (especially for processes on my system), but I WANT TO BE IN CONTROL. I wouldn't be in control if the current ideas of the TC-system would be implemented.

There shouldn't be *ANY* white, pink, or orange lists of processes I do not control. I control *everything* that happens in my box. If there's any kind of list, it's MY list and it's written by ME or approved from a source I like to trust. And large corporations aren't a source I trust. I trust Windows 2000 to some degree, but I'd rather install an undocumented application I found on a red on black Russian website without a domain name that linked to in some obscure usenet newsgroup, than anything developed by sony, seriously.

>>25

I would also like to stress that I have reasons other than "I just want to be in control" for wanting to be in control. These range from what >>17 said to playing the music and videos that I ripped myself, aswell as the ones I downloaded.

>>10
>>Look at cars: people can't build their own, and have to buy from a strictly regulated industry. It allows for safe roads.

Congratulations on trotting out the oldest analogy in the book (computers are like cars) and failing at it. People CAN build their own. If they pass their MOT they're considered roadworthy. It's how you drive it that makes the roads safe or not.

>>10 is a loser

>>29 knows how to produce valuable contributions to a discussion.

Little else can be said; there's nothing good about treacherous computing. Good for its users and developers, that is. It's definitely good for a reduced set of huge media corporations. That's all there is. You can buy this, or buy what you read on microsoft.com, sony.com, riaa.com, and the thousands of shitty news sites and magazines sponsored by the former. Keep in mind I don't make more money if treacherous computing doesn't see the light, yet I think it's the devil, while the only ones supporting it are those who will 3. PROFIT (after 1. FUCK WITH EVERYBODY'S COMPUTER and 2. LOL), and the lambs who follow whatever they say so they get the illusion they are "experts".

I interpreted your 'we' as 'the security community', since you were trying to sound like an expert.

Uh, last I checked, the security community are usually employed to protect commercial IT infrastructure. You know, networks and things?

That computer you use at work? It probably has a disclaimer, right? That's because the company owns that computer, not you. When you're at work, you're using company property, company bandwidth, and company time. If there's a half-sane policy over there, you don't have administrator access on your work computer anyway, and chances are you don't have any expectation of privacy either.

What you do at home on your own computer isn't our concern, and I don't know where you got that idea. TC will fuck you over there (that's why I don't like it; consider the stifling effects), but I'm pointing out that TC could be very useful indeed in a corporate setting.

And while I'm no expert, this is how I earn my daily bread. Sorry for coming off as if I know something.

The way I see this is those giant compnaies in the TCG are just fucking themsleves by skyrocketing the cost for PCs. If you can't get FLOSS software life Firefox, Gimp, and OpenOffice, you'll ahev to buy crappy pay-to-use software that's overpriced. Plus, hardware is going to cost more with these chips implemented. So, say goodbye to a boatload of money, customers, and trust, Microsoft.

>>29
Then what about refuting >>10 ? Oh yeah I know you won't because his opinion (even if it differs from mine who oppose trusted computing because of its risks) was reasonable and sound. You're the only loser here for not following through.

While I agree with the thrust of your post, >>33, I think you're missing the bigger picture. Normal people don't use FOSS software. They use Windows, Word, and IE. Sometimes corporations do to. Otherwise, it's just us geeks.

And Gimp? You're outta your mind. Gimp is "crappy" when compared to the competition. Have you ever used Gimp, Photoshop, and Paint Shop Pro? Clearly not.

hardware is going to cost more with these chips implemented.

Newsflash: we don't suffer from a transistor deficits anymore. Quite the opposite; we have so many transistors now that designers are running out of ideas on how to use them.

>>32
Not root access? On MY work computer? You're clearly not a developer, am i rite? I *need* root access - furthermore, I need to be able to open my fucking box, toy with hardware, and do whatever I need to it, install any OS my company has licensed, and run everything. It's part of my job as a developer. I understand you might not want lusers to have full access to their work computer (or their home computer for that matter), but then again the company's tech division should have root access on theirs to fix all the crap they mess with and disallow them from using Internet Explorer (lol, I love to do this, they're so sad about it, oh man no MSIE nor OE lol lol).


>>33
I'm with you, but Gimp sucks major ass. Have you done graphics seriously? As in vector logos, layers, colouring, large images, special palettized images for games, etc.? I was so happy when I heard there was a free image workshop, and my disposition towards it couldn't have been better, but I tried it, and man, it has the worst interface ever, it lacks 30% of the features I need to just consider using it, it has several design flaws, and it looks as if the developers were trying to make your life worse on purpose. But let's not get offtopic.


>>35
Yes, so-called "Normal" users are actually lusers and suck. But why do I have to pay for them? Why can't we have a "luser switch" somewhere in the OS to enable all sorts of retarded checks and protections and be able to disable them if you want to USE your computer? (I consider "using" doing anything you can with it, from development to hacking. I like to use mine.)

And that statement about transistors is bull. Transistors don't grow on trees, and there's always something good to do with them every time costs go lower: cache memory. And if you want to overdo it, you can add more pipelines or several cores. You can do anything without fucking with customers or making it incompatible.

You're clearly not a developer, am i rite?

Guess what? Developers are less than 1% of most corporate populations. So how exactly does this refute what I said?

I know, I know, it's the "in" thing to think everyone else is a luser, and that they're a minority. MASTER OF THE OBVIOUS: you're the minority.

Come to think of it, I doubt you've ever worked in a corporate environment. If you had, this would be obvious.

>>37
But then the developers are the people who create your product, if you don't have a product to market, you're pretty fucked - so you'll have to see to it that their environment is such that they can work efficiently in it. NEWSFLASH! If I change a single line in a 5,000 line program I have to re-compile. I can't run the re-compiled program without people auditing it and certificates being created for it, neither can I get an accurate picture of how the program runs from within a sandbox or without it having a connection to the internet (web-based programming is all the hype now, you know).

To go with a car-comparission: I have to have a trusted mechanic audit my ENTIRE veichle after I change a sparkplug before I get to test if that was what was hindering the car from starting.

>>34
You are extremely naive if you believe it is a reasonable position that TC will, or even could lead to a 'safer' interweb.