Treacherous Computing

By Shamus Posted Monday Sep 8, 2008

Filed under: Rants 87 comments

Earlier I linked to an article talking about the rise of the Trusted Platform Module. At first I thought it was just another doomed DRM scheme, but I have since been smacked in the head with the brick of enlightenment. Several people pointed out that not only is it not a joke, it’s already partly implemented.

Its advocates are calling it “uncrackable“, but we know better than that. Still, let us agree that it is very difficult to break. It operates at the hardware level, the operating system level, and the application level. The machine, the operating system and the program you’re trying to run all need to agree that you have the right to do whatever it is that you’re trying to do. Hacking around such a thing is non-trivial, because your machine is not on your side. Your machine does not trust you, or even itself to a certain extent. This article maps out the performance cost and absurdity of Vista’s current content protection, which is doubtless just a small part of their eventual overall TPM scheme.

At the heart of the thing is the assumption that the user is not to be trusted, and therefore control of the machine should be shifted away from the user and to a remote entity. Such an entity can decide what programs you can use, what documents you can read, and who you may share them with.

The Bad News: Many of us have the chip already in our PC and we don’t even know it. The Worse News: Windows Vista already supports TCM at some level. So, two of the three layers are in place. Currently TCM must be enabled by the user, but the plan seems to be to wait until “everyone” has TCM-compliant machines and then begin rolling out software which requires it.

The idea is that applications will come encrypted. Data will be encrypted. You will need to authenticate over the net in order to gain temporary access to the software or data. At its most insidious the system could be used to turn access to all commercial software (your programs) and data (your music files, movies, documents, etc) into a service for which you must pay. With control shifted from the user to a remote server, it will become increasingly difficult to protect yourself against invasions of privacy on the part of your software and data “providers”. Your data is no longer as safe as you make it, but as safe as some third-party can make it. This article by Richard Stallman charts the darkest possible course through that grim future: Computers that refuse to run free operating systems, operating systems that refuse to run free software, software that refuses to grant access to data without also getting approval from a third party. Bypassing the system would mean modifying your hardware (like modding an XBox to play pirated games) as well as hacking the depths of the operating system. As a bonus, doing either would be illegal. (Not just “license violation” or “copyright violation”, but go-to-jail sort of illegal, thanks to the DMCA.)

This paints a bleak picture, although if it was suddenly implemented as Stallman predicted it would fail, because no matter how exercised we get, how mad we are, or how many letters people send to congress or how they vote, the system is now and will forever be shaped by the “average user”. I’m talking about the people who don’t care about technology or software except as a means to an end. Bell curve time:

Bell curve. Richard Stallman, Shamus Young, Joe Average, Nolan Bushnell, Bill Gates
Do not confuse the left / right, blue / red motif for American politics. We’re talking technology here, and if we bring politics into this it will make a hash out of the discussion before it even gets started.

On the far left are the true security fanatics. The Richard Stallmans, who will write all their own software if that’s what it takes to keep their system secure. Then there are the mid-range paranoids like me, who care about security but are grudgingly willing to tolerate a certain degree of intrusion and DRM for the sake of getting on with other concerns. In the middle is Joe Average, who is oblivious to security problems until the computer stops working or his data is stolen. To the right of him are the control advocates like Nolan Bushnell, who support DRM and “Trusted Computing” and other invasive security as an acceptable means to some other end, and who probably haven’t really thought about the greater implications of these systems. To the far right are the real jerks, the people who see domination of the user’s machine as an end in itself because that power is worth a fortune. Bill Gates isn’t really the worst, but he’s the most famous and has come to be the poster boy for this sort of thing. And his efforts to date have been pretty noteworthy.

Despite the money wielded on the right and the free (free as in the sense of “free speech”) software we get out of the left (GNU/Linux) the most powerful actors in this battle are the people in the middle. They will always take the path of least resistance, and companies depend on these people. Microsoft may have more power than SHODAN and more money than King Xerxes, but they live and die on their market share. And that means they have to keep those people in the middle happy.

I don’t think we need to worry about the future that Stallman predicted where you simply can’t buy hardware that will run GNU/Linux. (We’re being nice to Stallman today.) People rely on it, and so there will be a market for open machines. And if there’s a market, someone will fill it. In the worst-case scenario, you might not be able to get an open machine from Dell or HP, but you’ll be able to get them. TPM is toothless without an operating system backing it up. So as always this comes down to a battle of the operating systems.

Those average users want to make their Power Point files and PDFs while listening to music and playing the occasional round of Bejeweled. If they bought a computer that made all of that too difficult, they would learn the easiest way around it so they could get back to what they were doing. I tend to sneer at these people from time to time (as the Stallmans no doubt sneer at dolts like me) but the truth is that they aren’t stupid. They just don’t care. They don’t care in the same way that most drivers don’t care about anti-lock brake laws and fuel mixture regulations. They care about using the car to go somewhere and simply don’t have time for a thousand mechanical and political details.

There is a hassle to the individual user in switching operating systems. It’s a big one. It’s so big that people still choose Windows, even though it costs over $100 and the alternative is free, more stable, and more secure. I know because I’m one of those people. I want to be able to run my games and use all my familiar programs and share files with other people. But that Windows advantage is only genuine (tee hee) as long as it can win in the “hassle-free access to software and data” department. If TPM gets in the way of this, then people riding the path of least resistance will quickly flow towards open source.

Requiring an internet connection every time the user runs a program is going to cause a lot of problems. Mobile users need their stuff to work even when they don’t have connectivity. Servers go down. Companies go out of business and without their servers, users would find themselves locked out of “their” software. The major forces keeping people from switching to a free operating system are hassle and compatibility. But TPM can, on a practical level, negate both. If Joe Average – who doesn’t give a flying crap about open source, DRM, TPM, or Richard M. Stallman – finds his programs don’t run when he needs them, he can’t play his music when he’s on the road, and he now has to provide credentials and pay a monthly fee to play Bejeweled, he is going to notice. If Joe discovers there is an operating system that is free and it lets him work the way he used to (once he gets familiar with the new interface) he will switch.

The personal computer and the internet both exploded because of the way they allowed users to easily create and share data. Trying to take control of this at some higher level is like squeezing a handful of water. People will switch to other systems not because irascible tinfoil-hat wearing grouches like me tell them they should, but because doing so gets them to their goal. Looking at price, features, and convenience, they will choose whatever gets them back to their Power Point, Bejeweled, and Limp Bizcut.

The control advocates have to play a very careful game. They have to close the vice slowly, or users will abandon them. And once someone is lost to an open source platform, they are going to be impossible to reclaim. Their track record is not good with this sort of business, and as BioShock showed us, even very straightforward activation systems can suffer from widespread failure. Imagine hundreds of companies, all rolling out their own independent TPM initiatives, their own rules, and their own ideas on what should be expected of the user before they’re allowed to use the software or access data. It would probably be something between a debacle and a total clusterfarg.

As ugly as this is, I submit that it is a waste of time writing to congress. At the risk of dragging this into politics, this is the very body who gave us the DMCA, and are probably the most technologically inept segment of the population. (They will no doubt turn to friends and “experts” for advice. Guess who that will be?) Even if they listened to you, the odds of them taking any sort of useful action are astronomical. Whatever they come up with could easily do more harm than good. I also suggest that it’s a waste of effort trying to make Joe Average care about this issue. Instead, the freedom advocates should probably focus on making sure the alternative (open source) is as welcoming as possible. Not because you care if Joe Average boots GNU/Linux every morning, but because his defection would be so injurious to everyone on the control end of the spectrum.

