Linux Implements Support For Trusted Computing, Safer Online Transactions (The Gov Monitor)
Technikon led a consortium of 23 research and business partners, including AMD, IBM, HP, Infineon and Novell, in developing open source software and applications for TC environments as part of the EU-funded OpenTC project. The groups implementation of TC support in openSUSE version 11.2 involved building a trusted software stack (TSS) for Linux, developing universal virtualisation layers (including improvements to the Xen hypervisor virtual machine monitor) and creating TC and TPM management software. It constitutes a pioneering implementation of TC technology."
Posted Nov 23, 2009 21:08 UTC (Mon)
by JoeBuck (subscriber, #2330)
[Link] (25 responses)
Posted Nov 23, 2009 21:45 UTC (Mon)
by drag (guest, #31333)
[Link] (3 responses)
It's usually good if your the one that holds the keys. I wouldn't mind
Posted Nov 23, 2009 21:55 UTC (Mon)
by gravious (guest, #7662)
[Link] (2 responses)
Posted Nov 23, 2009 22:52 UTC (Mon)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Nov 24, 2009 2:27 UTC (Tue)
by drag (guest, #31333)
[Link]
Probably what would be smart if you depended on something that was
Although I suppose escrow would make sense for some types of companies.
Posted Nov 23, 2009 21:53 UTC (Mon)
by gravious (guest, #7662)
[Link] (13 responses)
Posted Nov 23, 2009 22:15 UTC (Mon)
by niner (subscriber, #26151)
[Link] (12 responses)
Posted Nov 23, 2009 23:01 UTC (Mon)
by gravious (guest, #7662)
[Link] (2 responses)
Posted Nov 24, 2009 2:55 UTC (Tue)
by Trelane (subscriber, #56877)
[Link] (1 responses)
Interestingly, I just got a newsletter about the FSF's new "Protects Your Freedom" hardware endorsement program. From the newsletter, since I can't find a web page on it: I write to you this holiday season with exciting news to report. We are preparing to launch a new hardware endorsement program that will see consumer product packaging carrying an FSF endorsement mark with the slogan, "Respects Your Freedom." The first product endorsed - to be announced during December - will be a netbook running gNewSense, a fully free GNU/Linux distribution. An FSF endorsement will tell the world that a product respects everyone's freedom: meaning any user can change the device and make it doe whatever the hardware is capable of doing, as all the hardware is fully compatible with free software. Users can play without the fear of proprietary licensing and its associated legal threats. The endorsement will be backed by the FSF's rock-solid commitment to software freedom and users' rights. Our endorsement tells everyone in the world that the software on these products can be trusted completely to work for them. The program will be open to all device manufacturers, and over time we hope that it will encourage citizens to seek out products that carry our mark, helping to build a sustainable environment for computer user freedom. So much better than BadVista and 7Sins. Ugh.
Posted Nov 24, 2009 2:58 UTC (Tue)
by Trelane (subscriber, #56877)
[Link]
Posted Nov 23, 2009 23:15 UTC (Mon)
by mheily (subscriber, #27123)
[Link] (1 responses)
Posted Nov 23, 2009 23:50 UTC (Mon)
by gmaxwell (guest, #30048)
[Link]
Presumably the GPL applications have some advantages which offset the obligations.
Hopefully manufacturers will see advantages in shipping with GPLv3 covered code which are sufficient to offset the potential advantages of the few user-freedom-unfriendly business models that v3 inhibits.
I suspect that this is self-balancing: The more freedom unfriendly devices there are, the more some developers will be inclined to adopt v3, the more advantage freedom friendly devices will gain and the less attractive denying freedom is as a business model.
Posted Nov 23, 2009 23:44 UTC (Mon)
by brinkmd (guest, #45122)
[Link] (6 responses)
Posted Nov 24, 2009 12:57 UTC (Tue)
by forthy (guest, #1525)
[Link] (5 responses)
The FSF probably won't liberate you, slave, but in general, the GPL
also protects you as employee. A team-member of the Gforth team once
ported Gforth inside G&D to a smartcard, and since Gforth was under
GPL, and he demanded to get the modified sources outside, he could do so.
And this is a extremely secretive and security-sensitive company, with
very tight control, and separated networks and so on. You, as employee, have the same rights to get the source code under GPL
as any other person which obtains the binary. Your employment contract,
your NDA, they all don't cover this. You may refrain from doing so as
"gentlemen agreement", but it is not binding, and it shouldn't harm you if
you don't follow this agreement. I.e. if you work on an in-house
application using a modified GPL program, you don't have to take the
source outside, but if you do, your boss can't do anything about it. It's
your right. At least under German law, where copyright bases on a non-
and the company only owns an exclusive license - which it can't for a GPL
program.
