Re: EFF Report on Trusted Computing
Just thought someone should take the trouble to rebut the anonymous pro-treacherous-computing rantings... I have heavily trimmed our anonymous ranters verbose writing style to keep just the bits I'm responding to (inline...) The EFF tries to distinguish between good and bad aspects of TC, but it does not draw the line in quite the right place, even given its somewhat questionable assumptions. Unsubstantiated claim: what incorrect assumptions did Schoen make? I did not see any. It fails to sufficiently emphasize the many positive uses of the full version of TC (and hence the costs of blocking its implementation), Schoen points out that TC can be broken out into desirable and undesirable features. If you omit the undesirable features, as he describes, you get the remaining desirable features. There is no loss from blocking the undesirable features. And the recommended fix to TC is not clearly described and as written appears to be somewhat contradictory. I see no contradition. More unsubstantiated claims. But let us begin with some positive elements of the EFF report. This is perhaps the first public, critical analysis of TC which fails to include two of the worst lies about the technology, lies promulgated primarily by Ross Anderson and Lucky Green: that only authorized programs can run trusted, and that unauthorized or illegal programs and data will be deleted from computers or prevented from running. They are not lying and you do your credibility no favors by making such unsubstantiated claims. You are just misconstruing the obvious meaning of their warnings: the features they describe (and plenty more and worse) are technically feasible with the TC hardware enforcement, and given microsoft's history of repeated dirty tricks campaigns in the areas of document format wars, reporting private information back home to microsoft, browser wars, interface wars, restrictive business practices regarding licensing it would be fool hardy in the extreme to not expect more of the same in the area of platform control based on Palladium. Of course _you_ are not wishing to admit or emphasize these points, but you can hardly get away with impugning the integrity of high reputation individuals like Prof Ross Anderson with such paltry mischaracterisation. Your arguments are crass and of the form: but the current microsoft PR documents don't admit that it could do that, nor of course that microsoft are planning to do that, so it's not fair for you to point that out and caution people about the kinds of things microsoft may be planning. Technology is criticized and discussed based on the potential and most likely inferred directions given microsoft's history and prior demonstration of interest to control various aspects of the software platform. The report also forthrightly rejects the claim that TC technology is some kind of trick to defeat Linux or lock-in computers to Microsoft operating systems, It's far from obvious that TC will have no part to play in the next few decades of open warfare against linux from microsoft. There are any number of ways to extend the existing dirty tricks regarding formats, protocols, licensing etc using the TC hardware enforcement. The EFF attempts to distinguish one feature of TC, remote attestation, as a source of problems. This is the ability of a computer user to convince other systems about what software he is running. The EFF is convinced that this feature will cause users to be compelled to use software not of their choice; harm interoperability and encourage lock-in; and support DRM and various restrictive kinds of licensing. Yes indeed and they are quite right. That is exactly the problem with remote attestation. But when we break these down in detail, many of the problems either go away or are not due to attestation. More unsubstantiated claims. This statement is both false and not backed up by any of your following text. Software choice limitation may occur if a remote system provides some service conditional on the software being used to access it. But that's not really a limitation of choice, because the user could always elect not to receive the offered service. This is really strange logic: you have a choice not to use a client because you don't have to use the service?!!? Of course it detracts from choice. Absent remote attestation things would be as they are today and users could modify existing clients, write their own clients, or obtain third party clients for any service. Removing _that_ choice is the problem. And it is a big and significant detraction from the current open nature of the internet. One that favors large companies such as microsoft with an interest to stifle innovation and competition. The implicit assumption here seems to be that if TC did not exist, the service would be offered without any limitations. Yes it would. It either wouldn't be offered or it would be offered without
Re: Software protection scheme may boost new game sales
Ok, so I finally bothered to read said article. I assumed that they had something interesting that made it look to the error correction code like a scratch, etc... They don't. No such weakness exists in error correction used on CD's. Their protection is no more than putting bad error correcting codes on sectors, and when a CD copier is used, the error correction is corrected, but the software can detect that this is a copy. No different than current game protection (no different than the commodore 64 days either)... The new new thing aspect of it is that the copied game continues to run, making the guy doing the backup think he's got a good copy, but it slowly degrades itself. Degrade, but not in the sense of CD rot or scratches. So for a few hours(?), it's playable, but then it starts to no longer respond to user commands properly, and so it becomes a marketing tool. The luser will think it's worth buying their own copy after getting addicted to the game. So the rub, is that copies are allowed to be made, but unless cracked, the copies are nothing more than time limited demos. The only way that this could work is if they put up some sort of splash screen at some point to let the luser know that the program isn't buggy, but that the copy protection noticed it's a backup. After all, if you get a copy of a game from a friend, and it crashes on you all the time, would you think it's because the copy is bad, or because the software is as buggy as a Microsoft product? As usual, the real loser is the original purchaser, because if he scratches his CD, he's out $50-$70 or whatever games cost today, and he can't make backups. --Kaos-Keraunos-Kybernetos--- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ --*--:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD.\|/ + v + : The look on Sadam's face - priceless! [EMAIL PROTECTED] http://www.sunder.net On 12 Oct 2003, Steve Furlong wrote: On Sat, 2003-10-11 at 15:55, Tim May wrote: As the saying goes, the lessons of the past are learned anew by each generation... And each generation invents sex, too.
