On Mon, 20 Jan 2003 15:34:09 +0800, you wrote:
None of this is relevant to individuals copying works for scholarship or
research. Fair Use still applies.
Matthew X wrote:
We learned as much on Wednesday when the U.S. Supreme Court ruled that
Congress can repeatedly extend copyright
On Wed, 08 Jan 2003 10:01:22 -0500, you wrote:
WOW!
While I may agree that Tim May seems to like anarchy as long as he's in charge of
it, he does come up with some truly destabilising and dangerous ideas every now and
then.
Like his alter ego Jim Choate, there's some real signal burried
Major Variola (ret) feared:
None have yet commented that in 60 years, there will be no one left that
remembers
what things were like.
Will people really just wimp out to this? Do you really think all those
militia people will just doze on? Maybe people need to start asking themselves,
I decided to look into these DMT Rands that everyone has been yammering
about. I'm not terribly surprised to see that they are a product of the
Laissez Faire City grifters. No thanks.
This little investigation did spark my interest in aquiring gold, however.
Do readers of this list have
Greg Broiles wrote about randomizing survey answers:
That doesn't sound like a solution to me - they haven't provided anything
to motivate people to answer honestly, nor do they address the basic
problem, which is relying on the good will and good behavior of the
marketers - if a website
Lucky Green wrote:
AARG! Wrote:
In addition, I have argued that trusted computing in general
will work very well with open source software. It may even
be possible to allow the user to build the executable himself
using a standard compilation environment.
What AARG! is failing to
Niels Ferguson wrote:
At 16:04 16/09/02 -0700, AARG! Anonymous wrote:
Nothing done purely in software will be as effective as what can be done
when you have secure hardware as the foundation. I discuss this in more
detail below.
But I am not suggesting to do it purely in software. Read
Microsoft has apparently just made available a new FAQ on its
controversial Palladium technology at
http://www.microsoft.com/PressPass/features/2002/aug02/0821PalladiumFAQ.asp.
Samples:
Q: I've heard that Palladium will force people to run only
Microsoft-approved software.
A: Palladium
Dr. Mike wrote, patiently, persistently and truthfully:
On Fri, 16 Aug 2002, AARG! Anonymous wrote:
Here are some more thoughts on how cryptography could be used to
enhance user privacy in a system like TCPA. Even if the TCPA group
is not receptive to these proposals, it would be useful
Here are some more thoughts on how cryptography could be used to
enhance user privacy in a system like TCPA. Even if the TCPA group
is not receptive to these proposals, it would be useful to have an
understanding of the security issues. And the same issues arise in
many other kinds of systems
It seems that there is (a rather brilliant) way to bypass TCPA (as spec-ed.) I learned
about it from two separate sources, looks like two independent slightly different
hacks based on the same protocol flaw.
Undoubtedly, more people will figure this out.
It seems wise to suppress the urge and
Joe Ashwood writes:
Actually that does nothing to stop it. Because of the construction of TCPA,
the private keys are registered _after_ the owner receives the computer,
this is the window of opportunity against that as well.
Actually, this is not true for the endoresement key, PUBEK/PRIVEK,
Basically I agree with Adam's analysis. At this point I think he
understands the spec equally as well as I do. He has a good point
about the Privacy CA key being another security weakness that could
break the whole system. It would be good to consider how exactly that
problem could be
One of the many charges which has been tossed at TCPA is that it will
harm free software. Here is what Ross Anderson writes in the TCPA FAQ
at http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html (question 18):
TCPA will undermine the General Public License (GPL), under which
many free and open
I thought of another interesting application for trusted computing
systems: mobile agents. These are pieces of software which get
transferred from computer to computer, running on each system,
communicating with the local system and other visiting agents,
before migrating elsewhere.
This was a
Brian LaMacchia writes:
So the complexity isn't in how the keys get initialized on the SCP (hey, it
could be some crazy little hobbit named Mel who runs around to every machine
and puts them in with a magic wand). The complexity is in the keying
infrastructure and the set of signed
David Wagner wrote:
To respond to your remark about bias: No, bringing up Document Revocation
Lists has nothing to do with bias. It is only right to seek to understand
the risks in advance. I don't understand why you seem to insinuate
that bringing up the topic of Document Revocation Lists
Adam Back writes:
+---++
| trusted-agent | user mode |
|space | app space |
|(code ++
| compartment) | supervisor |
| | mode / OS |
+---++
| ring -1 / TOR |
Mike Rosing wrote:
The difference is fundamental: I can change every bit of flash in my BIOS.
I can not change *anything* in the TPM. *I* control my BIOS. IF, and
only IF, I can control the TPM will I trust it to extend my trust to
others. The purpose of TCPA as spec'ed is to remove my
Seth Schoen of the EFF has a good blog entry about Palladium and TCPA
at http://vitanuova.loyalty.org/2002-08-09.html. He attended Lucky's
presentation at DEF CON and also sat on the TCPA/Palladium panel at
the USENIX Security Symposium.
