Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Hardware

TPM Security Chip For Your Cell Phone 162

pete314 writes "The Trusted Computing Group has unveiled that it is working on a mobile version of its TPM security chip. It should prevent the phone world from being hit by the same virus and hacking issues that face computers. However, the EFF is not amused, stating that the chip will be used for DRM, and could even limit which software the owner installs on his cell phone."
This discussion has been archived. No new comments can be posted.

TPM Security Chip For Your Cell Phone

Comments Filter:
  • by ReformedExCon ( 897248 ) <reformed.excon@gmail.com> on Wednesday September 28, 2005 @03:10AM (#13665127)
    I want to be able to install my own applications.

    etc.

    Reminds me of that episode of the Simpsons:

    Abortions for all.
    *crowd boos*
    Very well, no abortions for anyone.
    *crowd boos*
    Hmm... Abortions for some, miniature American flags for
    others.
    *crowd cheers*

    In my opinion, a phone is a tool. I don't ask screwdriver makers to make blank drivers so I can whittle my own philips head. If I need a tool with more features I will buy it, I don't want to worry about installing or developing my own tools. Meet me. Joe Consumer.
    • by aussie_a ( 778472 ) on Wednesday September 28, 2005 @03:22AM (#13665165) Journal
      Meet me. Joe Consumer.

      By posting on slashdot you prove that you actually know about TPM and have formed an opinion on it (at least in regards to mobile phones). Joe Consumer most definitely doesn't know about TPM and hasn't formed an opinion on it. Ergo, you're not Joe Consumer.
    • by Anonymous Coward
      Come on! you know you whip your phillips head, just like the rest of us.
    • by hecktorjade ( 918477 ) on Wednesday September 28, 2005 @03:58AM (#13665248)
      Well you certainly have a resonable point about being "joe consumer" and wanting to just get something that works. But the the rights of joe comsumer are exacty what is at stake. When the corporations (I am not making a political statement) create a device under the TCP they WILL contend that it is illegal to create software for the device. The DMCA has a provision that allows for the reverse engineering of a device for the process of creating software. However it is the process of creating software/development and its inherent nature that will come under scrutiny. On the bright side the TCP is not legislation. It is a consortium (I guess a kind way of saying colusion) of companies. If the TCP is fully realized the consumer will be morbidly limited to what they can actually do with the device. Ergo over time you will pay much more money for functionality because essentially the open source community will be unable to legally create, distribute and refine software.
    • In my opinion, a phone is a tool. I don't ask screwdriver makers to make blank drivers so I can whittle my own philips head. If I need a tool with more features I will buy it, I don't want to worry about installing or developing my own tools. Meet me. Joe Consumer.

      Fair enough, there is always going to be a portion of the population who want the no frills version of any given tool. However, in the case of mobile technology think about the fundamental difference between Apple and Microsoft in the early days.
    • What about when the battery runs out on your expensive consumer device, Joe, and you think - "Hey, I don't need to pay the service guy $50 dollars to open this up and replace the battery, I'll buy a $5 dollar battery and do it myself, saving $45 for more consuming, ooohhh yeaaaaah". You bring your trusty phillips, you examine the device and... it's got non-standard screws. This is what we're talking about Mr Consumer, don't you see!
    • If they start putting trusted (or rather threatherous) computing on mobile phones, they'll start doing it with cumputers too. Joe consumer will buy the computers and there arent that many processor chip makers out there, there will be less and less non-trusted computing chips around. At first they will be breakable or allow (free like in speech) open source software to be run. Later gradually options of open source software will run out, and it will die. Leaving they hard- and software industries free to a
      • This is a great theory as long as you don't care about having any evidence to back it up. I haven't seen any evidence that OSS will be blocked from running on a computer with TCPM. Just a lot of FUD to that effect. Doing something like that would basically destroy software development, open source or closed source, since every time I write some code I have to compile it and run it. If I can only run code that Microsoft says I can run, then after I compile, I have to ask Microsoft if it's safe? How will they
  • they had one before (Score:3, Informative)

    by scenestar ( 828656 ) on Wednesday September 28, 2005 @03:18AM (#13665152) Homepage Journal
    The mpx200 had a software lock that required all code to be signed with a digitall certificate.

    There about a gaziallion guides on how to flash your firmwware and get rid of it.

    if this chip comes out you can be sure of the fact that people are going to break open their phone and pull that sucker out.
    • if this chip comes out you can be sure of the fact that people are going to break open their phone and pull that sucker out.