Posted Nov 24, 2009 13:11 UTC (Tue)
by niner (subscriber, #26151)
[Link] (3 responses)
Be careful! A wrong understanding of what this license can do and does may
Posted Nov 24, 2009 18:26 UTC (Tue)
by drag (guest, #31333)
[Link]
I think as a employee usually you do a NDA or something like that were you
If your a contractor then that is much more out in the open. I suppose most
Now there are some dirty tricks that are common among Universities and
So what happens at a lot of those places is that Universities will take
So if your a employee or, especially a student, and you want to do
Posted Nov 26, 2009 20:31 UTC (Thu)
by anton (subscriber, #25547)
[Link] (1 responses)
Posted Nov 26, 2009 21:23 UTC (Thu)
by niner (subscriber, #26151)
[Link]
If I may cite Austrian law on this:
In English (for anyone interested): if a computer program is written by an
http://www.ris.bka.gv.at/Dokument.wxe?Abfrage=Bundesnorme...
Some further explanation:
Posted Nov 24, 2009 15:40 UTC (Tue)
by brinkmd (guest, #45122)
[Link]
I am not sure your interpretation of the law is correct. It's certainly complicated, and the complications are one reason the FSF stays out of this issue. Also, it may be significantly different in Germany and the US, and the FSF is a US based organization (with some quite US-centric views on politics).
In any case, the comment I was replying to was directed at the consumer protection clauses against DRM in the GPLv3, and that specifically addresses "consumer products" only ("either (1) a "consumer product", which means any
Posted Nov 24, 2009 8:26 UTC (Tue)
by ledow (guest, #11753)
[Link] (6 responses)
We're not talking people's desktops using TPM to control the spread of MP3's... that's the domain of other, inferior operating systems.
But think about untamperable voting systems, embedded control devices in military applications, life-support etc. With those, TPM is actually pretty damn vital in one way or another and without that, Linux will always be a second-class citizen.
Nobody is suggesting that people will run out and DRM all their music collection because their PC has TPM compatibility... that's just stupid. But the places where you *need* to ensure that nobody has tampered with the machine, that's a bit more important.
Posted Nov 24, 2009 11:51 UTC (Tue)
by freemars (subscriber, #4235)
[Link] (1 responses)
But think about untamperable voting systems
I'll stick to bits of paper and an opaque box ThankYouVeryMuch. The fairness of a voting system needs to be something the average high school graduate can verify. Suppose determining the validity of a voting system required someone with an advanced degree in biochem?
But for critical life support and smart-enough smart bombs -- sure, use DRM if it will help.
Posted Nov 25, 2009 21:05 UTC (Wed)
by Baylink (guest, #755)
[Link]
The places in which a voting system needs to be strong are well known, and there are perfectly usable approaches to utilizing electronic assistance in as many of them as possible without turning any of the process into a black box.
That the US did not *choose* these approaches, with the "Help America Vote (The Way We Want Them To) Act", does not mean that they do not exist, nor that their design is not robust.
Posted Nov 24, 2009 14:35 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (3 responses)
My notebook uses full-disk encryption with keys in TPM, unlocked by my fingerprint (with validation done in hardware). It's also quite nice.
Posted Nov 24, 2009 15:11 UTC (Tue)
by tialaramex (subscriber, #21167)
[Link] (1 responses)
However, in practice there are few scenarios in which weakness of the fingerprint system matters at all. The most common laptop specific security problem is "I left it on the train / in a pub / etc." and I think full disk encryption gives a reasonable level of peace of mind in that type of scenario regardless of whether the key is protected by a passphrase, a USB dongle or a fingerprint reader.
Posted Nov 26, 2009 20:39 UTC (Thu)
by anton (subscriber, #25547)
[Link]
Posted Nov 24, 2009 15:46 UTC (Tue)
by brinkmd (guest, #45122)
[Link]
The point of contention has been the remote attestion feature, which relies on a secret key in the TPM chip that is not known (and must not be known) to the owner of the hardware, but only to the manufacturer. This remote attestion feature in principle allows third parties to verify the content of the system, and implementation of other supsicious features. It is not needed for local disk encryption.
This is why the GPLv3 allows TPM features in software, but only if all keys are provided to the user. This effectively disables all features based on remote attestion (DRM etc), but does allow local disk encryption etc.
Posted Nov 24, 2009 10:46 UTC (Tue)
by giggls (subscriber, #48434)
[Link]
If a trusted binary happens to be your favorite scripting language interpreter the whole stuff would not be that useful anymore.
To a smaller extend this will even be true for /bin/sh which will allow for any untreusted shellscript to be executed.
