Re: Trustworthy Computing
From: cquirke (MVP Win9x) (cquirkenews_at_nospam.mvps.org)
Date: 04/03/04
- Next message: Pavel A.: "Re: Need HELP with deleting or intalling programs"
- Previous message: ryan: "win 98 help"
- In reply to: kurttrail: "Re: Trustworthy Computing"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 03 Apr 2004 05:32:16 +0200
On Fri, 2 Apr 2004 18:26:21 -0500, "kurttrail"
>>> The "Trustworthy Computing" NGSCB BS is gonna affect how
>>> everyone uses their computer. And it's a hell of a lot more
>>> interesting topic than all the "I'm too effin' lazy and stupid to
>>> help myself, so can someone tell me how?" topics.
These are community news groups, and helping the community isn't just
about answering "how do I?" posts. It's also about highlighting
defects both in existing and planend products, discussing where we
feel the platform should be going, and so on.
The problem with news group volume isn't so much the presence of
threads one is not interested in, it's the sprawl from a single thread
in one newsgroup to the same post sent again and again every few hours
to multiple newsgroups, each time as a new thread.
>>> Technology's promise has been perverted by the technology
>>> companies, and consumers are the victim of this perversion.
That is entirely accurate. The natural advantages of digital
information are being crippled by adding an artificial scarcity.
>>> Do you really trust any business that tells you what you can
>>> & cannot do in your home ...
No. Let's look at business' track record to date, given the
opportunities already afforded by the OS:
- stealth-installed software via BHOs and other designed features
- exploitation of non-designed software defects
- various forms of revenue re-direction (theft)
- vandors; trash your interests if they think thiers are infringed
- no price drop when moving from records to cheaper CDs
- failure to preserve cultural legacy
Note that the above don't go about what traditional malware does
(though we know business do leverage traditional malware in various
ways, e.g. spammers sending through wild malware's SMTP).
These are "we'll sue you if you call us malware" commercial
enterprises that stealth into systems, change their code to break
detection by clean-up utilities, sue said clean-up utilities for
infringing their rights to do business, redirect revenue from value
providers (e.g. pasting their own ads over those of a site, adding
their own paid-for hypertext links, extending the Internet to include
"domains" they have sold) and so on. These commercial malware are not
above exploiting software defects to intrude, just like "real" malware
The last two refer to one of the main industries who will leverage
DRM, and that is the music industry. As publishers and copyright
holders of music culture, they have a responsability to make this
material available to the world even after they have lost interest in
the commercial exploitation thereof (or at least, get out of the way
so others can do this).
Instead, you get the absurd situation where:
- they own the rights to material
- they "delete" this material from thier catalogs
- nevertheless, they forbid anyone else to make this available
- even the original artist is prohibited from doing so
Material has cultural value in and of itself, and is not
interchangeable in value. A brand new copy of Michael Jackson's new
album is not a substitute for the first Amon Dull album, and so on.
Pimps that lose interest in commercially exploiting the material
should be cut out of the equation. What we see here is the "land
mine" effect, because the commercial rights of the pimp are unbounded
and allowed to exceed those of the value creator. You lay mines as
part of a campaign to win a war that ends after a year or so, but the
mines are still there afterwards - and now no-one remembers where they
were laid or how to get rid of them.
>>> ...with your legally purchased retail products?
Here's where Kurt and I disagree. I recognise that as a value
creator, you may wish to limit what a consumer does with your
material. To some extent, your wishes are overridden by the rights of
society, i.e. free speech means your work can indeed be partially
quoted, parodied and so on.
Nevertheless, I do believe that value providers have the right to make
availability of their material subject to contractual limitations - be
they NDA, limits on further distribution, limits on reverse
engineering or whatever. As long as these points lie within the
constitutional norms of society and are stated upfront, OK.
The problem is, we have been inclined to rubber-stamp such contracts
on the basis that we have no intention of honoring them, and that the
contracts don't matter because they are not enfoceable. This has
allowed more and more onerous End User License "Agreements" to become
the new standard, and now when content providers have the technology
to enforce these rights, we wake up and cry foul.
>>> If you want hide your head in the sand, that's cool for you, but many
>>> people want all this copy-protection/DRM BS to stop because corporate
>>> entities should not be managing the rights of HUMAN BEINGS,
yes
>>> that's why we have governments!
er...
I see the technical issue slightly differently, and that is: The
system owner should have final and absolute control over every file on
the system. Anything that "protects" a file beyond the keyboard
user's ability to manage it is a bomb just waiting to go off.
We know how bloody-minded and malicious bona fide businesses can be,
but we also know that traditional malware black hats gain backdoor
access to the same power. We've seen MS source code leaked, MS
Certificate of Authority stolen, large-scale conterfeiting of products
and countless examples of industrial espionage.
We know how MS tends to blur the boundry between data (what is safe to
view) and programs (which should not be run unless a far higher level
of trust has been esstablished). Even aside from by-design
opportunities such as auto-running scripts in Office documents, HTML,
and even media files, there are the unintentended opportunities
afforded by unchecked buffers in anything that accepts input.
So consider this scenario:
- the "keys' to some corp's DRM protection get nicked
- a malware uses the corp's DRM mask to protect itself
- the corp doesn't have the keys to that particular item
- the item cannot be controlled as a result
Landmines, brother. Best idea; don't invent 'em in the first place.
>------------------ ----- ---- --- -- - - - -
The rights you save may be your own
>------------------ ----- ---- --- -- - - - -
- Next message: Pavel A.: "Re: Need HELP with deleting or intalling programs"
- Previous message: ryan: "win 98 help"
- In reply to: kurttrail: "Re: Trustworthy Computing"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