      If you think this is possible, I suggest you read the TPM spec. Start with Part 1.

      It quickly becomes apparent that devices built to be used with this chip will not perform without it. Sure, someone hacked Mac OS X for Intel to run on some other white box machine without a TPM, but that was the OS - you're suggesting that someone just remove the offending hardware and be done with

    • this was down to the phone company to decide to implement. for example, on the Orange SPV C500 (an HTC typhoon running Windows Mobile 2003), they had an application lock of this sort. It doesn't stop all apps installing: just ones that write to protected areas of the registry. This can be a good thing: it stops Joe Punter screwing up his phone and Orange having to fix it. To get code to write to these protected areas, the developer either has to get it certified, or the user has to unlock the phone - wh
    • Sure, you could remove the DRM, but then you get arrested under the DMCA, the Feds realize you were hacking a phone (which obviously means you were planning to modify it to trigger a bomb), you get accused of being a "ter'rist," and get shipped to Gitmo.

      How many people do you really think will risk that?
    • congratulations, your phone no longer works.

      if it were only as easy as pulling the chip out, we'd have no reason to be concerned about our future dystopian overlords.

  • Logical next step (Score:5, Insightful)

    by MacGod ( 320762 ) on Wednesday September 28, 2005 @03:19AM (#13665154)
    It seems a logical next step for this to be used to only allow certain installs. After all, the carriers have long-since wanted you to *only* install stuff you pay them to download. I mean MP3 ringtons are just that-MP3s (short, 32Kbps ones even), yet you often can't transfer them simply by USB, you need to pay the carrier $3 for them.

    So, why would it be surprising that the carriers would want yet another layer of hardware/software protection to ensure that this golden revenue stream is the only way for people to add games/ringtones/wallpaper etc?
    • by ajs318 ( 655362 )
      Ah, but on a Sony-Ericsson phone, such as the k750i with built-in 2Mpx camera and radio receiver, not only can you use any of your own photographs as wallpaper; you can even record your own ringtones, using the phone's built-in mic. And then nothing is stopping you from infra-red beaming your homebrew multimedia across to any other phone. I don't think they're going to be making phones without mics any time soon ..... though if they did, I'd definitely buy one for my mother!

      As to the question of owners
  • Newsflash (Score:5, Informative)

    by Caine ( 784 ) * on Wednesday September 28, 2005 @03:20AM (#13665159)
    However, the EFF is not amused, stating that the chip will be used for DRM, and could even limit which software the owner installs on his cell phone.


    Newsflash: Phones already have DRM, it's a lot harder for the average person to bypass than a computer, and phones already limit what applications can be installed, or what they can do.

    • My phone just says that the program is not from a trusted source and do I want to install anyway?
      • Re:Newsflash (Score:4, Informative)

        by Caine ( 784 ) * on Wednesday September 28, 2005 @03:30AM (#13665183)
        Many newer phones don't allow for example file-system interaction from unsigned applications.
      • Re:Newsflash (Score:5, Informative)

        by AaronBrethorst ( 860210 ) on Wednesday September 28, 2005 @03:43AM (#13665224) Homepage
        It depends on what you have. From what you say above, it sounds like you have a device running Windows Mobile. The code signing feature is fantastic inasmuch as it lets *you* decide whether or not you trust an app, and how much you want to trust it, essentially. I have an Audiovox SMT 5600 (aka HTC Typhoon) which exhibits the same behavior. Heck, I can even write apps for it in Visual Studio 2005 and dump them onto the phone. No fuss, no muss. My old Sidekick (well, actually the fourth Sidekick I had; I got unlucky in terms of catastrophic hardware failures) would only run extra apps that were on Danger and T-Mobile's pre-approved list. Not my idea of fun.
        • Hmm... I've installed apps on a Samsung SPH-A660.

          "This program is not authorized by Sprint. Sprint is not liable for any damage it may cause to the phone. Proceed?"

          (Or something like that...)

          And that's just a J2ME phone... no Windows Mobile anywhere near there.
        • Re:Newsflash (Score:5, Informative)

          by Caine ( 784 ) * on Wednesday September 28, 2005 @06:00AM (#13665579)
          It depends on what you have. From what you say above, it sounds like you have a device running Windows Mobile.


          I don't have any specific phone. I write/design platform code for them, which is why I make broad general statements. DRM is coming more and more, TPM chip or not. My point wasn't that "Oh, it's already here, so let's just accept it" as someone said in a reply. My point was that the fact that TPM chips are coming doesn't really change much. There's DRM without them to, and it's still bad.