Great strides have already been made. Ubuntu is up to the job of letting the average user compute without worrying too much about the lower-level details of the operating system, and it gets better every year. (My wife has been using it for half a year now. Last week we threw away the windows restore disks that came with her laptop. She’s never going back.) This may be the day the GNU/Linux advocates have been waiting for: The ascendancy of their platform.

The next version of Windows will most likely be the one where they try to close the trap. Things will be very interesting when we get to that point.

Please do avoid the temptation to bring American politics into this. If you fire a shot at one of your political foes, someone else will just volley it right back at you with something the opposite party has done, and this will implode into a debate over which party has the biggest jerks. We’ve seen that thread before, and I could author both sides of that debate myself if I really wanted to see it. Please don’t go there.
 


From The Archives:
 

87 thoughts on “Treacherous Computing

  1. Kleedrac says:

    Well done Shamus … seriously … well done. I don’t think I could’ve said it better myself.

  2. Daniel says:

    Interestingly, we are already seeing a bit of a split among tech-savvy folks in the second to the left group. At least among my friends, windows is preferred if and only if the individual is a heavy gamer. People who don’t care that much about the latest games can preach the virtues of Linux until they are blue in the face without having much impact on the gamer group.

    It seems to me that what we are seeing is the merger of console and PC. Just as xbox and ps3’s move toward satisfying many of the traditional entertainment roles of the PC, the windows PC with TPM seems to be moving toward more of a platform modal where the user has very little control. But this is only an issue for those who want to do their work and play all on one machine.

    I am envisioning a future where people have a windows PC for the games (the way they might now have an Xbox) and a Linux one for the security/stability/doing work/control. Right now, that’s a bit prohibitivly expensive for the average user, but as prices continue to fall, it should be feasible.

  3. Veylon says:

    I think we have to go back to whose freedom and whose control we’re talking about here, as they are really two sides of the same coin. If I have the freedom to decide what I want on my system, I have the control. If someone else does, they do. And, I wonder, who is this they that then has control?

    What will likely happen is that TPM will get put on more and more computers, unactivated. There’ll probably be a catalyst, some sort of super-cyberattack that will make us all terrified, maybe hitting Wall Street, or the Pentagon, or the Air Traffic Control, or something of that nature. People die or are put in danger of dying. The attack will be traced back through the networks past several computers that, had TPM been mandatory, would’ve prevented it. After a lot of yelling and screaming, TPM will then become mandatory to protect our lives.

    After all, TPM is utterly worthless as long as people can legally alter their computers or disable it. Today, I can bypass SecuROM or TPM or any other DRM without facing legal consequences because what I do with my hardware and software is no one’s business but mine. As soon as government starts deciding what I can and can’t do with what’s mine, it no longer is mine, it belongs to the government. And that’s true regardless who’s in charge.

  4. Kevin says:

    Congress’ reaction depends on the stink generated. That’s how we ended up with no-call lists and why no-spam lists are being discussed today. Inconvenience to the public generates outrage (hallelujah!) which creates faux sympathy from representatives who want to appear heroic and responsive to their constituents without costing themselves anything. This sort of move would be a perfect hot button topic. (And it is certainly non-party specific. It’s simply politics.)

  5. Ben Orchard says:

    Oh, no politics? That’s no fun…

    Actually, it’s lots of fun to avoid politics. Kinda like dodging bullets. And nearly as difficult some days.

    Ultimately, I really, really hope that the current trend continues: i see more and more linux-based computers from MAJOR companies available. Dell, HP, and the like. Acer, Asus, all of them are making it available on their super-mobile computers. Soon it will be available as a standard option on all their computers, instead of on a special section of the website.

    Why? Because vista hasn’t been that great. It’s been a pain. Every company I know has either stuck with XP or gone to linux. Only small businesses who don’t know better are migrating to vista [and a select few others who need to support them]. Large major companies are hanging onto XP, and will likely continue to until the next version of windows is out and proves itself to either be a step up from vista or not.

    I suspect that a few more will jump ship in the meantime. If you think microsoft is a bit concerned about losing home users to linux, there is absolute sheer terror about the idea of entire segments of the market switching their serverbase and then their entire workforce over to linux.

    I wonder how long microsoft has been double-coding MS Office for Linux? 2-3 years? 5-6? I’m not sure, but I’d be completely unsurprised if they had been. It won’t seen daylight until the userbase is substantially higher and openoffice starts making much more serious inroads, but if they ever feel it’s a serious threat, they’ll kill it by releasing a linux version. Why? Because as much as their OS is a flagship product, I’ve maintained for a while now that Office 2007 is one of their BEST products [a friend of mine claims that MSSQL Server is one of their BEST, but there are better SQL servers, I think, though maybe not at the price range].

    TPM is something that needs to go away, and I hope that boutique mobo manufacturers realize this.

  6. Nathon says:

    Veylon, I’d like to propose an alternate scenario.

    The military (because they need things to work or people die) uses a computer with a TPM on it. Bad guys gain physical access to the trust servers, with spies or ninjas or something. They then replace these servers with their own hardware in a way that nobody knows they’ve done it.

    Now, a couple months later, military types are fighting the bad guys when suddenly their hardware decides that it’s not allowed to run any of the software on it.

    I don’t see the military (paranoids if ever there were any) accepting a system with the potential to do this.

  7. Delve says:

    You pretty much nailed it. I knew there was a reason I keep reading your ramblings. Nice video too, I’m going to have to send that to some people I know. I still think education may help the least-resistance people. There are more considerations than cost and ease of use.

    Despite their lack of strong interest in the subject, many people have principles or morals that will swing them one way or the other provided they’re made aware of the subject and can be shown a reasonably viable alternative. It’s that second part that’s the kicker, though there’s been massive improvement since I first started looking at Linux distributions.

  8. Veylon says:

    @Nathon: I hope you’re right. But won’t they want TPM to keep civilians from being able to interfere with them? It is a double-edged sword.

  9. Daniel, you don’t need two machines. You just need a big enough hard drive to hold both datasets, which is really easy. Dual booting works well. Virtualization apparently works well too. So you use Linux, and then if you need to play a game you either boot into Windows, fire up virtual Windows using VMware or Xen or something, or if it works for that program (more and more likely these days) use Wine.

    Incidentally, the emphasis of the post suggests something vaguely superfluous about the Stallman types. But it also points to their importance–someone has to have figured out in advance what the problem is going to be, and done something about it, in order for the vast middle to have alternatives available to flow to when the bad stuff goes down. Similarly with the car analogy, the world doesn’t need *everyone* to care about “anti-lock brake laws and fuel mixture regulations”, but it’s dashed handy if *someone* does. Ideally enough someones so we end up with good laws and, for e.g., don’t do idiotic things like use leaded gasoline.

    And it’s not true that “People rely on it, and so there will be a market for open machines. And if there's a market, someone will fill it.” Markets aren’t actually magic. It is not inevitable that every demand will be filled. Lots aren’t. The idea that markets will inevitably be filled, no matter what, is a mythology very common in the United States and indeed in the rest of the Anglo-Saxon world, less common to varying degrees most other places. But it is a mythology, one that exists not because it’s true but because it’s politically useful.

    In this case, there is a place for people to go because the Stallman types, operating in ways utterly unrelated to markets (not necessarily *against* them, just in a different category of activity), thought they saw a set of problems and decided to act against them. It wasn’t inevitable and it didn’t just happen, it was a result of free will and reflection. So in considering what may happen if the lock-down of computers leads to people shifting to Free operating systems and software, we should perhaps give a bit of kudos to those who did think about the need, thus giving the great middle with other concerns somewhere to go when things get bad.

