Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
David Brodbeck wrote: > I remember when Intel started shipping processors with unique ID > numbers. There was much weeping and gnashing of teeth as open-source > proponents and privacy advocates declared that this would lead to the > end of civilization as we know it. Yup, remember being twitchy about that. > In reality, it was a huge non-event; > no software I know of uses it, So nobody uses it, > and every system I've ever seen has > shipped with the processor ID disabled. you've got to turn it on to use it, > Even companies that make > corporate software, who tend to be more into copy protection than most, > seem to have mostly ignored it and it's ignored. It was a non-event because said weeping and gnashing led to it being unused, _not_ because its uses would be benign. It's my pleasure to have helped prevent you from finding out just how bad those uses could be. :-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
On Jan 13, 2008, at 1:47 PM, Hal Finney wrote: I am actively involved with some open-source TPM projects and see this technology as having tremendous potential. It pains me to see so much uninformed FUD being cast about whenever the topic comes up. We're a twitchy bunch, aren't we? I remember when Intel started shipping processors with unique ID numbers. There was much weeping and gnashing of teeth as open-source proponents and privacy advocates declared that this would lead to the end of civilization as we know it. In reality, it was a huge non- event; no software I know of uses it, and every system I've ever seen has shipped with the processor ID disabled. Even companies that make corporate software, who tend to be more into copy protection than most, seem to have mostly ignored it and stuck with using MAC addresses or external dongles as identifiers. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
On Sun, Jan 13, 2008 at 08:23:30PM -0600, Ron Johnson wrote: > On 01/13/08 19:42, David wrote: > > > >> > >> Here in the US, 99.5% of the people who regularly use the intarweb > >> couldn't secure their computer with a map, both hands and a flashlight. > > > > They should get the Canadians to show them what they don't know how. > > The canucks are too busy swilling Molson, eh, and shooting moose. > Nah, we just use OpenBSD for our secure boxes. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/13/08 19:42, David wrote: > Ron Johnson wrote: > >> >> Here in the US, 99.5% of the people who regularly use the intarweb >> couldn't secure their computer with a map, both hands and a flashlight. > > They should get the Canadians to show them what they don't know how. The canucks are too busy swilling Molson, eh, and shooting moose. > Regards, - -- Ron Johnson, Jr. Jefferson LA USA "I'm not a vegetarian because I love animals, I'm a vegetarian because I hate vegetables!" unknown -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHiseiS9HxQb37XmcRAtJfAKDOBR/j+TrSf3eqSq1jO85PBpcYEgCgn9O3 1sKwhUrBI7uRZJjj4hqa/0w= =flnH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
Ron Johnson wrote: Here in the US, 99.5% of the people who regularly use the intarweb couldn't secure their computer with a map, both hands and a flashlight. They should get the Canadians to show them what they don't know how. Regards, -- David Palmer Linux User - #352034 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
On Sun January 13 2008 17:18:42 Ron Johnson wrote: > Here in the US, 99.5% of the people who regularly use the intarweb > couldn't secure their computer with a map, both hands and a flashlight. How about with a Debian installation CD? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/13/08 17:07, David wrote: > Hal Finney wrote: [snip] > > There is no critique of open source formats here (I've been meaning to > check back on the Open Bios project for a while), but I do endorse full > control being in the hands of the enduser, especially in regard to the > internet. Once control is translated to the network, the controllers of > the network dictate access and content and the most innovative > environment in the history of the species degenerates to the state of > being no more than cable tv, on speed, replete with ads. > > It is of the utmost importance that the control factor is kept at the > 'edge' of the 'net, in the hands of the enduser and that the network > itself, is kept in as simple a state as possible. Here in the US, 99.5% of the people who regularly use the intarweb couldn't secure their computer with a map, both hands and a flashlight. - -- Ron Johnson, Jr. Jefferson LA USA "I'm not a vegetarian because I love animals, I'm a vegetarian because I hate vegetables!" unknown -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHirhyS9HxQb37XmcRAr1/AJ9OhK8KvYi4LiEhC2xKhJQ0mzIVWACeNvmx vSXkHIRayqRdA6cilXoHbxc= =k2gO -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