Re: [linux-elitists] LOCAL Mountain View, California, USA: events this week (fwd from schoen@loyalty.org)
Tell Intel simply: We don't want no Scumware Inside We won't buy NGSCB crippleware. Want to sell motherboards? Don't include this shit. Keep it simple. --Kaos-Keraunos-Kybernetos--- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ --*--:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD.\|/ + v + : The look on Sadam's face - priceless! [EMAIL PROTECTED] http://www.sunder.net
Re: Software protection scheme may boost new game sales
| I've not read the said article just yet, but from that direct quote as | the copy degrades... I can already see the trouble with this scheme: | their copy protection already fails them. They allow copies to be made | and rely on the fact that the CDR or whatever media, will eventually | degrade, because their code looks like scratches... Rggghtt. You should read the article - the quote is misleading. What they are doing is writing some bad data at pre-defined points on the CD. The program looks for this and fails if it finds good data. However ... I agree with your other points. This idea is old, in many different forms. It's been broken repeatedly. The one advantage they have this time around is that CD readers - and, even more, DVD readers; there is mention of applying the same trick to DVD's - is, compared to the floppy readers of yesteryear, sealed boxes. It's considerably harder to get at the raw datastream and play games. Of course, this cuts both ways - there are limits to what the guys writing the protection code can do, too. The real new idea here has nothing to do with how they *detect* a copy - it's what they *do* when they detect it. Rather than simply shut the game down, the degrade it over time. Guns slowly stop shooting straight, for example. In the case of DVD's, the player works fine - but stops working right at some peak point. Just like the guy on the corner announcing first hit's free, they aim to suck you in, then have you running out to get a legit copy to save your character's ass - or find out how The One really lives through it all. This will probably work with a good fraction of the population. Actually, this is a clever play on the comment from music sharers that they get a free copy of a song, then buy the CD if they like the stuff. In effect, what they are trying to do is make it easy to make teasers out of their stuff. There will be tons of people copying the stuff in an unsophisticated way - and only a few who will *really* break it. Most people will have no quick way to tell whether they are getting a good or a bad copy. And every bad copy has a reasonable chance of actually producing a sale -- Jerry
RSA performance on Athlon64 vs. Itanium
I just picked up an Athlon64 3200+, which runs at a 2 GHz clock speed. Using the Red Hat for AMD64 beta and the version of OpenSSL that ships with that beta, I get 922 1024-bit RSA signs per second. This is a tad less RSA signatures per second than I have seen on an 800MHz Itanium using highly optimized assembler. That's rather poor performance on the Athlon64. Are the figures that I am seeing typical for OpenSSL on the Athlon64? Has anybody here seen different figures using optimized code? Thanks, --Lucky Green
Monkeys Control Robotic Arm With Brain Implants
[Can remote soldiering and amplified Terminators be too far away? Steve] Monkeys Control Robotic Arm With Brain Implants By Rick Weiss Washington Post Staff Writer Monday, October 13, 2003; Page A01 http://www.washingtonpost.com/ac2/wp-dyn/A17434-2003Oct12?language=printer Scientists in North Carolina have built a brain implant that lets monkeys control a robotic arm with their thoughts, marking the first time that mental intentions have been harnessed to move a mechanical object. The technology could someday allow people with paralyzing spinal cord injuries to operate machines or tools with their thoughts as naturally as others today do with their hands. It might even allow some paralyzed people to move their own arms or legs again, by transmitting the brain's directions not to a machine but directly to the muscles in those latent limbs. The brain implants could also allow scientists or soldiers to control, hands-free, small robots that could perform tasks in inhospitable environments or in war zones. In the new experiments, monkeys with wires running from their brains to a robotic arm were able to use their thoughts to make the arm perform tasks. But before long, the scientists said, they will upgrade the implants so the monkeys can transmit their mental commands to machines wirelessly. It's a major advance, University of Washington neuroscientist Eberhard E. Fetz said of the monkey studies. This bodes well for the success of brain-machine interfaces. The experiments, led by Miguel A.L. Nicolelis of Duke University in Durham, N.C., and published today in the journal PLoS Biology, are the latest in a progression of increasingly science fiction-like studies in which animals -- and in a few cases people -- have learned to use the brain's subtle electrical signals to operate simple devices. Until now, those achievements have been limited to virtual actions, such as making a cursor move across a computer screen, or to small two-dimensional actions such as flipping a little lever that is wired to the brain. The new work is the first in which any animal has learned to use its brain to move a robotic device in all directions in space and to perform a mixture of interrelated movements -- such as reaching toward an object, grasping it and adjusting the grip strength depending on how heavy the object is. This is where you want to be, said Karen A. Moxon, a professor of biomedical engineering at Drexel University in Philadelphia. It's one thing to be able to communicate with a video screen. But to move something in the physical world is a real technological feat. And Nicolelis has taken this work to a new level by quantifying the neuroscience behind it. The device relies on tiny electrodes, each one resembling a wire thinner than a human hair. After removing patches of skull from two monkeys to expose the outer surface of their brains, Nicolelis and his colleagues stuck 96 of those tiny wires about a millimeter deep in one monkey's brain and 320 of them in the other animal's brain. The surgeries were painstaking, taking about 10 hours, and ended with the pouring of a substance like dental cement over the area to substitute for the missing bits of skull. The monkeys were unaffected by the surgery, Nicolelis said. But now they had tufts of wires protruding from their heads, which could be hooked up to other wires that ran through a computer and on to a large mechanical arm. Then came the training, with the monkeys first learning to move the robot arm with a joystick. The arm was kept in a separate room -- If you put a 50-kilogram robot in front of them, they get very nervous, Nicolelis said -- but the monkeys could track their progress by watching a schematic representation of the arm and its motions on a video screen. The monkeys quickly learned how to use the joystick to make the arm reach and grasp for objects, and how to adjust their grip on the joystick to vary the robotic hand's grip strength. They could see on the monitor when they missed their target or dropped it for having too light a grip, and they were rewarded with sips of juice when they performed their tasks successfully. While the monkeys trained, a computer tracked the patterns of bioelectrical activity in the animals' brains. The computer figured out that certain patterns amounted to a command to reach. Others, it became clear, meant grasp. Gradually, the computer learned to read the monkeys' minds. Then the researchers did something radical: They unplugged the joystick so the robotic arm's movements depended completely on a monkey's brain activity. In effect, the computer that had been studying the animal's neural firing patterns was now serving as an interpreter, decoding the brain signals according to what it had learned from the joystick games and then sending the appropriate instructions to the mechanical arm. At first, Nicolelis said, the monkey kept moving the joystick,
P2P Encrypted VOIP
I caught the announcement this morning from Skype concerning their P2P-based VOIP (free) product. Apparently this is the Kazaa founder's new company. The communications are supposed to be encrypted, etc., etc. Here's the Slashdot article: http://slashdot.org/article.pl?sid=03/10/13/1120202mode=flattid=126tid=95tid=99 Here's the Privacy section from the Skype FAQ: http://www.skype.com/help_faq.html Guerry
Re: Nuking USG: not just for cypherpunks anymore
At 09:08 AM 10/11/03 -0400, Roy M. Silvernail wrote: Interesting that the State Department goes after Robertson rather than Mowbray. Could it have anything to do with the idea that few(er) people know who Mowbray is? Perhaps Mr. Rosenthal or Mr. Chong might have an opinion on this...