  10. Primogenitor says:

    My 2 cents; by the time this because possible, most things will all be online via a web-browser anyway, so this will be toothless. Just swap to a Ubuntu live-cd and carry on. This does of course hand it all over to ISPs and server providers.

  11. Shamus says:

    Purple: I never intended to give the impression that the Stallman types aren’t important. In fact, since I advocated GNU/Linux as the solution that would make them indispensable.

    Also: Your comments about “mythology” are either missing the point or looking for an axe to grind. Of course ALL markets aren’t filled. Only markets where producers believe they can make money.

    Many large businesses have very huge infrastructure built on Linux. They have millions of dollars and they will give those millions to whomever with build them machines that will run their software.

    Open hardware isn’t going away anytime soon.

  12. Sean w/o an H says:

    @Veylon: It’s interesting you bring up cyber-terrorism… that’s just what Jonathan Zittrain talks about in The future of the Internet. It’s really frightening what could happen if a 9/11-scale cyber attack went down.

    On a side note, Larry Lessig (of Creative Commons fame) has now turned his attention to a systemic corruption in the election process. Believe me, it’s far from conspiracy-theorizing, and interesting to read as he offers insight on another system that is incredibly difficult to change. Check out the wiki here

    I can’t offer any peace or hope for Trusted Computing at the moment… to paraphrase Jessica Litman (or is it Niva Elkin-Koren?), ‘there’s always someone on the edge who will benefit from more ownership control’. Sadly, those people who benefit the most have a lot of money… I agree that “the Market” can have some influence, and also that “Government” can’t save the day, but I don’t think trusting in either alone will work these problems out.

  13. Fieari says:

    Just a note, I’ve worked in the Computer Repair industry for a number of years now. I personally am at a paranoia level equivalent to Shamus. I tell all my customers to not switch to Vista, but stick with XP.

    My coworkers are not as paranoid. They tell customers not to switch to Vista “until the bugs have been worked out, like happened with XP SP2”.

    The problem with Vista is that it is, to utilize a meme, Defective By Design. The Vista “SP2” equivalent will contain the same flaws that makes Vista so “buggy” and “insecure”. It’s a design principle that the user is less trusted than software, which means it will be as IMPOSSIBLE to remove malware targeting Vista as it is to get around Vista’s DRM.

    People will use Vista until their system becomes so infected as to be unusable. This happens with XP already. At this point, they will take their computers to me, or to another repair industry guy. We will be -unable to fix it-. We will tell them we’ll need to reformat their hard drive and start from scratch, and we’ll also tell them, while we’re at it, to “downgrade” to XP.

    What will happen when software stops being written for XP?

    Well, first of all, I don’t believe this will happen. Second of all, if it does happen, that’s when Linux better have its stuff together. If it does? We’ll start recommending average users to switch.

    Housewives and grandpas both LISTEN to the repair guy… at least when their computers start filling up with porn pop-up ads while they’re trying to teach their elementary-schooler how to access cartoon network on the internet.

  14. Tryss says:

    “They” want control because they’re trying to protect innocent people from the terribleness of piracy, hacking and 4chan.

    I’m about where you are on the chart, I like my independence but follow some rules to be able to game.

    I predict that the people who like independence will switch to a GNU/Linux OS when the verification becomes mandatory.

  15. Nathon says:

    Purple: Alright, I’m intrigued now. Can you give me an example of a situation where there’s an unfilled large demand for something?

    I would also argue that Stallman’s actions were not totally independent of markets. He saw that the markets were going one way and knew that there was a demand for something else (even if it was only him, which it wasn’t) and decided to do something about it. His goal was never to create a gratis operating system, just a libre one.

  16. @Nathon: Quite the opposite, actually: “The U.S. Army requires that every new small PC it purchases must come with a Trusted Platform Module (TPM).”

    That quote comes from the Wikipedia article.

  17. Nathon says:

    Well, I’ve been called out as poorly informed. I can only hope they don’t use software that requires remote activation.

  18. Delve says:

    I’ll second Fieari’s comment. I’ve been in ‘the shop’ and still do the occasional stint when work is slow. When I sit down with a customer to explain what’s going on there are two types. Those that want to understand, and those that just want it to work. And they both at least listen to the recommendation. Most of them heed it. If they’re told ‘See you in another 6 months or so’ then they’re going to ask how to avoid that fate, and they’re probably going to take action.

    Sadly, the shop I moonlight at is pure MS, so I have to try to avoid mentioning Linux. At least for now, the place understands its vested interest in doing the right thing for its customers far better than MS does. I still suggest people stay on older versions of Windows though.

  19. Veylon says:

    What both government and business want to remove is “collegiality”. That is the concept that, instead of having a hierarchy of superiors and inferiors, you have colleagues, or peers.

    Democracy is based on the notion that all citizens (not inhabitants or residents) are essentially equal. To protect that equality, every vote cast is private, to prevent intimidation and corruption.

    In scientific research, you have the peer review system in place to ensure accuracy by allowing equals to check out your work to make sure you have everything set up right.

    In the world of capitalism, everyone participating has money or resources that belong to them and that they alone choose to trade as they wish, to their own benefit.

    TPM is a regression to an older hierarchy system where ultimately what’s yours is contingent upon the agreement of it’s producers, you cannot check out the work of those protecting your security to see if they did it right, and your votes are not private, all in the name of safety.

  20. Delve says:

    “TPM is a regression to an older hierarchy system where ultimately what's yours is contingent upon the agreement of it's producers, you cannot check out the work of those protecting your security to see if they did it right, and your votes are not private, all in the name of safety.”

    Not safety. This is capitalism, *everything* is in the name of profits. Even when companies pander to the consumer they’re only doing it to sell more product. I may be cynical, but I’m not often wrong in this regard. Always glad to find out when I am though.

  21. R4byde says:

    But how will the average user ever be able to choose an open source OS if the corporate overlords manage to get the Doublethink Mind-rayâ„¢ operational?

    Seriously though, has anyone noticed the generally negative view the average joe has of Linux? I was talking to some guy the other day about systems security and mentioned how the open source OS’s are more secure than Windows. His reply was, “Why’ed I want to use Linux? Isn’t that what hackers use to steal your information?” I wasn’t really sure how to respond. I think the problem here is more then just the general public being sheep to the slaughter, they’re entirely willing to have their own security butchered in the name of security!

    EDIT: I suppose I’m not being entirely fair to the so called average user. I guess I’m talking more about the kinda guy who thinks that when hard-dive bloat causes a slowdown in MSPaint that it’s the work of a virus.

  22. The only (and I do mean the ONLY) reason that I still use Windows is that I want to be able to play my games. If I could get these suckers to run on Ubuntu, I’d switch in a heartbeat. I’m *sick* of my computer suffering periodic inexplicable seizures.

  23. Ingvar says:

    Vista, today, will help you keep your data hostage. Or so people say. To enable this hostage-keeping facility, simply enable the disk encryption, then swap your CPU (and destroy the old one). Since the TPM lives inside the CPU, you can no longer decrypt whatever was on your encrypted partition(s). “Oooops.”

    Admittedly, if you have at least two Vista machines, in a domain, you can ask them to hand the relevant keys over to the domain master, so it’s not entirely a lost cause, for the corporate user.

  24. Deoxy says:

    It's a design principle that the user is less trusted than software, which means it will be as IMPOSSIBLE to remove malware targeting Vista as it is to get around Vista's DRM.

    This is one of the simplest and most effective arguments against TPM as currently envisioned and (partially) implemented: it is only as secure as Windows.

    What Windows’ track record on security? On being safe from malware?

    Yeah, exactly. Only now, to get rid of malware will require hacking skills equivalent of what it took to WRITE the malware in the first place!