> Jimmy Wu wrote: >> I just got the ThinkPad T61 laptop today. I went in to system >> properties to take a look at the hardware device manager and I noticed >> it included "Trusted Platform Module 1.2". Now, this raised a red >> flag for me, as my first impressions of "trusted computing" were >> framed by this article: >> http://badvista.fsf.org/what-s-wrong-with-microsoft-windows-vista > > It pains me to see so much uninformed FUD being > cast about whenever the topic comes up. > > Hal This possibly because Microsoft endorses it; makes everyone suspicious. Probably not so much because they are into money but indecent amounts of money. But then it might be different if I was a shareholder. The other reason being there is not a great deal of information around about this issue which people have an interest in or maybe time to access? So thanks for adding your view to this topic. That's one of the benefits of a list like this. Be well, Charlie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
Hal Finney wrote: Jimmy Wu wrote: I just got the ThinkPad T61 laptop today. I went in to system properties to take a look at the hardware device manager and I noticed it included "Trusted Platform Module 1.2". Now, this raised a red flag for me, as my first impressions of "trusted computing" were framed by this article: http://badvista.fsf.org/what-s-wrong-with-microsoft-windows-vista Well, that article doesn't mention the TPM. Vista does not use TPMs for DRM. Besides the fact that DRM isn't the sole core issue here, when it's seen that WMP is no more than a music playing trojan, I have no belief whatsoever, that anything that MS chooses to implant at a deeper level on my system is going to operate according to a higher standard of ethics. I'm not just looking at MS here, but also Intel's CPU registration programme, Belkin's sweet concept of trojans on their routers a little time ago and gremlins placed in the BIOS dating from the Phoenix/Award amalgamation, etc., etc., etc. The rider placed on ethical standards here is the one I have already stated. That of corporate desire for market control, as near to complete as possible, and corporate entities never sleep. It takes things like a continuous, international, labour overhead free, development programme to, at least, keep up, and hopefully gradually pull ahead. The only thing Vista uses the TPM for is the DiskLocker whole disk encryption system, which uses the TPM to protect its keys, a use entirely in the interests of the owner/operator of the computer. Right. So you've read the code? Who holds the master key? Whose servers cater to the information flow? Contrary to much of the publicity about the chip, TPMs are not (yet) useful for DRM, and it's questionable whether they ever will be. That will require substantially more research in operating systems, as well as a net-wide TPM certificate infrastructure that does not yet exist. Really? Seems a fairly simple adaptation to me. http://www.wipo.int/pctdb/en/wo.jsp?wo=1999015947 Ask yourself this: if the real goal of the TPM is for DRM and taking away control from end users, why would most TPM projects be on Linux and other open-source platforms? Because there are more of them. FOSS development has always been conducted along a multithread format. There is no critique of open source formats here (I've been meaning to check back on the Open Bios project for a while), but I do endorse full control being in the hands of the enduser, especially in regard to the internet. Once control is translated to the network, the controllers of the network dictate access and content and the most innovative environment in the history of the species degenerates to the state of being no more than cable tv, on speed, replete with ads. It is of the utmost importance that the control factor is kept at the 'edge' of the 'net, in the hands of the enduser and that the network itself, is kept in as simple a state as possible. In addition to TPM device drivers, Linux has the Trousers TPM library and the Integrity Measurement Architecture kernel patches, among others. Xen has TPM extensions, and a couple of versions of TPM-aware Trusted Grub exist as well. I suggest that the dangers of TPMs and Trusted Computing have been exaggerated and are entirely hypothetical at this time. In contrast, software exists today that can use the TPM to provide real benefits to users on both Linux and Windows platforms. I am actively involved with some open-source TPM projects and see this technology as having tremendous potential. It pains me to see so much uninformed FUD being cast about whenever the topic comes up. When security aspects are in the control of others, so is the entity those security aspects are 'protecting'. From other conversations I have had, this appears to be a reasonably accurate statement of the scenario. http://en.wikipedia.org/wiki/Trusted_Platform_Module I reiterate, we all have a right to a private, personal level of existence. This doesn't mean that those of us that espouse this are therefore guilty of all the negative aspects that an open environment also caters to. There is a tremendous noise concerning paedophilia and the ilk on the net, and the requirement of governments, with concerned corporate citizens in the background, stentoriously proclaiming the need for control of the network, despite the fact that programmes such as 'Netnanny' and similar are downloadable, even directly from your own friendly, local ISP in many cases. There is an agenda and it needs to be countered, not catered to. Regards, -- David Palmer Linux User - #352034 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