        • Bah, curse my Slashdot-browse settings, I thought you were replying to me. My apologies.
    • Re:Newsflash (Score:3, Insightful)

      by Travoltus ( 110240 )
      This is supposed to mean what? That it's a good thing because it's happening already?
  • It is true... (Score:5, Insightful)

    by Darkling-MHCN ( 222524 ) on Wednesday September 28, 2005 @03:23AM (#13665167)
    These systems are a two edged sword. The more open a system is the easier it is for malicious developers to exploit them. We could easily end up in a situation where in the name of securing systems the big players will lock out smaller players from the market by digitally controlling what applications are allowed to run on these systems. We may be on the dawn of an age where real monopoly's in computing are about to develop, where start-ups face real physical barriers that stop them from entering a market.

    The scariest part about this is, consumers will probably go for these systems as they will be hassle free, safe and free of worry. The only worry consumers will have is that the content of these systems is not only controlled for their own protection but also controlled to limit what they can and can't do, for alot of people I think the costs will be outwayed by the benefits.
    • the big players will lock out smaller players from the market
      That is already true; the mobile phone operators are already doing what they can to lock out alternatives to (for example) SMS/MMS so that they can keep overcharging. This I know for sure, since I have been involved in such a project. Also, the operators add additional DMR to the branded versions of the phones, which are the ones most people get.
    • ``These systems are a two edged sword. The more open a system is the easier it is for malicious developers to exploit them.''

      It all depends on how it's done. A chip that prevents the device from running any software not approved by some corporation protects against malware no better than a system which only runs software explicitly approved by the user, except in case of trojans. Add some sandboxing that only allows software to access resources that the user explicitly enabled access to, and you have a pret
      • Good observations.

        A system which is impossible to modify is a good candidate for being a secure system. It also has limited usefulness.

        The security requirements for a system which can be modified take us to another level. Provided a system meets those requirements, there is little need to distinguish between software approved by a vendor and software approved by a user.

  • by Sycraft-fu ( 314770 ) on Wednesday September 28, 2005 @03:38AM (#13665208)
    They already limit cell phones. At my last job we got Motorola T720 cellphones form Alltel. One of the features that wow'd everyone was the ability to play MIDIs for ringtones. So they all wanted custom ringtones (I personally just use a phone ring sound). They also wanted custom backgrounds (it only had a few). So one guy got a data cable so everyone could upload stuff. Er, wrong. None of that kind of stuff was accessable. It was basically only useful for transfering numbers and using it as a modem if you had a data package. You had to purchase new wallpaper and ringtones via the store. Same for games,

    Ended up having to search the net and find some utilities to hack it. Even if you got a utility to directly access the file system and added something, it wouldn't be usable on the phone, you had to alter data files. It was quite clearly a deliberate lockout.

    With this sort of thing, they'll just step it up to the next level.
    • I think you've hit the nail on the head.

      The DRM fits the "customer is a schmuck from whom we suck our pound of flesh, one ringtone at a time."

      The phone companies are living and dying on their ringtone money these days, right? I can imagine that smart folks said, "well, if the phone guys want a long-term micropayment system, let's just load it up with DRM, and then they can suck to their cold-hearted heart's content."

      It got me to reflecting that the average Linux hacker couldn't be more put off by DRM, other
  • by Anonymous Coward on Wednesday September 28, 2005 @03:49AM (#13665234)
    My only concern with future phones is the prevalence of ads. I block any and all ads I can on the internet, both with a large hosts file and Firefox's AdBlock extention. I'll go nuts if I can't bar proximity ads from worming into my phone, like this [newscientist.com].
    • In about two minutes, after every cell phone walking past goes off, people would figure it out and find a way to fuck with the instalation, fuck with the installer and, finally, wreck the equipment.

      The WORST part of "Minority Report" was the store Tom Cruise went into after he got his eyes replaced (and that kept mis-identifying him.)
  • Verizon (Score:1, Interesting)

    by Anonymous Coward
    This is what Verizon does with all of its phones. It cripples them so it can make the maximum amount of money selling the same functionality back to the customer. Case in point - the Motorola V710.
  • by metalmaniac1759 ( 600176 ) on Wednesday September 28, 2005 @04:02AM (#13665253) Homepage Journal
    The death of DRM is imminent. It might take some time... but it'll come for sure.

    Picture this - all mobile manufacturers will start shipping DRM enabled phones. Manufacturers will tie-up with content providers, and most of the content being provided will be DRMed.

    After a sizeable number of consumers are stuck with DRMed schmuck which makes them pay $$$ for every time they press a button on the phone... there'll be a HUGE demand for a non-DRMed phone.

    At that point of time if any company comes up with a non-DRMed phone with enough non-DRMed content to make the consumer moderately happy - it will strike gold!

    For this to work - consumers need to unhappy about DRM... that's almost like a social revolution - and revolutions take time!

    Nandz.
    • by RAMMS+EIN ( 578166 ) on Wednesday September 28, 2005 @05:36AM (#13665496) Homepage Journal
      Bah. People are paying for DRMed ringtones, wallpapers, DVDs, music, software, and maybe other things just fine already. Only a small minority of these people will actually want to do things that the DRM won't allow them to do; most people don't even know or care that there's DRM involved. I don't think DRM is going to die; there's simply not a lot of opposition to it, while the pro-DRM camp has billions of dollars.

      What's much more likely to happen is that DRMed and non-DRMed products will coexist in many markets; especially the ones that are easily accessible to hobbyists. If, indeed, enough people get turned off of DRM, that will merely create a healthy market for products with lighter or no DRM, but this will be in addition to the market where people don't care if there's DRM or not.
    • The death of DRM is imminent. It might take some time... but it'll come for sure.

      I don't think that word means what you think it means.
  • by Anonymous Coward
    And what happens when a TPM-enabled application turns out to have a security flaw, and a worm targets it?

    TPM won't protect you from viruses and worms. The idea it will is just one of Microsoft's lies. What TPM means is that when viruses and worms strike, the viruses and worms will be able to do things-- like lock away your files for ransom in the "copy protected" part of the hard drive-- that you will be literally unable to fix.
  • For anyone who has bothered looking at the TPM spec, it states that there's a Mobile type among the platform specific structures.

    This has been in the publicly posted spec since 1.2...several months now. Guess no one reads the spec.
  • Security (Score:4, Insightful)

    by Richard_at_work ( 517087 ) on Wednesday September 28, 2005 @04:12AM (#13665280)
    Im going to be pounced on for this, but I want security on my mobile phone, as much as humanly possible. The potential for me to lose money through an unsecure mobile phone is a lot more than that of a desktop or laptop computer since you cant unplug a mobile phone after use. It would be trivial to have an app dial a premium rate number on an unsecured phone, running up bills of hundreds of pounds or dollars and that is something I cannot afford to have and if TPM or DRM can prevent that, then Im willing to allow it in that environment. TPM has its place, and this is it - protecting me.
    • It would be trivial to have an app dial a premium rate number on an unsecured phone, running up bills of hundreds of pounds or dollars and that is something I cannot afford to have and if TPM or DRM can prevent that, then Im willing to allow it in that environment. TPM has its place, and this is it - protecting me.

      Think again.

      In your example, the only one being protected is the cell carrier. There is no way, at least not in the USA, that they could get away with holding you liable for a trojan-dialer that
      • That's assuming that you can prove that the calls were due to a trojan. If it rang premium rate lines for a couple of weeks and then removed itself before you got your bill, you'd have a fair amout of difficulty convincing the network that it wasn't you calling the numbers.
        • I just had an idea for a worm or virus that would install itself, run for a day, call everybody in your phone book with a pre-recorded Spam message and go to sleep until the next time it was 'needed.'

          Yeech. What an imagination I've got.

          The key is 'your phone book.' Then again, it would be trivial to have it email a message containing your phone book to a central location and come up with a map of 'who knows who.'
        • That's assuming that you can prove that the calls were due to a trojan. If it rang premium rate lines for a couple of weeks and then removed itself before you got your bill, you'd have a fair amout of difficulty convincing the network that it wasn't you calling the numbers.

          Chances are - you won't be the only customer to be affected. If they willfully ignore a pattern among their customers the cell provider would probably find themselves on the other end of a sucessful class action lawsuit.
      • Go read the agreement you have to sign before they give you service.

        "You are responsible for all calls and data traffic originated from your phone."

        Yep, you're not liable for that... Pshht...
    • Re:Security (Score:5, Insightful)

      by evilviper ( 135110 ) on Wednesday September 28, 2005 @05:22AM (#13665460) Journal
      running up bills of hundreds of pounds or dollars and that is something I cannot afford to have and if TPM or DRM can prevent that, then Im willing to allow it

      And when the DRM is in-place, you're being charged exhorbant fees for any little bit of code you might want to use (ringtones, backgrounds, programs, etc), and yet your phone isn't any more secure, even blocking you from installing a program to REMOVE the virus/worm... Then what?
    • Re:Security (Score:5, Insightful)

      by Alsee ( 515537 ) on Wednesday September 28, 2005 @05:42AM (#13665519) Homepage
      TPM has its place, and this is it - protecting me.