    Sure, there are many OTHER reasons, many of them mentioned here, but those won’t carry as much water with Joe Average as cimply citing the track record of Windows and malware, and then pointing out how hard the malware (that is certain to exist) will be to remove with the new “trusted” computing.

    Oh, and my political party is better than yours… :-p

  25. Deoxy says:

    Vista, today, will help you keep your data hostage. Or so people say. To enable this hostage-keeping facility, simply enable the disk encryption, then swap your CPU (and destroy the old one). Since the TPM lives inside the CPU, you can no longer decrypt whatever was on your encrypted partition(s). “Oooops.”

    Any hardware-based encryption has this weakness. Of course, that’s another good reason to use hardware-based encryption only on the most ridiculously vital stuff (and check your hardware regularly)…

    …which would not be anything Joe Average uses. Another reason this is a bad idea.

  26. RibbitRibbit says:

    Luckily for everyone involved, the Rest Of The World doesn’t give a flying f**k about DMCA. Although USA sets the trend, there are forces opposing this trend (sometimes it’s just rabidly anti-American with no other reason behind it, but in this case it produces a good result). Case in point: FOSS success in the EU (Firefox, OO, Linux).

    Let’s just hope the hardware vendors won’t lock Linux out.

  27. wumpus says:

    Howdy Nathon,

    Here’s a classic example of the workings of the ‘free’ market:

    http://en.wikipedia.org/wiki/Great_American_Streetcar_Scandal

    There was certainly plenty of demand for streetcars (and a functioning streetcar-based infrastructure). But the invisible hand of the market decided that people should buy their own individual cars instead. So now we (Americans) have a society in which personal cars and driving are more or less required (except in New York City).

    More personally, I used to take two 8 mg tablets of Chlor-Trimeton a day to keep my allergies at bay. Until the company that made them decided they weren’t making enough profit and abandoned that product. They’ve now abandoned the 12 mg as well, creating such a vacuum in demand that the people who clean our house apparently stole my last package. Again, I submit that there’s large demand for this product, but the market won’t provide it, as the margin is apparently not high enough (at least compared to the patented, next generation stuff – that doesn’t work as well for me).

    Alex

  28. Factoid says:

    The free market will save us!

    Unless of course Congress decides that only TPM-enabled equipment is allowable for sale due to national security concerns, thus eliminating the ability to access open systems legally.

    I’m not going to incite a political war, but those of you concerned about the upcoming US Election should really look into who each candidate’s technology advisors are and decide for yourselves who you’d like to have the ear of the President.

  29. Dev Null says:

    Imagine hundreds of companies, all rolling out their own independent TPM initiatives, their own rules, and their own ideas on what should be expected of the user before they're allowed to use the software or access data.

    Worse still, imagine a single company – almost certainly brought to you by the letter “M” – ending up the default standard for doing this for everyone, by virtue of their market share. Its not _that_ likely, but its not impossible either.

  30. Daosus says:

    If the hardware vendors lock Linux out, I, and many other techies, will be buying our computers from Hong Kong. Or Germany. Or any other country where this kind of stuff isn’t set up yet. There WILL be money to be made, even if just for a niche market and servers, which suggests someone will decide to make it work. Until TCM gets so pervasive each packet is encrypted, it will be possible to use non-brand name computers to do the job.

    And really, the biggest hurdle may end up being Joe Corporate, since corporations generally like to own their data.

  31. I’m currently in the “sky is NOT falling” camp. There are a couple of major factors working against TPM.

    Market inertia: It is very very hard to get a large base of customers (I’m pretty sure hundreds of millions of Windows users qualify) to migrate suddenly; and TPM would require a fundamental paradigm shift. When it comes to PCs, the average consumer cares most about two things: cost and convenience. As you say, they aren’t dumb, they just have different priorities than us techheads: they’ll be asking, “How is this better than what I’ve already got?” It’s been 20 months since Vista came out and there are STILL lots of people, especially businesses (including my own), who prefer to stick with XP for various reasons: compatibility, lower sys reqs, “it just works,” etc. And that’s just an OS upgrade on current HW: how much harder would it be to convince people by the millions that they “need” TPM so much that they should buy a new PC with a new OS and (presumably) new apps? That’s clearly a significant outlay of cash for dubious gains for the consumer.

    Developers: if consumers are slow to adopt a TPM system, then developers have little incentive to support it. If your company only has the resources to support a single version of your SW, then you’ll gravitate to the one with the most users: Windows. And without developers supporting your TPM system, there’s no incentive to consumers to switch to it. In a way, MS would be a victim of its own success: XP’s popularity means it’s that much harder for them to get people to switch to a newer OS. Ah, irony.

    MS could attempt to force people to switch to a TPM setup by discontinuing support for current versions of Windows, only updating their apps for this new OS, etc. But I think that would (A) REALLY upset their business clients, who rely on MS ensuring things work right as-is; and (B) just inspire people to stick with XP or Vista – or worse (for MS), switch to Linux or even Apple. [After all, if you gotta buy an all-new computer with an all-new OS, you might as well go with the one which already works and looks snazzy to boot.]

    So as much as MS would probably love to be the God-King of some hypothetical TPM dystopia, I don’t think we need to start hording PC parts and XP license keys just yet.

  32. Delve says:

    Amusingly, when I bought my first copy of XP some weeks ago I was told ‘good thing you got it now, it’s getting harder to get hold of these things.’ MS’s lifeblood is new version sales. Unfotunately, they’re too savvy to commit suicide over this. Hopefully enough corporate clients cause a stink about TPM that they’ll either continue to support XP until we all graduate to quantum computers, or they’ll release a TPM dis-abled version of Vista: Rebooted (or whatever) that’s “only available to corporate customers.” wink wink, nudge nudge.

  33. July says:

    On the bright side, if a universal TPM bill gets passed, I’ll be spending a lot more time outside.

  34. scragar says:

    Deoxy:
    The problem I see with your argument is that the average user doesn’t care how many viruses they get, or how much spyware watches all their details, they can always find someone to fix the system for them(normally by annoying a geek with the question “can you fix my computer?”, but some people use actually computer stores for this goal(which to me is a worse idea in many ways, privacy, cost, the fact that computer store workers normally can’t tell the difference between ethernet cables and firewire to name the top 3)). Telling them that not using windows will protect them from this is normally useless, most don’t even understand that you can run a computer without windows, then there are those people who are convinced that linux is used by hackers, or it’s free because they couldn’t get anyone to pay for it if they charged, and even if you did get them to switch, you would have to put up with the initial few complaints about one program or another not working(after all, they downloaded the exe…), or complaining that firefox isn’t as good as IE(I know, such people still exist, even now).
    Please don’t miss understand me here, I’m not saying don’t try to convince people of the truth, I’m just saying that it’s a hard path to take(which goes to explain why windows holds the majority share when it’s far worse than mac or linux systems in so many ways).

  35. potemkin.hr says:

    @Shamus:
    How do you mean the hardware protection layer is already installed? Did you mean the protection mentioned a few weeks ago?

    @Jennifer Snow:
    I also have Windows for the sole purpose of Games and a few specific windows-only applications that Wine can’t emulate well.

  36. Rats says:

    Firstly, thank you Shamus for your astute, articulate and informative post.

    I appologise if any of this has already been said in the discussion above but the main ability of this DRM scheme (if TPM can be called such a scheme) is easily circumvented. The machines TPM code, the OS’s code and the software’s code have to agree? Excellent. Here is a virtual machine. I have complete control over the hardware, and can change it at will. The OS and programs are then based in something I have control of.

