Re: EFF Report on Trusted Computing

[Nomen Nescio]

Just thought someone should take the trouble to rebut the anonymous
pro-treacherous-computing rantings...

I have heavily trimmed our anonymous ranters verbose writing style to
keep just the bits I'm responding to (inline...)

 The EFF tries to distinguish between good and bad aspects of TC,
 but it does not draw the line in quite the right place, even given
 its somewhat questionable assumptions.  

Unsubstantiated claim: what incorrect assumptions did Schoen make?  I
did not see any.

 It fails to sufficiently emphasize the many positive uses of the
 full version of TC (and hence the costs of blocking its
 implementation),

Schoen points out that TC can be broken out into desirable and
undesirable features.  If you omit the undesirable features, as he
describes, you get the remaining desirable features.

There is no loss from blocking the undesirable features.

 And the recommended fix to TC is not clearly described and as
 written appears to be somewhat contradictory.

I see no contradition.  More unsubstantiated claims.

 But let us begin with some positive elements of the EFF report.  This is
 perhaps the first public, critical analysis of TC which fails to include
 two of the worst lies about the technology, lies promulgated primarily
 by Ross Anderson and Lucky Green: that only authorized programs can run
 trusted, and that unauthorized or illegal programs and data will be
 deleted from computers or prevented from running.  

They are not lying and you do your credibility no favors by making
such unsubstantiated claims.

You are just misconstruing the obvious meaning of their warnings: the
features they describe (and plenty more and worse) are technically
feasible with the TC hardware enforcement, and given microsoft's
history of repeated dirty tricks campaigns in the areas of document
format wars, reporting private information back home to microsoft,
browser wars, interface wars, restrictive business practices regarding
licensing it would be fool hardy in the extreme to not expect more of
the same in the area of platform control based on Palladium.

Of course _you_ are not wishing to admit or emphasize these points,
but you can hardly get away with impugning the integrity of high
reputation individuals like Prof Ross Anderson with such paltry
mischaracterisation.

Your arguments are crass and of the form: but the current microsoft
PR documents don't admit that it could do that, nor of course that
microsoft are planning to do that, so it's not fair for you to point
that out and caution people about the kinds of things microsoft may be
planning.  Technology is criticized and discussed based on the
potential and most likely inferred directions given microsoft's
history and prior demonstration of interest to control various aspects
of the software platform.

 The report also forthrightly rejects the claim that TC technology is
 some kind of trick to defeat Linux or lock-in computers to Microsoft
 operating systems, 

It's far from obvious that TC will have no part to play in the next
few decades of open warfare against linux from microsoft.  There are
any number of ways to extend the existing dirty tricks regarding
formats, protocols, licensing etc using the TC hardware enforcement.

 The EFF attempts to distinguish one feature of TC, remote
 attestation, as a source of problems.  This is the ability of a
 computer user to convince other systems about what software he is
 running.  The EFF is convinced that this feature will cause users to
 be compelled to use software not of their choice; harm
 interoperability and encourage lock-in; and support DRM and various
 restrictive kinds of licensing.

Yes indeed and they are quite right.  That is exactly the problem with
remote attestation.

 But when we break these down in detail, many of the problems either
 go away or are not due to attestation.

More unsubstantiated claims.  This statement is both false and not
backed up by any of your following text.

 Software choice limitation may occur if a remote system provides
 some service conditional on the software being used to access it.
 But that's not really a limitation of choice, because the user could
 always elect not to receive the offered service.

This is really strange logic: you have a choice not to use a client
because you don't have to use the service?!!?  

Of course it detracts from choice.  Absent remote attestation things
would be as they are today and users could modify existing clients,
write their own clients, or obtain third party clients for any
service.  Removing _that_ choice is the problem.  And it is a big and
significant detraction from the current open nature of the internet.
One that favors large companies such as microsoft with an interest to
stifle innovation and competition.

 The implicit assumption here seems to be that if TC did not exist,
 the service would be offered without any limitations.  

Yes it would.  It either wouldn't be offered or it would be offered
without 

Re: Software protection scheme may boost new game sales

[Sunder]

Ok, so I finally bothered to read said article.  I assumed that they had
something interesting that made it look to the error correction code like
a scratch, etc... They don't.  No such weakness exists in error correction
used on CD's.

Their protection is no more than putting bad error correcting codes on
sectors, and when a CD copier is used, the error correction is
corrected, but the software can detect that this is a copy.  No different
than current game protection (no different than the commodore 64 days
either)...

The new new thing aspect of it is that the copied game continues to run,
making the guy doing the backup think he's got a good copy, but it slowly
degrades itself.  Degrade, but not in the sense of CD rot or scratches.

So for a few hours(?), it's playable, but then it starts to no longer
respond to user commands properly, and so it becomes a marketing tool.  
The luser will think it's worth buying their own copy after getting
addicted to the game.

So the rub, is that copies are allowed to be made, but unless cracked, the
copies are nothing more than time limited demos.

The only way that this could work is if they put up some sort of splash
screen at some point to let the luser know that the program isn't buggy,
but that the copy protection noticed it's a backup.  After all, if you get
a copy of a game from a friend, and it crashes on you all the time, would
you think it's because the copy is bad, or because the software is as
buggy as a Microsoft product?


As usual, the real loser is the original purchaser, because if he
scratches his CD, he's out $50-$70 or whatever games cost today, and he
can't make backups.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
--*--:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On 12 Oct 2003, Steve Furlong wrote:

 On Sat, 2003-10-11 at 15:55, Tim May wrote:
 
  As the saying goes, the lessons of the past are learned anew by each 
  generation...
 
 And each generation invents sex, too.
 

Re: [linux-elitists] LOCAL Mountain View, California, USA: events this week (fwd from schoen@loyalty.org)

[Sunder]

Tell Intel simply: We don't want no Scumware Inside  We won't buy NGSCB
crippleware.

Want to sell motherboards?  Don't include this shit.  Keep it simple.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
--*--:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

Re: Software protection scheme may boost new game sales

[Jerrold Leichter]

| I've not read the said article just yet, but from that direct quote as
| the copy degrades... I can already see the trouble with this scheme:
| their copy protection already fails them.  They allow copies to be made
| and rely on the fact that the CDR or whatever media, will eventually
| degrade, because their code looks like scratches...  Rggghtt.
You should read the article - the quote is misleading.  What they are doing is
writing some bad data at pre-defined points on the CD.  The program looks
for this and fails if it finds good data.

However ... I agree with your other points.  This idea is old, in many
different forms.  It's been broken repeatedly.  The one advantage they have
this time around is that CD readers - and, even more, DVD readers; there is
mention of applying the same trick to DVD's - is, compared to the floppy
readers of yesteryear, sealed boxes.  It's considerably harder to get at the
raw datastream and play games.  Of course, this cuts both ways - there are
limits to what the guys writing the protection code can do, too.

The real new idea here has nothing to do with how they *detect* a copy - it's
what they *do* when they detect it.  Rather than simply shut the game down,
the degrade it over time.  Guns slowly stop shooting straight, for example.
In the case of DVD's, the player works fine - but stops working right at some
peak point.  Just like the guy on the corner announcing first hit's free,
they aim to suck you in, then have you running out to get a legit copy to
save your character's ass - or find out how The One really lives through
it all.  This will probably work with a good fraction of the population.

Actually, this is a clever play on the comment from music sharers that they
get a free copy of a song, then buy the CD if they like the stuff.  In effect,
what they are trying to do is make it easy to make teasers out of their
stuff.  There will be tons of people copying the stuff in an unsophisticated
way - and only a few who will *really* break it.  Most people will have no
quick way to tell whether they are getting a good or a bad copy.  And every
bad copy has a reasonable chance of actually producing a sale

-- Jerry

RSA performance on Athlon64 vs. Itanium

[Lucky Green]

I just picked up an Athlon64 3200+, which runs at a 2 GHz clock speed.
Using the Red Hat for AMD64 beta and the version of OpenSSL that ships
with that beta, I get 922 1024-bit RSA signs per second. This is a tad
less RSA signatures per second than I have seen on an 800MHz Itanium
using highly optimized assembler. That's rather poor performance on the
Athlon64.

Are the figures that I am seeing typical for OpenSSL on the Athlon64?
Has anybody here seen different figures using optimized code?

Thanks,
--Lucky Green

Monkeys Control Robotic Arm With Brain Implants

[Steve Schear]

[Can remote soldiering and amplified Terminators be too far away?  Steve]

Monkeys Control Robotic Arm With Brain Implants

By Rick Weiss
Washington Post Staff Writer
Monday, October 13, 2003; Page A01
http://www.washingtonpost.com/ac2/wp-dyn/A17434-2003Oct12?language=printer
Scientists in North Carolina have built a brain implant that lets monkeys 
control a robotic arm with their thoughts, marking the first time that 
mental intentions have been harnessed to move a mechanical object.

The technology could someday allow people with paralyzing spinal cord 
injuries to operate machines or tools with their thoughts as naturally as 
others today do with their hands. It might even allow some paralyzed people 
to move their own arms or legs again, by transmitting the brain's 
directions not to a machine but directly to the muscles in those latent limbs.

The brain implants could also allow scientists or soldiers to control, 
hands-free, small robots that could perform tasks in inhospitable 
environments or in war zones.

In the new experiments, monkeys with wires running from their brains to a 
robotic arm were able to use their thoughts to make the arm perform tasks. 
But before long, the scientists said, they will upgrade the implants so the 
monkeys can transmit their mental commands to machines wirelessly.

It's a major advance, University of Washington neuroscientist Eberhard E. 
Fetz said of the monkey studies. This bodes well for the success of 
brain-machine interfaces.

The experiments, led by Miguel A.L. Nicolelis of Duke University in Durham, 
N.C., and published today in the journal PLoS Biology, are the latest in a 
progression of increasingly science fiction-like studies in which animals 
-- and in a few cases people -- have learned to use the brain's subtle 
electrical signals to operate simple devices.

Until now,  those achievements have been limited to virtual actions, such 
as making a cursor move across a computer screen, or to small 
two-dimensional actions such as flipping a little lever that is wired to 
the brain.

The new work is the first in which any animal has learned to use its brain 
to move a robotic device in all directions in space and to perform a 
mixture of interrelated movements -- such as reaching toward an object, 
grasping it and adjusting the grip strength depending on how heavy the 
object is.

This is where you want to be, said Karen A. Moxon, a professor of 
biomedical engineering at Drexel University in Philadelphia. It's one 
thing to be able to communicate with a video screen. But to move something 
in the physical world is a real technological feat. And Nicolelis has taken 
this work to a new level by quantifying the neuroscience behind it.

The device relies on tiny electrodes, each one resembling a wire thinner 
than a human hair. After removing patches of skull from two monkeys to 
expose the outer surface of their brains, Nicolelis and his colleagues 
stuck 96 of those tiny wires about a millimeter deep in one monkey's brain 
and 320 of them in the other animal's brain.

The surgeries were painstaking, taking about 10 hours, and ended with the 
pouring of a substance like dental cement over the area to substitute for 
the missing bits of skull.

The monkeys were unaffected by the surgery, Nicolelis said. But now they 
had tufts of wires protruding from their heads, which could be hooked up to 
other wires that ran through a computer and on to a large mechanical arm.

Then came the training, with the monkeys first learning to move the robot 
arm with a joystick. The arm was kept in a separate room -- If you put a 
50-kilogram robot in front of them, they get very nervous, Nicolelis said 
-- but the monkeys could track their progress by watching a schematic 
representation of the arm and its motions on a video screen.

The monkeys quickly learned how to use the joystick to make the arm reach 
and grasp for objects, and how to adjust their grip on the joystick to vary 
the robotic hand's grip strength. They could see on the monitor when they 
missed their target or dropped it for having too light a grip, and they 
were rewarded with sips of juice when they performed their tasks successfully.

While the monkeys trained, a computer tracked the patterns of bioelectrical 
activity in the animals' brains. The computer figured out that certain 
patterns amounted to a command to reach. Others, it became clear, meant 
grasp. Gradually, the computer learned to read the monkeys' minds.

Then the researchers did something radical: They unplugged the joystick so 
the robotic arm's movements depended completely on a monkey's brain 
activity. In effect, the computer that had been studying the animal's 
neural firing patterns was now serving as an interpreter, decoding the 
brain signals according to what it had learned from the joystick games and 
then sending the appropriate instructions to the mechanical arm.

At first, Nicolelis said, the monkey kept moving the joystick, 

P2P Encrypted VOIP

[Guerry Semones]

I caught the announcement this morning from Skype concerning their
P2P-based VOIP (free) product.  Apparently this is the Kazaa
founder's new company.  The communications are supposed to be
encrypted, etc., etc.

Here's the Slashdot article:
http://slashdot.org/article.pl?sid=03/10/13/1120202mode=flattid=126tid=95tid=99

Here's the Privacy section from the Skype FAQ:
http://www.skype.com/help_faq.html

Guerry 

Re: Nuking USG: not just for cypherpunks anymore

[Major Variola (ret)]

At 09:08 AM 10/11/03 -0400, Roy M. Silvernail wrote:
Interesting that the State Department goes after Robertson rather than
Mowbray.  Could it have anything to do with the idea that few(er)
people know
who Mowbray is?