      No. The TPM is specifically designed to be secure AGAINST THE OWNER, and something is only DRM if it is trying to be secure AGAINST THE OWNER.

      You could get all of the same owner benefits that you want from an otherwise identical system except where you were allowed to know your own master keys. Since it would be essentially identical hardware it would have identical capabilites to protect you, however since you know your master keys the system is not secure against YOU. You could use your key to unlock anything if you wanted to, and you'd be able to control the system if you wanted to. However it would then no longer be a Trusted Platform Module. It would no longer be "Trusted" because the very meaning of "Trusted" is that they Trust it to be secure AGAINST YOU. That they Trust your own property will enforce things like DRM AGAINST YOU.

      -
    • Re:Security (Score:2, Interesting)

      In response to this, and everyone stating "I just want to phone and SMS/MMS" But, the fact that thrird-party software works like crap if at all and integrates not-so-nicely, is the very thing allowing the operators to charge insane prizes for SMS and MMS. The same information could be sent just as easily, for a fraction of the cost (think GPRS). However, applications that allow replacement of SMS and MMS are seen as the great big enemy by the operators, which is why they are doing what they can to stop suc
  • It should prevent the phone world from being hit by the same virus and hacking issues that face computers
    Miracle ! You put a DRM chip and then suddenly, the numerous OS and application bugs exploited by crackers and viruses disappear !
    The only new thing provided by a TPM is "remote attestation", and I call it Big Brother.
    http://en.wikipedia.org/wiki/Trusted_computing#Rem ote_attestation [wikipedia.org]
  • The PC is an open platform, mobile phones are highly proprietary, the design, the chips, the OS, the software is custom created and highly controlled by the manufacturer so I don't see DRM as a big issue in this case.

     
  • by xiando ( 770382 ) on Wednesday September 28, 2005 @05:03AM (#13665396) Homepage Journal
    I posted this already, many times. But regardless, I am going to repeat myself.

    I simply do not accept to pay when buying something with DRM as if I were buying it but am in reality RENTING IT.

    By that I mean that if I BUY an apartment, then I am allowed to paint the walls the color that pleases me because it is MINE, I own it and can do as I please with MY apartment. However, if I RENT an apartment, then I must ASK the OWNER of the apartment for his/her permission to paint the walls. If I own it I do not need to ask, it is mine to do as I please. If I rent, then it is NOT mine and I must ask the REAL owner.

    Now, with DRM, I am paying like I am buying, I am told I am buying, but the reality remains I still have to get someone else to give me permission to do as I please with my device. And if I have to do that, then I do not feel like I am the real owner.
  • by tkrotchko ( 124118 ) * on Wednesday September 28, 2005 @06:35AM (#13665668) Homepage
    It's called:
      "Verizon Wireless".
  • Cell phones are already wildly restrictive. That you could use a chip to limit what can be done on a cell phone is hardly new or interesting..
    • That you could use a chip to limit what can be done on a cell phone is hardly new or interesting..

      Heavy duty TPM encryption can enable such things as biometric (e.g. fingerprint) signing of EULA acceptance for DRM-governed purchases. The existing cellphone technology includes a EULA as part of your service contract (with its own nasty provisions for early termination, etc...), but this way they can hold you to each agreement individually and so have a lot more room to play with variations on the le

  • by Dr. Blue ( 63477 ) on Wednesday September 28, 2005 @08:45AM (#13666334)
    You know, for a technology that's starting to be quite wide-spread, it's amazing the amount of mis-information spread about trusted platforms -- by both the pro and the con side.
    I've worked quite a bit with the technology, and it's not all THAT complicated.

    Over-stating what a TPM can do is common from the pro-trusted computing industry. Statements like "It should prevent the phone world from being hit by the same virus and hacking issues that face computers" are just ridiculous (I saw a press release one time that claimed they'd protect people from phishing too!).

    Simply put, a TPM does nothing -- nada, zilch -- to prevent viruses or external threats that you can't do in software with no hardware trusted platform additions. OK, you might make the argument that you're just adding another layer for defense in depth, but how about making the software better in the first place?