    The free market is getting much better (I am in the process of migrating to CentOS from XP), but many businesses (who I feel will drive the move) are installing vista not because of their non-plussed attitude, or their ignorence, but because of money. It is cheaper to use the OS you are given with a machine than pay for a licence for another (i.e. “upgrade” to XP). Especially if you get free support with that OS.

    I don’t honestly think it will become illegal to own technology without TPM in it at any point (Its not illegal for me to have a toaster without its cover on, or have an unrailed drop of 40′ in my own home). But I do think there are people who would try. This in itself is a sad, sad thought.

  37. MissusJ says:

    Factoid, I’ll be doing that. Technology is more important to me than abortions, anyway.

    Shamus, thank you. I KNEW I didn’t want to switch my PC back to Windows (even XP) from Ubuntu. I’ve used it for a year and loved it, I don’t play games on the PC. My tech husband had mentioned going back to Windows so that I could have a newer browser- firefox v.1.5.0.12 doesn’t cut it anymore- but I had a feeling I didn’t really want to do that. Thank you for the confirmation!

  38. Daosus says:

    Um, why not install a newer browser on Ubuntu? I’m running openSuse 11, and Firefox 3….

  39. ThaneofFife says:

    I asked this question on the last TPM post and didn’t get a satisfactory answer (though I appreciate getting any response at all ;-), so I’ll ask it again.

    Suppose I want to buy or build my own computer with no TPM components. What systems incorporate the TPM components? The CPU, the motherboard chipset, something else? Which manufacturers and/or models are known to incorporate it? Which are known NOT to incorporate it?

    I’ve been all over the web looking for this info, and of course I have checked wikipedia and google (I also found most of the stuff Shamus linked this time around, but that’s beside the point). Does anyone know?

    A second question that I am having trouble answering from google and wikipedia: how does TPM relate to other “content protection platforms” such as HDMI, which I understand is basically just a hardware DRM for video? (If you can’t tell, I don’t know nearly as much about hardware and software as many of the people who read this blog). Is HDMI a separate scheme? Something that will be incorporated into the TPM or “Trusted Computing” sphere?

    More importantly: can I avoid HDMI when buying a new top-of-the line graphics card and monitor? Assuming I can, should I? Would I not be able to play games and Blu-Ray DVDs?

    Finally, as I’ve said here before, this threatens us as both consumers and citizens as little else coming from the tech industry does. Shamus, I think we need to get political on this because the silence only helps the proponents of this idiotic technology. Therefore, I say again–we need to explain this to our friends and family, write the Federal Trade Commission expressing our outrage, and complain to our local and national elected officials. If we don’t then there is no voice opposing the industry and trade lobbyists who are pushing this system.

    Bonus suggestion: Is your Representative or Senator on a national-security related committee? Call them up and explain to them (1) that the military is buying TPM-equipped machines; and (2) how these machines can be compromised. Tell them you care about national security and that if they do as well, then they better look into this potential national security threat. Bet you’ll get a reaction (assuming they understand what you’re talking about). :-)

  40. Josh says:

    I’m starting to think that my switch to Mac was well-timed. (I don’t use my comp for gaming other than WoW, which runs on OS X just fine.) I mean, yeah, they have their own problems, but Windows was just getting to be too much of a world-class headache.

  41. davidvs says:

    Your post concludes with what could be a segue to an essay from Steven Den Beste from 2006 in which he both urges and shows no hope for Linux standardization in the (then) near future, and cited Eric Raymond predicting 2008 would be the decisive year.

    http://denbeste.nu/Chizumatic/tmw/Linux.shtml

    His points piggy back onto yours quite nicely.

  42. Vista, today, will help you keep your data hostage. Or so people say. To enable this hostage-keeping facility, simply enable the disk encryption, then swap your CPU (and destroy the old one). Since the TPM lives inside the CPU, you can no longer decrypt whatever was on your encrypted partition(s). “Oooops.”

    The TPM is a completely separate chip on the motherboard. Replacing the CPU isn’t going to render your encrypted data unreadable.

    Replacing the motherboard or the TPM, on the other hand, will.

  43. Pat says:

    I can see how this would work when starting up a single program but how does it work against programs which are themselves content providers such as Java and Internet Explorer?

    For example, I can’t see Microsoft disabling Internet Explorer for a while, but from there I can access Google Docs. TPM would have to maintain a blacklist or whitelist of websites, which would be hell to maintain. Ditto for Java-based games as another example.

    If this is going to be done by dialling out to a server, what’s to stop someone implementing a server of their own which just replies with “Yeah, that’s OK” to every request sent to it? People can already override host names on Windows PCs by changing the hosts and lmhosts files -this is how we used to get rid of intrusive Web advertisements before AdBlock and NoScript came along.

  44. g. says:

    Josh (40): I don’t think that owning a mac will make the leettelest beet of difference if “the trap closes”. Apple is just as in the TPM-boat as MS is (just google mac and tpm).

    And since Shamus started with conspiracy theories: It is my firm belief that the driving force of Apples switch to intel was the trusted computing platform. Of course Apple will tread much more careful in marketing the closing of the trap. My theory is that the minute they turn on system-wide TPM-functionality, they will sweeten the deal with the mac-os wide app-store and won’t be bolting down the whole system. Maybe just sandbox or otherwise inconvenience “untrusted applications”.

    Apparently intel, sun and ibm have decided that a personal universal computing device is much too powerfull for john doe to have, from a consumer (vote with your dollars) standpoint there is absolutely nowhere to turn, not even linux, since you won’t be able to legally distribute a boot cd that can do such simple consumery things as play a dvd (much less blueray).

  45. Shishberg says:

    Sorry if anyone’s made this point already, I’m not awake enough yet to do more than skim the rest of the comments…

    There’s another bell curve that’s just as important as the user one, which is the spread of developers and what kind of platform they want to develop on. Stallman and Gates are probably still at either end, but in the middle you now have a bunch of people writing applications – games, business stuff, apps bundled with hardware, whatever – whose only goal is to do whatever lets them target the biggest market for the least effort.

    If and when Windows gets TPM, Microsoft is going to get app developers to jump through a lot of complicated certification hoops before they’re allowed to run on anyone’s Windows machine. When that happens, the path of least resistance for a lot of app vendors will be to develop for Another Platform instead, especially if their users are already flowing in that direction. (In the process, they might discover that there are advantages to developing for an open source OS, like being able to debug-step through system libraries.)

  46. Craig says:

    This all sounds like the internet is transferring from a stage of hippy-esque anarchy to a sort of corporate feudalism. I blame MMO’s and itunes.

  47. Daosus says:

    If it were anyone to blame, I blame the ISPs. They started it: they put people behind NAT, and made it impossible to host things on your home machine. Until that point, the internet really was Peer-to-Peer (and tiny).

  48. Nathaniel says:

    Does anyone see anything overtly Orwellian about this whole scheme?

    I definitely need to get my hand on an XP disc soon…

  49. Aergoth says:

    Disclaimer, not having read the above, this is really just about operating systems.
    If Microsoft advocates this, no doubt Apple will throw the idea out the window, to some extent. because that’s what apple is, not microsoft. I’ve had people preach apple at me, and linux, the point is, on the one side, I can’t play games without extra software, on the other, I have to know stuff. Joe Average uses microsoft because it’s familiar. While I hope my mentality is something along the lines of one-over-from-the-left, but I can understand with the one-over-from-the-right. I’ve pirated stuff, used free stuff instead of paying and shamelessly abused my computer with demos. Yes, this went nowhere. Go left.

  50. Mark says:

    From a usage perspective, I think that there does need to be a standard way to prove that you are who you say you are that doesn’t involve compromising the integrity of your system. From a strictly security-based perspective, there are situations when things – useful things – just plain can’t work if they don’t start from the assumption that the user has been compromised and attempt to establish proof to the contrary.

    I browse the web with the assumption that any website I don’t know is going to try to rob me. I can hardly blame software companies for making the reverse assumption: that any user they haven’t verified is a pirate. What I object to are the situations where, in order to authenticate myself, I must compromise the security, stability, and otherwise correct behavior of my computer. Software like that essentially makes it impossible to authenticate myself.

    To the extent that a standardized hardware authentication mechanism will allow me to obtain the trust of those with whom I intend to do business with my computer, I will accept it. To the extent that it is used unethically, for purposes such as spying, vendor lock-in, mass genocide, etc., and that it is required for purposes that don’t need authentication, I will oppose it. The fact that it can be broken is immaterial. This represents the possibility of a humane, practical alternative to harmful software DRM. The devil will be in the details.

  51. Skelnik says:

    Is that a diagram of a reclining woman playing with herself after the announcer asks “Why should you trust them?” in the video?

  52. Blackbird71 says:

    “The control advocates have to play a very careful game. They have to close the vice slowly, or users will abandon them.”

    I think you meant vise, although this sort of behavior could be referred to as a vice…

  53. krellen says:

    I really liked the music in that video.

  54. The Lone Duck says:

    I agree with Shamus’s statements about market forces. As bothersome as these top-down laws are, the market is what really defines change.
    I think if Linux ever became a commercial, user-friendly platform, it could really contend. Same thing with the Mac OS.
    I can sympathize with both parties. On one hand, I don’t like people telling me what I can do with my machine. On the other hand, it is a sad statement on our society that so much rampant theft is able to go unpunished. I don’t want a society where the police monitor your downloads, but I do like the idea of a society where it is harder to steal via the internet.
    Well, even though I am a gamer, I fall under average Joe. I have my own ideology in regards to crime and that it should not be tolerated; if I can use a computer in the ways I want to, I have freedom. But open source programs aren’t going anywhere, modded hardware isn’t going anywhere. Even with the MPAA standards, it’s not hard to get a modified DVD player for all regions, that will copy DVDs. The dystopian future is a fantasy to justify angry tirades.

  55. guy says:

    If TPM is made mandantory, I think i’ll move to canada. I’ll also lose my faith in Congress knowing what it’s doing if the reasoning is national security and it relies on external servers that can be blown up or have their power cables cut.

  56. Jim says:

    This would (will) absolutely be the tipping point for me to switch to Linux as my Desktop OS. A couple of my systems already dual boot and with the gradual decline of the software keeping me on Windows (read: PC Games) I doubt I’ll ever purchase a Microsoft OS license again.

    And the next PC I build for my parents or brother I could easily see being Linux based as well. Both to drive down costs and to prevent bs like this from getting in their way.

    Power Point, Bejeweled, and Limp Bizcut: the anti-Trinity

  57. Tuck says:

    Nice writeup, although in my cold-befuddled head I don’t think I took in as much as I could have…

    My pedantic nature managed to sneak in, though: where you said Xerxes, did you mean Croesus?

  58. dolleater says:

    Well written indeed! I usually dont agree on some things you say (hey, isnt that what the internet is great for anyway :)) but today i fell i can wholeheartly agree with you.

    Even though i know we all want to consider us as unique snowflakes, the truth is, even if im a IT-person, im still Joe Average, and my decision to not pay for certain things (and pay for others) is the one thing i can swing around like a mace+1 as a consumer.

    Ive been concerned with Trusted Computing ever since it reared its ugly head, and im glad to see that alot of people are getting around to think about it.

    Hopefully, more and more people will have become more and more concerned, and the day its implemented, people will say “hell no, we wont go” ;)

  59. K says:

    Great read, the article on vista is also very interesting and has just cost me about an hour of sleep. Keep up the great stuff, Shamus! Bonus points for a sentence like “…Windows advantage is only genuine …”, made me giggle.

  60. Susie says:

    #5 Ben -> I have both MS Office and Open Office installed and running on my computer. As far as word processors go, Writer is so much better than Word it’s funny. (by better I mean it has more features, it’s easier to use and it’s more customizable – and the linux version is even better) There are things that I like about office 2007, and there are things I hate about it … MS forgot why we have toolbars in the first place (making things easier to get to without using a menu). Publisher is the only Office program that I haven’t found a replacement for.

    #13 Fieari -> You are 100% right, the average user will do anything their tech tells them to. There is so much **** going on with windows right now – but linux still has issues – no matter how much we like to think it doesn’t – the average user doesn’t want to muck around in conf files! I usually end up letting them test drive OSX and ubuntu and letting them choose between the two.

    /me goes off to check the tech standing of the candidates

  61. Factoid says:

    By the way…it’s totally awesome that people are going out to check out candidates stances on the tech subject. it’s one of the many subjects they’ve both released quite a bit of policy stances on, but it doesn’t get any attention because it’s not abortion or energy.

    I have my opinion on whose policy I like better. I wish there was a website where the would replace names with “Candidate A” and “Candidate B” next to their policy stances, so that people could evaluate the substance and not be swayed by preconceptions based on the name.

    It probably already exists. Maybe if it doesn’t I’ll make one.

  62. ThaneofFife says:

    “I have my opinion on whose policy I like better. I wish there was a website where the would replace names with ‘Candidate A’ and ‘Candidate B’ next to their policy stances, so that people could evaluate the substance and not be swayed by preconceptions based on the name.

    It probably already exists. Maybe if it doesn't I'll make one.”

    Factoid: You’re right and that’s a great idea. It would have to be written to avoid the hot-button issues that everyone knows the candidates’ stances on, though.

    Also, seriously, doesn’t anyone know where I can find a list of manufacturers (mobo, cpu, etc.) that do or don’t include the TPM in their products?

    This thread is great.

  63. Adeon says:

    Hmmmm… apparently the video was removed from you tube, does anyone know where an archived copy might be found?

  64. Well written and well-founded, like most of what you post.
    And although I absolutely hate the idea of this “computer turning against us” thing… I gotta wonder…

    If they figure out this isn’t the way to go about cracking down on piracy, what will they consider as the alternative?

    http://technology.timesonline.co.uk/tol/news/tech_and_web/gadgets_and_gaming/article4569180.ece

    I’d seriously suggest reading that article.

  65. A Gould says:

    I started the migration to Linux this year, partly to get better use of my system, and largely because I was tired of the quarterly reformats. I still have some Windows apps, but I make a point of switching to Linux versions when possible. The only two must-haves at the moment are iTunes (run through VirtualBox) and Neverwinter Nights (on the dual-boot partition, and that’s only because I really don’t want to restart the campaign ;)

  66. Daosus says:

    Gould: NWN runs perfectly on Wine (that’s how I ran through the HotU and SoU campaigns) :D

  67. SolkaTruesilver says:

    I have to admit, I’d probably be running Linux if I wasn’t a totally inept at software, and if Linux just didn’t scared the shit out of me. I like to use computers, more than the average joe. And I also like to have hassle-free games. I know ennough about computer to download the DMR-free .exe, but that’s all.

    I’d use Linux if I knew I could run it smoothly, if I knew it would play every single freaking game I buy, and I wouldn’t have to burrow my head under terabytes of codelines.

  68. MaxEd says:

    Cory Doctorow’s “The Little Brother”. Get it here for free from author’s site: http://craphound.com/littlebrother/download/ It really worth reading, one of the most interesting books from modern writers I’ve read in long time. It discusses things closely related to what we’re talking about here, and although it doesn’t offer and sure-fire solutions to problem of balance between security and freedom, it is thought-provoking. Some guys out there already created project to implement ParanoidLinux described in book.