Jimmy Wu wrote: > I just got the ThinkPad T61 laptop today. I went in to system > properties to take a look at the hardware device manager and I noticed > it included "Trusted Platform Module 1.2". Now, this raised a red > flag for me, as my first impressions of "trusted computing" were > framed by this article: > http://badvista.fsf.org/what-s-wrong-with-microsoft-windows-vista Well, that article doesn't mention the TPM. Vista does not use TPMs for DRM. The only thing Vista uses the TPM for is the DiskLocker whole disk encryption system, which uses the TPM to protect its keys, a use entirely in the interests of the owner/operator of the computer. Contrary to much of the publicity about the chip, TPMs are not (yet) useful for DRM, and it's questionable whether they ever will be. That will require substantially more research in operating systems, as well as a net-wide TPM certificate infrastructure that does not yet exist. Ask yourself this: if the real goal of the TPM is for DRM and taking away control from end users, why would most TPM projects be on Linux and other open-source platforms? In addition to TPM device drivers, Linux has the Trousers TPM library and the Integrity Measurement Architecture kernel patches, among others. Xen has TPM extensions, and a couple of versions of TPM-aware Trusted Grub exist as well. I suggest that the dangers of TPMs and Trusted Computing have been exaggerated and are entirely hypothetical at this time. In contrast, software exists today that can use the TPM to provide real benefits to users on both Linux and Windows platforms. I am actively involved with some open-source TPM projects and see this technology as having tremendous potential. It pains me to see so much uninformed FUD being cast about whenever the topic comes up. Hal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
David wrote: Scott Gifford wrote: David <[EMAIL PROTECTED]> writes: Jimmy Wu wrote: [...] (2) Does Debian support TPM chips? What is the community's take on the issue? My take is that TPM does have some security merits, but it also has a lot of potential for abuse. Google turned up these results of the beginnings of TPM support in Linux: http://www.linuxelectrons.com/news/linux/15574/ibm-brings-trusted-computing-linux http://lwn.net/Articles/144681/ Never on my machine. TPM is actually pretty interesting from a security perspective. It has nothing to do with ID on the Internet, What articles there are on the subject state that network validation is a feature. but instead uses a chain of certificates to verify that the code you're booting is what's configured in the TPM settings. If you get a boot sector virus, your computer won't boot because it doesn't match what's expected. If your box gets owned and the kernel hacked to hide the intruder, it will stop booting because the kernel won't match what's expected. If your applications are modified by an attacker, they won't run because they aren't what's expected. The big question that determines whether this is a giant security win or a huge loss of control is who gets to configure TPM. If it's you, great, you can decide what OS to trust, etc. But if it's the manufacturer, then you've lost control over what you can boot, which is awful. I feel safe in predicting the outcome now. All FOSS advocates are in love with IBM at the moment, forgetting that IBM once occupied that portion of the market that Microsoft are currently trying to regain/retain with their flawed OOXML ISO application, and were every bit as ruthless. It doesn't seem clear to me yet which will be prevalent. Also, it's not clear what this will do for reliability. Will minor, correctable corruption become complete breakage? I find it hard to see how you could have one without the other. Write a small modification script and your system doesn't operate anymore. Corporate supplied software only. Written by licenced programmers only. More than one way to skin a cat. The OOXML and TCM aspects seem to have the same potential in common. Control, and the corporate ideal of dictating to the marketplace. Time will tell, I guess. I don't intend to sit on my hands. I've just bought a couple of Bruce Schneier's books and intend to explore other directions of the cryptographic ilk also. Not