    The only -- yes, only -- extra capability given by a TPM is the ability to protect from local attacks. Meaning attacks from people with physical control over the hardware. Now before the "anti" side runs off and raves about how the TCG is trying to take over their computer, keep in mind that (a) it's optional and (b) there are applications where this makes complete sense. Ignore the DRM side of the issue, and there are still good applications. Imagine playing on-line games and having some assurance that your opponents aren't using hacked up clients that allow them to cheat. Imagine connecting to a peer-to-peer network where the peer you're connecting to can give assurance that it's not a hacked, fake RIAA node. For the cell phone, the obvious point is that it makes cell phone cloning exteremely difficult. None of those are bad things.

    If you don't like DRM, then don't accept stores or software that enforce it. And don't mistake every single issue as content providers trying to restrict what you can do.

    • keep in mind that (a) it's optional

      Optional for the manufacturer, not you, the sucker known as the "consumer"

      and (b) there are applications where this makes complete sense.

      Benefits of none of which even begin to approach the cost of societal downsides of Trecherous Computing, never you mind surpassing them.

      If you don't like DRM, then don't accept stores or software that enforce it. And don't mistake every single issue as content providers trying to restrict what you can do.

      Brilliant. And what if every

      • I find it so amusing when people get so worked up about this. And I love the irony that many of the same people who scream about the evils of "Treacherous Computing" are exactly the same people who, when the topic is changed to peer-to-peer technologies and the RIAA efforts against those, make the argument that you shouldn't argue against a technology just because it has some bad uses.

        Your own very examples of "positive" use of DRM were .... all about the "contents producer"

        First, I didn't use even a s

        • I find it so amusing when people get so worked up about this.

          Only the entire future of computing, free exchange of ideas and open source depends on this. Possibly the direction of Western Civilization. So you are right, we are getting "worked up" for no good reason at all.

          And I love the irony that many of the same people who scream about the evils of "Treacherous Computing" are exactly the same people who, when the topic is changed to peer-to-peer technologies and the RIAA efforts against those, make the

          • Hmmm... I didn't notice your pseudonym before. Maybe you're just playing a personna and trying to sound as ignorant as possible?

            Anyway, to your final questions: You are precisely correct that secure DRM is impossible without TPM-like technology, and that TPMs will enable the ability to make secure DRM. I never said anything that would contradict that.

            My point was that TPMs also enable many other very useful things. And even with a TPM chip in your system, YOU have full control over what applications yo
            • I have two systems with TPM chips in them. One is the laptop I'm typing on right now, and the other is a desktop system with an Intel motherboard. Both run Linux, both allow me to run any and all programs that I can run on non-TPM systems. It restricts absolutely nothing. I can rip CDs, listen to my MP3s, etc., etc. Open source software will ALWAYS be able run on any system that implements the TCG specifications. And in fact, it will still run on all systems that implement Microsoft's more powerful NGSCB id
              • That is only because the TPM in your present equipment is not used in the way which makes TPM anything close to functional.

                Wrong. It's quite functional.

                The very fact that your Thinkpad (I assume) still runs non-TPM authorized software, nixes the whole concept, right there, as that software can be used to do all sorts of stuff, including virtualization of the TPM hardware, for the purpose of circumventing it.

                It does not nix anything at all, just shows that you don't really understand what TPMs do and

                • Ok. I now see where you are coming from. You simply have absolutely no idea how public key cryptography works nor how it is supposed to be applied in the context of Trusted Computing. I am going to skip over the quite amusing illusions of yours which resulted from that, and instead I will focus on a really basic example, based on your own P2P "protection" musings to illustrate the point:

                  There is a programmer who makes a P2P software. Lets call him Bob. Bob decided to use TPM to ensure "trusted collaboratio

                  • You [Dr. Blue] simply have absolutely no idea how public key cryptography works nor how it is supposed to be applied in the context of Trusted Computing.

                    Wow.

                    Having met the real person behind the "Dr. Blue" pseudonym, I can say with absolute confidence that he knows more about cryptography and cryptographic systems than either you or I, and quite possibly knows more about it than anyone else on this message board.

                    Perhaps you should study a little more (at least get a doctoral degree in a relevant fiel

                    • Thanks for the kind words, Alan. The whole trusted platform issue has people so worked up that they unfortunately jump to a lot of conclusions based on very little information.

                      If you're ever out in this area again, stop by and visit. We've got a nice new building and research facility with new offices and labs. I'll give you the "grand tour"....