Seth has a very balanced perspective on these issues
AARG! wrote:
I asked Eric Murray, who knows something about TCPA, what he thought
of some of the more ridiculous claims in Ross Anderson's FAQ (like the
SNRL), and he didn't respond. I believe it is because he is unwilling
to publicly take a position in opposition to such a famous and
An article on Salon this morning (also being discussed on slashdot),
http://www.salon.com/tech/feature/2002/08/08/gnutella_developers/print.html,
discusses how the file-trading network Gnutella is being threatened by
misbehaving clients. In response, the developers are looking at limiting
the
Several people have objected to my point about the anti-TCPA efforts of
Lucky and others causing harm to P2P applications like Gnutella.
Eric Murray wrote:
Depending on the clients to do the right thing is fundamentally
stupid.
Bran Cohen agrees:
Before claiming that the TCPA, which is from
Anon wrote:
You could even have each participant compile the program himself,
but still each app can recognize the others on the network and
cooperate with them.
Matt Crawford replied:
Unless the application author can predict the exact output of the
compilers, he can't issue a signature on
Mike Rosing wrote:
On Fri, 2 Aug 2002, AARG! Anonymous wrote:
You don't have to send your data to Intel, just a master storage key.
This key encrypts the other keys which encrypt your data. Normally this
master key never leaves your TPM, but there is this optional feature
where it can
James Donald writes:
James Donald writes:
I can only see one application for voluntary TCPA, and that is
the application it was designed to perform: Make it possible
run software or content which is encrypted so that it will
only run on one computer for one time period.
On 3
Here are some alternative applications for TCPA/Palladium technology which
could actually promote privacy and freedom. A few caveats, though: they
do depend on a somewhat idealized view of the architecture. It may be
that real hardware/software implementations are not sufficiently secure
for
Peter Trei writes:
It's rare enough that when a new anononym appears, we know
that the poster made a considered decision to be anonymous.
The current poster seems to have parachuted in from nowhere,
to argue a specific position on a single topic. It's therefore
reasonable to infer that
Peter Trei envisions data recovery in a TCPA world:
HoM: I want to recover my data.
Me: OK: We'll pull the HD, and get the data off it.
HoM: Good - mount it as a secondary HD in my new system.
Me: That isn't going to work now we have TCPA and Palladium.
HoM: Well, what do you have to
Sampo Syreeni writes:
On 2002-08-01, AARG!Anonymous uttered to [EMAIL PROTECTED],...:
It does this by taking hashes of the software before transferring
control to it, and storing those hashes in its internal secure
registers.
So, is there some sort of guarantee that the transfer
James Donald writes:
TCPA and Palladium give someone else super root privileges on my
machine, and TAKE THOSE PRIVILEGES AWAY FROM ME. All claims that
they will not do this are not claims that they will not do this,
but are merely claims that the possessor of super root privilege
on my
Eric Murray writes:
TCPA (when it isn't turned off) WILL restrict the software that you
can run. Software that has an invalid or missing signature won't be
able to access sensitive data[1]. Meaning that unapproved software
won't work.
[1] TCPAmain_20v1_1a.pdf, section 2.2
We need to
James Donald wrote:
On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
both Palladium and TCPA deny that they are designed to restrict
what applications you run. The TPM FAQ at
http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads
They deny that intent, but physically they have
On Mon, 29 Jul 2002 14:25:37 -0400 (EDT), you wrote:
Congressman Wants to Let Entertainment Industry Get Into Your Computer
Rep. Howard L. Berman, D-Calif., formally proposed
legislation that would give the industry unprecedented new
authority to secretly hack into
Read a great article on Slashdot about the recent DRM workshop,
http://slashdot.org/article.pl?sid=02/07/18/1219257, by al3x:
As the talks began, I was brimming with the enthusiasm and anger of an
activist, overjoyed at shaking hands with the legendary Richard
Stallman, thrilled with
David Wagner wrote:
Anonymous wrote:
Legislation of DRM is not in the cards, [...]
Care to support this claim? (the Hollings bill and the DMCA requirement
for Macrovision in every VCR come to mind as evidence to the contrary)
The line you quoted was the summary from a message which
Seth Schoen writes:
The Palladium security model and features are different from Unix, but
you can imagine by rough analogy a Unix implementation on a system
with protected memory. Every process can have its own virtual memory
space, read and write files, interact with the user, etc. But
and being able to kill each and every one from behind.
Don't expose yourselves -- always shoot from behind. But know this one thing
Aim for the head, and use fragmenting/hydrashock ammo. Exploded heads seem to disturb
others the most.
What really changed in the Valley is that the best are gone. There is always a very
small number of real contributors, I'd say one in several hundreds, that shape the
whole environment and dictate the overall mood.
This was best seen in Xerox PARC, where sleazy Gilman Louie was selling
39 matches
Mail list logo