User: Password:
|
|
Subscribe / Log in / New account

#CONFIG_DRM_NONSENSE is not set

#CONFIG_DRM_NONSENSE is not set

Posted May 21, 2009 6:05 UTC (Thu) by jimbo (subscriber, #6689)
Parent article: Enabling DRM in the kernel?

Who actually requires this apart Hollywood and its like?

I submit that the rest of the kernel code will be immeasurably improved by
  1. Not supporting the TXT system
  2. Never including the patch in the mainline kernel code.

I think that including digital restriction management into the Linux kernel only panders to DRM's advocates, and serves only to restrict the freedom that we currently enjoy, including naive kernel developers.

--
J


(Log in to post comments)

#CONFIG_DRM_NONSENSE is not set

Posted May 21, 2009 11:00 UTC (Thu) by tialaramex (subscriber, #21167) [Link]

As the article (you read that, right?) said, an example would be voting machines, some independent authority says that version 1.4.26.8 of the software is OK, this type of technology ensures that every voting machine has 1.4.26.8 on it and isn't "upgraded" to a version that gives half the vote to whoever paid off the software vendor.

I don't happen to like voting machines, a pencil & paper works for me, but lots of US states want machines, and if you want people in those states to know their votes count, trust in the machines must be improved.

I'm sure there are other examples, but as a matter of /social policy/ I don't believe this technology is appropriate in devices sold to individuals (and not just because of DRM), and would cheerfully support a ban on retail sale of devices incorporating a technology which prevents the purchaser from reprogramming them.

#CONFIG_DRM_NONSENSE is not set

Posted May 21, 2009 13:58 UTC (Thu) by anton (subscriber, #25547) [Link]

some independent authority says that version 1.4.26.8 of the software is OK, this type of technology ensures that every voting machine has 1.4.26.8 on it and isn't "upgraded" to a version that gives half the vote to whoever paid off the software vendor.
That's right, this technology could ensure that not only the software vendor, but also someone who signs the software gets a share of the spoils (but in practice it will probably all go to the vendor of the voting machine, as they do the software and the signing).

Do the voters or the voting administration have any way to determine which software runs on the machine? Nope.

So the voting machine scenario is just a red herring. And vice versa, treacherous computing will be used to muddle the waters in the discussion about the security of voting machines.

#CONFIG_DRM_NONSENSE is not set

Posted May 21, 2009 16:06 UTC (Thu) by dw (subscriber, #12017) [Link]

I'd happily trust an electronic ballot if its source code and binaries were accessible, and the voting machine printed a hard copy signature based on my vote and the exact software version as recorded in the TXT state.

I don't think such a scenario is far fetched at all.

#CONFIG_DRM_NONSENSE is not set

Posted May 21, 2009 17:19 UTC (Thu) by anton (subscriber, #25547) [Link]

I'd happily trust an electronic ballot if its source code and binaries were accessible, and the voting machine printed a hard copy signature based on my vote and the exact software version as recorded in the TXT state.
A fine demonstration of the water-muddling aspect I mentioned:

How would you know that the software version on the voting machine corresponds to the available source code and binaries? The only way for you to be sure would be if you and only you held the keys that locked down the machine (and you would also need a way to know that the machine was not replaced with a lookalike, and that there is no hole in the lock-down mechanism). Otherwise this means that you just entrusted the vote to whoever holds the keys.

Apart from that, if the signature is based on your vote, you have just done away with the secret ballot.

I don't think such a scenario is far fetched at all.
Unfortunately you are right. That is certainly one avenue that salespeople of voting machines will try to sustain their business model.

#CONFIG_DRM_NONSENSE is not set

Posted May 21, 2009 17:21 UTC (Thu) by tialaramex (subscriber, #21167) [Link]

“Do the voters or the voting administration have any way to determine which software runs on the machine? Nope.”

As the people who have the key, the voting administration would in fact be the only people who'd decide this. Obviously such a system is useless if you give the key to people you don't trust, I can't believe I needed to write that explicitly.

treacherous computing for voting machines?

Posted May 21, 2009 19:24 UTC (Thu) by anton (subscriber, #25547) [Link]

As the people who have the key, the voting administration would in fact be the only people who'd decide this. Obviously such a system is useless if you give the key to people you don't trust
So you have replaced a system where any person can check that the votes are cast and counted correctly with one where we have to place blind trust in the voting administration. And if that was not bad enough, it's not the local administration that I had in mind, but some central agency (which makes any manipulation much more effective), and judging from the past, they will just delegate that power to the voting machine vendors.

Note that checking the casting and counting by any person was even possible in East Germany, as I recently heard in a 20-years-after documentation; a few people did that in a few precincts and got a result that had more votes against the ruling party than the official result for the whole country. This embarrassment for the ruling party and the election would not have happened with voting machines (locked-down or not).

#CONFIG_DRM_NONSENSE is not set

Posted May 21, 2009 12:49 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

I do.

I need to secure systems against _physical_ intrusion (i.e. someone walking-in and stealing the server). In essence, I need to do remote system integrity attestation.

Right now, I'm using a modified version of GRUB (trusted GRUB) to establish validity of the kernel (and I was flamed to a crisp when I offered to help to port it to GRUB2 on the GRUB mailing list :) ). TXT support in the kernel would help much.

#CONFIG_DRM_NONSENSE is not set

Posted May 22, 2009 0:18 UTC (Fri) by jamesmrh (guest, #31622) [Link]

It's definitely useful, see BitLocker as an example:

http://theinvisiblethings.blogspot.com/2009/01/why-do-i-m...

#CONFIG_DRM_NONSENSE is not set

Posted May 22, 2009 0:46 UTC (Fri) by njs (guest, #40338) [Link]

That's an article about a system that uses the old TPM stuff that the kernel already supports...?


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds