> But let's cut to the chase. Assume that all private grocery
> store owners want to exclude people from their stores. Now
> assume that 100% of them agree that effective Tuesday, only
> those people who have a receipt for a $100 or more donation to
> George W Bush (or Hillary Clinton, whatever) ma
Mike Rosing wrote:
> Thanks Eugen, It looks like the IBM TPM chip is only a key
> store read/write device. It has no code space for the kind of
> security discussed in the TCPA. The user still controls the machine
> and can still monitor who reads/writes the chip (using a pci bus
> logger for ex
On Mon, 20 Jan 2003 15:34:09 +0800, you wrote:
>
> None of this is relevant to individuals copying works for scholarship or
> research. "Fair Use" still applies.
>
> Matthew X wrote:
>
> > We learned as much on Wednesday when the U.S. Supreme Court ruled that
> > Congress can repeatedly extend copy
Re- which software does big letters, I can just say that I am appalled by the
ignorance.
It's the standard unix "banner" program, some 20 years old.
## #
## #
##
On Wed, 08 Jan 2003 10:01:22 -0500, you wrote:
>
> WOW!
>
> While I may agree that Tim May seems to like anarchy as long as he's in charge of
>it, he does come up with some truly destabilising and dangerous ideas every now and
>then.
>
> Like his alter ego Jim Choate, there's some real signal bur
Major Variola (ret) feared:
> None have yet commented that in 60 years, there will be no one left that
> remembers
> what things were like.
Will people really just wimp out to this? Do you really think all those
militia people will just doze on? Maybe people need to start asking themselves,
"
The saddest thing here is that this gets reported without any comment. Snuffing
journalists seems far more cost effective than offing pigs.
http://www.startribune.com/stories/1576/3443476.html
..
Baker discounted claims by federal authorities that Maali
had financially supported terrorist group
I decided to look into these DMT Rands that everyone has been yammering
about. I'm not terribly surprised to see that they are a product of the
Laissez Faire City grifters. No thanks.
This little investigation did spark my interest in aquiring gold, however.
Do readers of this list have suggest
Greg Broiles wrote about randomizing survey answers:
> That doesn't sound like a solution to me - they haven't provided anything
> to motivate people to answer honestly, nor do they address the basic
> problem, which is relying on the good will and good behavior of the
> marketers - if a website
Lucky Green wrote:
> AARG! Wrote:
> > In addition, I have argued that trusted computing in general
> > will work very well with open source software. It may even
> > be possible to allow the user to build the executable himself
> > using a standard compilation environment.
>
> What AARG! is fa
Niels Ferguson wrote:
> At 16:04 16/09/02 -0700, AARG! Anonymous wrote:
> >Nothing done purely in software will be as effective as what can be done
> >when you have secure hardware as the foundation. I discuss this in more
> >detail below.
>
> But I am not suggesting
Here is a functional block diagram of the Palladium software, based on
a recent presentation by Microsoft. My notes were a bit sketchy as I
rushed to copy down this slide, so there may be some slight errors.
But this is basically what was shown. (Use a monospace font to see
it properly.)
Microsoft has apparently just made available a new FAQ on its
controversial Palladium technology at
http://www.microsoft.com/PressPass/features/2002/aug02/0821PalladiumFAQ.asp.
Samples:
> Q: I've heard that "Palladium" will force people to run only
> Microsoft-approved software.
>
> A: "Palladiu
Here are some more thoughts on how cryptography could be used to
enhance user privacy in a system like TCPA. Even if the TCPA group
is not receptive to these proposals, it would be useful to have an
understanding of the security issues. And the same issues arise in
many other kinds of systems wh
Dr. Mike wrote, patiently, persistently and truthfully:
>
> On Fri, 16 Aug 2002, AARG! Anonymous wrote:
>
> > Here are some more thoughts on how cryptography could be used to
> > enhance user privacy in a system like TCPA. Even if the TCPA group
> > is not receptive t
Basically I agree with Adam's analysis. At this point I think he
understands the spec equally as well as I do. He has a good point
about the Privacy CA key being another security weakness that could
break the whole system. It would be good to consider how exactly that
problem could be eliminate
Joe Ashwood writes:
> Actually that does nothing to stop it. Because of the construction of TCPA,
> the private keys are registered _after_ the owner receives the computer,
> this is the window of opportunity against that as well.
Actually, this is not true for the endoresement key, PUBEK/PRIVEK
It seems that there is (a rather brilliant) way to bypass TCPA (as spec-ed.) I learned
about it from two separate sources, looks like two independent slightly different
hacks based on the same protocol flaw.
Undoubtedly, more people will figure this out.
It seems wise to suppress the urge and
Brian LaMacchia writes:
> So the complexity isn't in how the keys get initialized on the SCP (hey, it
> could be some crazy little hobbit named Mel who runs around to every machine
> and puts them in with a magic wand). The complexity is in the keying
> infrastructure and the set of signed state
One of the many charges which has been tossed at TCPA is that it will
harm free software. Here is what Ross Anderson writes in the TCPA FAQ
at http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html (question 18):
> TCPA will undermine the General Public License (GPL), under which
> many free and open sour
I thought of another interesting application for trusted computing
systems: mobile agents. These are pieces of software which get
transferred from computer to computer, running on each system,
communicating with the local system and other visiting agents,
before migrating elsewhere.
This was a h
In discussing how TCPA would help enforce a document revocation list
(DRL) Joseph Ashwood contrasted the situation with and without TCPA
style hardware, below. I just want to point out that his analysis of
the hardware vs software situation says nothing about DRL's specifically;
in fact it doesn'
Mike Rosing wrote:
> The difference is fundamental: I can change every bit of flash in my BIOS.
> I can not change *anything* in the TPM. *I* control my BIOS. IF, and
> only IF, I can control the TPM will I trust it to extend my trust to
> others. The purpose of TCPA as spec'ed is to remove my
Adam Back writes:
> +---++
> | trusted-agent | user mode |
> |space | app space |
> |(code ++
> | compartment) | supervisor |
> | | mode / OS |
> +---++
> | ring -1 / TOR |
> +-
David Wagner wrote:
> To respond to your remark about bias: No, bringing up Document Revocation
> Lists has nothing to do with bias. It is only right to seek to understand
> the risks in advance. I don't understand why you seem to insinuate
> that bringing up the topic of Document Revocation Lis
AARG! wrote:
> I asked Eric Murray, who knows something about TCPA, what he thought
> of some of the more ridiculous claims in Ross Anderson's FAQ (like the
> SNRL), and he didn't respond. I believe it is because he is unwilling
> to publicly take a position in opposition to such a famous and res
Seth Schoen of the EFF has a good blog entry about Palladium and TCPA
at http://vitanuova.loyalty.org/2002-08-09.html. He attended Lucky's
presentation at DEF CON and also sat on the TCPA/Palladium panel at
the USENIX Security Symposium.
Seth has a very balanced perspective on these issues compa
Re the debate over whether compilers reliably produce identical object
(executable) files:
The measurement and hashing in TCPA/Palladium will probably not be done
on the file itself, but on the executable content that is loaded into
memory. For Palladium it is just the part of the program called
Several people have objected to my point about the anti-TCPA efforts of
Lucky and others causing harm to P2P applications like Gnutella.
Eric Murray wrote:
> Depending on the clients to "do the right thing" is fundamentally
> stupid.
Bran Cohen agrees:
> Before claiming that the TCPA, which is f
I want to follow up on Adam's message because, to be honest, I missed
his point before. I thought he was bringing up the old claim that these
systems would "give the TCPA root" on your computer.
Instead, Adam is making a new point, which is a good one, but to
understand it you need a true pictur
Adam Back writes a very thorough analysis of possible consequences of the
amazing power of the TCPA/Palladium model. He is clearly beginning to
"get it" as far as what this is capable of. There is far more to this
technology than simple DRM applications. In fact Adam has a great idea
for how th
An article on Salon this morning (also being discussed on slashdot),
http://www.salon.com/tech/feature/2002/08/08/gnutella_developers/print.html,
discusses how the file-trading network Gnutella is being threatened by
misbehaving clients. In response, the developers are looking at limiting
the net
Anon wrote:
> You could even have each participant compile the program himself,
> but still each app can recognize the others on the network and
> cooperate with them.
Matt Crawford replied:
> Unless the application author can predict the exact output of the
> compilers, he can't issue a signatur
Mike Rosing wrote:
> Who owns PRIVEK? Who controls PRIVEK? That's who own's TCPA.
PRIVEK, the TPM's private key, is generated on-chip. It never leaves
the chip. No one ever learns its value. Given this fact, who would
you say owns and controls it?
> And then there was this comment in yet an
Here are some alternative applications for TCPA/Palladium technology which
could actually promote privacy and freedom. A few caveats, though: they
do depend on a somewhat idealized view of the architecture. It may be
that real hardware/software implementations are not sufficiently secure
for som
James Donald writes:
> James Donald writes:
> > > I can only see one application for voluntary TCPA, and that is
> > > the application it was designed to perform: Make it possible
> > > run software or content which is encrypted so that it will
> > > only run on one computer for one time per
Mike Rosing wrote:
> On Fri, 2 Aug 2002, AARG! Anonymous wrote:
>
> > You don't have to send your data to Intel, just a master storage key.