Perhaps Mr. Rosenthal or Mr. Chong might have an opinion on this...

clicking on ads = funding terrorists

[Major Variola (ret)]

Excerpted from politech.  Consider the 1st Amend implications,
and how clicking on a banner ad (which automatically would
pay the source site) makes you a terrorist supporter.  Got assets?


Subject: US State Department extends FTO list to include Internet sites
Date: Sun, 12 Oct 2003 10:20:23 -0400

http://washingtontimes.com/national/20031010-112733-8086r.htm
4 Jewish Web sites deemed 'terrorist'
By Jerry Seper
THE WASHINGTON TIMES

Four Internet Web sites operated by two extremist Jewish groups have
been
included by the State Department on its list of foreign terrorist
organizations  the first time the list has been extended to include
Internet sites.

 The four Web sites are: www.newkach.org, www.Kahane.org,
www.Kahane.net
and www.Kahanetzadak.com, the department said in a notice in the Federal

Register. They offer news, commentary and links to other sites of
interest to
followers of Meir Kahane.

The impact of the listing was not immediately clear, since all four
sites
exist in cyberspace.

The designation makes it illegal for persons in the United States to
donate
money or other material support to the Web sites. The three accessible
sites
yesterday included information on where contributions could be sent,
what
items could be donated and offered a number items for sale, including
pendants and books.

Re: [linux-elitists] LOCAL Mountain View, California, USA: events this week (fwd from schoen@loyalty.org)

[Eugen Leitl]

- Forwarded message from Seth David Schoen [EMAIL PROTECTED] -

From: Seth David Schoen [EMAIL PROTECTED]
Date: Sun, 12 Oct 2003 23:44:16 -0700
To: [EMAIL PROTECTED]
Subject: Re: [linux-elitists] LOCAL Mountain View, California,
USA: events this week
User-Agent: Mutt/1.5.4i

Don Marti writes:

 Wednesday night:
 Seth Schoen fixes TCPA, saves Freedom:
 http://www.sdforum.org/p/calEvent.asp?CID=1182

Sorry that didn't happen.  And I still haven't fixed TCPA.

Intel has posted its Policy Statement on LaGrande Technology:

ftp://download.intel.com/technology/security/downloads/LT_policy_statement_0_
8.pdf

LaGrande is in the interstices between TCG and NGSCB.  TCG has not
specified a secure I/O path or curtained memory as required by
NGSCB.  LaGrande does, so it effectively provides the complete
hardware support NGSCB would need.  (AMD has a similar project called
SEM, which I know very little about other than that it is supposed to
do similar things and at least one of the people working on it is
exceptionally honest.)

Anyway, Intel wants your comments on the LT policy.  The thing that
jumps out at me (as the author of Trusted Computing: Promise and
Risk) is that Intel thinks that opt-out or opt-in can solve the
problems of attestation.  This is the official view of a lot of
trusted computing proponents.  The defects of this view are difficult
to describe and are complicated by the fact that some trusted
computing critics don't believe that LT (or TCG or NGSCB) will
actually provide an opt-out.  (I do believe this.)

The root of the difficulty is that, in the nature of attestation, you
can be _punished_ for opting out (beyond the scope of simply not
enjoying particular features to which what you opted out of is
technically necessary).  For example, if you have a feature with
privacy implications like What's Related in browsers, you can opt of
using What's Related and the only penalty will be that you won't see
what's related to the sites you're looking at.  Or if you don't like
Microsoft's software updates, you can opt out of those and the only
penalty will be that your software won't be patched.  (This is
actually a somewhat thorny issue since no other sources of patches to
Microsoft software have so far arisen.)

But in most other cases with which we're familiar, opting out has a
relatively narrow effect, and there is fairly little leverage to
punish you for having done so.  At least, that's true of opt-out
features in the context of technology choices; it might not be true in
some off-line situations.

In the nature of attestation and its effect on interoperability,
though, opting out of attestation might be ruinous for your hopes of
communicating with others.  If they can be induced to use proprietary
protocols or file formats, opting out may lead to a permanent
inability to exchange data with them.  Opting in, by the same token,
could lead to a permanent loss of software choice (and the effective
inability to reverse engineer or repair your software) at least during
the particular periods of time when you want to communicate with other
people or manipulate what they sent you.

Opt-in can't undo the harmful network effects attestation will produce
for competition and for all computer owners.