Posted Nov 24, 2009 12:55 UTC (Tue)
by fritsd (guest, #43411)
[Link] (1 responses)
1. general-purpose computers for which the owner owns the TC keys
2. special-purpose computers for which the owner owns the TC keys
3. special-purpose computers for which someone else owns the TC keys
4. general-purpose computers for which someone else (RIAA?) owns the TC keys
Call me a cynic but I've seen a case where a PC had a factory-locked BIOS where nobody knew the password and I see the writing on the wall that category 4 WILL come into being if it's profitable and not stopped :-)
Posted Nov 24, 2009 14:40 UTC (Tue)
by giggls (subscriber, #48434)
[Link]
... so that no unauthorized modification can be made to the code. If you run a device with this technology included, and you don't have the signing key, then the device does not belong to you; it's under the control of whoever has signature authority.
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
having a 'safe' computer, although I suppose it's a pain to keep updated.
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
keys.
'brickable' and was important to you would be to print out the key into
"ascii armor" format and put it in a fireproof safe and then in a bank drop
box or something like that.
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
GPL3 makes sure our freedom is protected, so we can enjoy the nice side of
this technology. And there are for sure quite a few use cases where having
tight control over which software runs on a system is a good thing to
have. This is a powerful tool and like with every such thing it depends on
the one yielding it. GPL3 makes sure, that it's ultimately the user.
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
produce at work belongs to the company you work for. That's written in
German and Austrian law. If this code is an extension of a GPL'ed program,
that is still true. You may not take this code and use it for private
purposes _unless_ the company distributes the code and or binaries of the
resulting program. In this case you as a private person may obtain a copy
and get the full rights granted by the GPL. But the company has to
distribute it. If it does this development solely for in-house use, you
have no rights because the GPL explicitly only covers distribution. It
says something like "if you _distribute_ the program, you have to grant
these rights to the one you distribute it to".
lead to serious trouble.
IANAL.
In other words, DRM from top to bottom ...
agree that all work done at work is your employer's copyright. I don't
think that is entirely necessary from a legal standpoint, but it helps make
sure people understand what is going on.
of the time contractors will provide copyright transfers as part of their
service, but that is really up to the contractor and the employer to
negotiate and can go either way.
whatnot. A lot of those people feel that by providing a educational
environment they are providing a community service so that things like
doing software patents is just natural for them to do to raise capital. A
sense of entitlement.
student software and inventions and get software patents and take control
of the copyrights. A few times students have tried to fight them, but if
they are doing it as part of classwork and are doing it using facilities
provided by the university then I think they generally lose.
something on your own you can later profit from or whatever then make sure
to do it on your own time with your own equipment or you may lose control
of it.
In Austrian law (and a number of other European countries) the
Urheberrecht belongs to the author and is not transferable (unless the
author dies). There are also the Verwertungsrechte (usage rights),
and they can be licensed and maybe transferred to others, but that's
up to contracts. There is no automatic transfer of any rights by law,
and when I asked the legal department of TU Wien about this, the lady
at the other end was very surprised about my question; the idea of
such an automatic transfer was obviously completely alien to her.
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
"§ 40b. Wird ein Computerprogramm von einem Dienstnehmer in Erfüllung
seiner dienstlichen Obliegenheiten geschaffen, so steht dem Dienstgeber
hieran ein unbeschränktes Werknutzungsrecht zu, wenn er mit dem Urheber
nichts anderes vereinbart hat."
employee while fulfilling his duties to his employer, the employer gets
unlimited usage rights unless he arranged something different with the
program's creator.
http://www.fnm-austria.at/erf/info/de:Arbeitsergebnisse
In other words, DRM from top to bottom ...
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling.")
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
How do I know the election judge didn't just trigger 10 votes for candidate Z?
Trust the expert...
How do I know my vote will be counted?
Trust the expert...
How do I know my vote is annonymous?
Trust the expert...
Bleh.
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
Sure, the fingerprint system may help against a casual attacker.
However, given a determined attacker you have delivered the key with
the lock, because your laptop undoubtedly is decorated with lots of
fingerprints of all your fingers.
In other words, DRM from top to bottom ...
In other words, DRM from top to bottom ...
Linux Implements Support For Trusted Computing, Safer Online Transactions (The Gov Monitor)
Needs legal changes as well
(this would be what we now call a "PC" or "computer')
(this would encompass routers, TVs, game consoles etc. that the FSF would be happy with)
(good: medical devices?, bad: TIVO)
(IMHO these should be banned from the market but at least they should NEVER be allowed to be sold as "computers", only with a clear warning label "if you buy this don't believe that you really own it").
Needs legal changes as well