clicking on ads = funding terrorists
Excerpted from politech. Consider the 1st Amend implications, and how clicking on a banner ad (which automatically would pay the source site) makes you a terrorist supporter. Got assets? Subject: US State Department extends FTO list to include Internet sites Date: Sun, 12 Oct 2003 10:20:23 -0400 http://washingtontimes.com/national/20031010-112733-8086r.htm 4 Jewish Web sites deemed 'terrorist' By Jerry Seper THE WASHINGTON TIMES Four Internet Web sites operated by two extremist Jewish groups have been included by the State Department on its list of foreign terrorist organizations the first time the list has been extended to include Internet sites. The four Web sites are: www.newkach.org, www.Kahane.org, www.Kahane.net and www.Kahanetzadak.com, the department said in a notice in the Federal Register. They offer news, commentary and links to other sites of interest to followers of Meir Kahane. The impact of the listing was not immediately clear, since all four sites exist in cyberspace. The designation makes it illegal for persons in the United States to donate money or other material support to the Web sites. The three accessible sites yesterday included information on where contributions could be sent, what items could be donated and offered a number items for sale, including pendants and books.
Re: [linux-elitists] LOCAL Mountain View, California, USA: events this week (fwd from schoen@loyalty.org)
- Forwarded message from Seth David Schoen [EMAIL PROTECTED] - From: Seth David Schoen [EMAIL PROTECTED] Date: Sun, 12 Oct 2003 23:44:16 -0700 To: [EMAIL PROTECTED] Subject: Re: [linux-elitists] LOCAL Mountain View, California, USA: events this week User-Agent: Mutt/1.5.4i Don Marti writes: Wednesday night: Seth Schoen fixes TCPA, saves Freedom: http://www.sdforum.org/p/calEvent.asp?CID=1182 Sorry that didn't happen. And I still haven't fixed TCPA. Intel has posted its Policy Statement on LaGrande Technology: ftp://download.intel.com/technology/security/downloads/LT_policy_statement_0_ 8.pdf LaGrande is in the interstices between TCG and NGSCB. TCG has not specified a secure I/O path or curtained memory as required by NGSCB. LaGrande does, so it effectively provides the complete hardware support NGSCB would need. (AMD has a similar project called SEM, which I know very little about other than that it is supposed to do similar things and at least one of the people working on it is exceptionally honest.) Anyway, Intel wants your comments on the LT policy. The thing that jumps out at me (as the author of Trusted Computing: Promise and Risk) is that Intel thinks that opt-out or opt-in can solve the problems of attestation. This is the official view of a lot of trusted computing proponents. The defects of this view are difficult to describe and are complicated by the fact that some trusted computing critics don't believe that LT (or TCG or NGSCB) will actually provide an opt-out. (I do believe this.) The root of the difficulty is that, in the nature of attestation, you can be _punished_ for opting out (beyond the scope of simply not enjoying particular features to which what you opted out of is technically necessary). For example, if you have a feature with privacy implications like What's Related in browsers, you can opt of using What's Related and the only penalty will be that you won't see what's related to the sites you're looking at. Or if you don't like Microsoft's software updates, you can opt out of those and the only penalty will be that your software won't be patched. (This is actually a somewhat thorny issue since no other sources of patches to Microsoft software have so far arisen.) But in most other cases with which we're familiar, opting out has a relatively narrow effect, and there is fairly little leverage to punish you for having done so. At least, that's true of opt-out features in the context of technology choices; it might not be true in some off-line situations. In the nature of attestation and its effect on interoperability, though, opting out of attestation might be ruinous for your hopes of communicating with others. If they can be induced to use proprietary protocols or file formats, opting out may lead to a permanent inability to exchange data with them. Opting in, by the same token, could lead to a permanent loss of software choice (and the effective inability to reverse engineer or repair your software) at least during the particular periods of time when you want to communicate with other people or manipulate what they sent you. Opt-in can't undo the harmful network effects attestation will produce for competition and for all computer owners. Anyway, that's what I plan to tell Intel, in somewhat more detail, sometime before December 31. And remember: [T]rusted computing systems fundamentally alter trust relationships. Legitimate concerns about trusted computing are not limited to one area, such as consumer privacy or copyright issues. -- Seth David Schoen [EMAIL PROTECTED] | Very frankly, I am opposed to people http://www.loyalty.org/~schoen/ | being programmed by others. http://vitanuova.loyalty.org/ | -- Fred Rogers (1928-2003), |464 U.S. 417, 445 (1984) ___ linux-elitists http://zgp.org/mailman/listinfo/linux-elitists - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 0.97c removed an attachment of type application/pgp-signature]
Re: Monkeys Control Robotic Arm With Brain Implants
On Mon, 2003-10-13 at 13:46, Steve Schear wrote: Monkeys Control Robotic Arm With Brain Implants Which means that even armless retarded monkeys can post to c-punks. Profr, call your office!