just because of TCM or because I'm a member of Al Quaida, but because I have a basic existential right to a private, personal existence. I don't feel that I need either Microsoft or IBM to make decisions on what I should or shouldn't have on my own box. If they began to do so, which it appears they have, I should have to suspect their motives. I feel quite confident in my own abilities to make any and all decisions on my personal existence, thanking them very politely anyway. Regards, That kind of "freedom talking" will get you marked as a radical!! Next thing you know, you will be talking about "source code". I think we need to watch you! -- Damon L. Chesser [EMAIL PROTECTED] 404-271-8699 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
On Saturday 12 January 2008 08:45 David wrote: > I'm a member of Al Quaida OMG, everybody RUN! Yes that "missquote" was on purpose, please read the references before arresting this person...(whoever it may concern...) -- http://noneisyours.marcher.name http://feeds.feedburner.com/NoneIsYours You are not free to read this message, by doing so, you have violated my licence and are required to urinate publicly. Thank you. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
Scott Gifford wrote: David <[EMAIL PROTECTED]> writes: Jimmy Wu wrote: [...] (2) Does Debian support TPM chips? What is the community's take on the issue? My take is that TPM does have some security merits, but it also has a lot of potential for abuse. Google turned up these results of the beginnings of TPM support in Linux: http://www.linuxelectrons.com/news/linux/15574/ibm-brings-trusted-computing-linux http://lwn.net/Articles/144681/ Never on my machine. TPM is actually pretty interesting from a security perspective. It has nothing to do with ID on the Internet, What articles there are on the subject state that network validation is a feature. but instead uses a chain of certificates to verify that the code you're booting is what's configured in the TPM settings. If you get a boot sector virus, your computer won't boot because it doesn't match what's expected. If your box gets owned and the kernel hacked to hide the intruder, it will stop booting because the kernel won't match what's expected. If your applications are modified by an attacker, they won't run because they aren't what's expected. The big question that determines whether this is a giant security win or a huge loss of control is who gets to configure TPM. If it's you, great, you can decide what OS to trust, etc. But if it's the manufacturer, then you've lost control over what you can boot, which is awful. I feel safe in predicting the outcome now. All FOSS advocates are in love with IBM at the moment, forgetting that IBM once occupied that portion of the market that Microsoft are currently trying to regain/retain with their flawed OOXML ISO application, and were every bit as ruthless. It doesn't seem clear to me yet which will be prevalent. Also, it's not clear what this will do for reliability. Will minor, correctable corruption become complete breakage? I find it hard to see how you could have one without the other. Write a small modification script and your system doesn't operate anymore. Corporate supplied software only. Written by licenced programmers only. More than one way to skin a cat. The OOXML and TCM aspects seem to have the same potential in common. Control, and the corporate ideal of dictating to the marketplace. Time will tell, I guess. I don't intend to sit on my hands. I've just bought a couple of Bruce Schneier's books and intend to explore other directions of the cryptographic ilk also. Not just because of TCM or because I'm a member of Al Quaida, but because I have a basic existential right to a private, personal existence. I don't feel that I need either Microsoft or IBM to make decisions on what I should or shouldn't have on my own box. If they began to do so, which it appears they have, I should have to suspect their motives. I feel quite confident in my own abilities to make any and all decisions on my personal existence, thanking them very politely anyway. Regards, -- David Palmer Linux User - #352034 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