                    • Having met the real person behind the "Dr. Blue" pseudonym, I can say with absolute confidence that he knows more about cryptography and cryptographic systems than either you or I, and quite possibly knows more about it than anyone else on this message board. Perhaps you should study a little more (at least get a doctoral degree in a relevant field), publish some peer-reviewed papers on the subject, and come back when your name is attached to a citation in one of Donald Knuth's "Art of Computer Programming
                    • Fuck, you're a tool. You need to take a break from posting about shit you know nothing about and have a little think about why it is that everyone disagrees with you about everything. Your posting history shows this over and over again.

                      Amusing. Perheaps you should check the end result of that little conversation I had with Dr. Blue in the other thread, the one in which he admitted that the TPM effectively gives means to Microsoft and others to lock GPL folks out of the Internet, among other, his words "pre

                    • What I saw was you getting your ass handed to you because of your near-constant misinterpretation and ignorance of the points being made. Claiming victory because he concedes a minor point? You're an egomanic and an idiot.

                      Dream on these vivid daydreams, it suits you so well.

                      You are not merely wrong on occasion. From what I've seen, you're nearly always wrong, and loudly so. You do not pick your fights carefully; as far as I have seen, you have yet to pick a fight that you could win. You are the fool. You

                  • You simply have absolutely no idea how public key cryptography works nor how it is supposed to be applied in the context of Trusted Computing.

                    Gee, maybe I should go out and study some on the subject. Seriously, I haven't been the most polite in my postings to you, so I can forgive the rudeness, but just so you know a little more about who you're talking to, I am an expert in public key cryptography, and outside of the industry TCG people there are probably fewer than 10 people on the planet who understan

                    • Gee, maybe I should go out and study some on the subject. Seriously, I haven't been the most polite in my postings to you, so I can forgive the rudeness, but just so you know a little more about who you're talking to, I am an expert in public key cryptography, and outside of the industry TCG people there are probably fewer than 10 people on the planet who understand trusted platforms as well as I do.

                      Since I base my observation on the utter bullshit you are attempting to feed me, this chest-beating is doubl

                    • If you were a true scientist, you would realize that what counts is an ability to logically prove your point.

                      Actually, I have proved my point, many times over. You don't realize it because it contradicts your concept of what trusted platforms do and how they work, so you think it's B.S. The contradiction is there, but only because it is your concept of trusted platforms that's wrong.

                      As I pointed out already, this would not work on its own without a complete host OS lockdown. For the "isolated" proces

                    • Actually, I have proved my point, many times over. You don't realize it because it contradicts your concept of what trusted platforms do and how they work, so you think it's B.S. The contradiction is there, but only because it is your concept of trusted platforms that's wrong.

                      I will file that under "wishful thinking" on your part.

                      So in the P2P example, when the trusted process asks the OS to send a certain packet to 1.2.3.4 it could indeed be intercepted and be sent to 10.20.30.40 instead. Or it could in

                    • You are new to this Black Hat hacking gig, aren't you? DOS attack?! How about a fancy version of malloc() or memcpy()? What about fopen() or fread()? Bye bye goes the integrity of the P2P client, unless it has a whole duplicate OS embedded in it, complete with its own custom filesystem and storage device drivers.

                      New to this? No. I'd bet I was doing this kind of stuff before you were even born. But you're right: you can indeed make the P2P client go bye bye. That's what I meant by a DoS attack. But i

                    • But you're right: you can indeed make the P2P client go bye bye. That's what I meant by a DoS attack. But it can't do any damage to the rest of the P2P network. That one client will simply stop working and being an active participant in the network.

                      That is not what I meant. A real Black Hat would use the modified malloc() to allocate memory blocks outside the protected memory area and then manipulate them. memcpy() would be used to intercept memory block manipulations within the "protected" area to inspect

                    • Well, this is getting tiresome. You still don't seem to have a grasp on the technical issues of trusted platforms. When I point out that you're mistaken, on simple and easily verifiable facts, you say things like: "you were simply attempting to create deliberately false impressions of how things are supposed to work". The only reason you find these to be "false impressions" is because they disagree with your own notions of how you think things work. Has it not even crossed your mind to consider that th
                    • I'll also point out that the fact that a trusted app needs a trusted library doesn't in any way stop you from having your own completely hacked up libc for use in untrusted apps, which would work exactly as they do now.

                      Except you disingenuously ignored the fact that I would have to throw away my "hacked up" kernel (and by extension my hardware) to "conform". Because unlike multiple versions of libraries, I now am allowed to have only one "approved" version of that, no?