  69. Steve C says:

    Shamus you are giving out incorrect info…
    TPM is not proposed. TPM is not partially implemented. TPM is not a chip. TPM is here, NOW in the products we use and has been for some time. TPM is applied to the firmware of chips.

    TPM is here now and has been FULLY implemented. It has partial market penetration so it’s still possible to buy products that don’t have it. The anal rape that TPM wants to perform cannot occur unless it has full market penetration. The fewer components with TPM you have allowed into your computer the safer you are from the fully implemented anal rape. If you have a current gen, high end hardware component then you already have TPM. If you see an HDMI connector, then you have TPM. Each TPM component you add is like dropping another piece of clothing. It will take software to finally screw you.

    Vista is the strap on from Se7en. Luckly for users everywhere… Vista failed in it’s penetration goals.

    @42 Ian B. / Spectere said: The TPM is a completely separate chip on the motherboard.

    TPM is not a “chip” it is a specification applied to chip firmware using DAA. TPM can be built into chips like a CPU. Think about it for a sec… if a TPM was a physical chip how could it ever be included in a CPU which is a single chip?

    Example: I have an Intel E8400 CPU. According to this list it has Intel TXT built in, which is Intel’s brand name of TPM implemenation. Surf around the links going from that list to check your own Intel CPU model.

  70. Steve C says:

    @39 ThaneofFife: Suppose I want to buy or build my own computer with no TPM components. What systems incorporate the TPM components? The CPU, the motherboard chipset, something else? Which manufacturers and/or models are known to incorporate it? Which are known NOT to incorporate it?

    Short answer: Godel made a complete list.
    Long answer: I remember seeing your question before. I couldn’t properly answer it (nobody can… damn you Godel) so I skipped it, but now I will give it a shot.

    TPM can be applied separately to each component of hardware, typically at the input/output level of that hardware component. So a TPM could be protecting the CPU’s interactions with the motherboard, and the motherboard’s interactions with the southside bridge in addition to the TPM on the commonly known I/Os like the hard drive/monitor etc. I don’t think it possible to create a current generation computer with no TPM components. Something would catch you somewhere. A computer using 2004 parts… I could see that, but not a computer using all top end 2008 components.

    You would have to research each product individually to find out if it uses TPM. What makes it harder is that there are separate names for the implementation of the TPM by manufacturer. For example, AMD calls it “Presidio”, and Intel calls it “Intel TXT”.

    There won’t be an exhaustible list of manufacturers or products floating around. Even members of the Trusted Computing Group would not have such a list. TPM is a specification not a chip, and it’s an open specification so if any manufacturer follows the spec, they have it. Even if such a list existed it still would not help you. You would also need to know who’s used any of a TCG member’s products in the creation of their own products. IE The manufacturer of every chip on every component- an impossible task.

    You might be able to figure out if a product has a TPM or not. As a starting point, anything that is “Ready for Vista”, “Certified for Vista”, or “Vista Optimized” etc is under TPM lock and key. TPM is a requirement to get that logo. Any member of the Trusted Computing Group will have products that use TPM, but not necessarily all their products will have TPM.

    Is HDMI a separate scheme?

    HDMI is not a separate scheme, it’s the implementation of “Trusted Computing” aka TPM.

    HDMI is just a funky DVI connector that is a real world indicator that HDCP has been applied to the signal carried on that wire and that the audio is squeezed on there too. HDCP is the implementation of the TPM specification on the I/O of the video/audio signal when it hits the external wiring of the device.

    Can I avoid HDMI when buying a new top-of-the line graphics card and monitor?

    Umm maybe? In theory if you got a modern top end system without a single TPM component, then YES you could play games and Blu-Ray DVDs as long as the software didn’t require TPM compliant hardware. On a practical level, no you can’t. See above for the research you would have to do to make it happen.

    However, there is no real point in doing that because getting it together and making it run would be a nightmare. It’s easier to pull the teeth out of TPM by using software that can’t take advantage of that aspect of the hardware, (like using WinXP instead of Vista) and by using a component (like a DVI splitter or repeater) somewhere in the chain of outputs that strips the HDCP code (likely via EDID forwarding) so the next part of the chain doesn’t run it’s TPM.

    Avoid the software that gives TPM the ability to screw you, and force two components in the chain to “lie” to each other and you are safe… for now. In five years, who knows? You might need to lube up for the anal rape.

  71. Carra says:

    I tried out Ubuntu and was very pleasantly surprised. No more need to know how make works to get anything installed. And with compiz, it actually looks better then Vista…

    So why am I still using windows? Sadly, the only reason is to play my collection of games :(

  72. Zaxares says:

    I probably fall right into that middle category of the bell curve. The moment that Linux becomes as easy to use as Windows (I have zero desire to learn anything more about computers than ‘push power button -> play games’) AND most games will run on it, I’m ready to switch to Linux.

  73. Kris says:

    I guess I’ll throw in a comment it seems like most people have missed. Microsoft has stopped selling Windows XP to force Vista Adoption.

    http://www.microsoft.com/windows/windows-xp/future.aspx

    People keep talking about ‘sticking’ with XP and how folks will just keep buying it instead of Vista, but Microsoft has killed the option. So don’t get your hopes up on that front. For now a lot of companies are getting around it by providing Vista “Upgrade” discs with XP systems, but I’m sure Microsoft will want to quash that as well as soon as possible.

  74. Dix says:

    So from this I get that Shamus doesn’t have anything to say about Mac’s OS and security of the user vs. security of the producer. Which is fine, given that I doubt Shamus uses Mac for anything whatsoever. Still, I feel like an article driving at length about ‘the alternative’ to Windows being Linux (Ubuntu) for any reason is missing something by not touching on the major commercial OS based on Unix.

  75. JB says:

    Dix, if you want less DRM, I don’t think OS X is the way to go. Look at the schemes implemented around iTunes, iPhones and all that stuff. Horrible, wouldn’t touch it for anything.

    About gaming. I will never switch to Vista. I will keep my XP installation alive for the games I already own. For all other things I need a computer for, I use Linux.

    I did buy a PS3 for gaming. But I am not sure what I’ve gotten myself into there, DRM and TPM wise. At least it won’t affect my serious work in any way.

    I do hope cell phone makers, gps makers and others who make toys interfacing with my computer will start making software for Linux soon.

  76. @Steve C:

    TPM is not a “chip” it is a specification applied to chip firmware using DAA. TPM can be built into chips like a CPU. Think about it for a sec… if a TPM was a physical chip how could it ever be included in a CPU which is a single chip?

    Regardless, the encryption would have to be done on a system-wide basis, otherwise it won’t work. How do you propose that my CPU, which no doubt has Intel TXT built-in, would possibly work with my motherboard that doesn’t have a TPM chip installed (and yes, TPM “chips” do exist and are required for the system to work)? It wouldn’t. How could it? If my CPU were spitting out encrypted data and nothing else knew how to handle it my computer would be useless.

    The only way TPM would work is if the entire system is passing encrypted data through the wires in all cases where it’s running protected code, otherwise the data is still vulnerable to tapping at the lowest level.

    Edit: @JB:

    I did buy a PS3 for gaming. But I am not sure what I've gotten myself into there, DRM and TPM wise.

    I know for a fact that the Xbox 360 uses TPM across the board. As for the PS3, while I haven’t found anything that specifically says that it has a system like that in place, I’d be incredibly surprised if it didn’t.

  77. Delve says:

    Just think of the waste in energy, flops, money, intelligent human effort, and basic resources represented by the whole scheme. All so that, essentially, Hollywood and the like can feel like they’re making progress towards raping your wallet.