David <[EMAIL PROTECTED]> writes: > Jimmy Wu wrote: [...] >> (2) Does Debian support TPM chips? What is the community's take on the issue? >> My take is that TPM does have some security merits, but it also has a >> lot of potential for abuse. >> Google turned up these results of the beginnings of TPM support in Linux: >> http://www.linuxelectrons.com/news/linux/15574/ibm-brings-trusted-computing-linux >> http://lwn.net/Articles/144681/ > > Never on my machine. TPM is actually pretty interesting from a security perspective. It has nothing to do with ID on the Internet, but instead uses a chain of certificates to verify that the code you're booting is what's configured in the TPM settings. If you get a boot sector virus, your computer won't boot because it doesn't match what's expected. If your box gets owned and the kernel hacked to hide the intruder, it will stop booting because the kernel won't match what's expected. If your applications are modified by an attacker, they won't run because they aren't what's expected. The big question that determines whether this is a giant security win or a huge loss of control is who gets to configure TPM. If it's you, great, you can decide what OS to trust, etc. But if it's the manufacturer, then you've lost control over what you can boot, which is awful. It doesn't seem clear to me yet which will be prevalent. Also, it's not clear what this will do for reliability. Will minor, correctable corruption become complete breakage? Time will tell, I guess. ---Scott. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
On Friday 11 January 2008 22:14, Jimmy Wu wrote: > On Jan 10, 2008 12:31 PM, David Brodbeck <[EMAIL PROTECTED]> wrote: > > On Jan 9, 2008, at 5:27 PM, Mike Bird wrote: > > > You might want to make the recovery CDs and save the recovery > > > partition. > > > In this sad world, being able to restore/reinstall Vista will > > > dramatically > > > improve resale value when you replace the laptop in a few years. > > > > Although maybe not as much as if it had XP. ;) > > I just got the ThinkPad T61 laptop today. > [TPM description] > So, I have two questions: > (1) Is this really as scary as the article makes it out to be? (in > other words, should I be worried that this is on my computer?) > (2) Does Debian support TPM chips? What is the community's take on the > issue? My take is that TPM does have some security merits, but it also has > a lot of potential for abuse. > Google turned up these results of the beginnings of TPM support in Linux: > http://www.linuxelectrons.com/news/linux/15574/ibm-brings-trusted-computing >-linux http://lwn.net/Articles/144681/ I have Debian "etch" on a T61, with the TPM disabled. I forget whether I manually shut it off in the BIOS, or if I just ignored it entirely, but avoiding it is very simple. If you're dual-booting, or if you actually want TPM, that's a different story, of course. FWIW, I also blitzed the Windows install, reformatting the entire HD. -- A. -- Andrew Reid / [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trusted computing [WAS new user question: debian on a Thinkpad T61]
Jimmy Wu wrote: I just got the ThinkPad T61 laptop today. I went in to system properties to take a look at the hardware device manager and I noticed it included "Trusted Platform Module 1.2". Now, this raised a red flag for me, as my first impressions of "trusted computing" were framed by this article: http://badvista.fsf.org/what-s-wrong-with-microsoft-windows-vista So, I have two questions: (1) Is this really as scary as the article makes it out to be? (in other words, should I be worried that this is on my computer?) (2) Does Debian support TPM chips? What is the community's take on the issue? My take is that TPM does have some security merits, but it also has a lot of potential for abuse. Google turned up these results of the beginnings of TPM support in Linux: http://www.linuxelectrons.com/news/linux/15574/ibm-brings-trusted-computing-linux http://lwn.net/Articles/144681/ Never on my machine. So we need ID chips/cards on the 'net, now, do we? On disc encription is the direction I'll be heading in. Regards, -- David Palmer Linux User - #352034 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Trusted computing [WAS new user question: debian on a Thinkpad T61]
On Jan 10, 2008 12:31 PM, David Brodbeck <[EMAIL PROTECTED]> wrote: > > On Jan 9, 2008, at 5:27 PM, Mike Bird wrote: > > You might want to make the recovery CDs and save the recovery > > partition. > > In this sad world, being able to restore/reinstall Vista will > > dramatically > > improve resale value when you replace the laptop in a few years. > > Although maybe not as much as if it had XP. ;) I just got the ThinkPad T61 laptop today. I went in to system properties to take a look at the hardware device manager and I noticed it included "Trusted Platform Module 1.2". Now, this raised a red flag for me, as my first impressions of "trusted computing" were framed by this article: http://badvista.fsf.org/what-s-wrong-with-microsoft-windows-vista So, I have two questions: (1) Is this really as scary as the article makes it out to be? (in other words, should I be worried that this is on my computer?) (2) Does Debian support TPM chips? What is the community's take on the issue? My take is that TPM does have some security merits, but it also has a lot of potential for abuse. Google turned up these results of the beginnings of TPM support in Linux: http://www.linuxelectrons.com/news/linux/15574/ibm-brings-trusted-computing-linux http://lwn.net/Articles/144681/ Thanks, -- Jimmy Wu Registered Linux User #454138 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]