Anyway, that's what I plan to tell Intel, in somewhat more detail,
sometime before December 31.

And remember:

   [T]rusted computing systems fundamentally alter trust relationships.
   Legitimate concerns about trusted computing are not limited to one
   area, such as consumer privacy or copyright issues.

--
Seth David Schoen [EMAIL PROTECTED] | Very frankly, I am opposed to people
 http://www.loyalty.org/~schoen/   | being programmed by others.
 http://vitanuova.loyalty.org/ | -- Fred Rogers (1928-2003),
   |464 U.S. 417, 445 (1984)
___
linux-elitists
http://zgp.org/mailman/listinfo/linux-elitists

- End forwarded message -
-- Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 0.97c removed an attachment of type application/pgp-signature]

Re: Monkeys Control Robotic Arm With Brain Implants

[Steve Furlong]

On Mon, 2003-10-13 at 13:46, Steve Schear wrote:
 Monkeys Control Robotic Arm With Brain Implants

Which means that even armless retarded monkeys can post to c-punks.
Profr, call your office!

Re: Software protection scheme may boost new game sales

[Sunder]

On Mon, 13 Oct 2003, Jerrold Leichter wrote:

 different forms.  It's been broken repeatedly.  The one advantage they have
 this time around is that CD readers - and, even more, DVD readers; there is
 mention of applying the same trick to DVD's - is, compared to the floppy
 readers of yesteryear, sealed boxes.  It's considerably harder to get at the
 raw datastream and play games.  Of course, this cuts both ways - there are
 limits to what the guys writing the protection code can do, too.

From the POV of a coder for this kind of protection, there's probably some
API you can use to get at the error correction info somewhere -- or you
can use timing info... i.e. ask for a bad sector, and see how long it
takes to return the sector vs one that's supposed to be good...  

You can't stray too far from published API's, since if you do, you'll
potentially break your game when future OS's, patches, service packs,
hotfixes, or devices come out...  I.E. if you don't support anything but
IDE CDROM's, will you fuck users that use SATA, scsi, FireWire, or USB
cdroms? etc...  What happens under Windblows 2005?  Does your business
model say that they can't play on future OS's/hardware?  You won't be in
business very long if you do that.


From the POV of the cracker, you can write a driver that looks like a
CDROM driver to the OS, and run the game.  It would act as a proxy to the
real CDROM, but also log any unusual activity (errors, odd timing,
etc...)  So then, the cracker can write a second virtual cdrom driver, one
that passes through the usual data off the CDR copy, but for those
unusual sectors that it captured earlier, replay the action.

Might even want to do this with two machines so you lessen the chance that
the game will find the original CD and ignore the virtual. :)

Of course the game could somehow figure out if a CD is virtual - by
getting driver information?  But if you're sneaky enough you can make your
virtual CDROM driver look like a second IDE controller, etc.. (see above
about SATA, USB, etc...)


Doing a search on google for virtual cdrom I see quite a few such
beasts...  It's possible one of these even has source code, but I don't
much care to bother searching further as I've no interested in this except
from the theoretical. :)

(In terms of things like Linux/*BSD you don't need no stinkin' driver, you
can directly mount an ISO file, but you could very easily write a block
device driver that added the errors/delays or whatever these things depend
on.)


That said, the scheme isn't without merit provided that it tells the luser
that he should purchase a real one maybe after it stops working pop up
an ad and say Now that you've played your friend's copy, and saw the
demo, you can continue if you buy the full version...

I seem to remember lots of old Macintosh software doing this.  You were
allowed and even encouraged to copy the floppy it came on and give it to
your friends.  When your friend installed the software, it would ask for
the serial #, (which you weren't supposed to give out.)

At that point, it would go into demo mode and run for a week, or two, and
then refuse to run.  So if your friend wanted the cool program you
recommended, they'd buy their own copy.  I'm not sure how successful that
was, but I'm assuming it did quite well...

The difference between that and this, is that if you put the floppy on
your fridge door with a magnet, you could always get your backup (or ask
your friend for her copy.)  With this, even if you have a legally
purchased copy, one or two scratches and it's literraly Game Over Man!  

:)


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
--*--:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

2 Quantum Crypto Companies partner

[Tyler Durden]

This makes 3 companies I know of working on Quantum Cryptography for key 
distribution. There must be a few more...

http://www.lightreading.com/document.asp?site=lightreadingdoc_id=41735

-TD

_
Instant message during games with MSN Messenger 6.0. Download it now FREE!  
http://msnmessenger-download.com