> > This key encrypts the other keys which encrypt your data. Normally this
> > master key never leaves your TPM, but t
Peter Trei envisions data recovery in a TCPA world:
> HoM: I want to recover my data.
> Me: OK: We'll pull the HD, and get the data off it.
> HoM: Good - mount it as a secondary HD in my new system.
> Me: That isn't going to work now we have TCPA and Palladium.
> HoM: Well, what do you hav
Peter Trei writes:
> It's rare enough that when a new anononym appears, we know
> that the poster made a considered decision to be anonymous.
>
> The current poster seems to have parachuted in from nowhere,
> to argue a specific position on a single topic. It's therefore
> reasonable to infer
Sampo Syreeni writes:
> On 2002-08-01, AARG!Anonymous uttered to [EMAIL PROTECTED],...:
>
> >It does this by taking hashes of the software before transferring
> >control to it, and storing those hashes in its internal secure
> >registers.
>
> So, is there some sort
Eric Murray writes:
> TCPA (when it isn't turned off) WILL restrict the software that you
> can run. Software that has an invalid or missing signature won't be
> able to access "sensitive data"[1]. Meaning that unapproved software
> won't work.
>
> [1] TCPAmain_20v1_1a.pdf, section 2.2
We need
Peter Trei writes:
> I'm going to respond to AARGH!, our new Sternlight, by asking two questions.
>
> 1. Why can't I control what signing keys the Fritz chip trusts?
>
> If the point of TCPA is make it so *I* can trust that *my* computer
> to run the software *I* have approved, and refuse to ru
Peter Trei writes:
> AARG!, our anonymous Pangloss, is strictly correct - Wagner should have
> said "could" rather than "would".
So TCPA and Palladium "could" restrict which software you could run.
They aren't designed to do so, but the design could be changed and
restrictions added.
But you cou
James Donald writes:
> TCPA and Palladium give someone else super root privileges on my
> machine, and TAKE THOSE PRIVILEGES AWAY FROM ME. All claims that
> they will not do this are not claims that they will not do this,
> but are merely claims that the possessor of super root privilege
> on my
James Donald wrote:
> On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
> > both Palladium and TCPA deny that they are designed to restrict
> > what applications you run. The TPM FAQ at
> > http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads
>
> They deny
Declan McCullagh writes at
http://zdnet.com.com/2100-1107-946890.html:
"The world is moving toward closed digital rights management systems
where you may need approval to run programs," says David Wagner,
an assistant professor of computer science at the University of
California at Be
On Mon, 29 Jul 2002 14:25:37 -0400 (EDT), you wrote:
>
> Congressman Wants to Let Entertainment Industry Get Into Your Computer
>
> Rep. Howard L. Berman, D-Calif., formally proposed
> legislation that would give the industry unprecedented new
> authority to secretly hack into co
Read a great article on Slashdot about the recent DRM workshop,
http://slashdot.org/article.pl?sid=02/07/18/1219257, by "al3x":
As the talks began, I was brimming with the enthusiasm and anger of an
"activist," overjoyed at shaking hands with the legendary Richard
Stallman, thrilled with
David Wagner wrote:
> You argue that it would be irrational for content companies to push to
> have DRM mandated. This is something we could debate at length, but we
> don't need to: rational or not, we already have evidence that content
> companies have pushed, and *are* pushing, for some kind o
David Wagner wrote:
> Anonymous wrote:
> > Legislation of DRM is not in the cards, [...]
>
> Care to support this claim? (the Hollings bill and the DMCA requirement
> for Macrovision in every VCR come to mind as evidence to the contrary)
The line you quoted was the summary from a message which
Seth Schoen writes:
> The Palladium security model and features are different from Unix, but
> you can imagine by rough analogy a Unix implementation on a system
> with protected memory. Every process can have its own virtual memory
> space, read and write files, interact with the user, etc. But
>and being able to kill each and every one from behind.
>Don't expose yourselves -- always shoot from behind. But know this one thing
Aim for the head, and use fragmenting/hydrashock ammo. Exploded heads seem to disturb
others the most.
What really changed in the Valley is that the best are gone. There is always a very
small number of real contributors, I'd say one in several hundreds, that shape the
whole environment and dictate the overall mood.
This was best seen in Xerox PARC, where sleazy Gilman Louie was selling fatherla
Another happy customer of the Jim Bell Pro Bono
Self-Representation HappyFunPack(TM)?
Order now and get 6 foot of rope free! What you do
with it is of course your business...
-Original Message-
http://theregus.com/content/55/24357.html
Accused eBay hacker Jerome Heckenkamp is back b
54 matches
Mail list logo