Re: Software protection scheme may boost new game sales
On Mon, 13 Oct 2003, Jerrold Leichter wrote: different forms. It's been broken repeatedly. The one advantage they have this time around is that CD readers - and, even more, DVD readers; there is mention of applying the same trick to DVD's - is, compared to the floppy readers of yesteryear, sealed boxes. It's considerably harder to get at the raw datastream and play games. Of course, this cuts both ways - there are limits to what the guys writing the protection code can do, too. From the POV of a coder for this kind of protection, there's probably some API you can use to get at the error correction info somewhere -- or you can use timing info... i.e. ask for a bad sector, and see how long it takes to return the sector vs one that's supposed to be good... You can't stray too far from published API's, since if you do, you'll potentially break your game when future OS's, patches, service packs, hotfixes, or devices come out... I.E. if you don't support anything but IDE CDROM's, will you fuck users that use SATA, scsi, FireWire, or USB cdroms? etc... What happens under Windblows 2005? Does your business model say that they can't play on future OS's/hardware? You won't be in business very long if you do that. From the POV of the cracker, you can write a driver that looks like a CDROM driver to the OS, and run the game. It would act as a proxy to the real CDROM, but also log any unusual activity (errors, odd timing, etc...) So then, the cracker can write a second virtual cdrom driver, one that passes through the usual data off the CDR copy, but for those unusual sectors that it captured earlier, replay the action. Might even want to do this with two machines so you lessen the chance that the game will find the original CD and ignore the virtual. :) Of course the game could somehow figure out if a CD is virtual - by getting driver information? But if you're sneaky enough you can make your virtual CDROM driver look like a second IDE controller, etc.. (see above about SATA, USB, etc...) Doing a search on google for virtual cdrom I see quite a few such beasts... It's possible one of these even has source code, but I don't much care to bother searching further as I've no interested in this except from the theoretical. :) (In terms of things like Linux/*BSD you don't need no stinkin' driver, you can directly mount an ISO file, but you could very easily write a block device driver that added the errors/delays or whatever these things depend on.) That said, the scheme isn't without merit provided that it tells the luser that he should purchase a real one maybe after it stops working pop up an ad and say Now that you've played your friend's copy, and saw the demo, you can continue if you buy the full version... I seem to remember lots of old Macintosh software doing this. You were allowed and even encouraged to copy the floppy it came on and give it to your friends. When your friend installed the software, it would ask for the serial #, (which you weren't supposed to give out.) At that point, it would go into demo mode and run for a week, or two, and then refuse to run. So if your friend wanted the cool program you recommended, they'd buy their own copy. I'm not sure how successful that was, but I'm assuming it did quite well... The difference between that and this, is that if you put the floppy on your fridge door with a magnet, you could always get your backup (or ask your friend for her copy.) With this, even if you have a legally purchased copy, one or two scratches and it's literraly Game Over Man! :) --Kaos-Keraunos-Kybernetos--- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ --*--:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD.\|/ + v + : The look on Sadam's face - priceless! [EMAIL PROTECTED] http://www.sunder.net
2 Quantum Crypto Companies partner
This makes 3 companies I know of working on Quantum Cryptography for key distribution. There must be a few more... http://www.lightreading.com/document.asp?site=lightreadingdoc_id=41735 -TD _ Instant message during games with MSN Messenger 6.0. Download it now FREE! http://msnmessenger-download.com