                      Now stop your ranting -- that could

                    • I'm done with the point by point responses -- this really isn't making any progress at all. That you can't seem to follow what I'm saying, and say that you've read other publications on trusted platforms and find them "self-contradictory and obfusatory", really says a lot more about your ability to grasp the facts than it does about my explanations or the documentation that's out there (some of which is pretty good, in fact).

                      The bottom line is this: Trusted platforms allow you to have a verifiable executa
                    • Trusted platforms allow you to have a verifiable executation environment that can be verified by a remote party in a distributed application. Nothing more, and nothing less.

                      False. They provide a particular type of "verifiable execution environment", one which is designed with specific implications in mind, and it is those implications, of that particular design which count!

                      On a hardware box with trusted platform support, you could (a) opt out entirely and it would work just like today's computers,

                      And b

                    • everything you do is directed at reducing Liberty for the users, owners and free developers of free (as in Liberty) software

                      And there's the most fundamental difference. I personally see the technology as potentially very empowering, and in fact increasing Liberty for the users. You believe the exact opposite. And that's why we'll probably never see eye-to-eye on this, but maybe in another 20 years we can compare notes.

                    • And there's the most fundamental difference. I personally see the technology as potentially very empowering, and in fact increasing Liberty for the users. You believe the exact opposite. And that's why we'll probably never see eye-to-eye on this, but maybe in another 20 years we can compare notes.

                      That is probably most insightful observation you have made in this entire discussion. I fully agree. I do admit the very remote, from the perspective of my cumulative experience, possibility of this actually someh

                    • Slashdot seems to be on a fritz, so this might be a duplicate post

                      And there's the most fundamental difference. I personally see the technology as potentially very empowering, and in fact increasing Liberty for the users. You believe the exact opposite. And that's why we'll probably never see eye-to-eye on this, but maybe in another 20 years we can compare notes.

                      That is probably most insightful observation you have made in this entire discussion. I fully agree. I do admit the very remote, from the perspec

                    • I can't believe you put up with it as long as you did! His protracted blatherings are an excercise in setting up and knocking down strawmen. His reaction to even minor disagreements, ad hominem. When he can't ascend to the lofty heights of decent ad hominem, he resorts to merely name-calling. Frankly, I wouldn't have had the patience. What a waste of time! Back in the days of USENET, he would have been in my killfile. Thankfully, your posts were informative enough that I think, on balance, the thread was be
                    • Thankfully, your posts were informative enough that I think, on balance, the thread was beneficial.

                      Yes. Dr. Blue has informed us that "verification of trust" between peers is so paramount that it should take precedence over competition and interoperability, which he at present believes to be in no particular danger because software makers -- Microsoft chief amongst them -- "strive for interoperability" with their competitors. Your contribution to the discussion was something along the lines of "Dr. Blue is

        • when the topic is changed to peer-to-peer technologies and the RIAA efforts against those, make the argument that you shouldn't argue against a technology just because it has some bad uses

          It is not inconsistent to argue in support of personal freedoms in both cases (TCG implementation and use of P2P technologies by consumers).

          The argument here is not which technology makes us smile from ear to ear, it is how to preserve our rights against constant assaults, which I think is a little bit more impor

  • They can enforce through hardware locks things like network locking (if you want to use your phone on another network, you have to pay us to get the signed unlock module), picture transfer (if you want to transfer pictures, you have to go through our system), ringtones etc etc.

    Although the real answer is simple, dont buy phones with this stuff in it.
  • "SIGNED" applications on your phone?!

    what the hell are people smoking?

    asking someone else for permission to Execute Arbitrary Code on your PROPERTY!!!

    if the phone isn't a rental, then it belongs wholly to you. as in your property and i'll be damned if they can get away with this for much longer.

    • My phone already is locked. It runs Windows and I assume all were drmed already. I have no software because sprint wants to charge me usage fees and I already only own a right to use the phone. Not the phone itself. This is the new standard.
      • it's the new standard if you sit idly by and do nothing about it.

        first, you educate people about the evils of selling merchandise and then treating it like a rental. (aka DRM / Insidious Computing).

        second....
  • Most phones only let you install J2ME apps. IMO this sucks for geeks. There is a market for a geek pda/cell phone, which must be purchased at full price with no subsidy, works on any GSM network, and has a free and open implementation so you can write cool new apps without obstacles. But I don't know of any companies directly catering to that market yet. Danger should've been doing that; they were independent and maybe even had the balls for it, at first. Now apparently they don't.

    But then again, maybe

"Why should we subsidize intellectual curiosity?" -Ronald Reagan

Working...