    Not to mention the corollary waste of similar resources by equally intelligent people in the eventually successful (hopefully) search for a functional workaround.

  78. Jeysie says:

    Delve’s got a great point. The mind boggles at the sheer amount of resources (not to mention goodwill) that the DRM folks are currently throwing away trying to fight the futile fight against human nature that they will inevitably lose, when they could be thinking of ways to work with human nature and make lots of money off it instead.

    Chalk me up as another gamer who is kind of stuck with Windows for now, although in my case it’s because I have a lot of older obscure Windows games that the Linux folks aren’t going to care about getting working (and I’m not saavy enough to get them working myself). But if it ever comes down to a choice between Linux and a controlled computer, I’ll make the sacrifice nonetheless.

    (I don’t consider Mac an option at all… aside from the fact that I find them horrible to use, I don’t see how moving to a system that already has all sorts of proprietary hardware tied together with the proprietary software is an improvement.)

  79. ThaneofFife says:

    @ Steve C:
    You had me thinking I was clicking on an actual list with the Godel link! Thanks for the response anyway though, the HDMI stuff was helpful.

  80. Steve C says:

    @77 Ian B. / Spectere: The only way TPM would work

    The only way for DRM to work… is if the laws of physics were re-rewritten.

    You seem to have issue with the way I describe TPM and to prove me wrong you describe obvious ways to defeat TPM. It’s DRM. All DRM is fundamentally flawed and all versions (now and forever) will have an obvious weak point.

    Treacherous Computing is the worst not because it’s “uncrackable” but because it’s the first DRM that uses a combination of hardware and software. It needs a combination of hardware and software to avoid. Before all you needed was software, but now you also need hardware. (Post #70 describes other ways to pull out TPM’s teeth.)

    If my CPU were spitting out encrypted data and nothing else knew how to handle it my computer would be useless.

    True, but TPM doesn’t work like that. TPM is not a chip, but you can have a chip that has a sole purpose of dealing with TPM. A TPM protected chip (like a CPU) doesn’t encrypt regular data sent to it. Regular unencrypted data passes through without issue. The TPM component only does something if it receives encrypted data. When it receives encrypted data it decrypts it using the secret key on it’s firmware, processes the info and re-encrypts it signing it with it’s own meta data as it leaves that component.

    That’s what I was getting at before… you are safe as long as you don’t use software (like Vista) that sends encrypted data to the components in the first place. And yes, for TPM to work it would have to be system wide and if you ensure it isn’t system wide, then it cannot work. Like all DRM, fundamentally it cannot work but the hoops you have to jump through to deal with it can be a pain in the ass.

  81. Curaidh says:

    This one is a very interesting Post, thanks Shamus. And again it feels good to live in europe. Germany might be overly bureaucratic and annoying from time to time, but our data protection and privacy protection rights are intact. TPM would be a problem here. Remember that “Europe” keeps fining MS for all different sorts of violations that they might get away with in the US.
    So as long as we exist and are a valuable market share, you should not worry too much. ;)

    JB: You need not worry about TPM and PS3. Sony learned a bit from their media disasters with their rootkits etc. As long as your PS3 can run Yellowdog Linux there is no need to be afraid.

  82. Cuthalion says:

    On switching to Linux:

    Let’s say I’m being bullied at school. Some guys are pushing me around and stealing my lunch money. Every. Day. And worse yet, the school staff commends them for “leadership” or some other such thing and gives me detention when I complain.

    However, there is another school I could go to, where nobody steals my lunch money and bullies get expelled. The only problem is the initiation: all new students must go through a hideous hazing process involving rocks and sticks and knives and pain to get in. And once you’re in, half your classes are conducted in a foreign language, which you must learn to speak fluently in order to attend without being laughed at.

    That’s my experience. Pick your poison, I guess.

    EDIT: Yes, I’ve tried Linux. I have an old version of Ubuntu on my computer. I like being able to install software with a click, but if that software’s not in its database, it’s a pain. And even with that I still have trouble running some stuff. Not everyone that makes Linux stuff cares about people like me, who don’t want to learn the console to run things. Maybe I should try again with a more cooperative network firewall…

  83. Jeff says:

    Many large businesses have very huge infrastructure built on Linux.
    At least I know for a fact that the Canadian Government doesn’t trust any Microsoft products for their servers or important data.
    The computers in the bunker all used something I can’t recall right now, while the wageslaves used Windows for their spreadsheets and such.

    Any hardware-based encryption has this weakness. Of course, that's another good reason to use hardware-based encryption only on the most ridiculously vital stuff (and check your hardware regularly)…

    …which would not be anything Joe Average uses. Another reason this is a bad idea.

    The US Army specifications for the TPM is specifically for securing data. Not software. If any of their software for the warfighters even has the potential to be locked down, they probably won’t allow it. The moment one single person dies because of some idiot vendor, a lot of people will be hung.

    A random comment on free markets:
    “If there is a demand it will be filled” isn’t strictly true.
    As always, we go to our trusty supply and demand graph.
    The supply curve is how many systems a producer is willing to create to sell at a certain price.
    The demand curve is how many consumers are willing to buy a system at a certain price.

    The revised statement is thus:
    If there is a demand strong enough that the consumer will pay almost any price for, then it will eventually be filled.
    At equilibrium, obviously.

    This is of course a single product. With multiple products (ie. streetcars and automobiles) that are exclusive, then equilibrium must account for both.
    In the case of streetcars, we must consider that Government spending makes up demand as well.
    In otherwords, it’s the government’s fault. If they wanted streetcars enough to drive up demand and lower price, then we would be in a world of public transit, not private cars.
    All that is required is the raising of taxes and considerably investment.
    This increases the demand, lowering prices for services, while removing the disposable income of the Consumers, and as automobiles tend to be a Leisure good, sales would dissappear.

    This requires a government that is actually, you know, good. As opposed to those idiots would lower taxes to get themselves in power.
    There are many (currently) unmarketable things that should be done that aren’t, because they are unpopular.
    Sadly, this means the “less good” option receives the most Investment and the cost of switching increases exponentially.

    Strict on this though, the alternatives need to be better yet to draw the consumers there. Right now the exclusive good’s desirability is so low it still has a tiny market share with a price point of $0.
    You can blame a large chunk of this on the complimentary goods tied in with it though, i.e. software.

  84. Shamus says:

    I didn’t get into the whole supply / demand tradeoff business because I thought the concept to be so obvious that I didn’t need to bring it up.

    Yes, little markets go unfilled. But we’re not talking about little markets here. We’re talking about governments and multi billion dollar companies. And we agree on this. And those people need hardware. And it would be very hard to keep asian hardware companies from going after that money. Which was my entire point.

    The rest of the comment skates very close to politics. I really don’t see a need for paragraphs on tax policy and public opinion.

  85. Chris Arndt says:

    Goshdamned nanny-staters.

    Take that as you will.

    Leave me the fark alone Bill Gates!

    I want to back up my Star Wars DVDs.

  86. UtopiaV1 says:

    The average man does not want to be free. He simply wants to be safe.
    – H. L. Mencken

    Pretty much sums up what you spent the past 30 minutes saying in greater detail! I like the video, I don’t like whats going to happen (or what’s already happened) to my computer. Hopefully we haven’t all grown so fat and lazy that we won’t take up (metaphorical) arms against injustices like this. Viva la Linux!!!

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun. Your email address will not be published. Required fields are marked*

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="http://en.wikipedia.org/wiki/Darth_Vader">Darth Vader</a> on Wikipedia!

You can quote someone like this:
Darth Vader said <blockquote>Luke, I am your father.</blockquote>

Leave a Reply to ThaneofFife Cancel reply

Your email address will not be published.