Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Stalling TCG Best Practices Document?

ScuttleMonkey posted more than 8 years ago | from the security-getting-in-the-way-of-profit dept.

Security 163

It doesn't come easy writes "Bruce Schneier (of Counterpane Internet Security) suspects Microsoft doesn't want the recently Trusted Computing Group published best practices document: Design, Implementation, and Usage Principles for TPM-Based Platforms to apply to Vista. The reasons are mostly speculation at the moment but Bruce implies further investigation will be forthcoming..."

cancel ×

163 comments

Fishy? No, deceptive and devious! (5, Insightful)

garcia (6573) | more than 8 years ago | (#13447643)

The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything.

At least someone that is talking to a larger group of those not-in-the-know gets it.

The only reason I can think of for all this Machiavellian maneuvering is that the TCG board of directors is making sure that the document doesn't apply to Vista. If the document isn't published until after Vista is released, then obviously it doesn't apply.

If only that were the case! Unfortunately it's something that's calculated, malicious, and devious.

From Best Practices Principles Document [trustedcom...ggroup.org] :

preserving privacy, backward compatibility, and owner control

This will accomplish NOTHING but promote an environment where people will continue to become accustomed to DRM being on their computers. It's not going to stop worms, spyware, viruses, and the like - they are going to continue to plague people's computers - it's all part of the desensitizing of DRM. Get people pissed off enough about spyware, etc, and they will be happy to accept DRM.

It's really sad that most people still don't know what spyware is or how to defeat it. When they do hear of it they see this "DRM" stuff in the future that will eliminate it. Instead of taking the 5 minutes daily to do routine maintenance that will keep their computers and themselves happy, they instead opt for having someone else do all the work for them at the loss of everything that was once great about computers.

Re:Fishy? No, deceptive and devious! (4, Interesting)

ciroknight (601098) | more than 8 years ago | (#13447768)

Eh, it's all just signs of Microsoft cracking. Right now it's running around in so many directions, trying to do so many things that one side of Microsoft can't tell what the other's doing.

One section of Microsoft is trying to find a way to diversify into other fields (as it always has been). This means as soon as anything gets popular, instantly releasing that they will have a competitor to that product. See previous articles..

The next section of Microsoft is designing Vista. More or less, they're looking over at Apple and saying "hmm, now how do we do this for ourselves". Hey, if you're going to copy, make sure you copy from the best.

Next, Microsoft's patent team is doing everything they can to churn out as many patents for as many things as possible, no matter what relevance they have to anything. Patents are the new gold; having them makes you rich, no matter in what shape, color, or form.

Then you have the Microsoft gaming committee putting together the XBox 360.. Good luck with that xboxers.

And then you end up with the "future of technology" department; the one where they write all of these magnificent things, designing things like Palladium and giving them crazy names. The only problem is, while this section's doing the designing, all of the other sections of Microsoft are doing their own thing; it seems as if there isn't any communication in the entire process.

Microsoft is like a three hundred pound kid on a tricycle on a very big hill. They've got a lot of business henged on a small amount of products, and they've got to ensure that these products don't collaspe. And the best way of doing that is Advertising, the media, product placement, and the public (get the picture yet? good). The more of these documents coming out that don't mean anything at all, the more Microsoft looks like it's doing something.

Re:Fishy? No, deceptive and devious! (0)

Anonymous Coward | more than 8 years ago | (#13447932)

You failed to mentioned their marketing arm, the apparent real key to their success.
(That and good luck)

Re:Fishy? No, deceptive and devious! (1)

KillShill (877105) | more than 8 years ago | (#13448296)

" Eh, it's all just signs of Microsoft cracking. Right now it's running around in so many directions, trying to do so many things that one side of Microsoft can't tell what the other's doing."

what a bunch of utter bu**sh**.

i've never bought into the absurd notion that a company or organization doing things that the other people in the said groups don't know about.

it's just a red herring. or another way to say it is "plausible deniability".

it's not hard to see that it's very effective... almost no one holds them accountable when their "PR" dept brings it up or an "astroturfer".

Balmer: bill, i think the public is catching on to what we're up to with our so-called "trusted computing"

Gates: then we'll just have to boil the frog more slowly.

they're not cracking up at all. they've probably been analyzing the situation and determined that the shi* they're forcing down our throats would be more easily accomplished if they do it in smaller amounts, with some chocolate along for the ride to cover up the smell/taste.

Re:Fishy? No, deceptive and devious! (1)

Jason Earl (1894) | more than 8 years ago | (#13448712)

i've never bought into the absurd notion that a company or organization doing things that the other people in the said groups don't know about.

Then you've never worked in an organization with more than 3 people in it. In a real business there are generally all sorts of politics going on. I have lost track of the amount of times I have seen Linux or BSD boxes put into production without approval up the corporate ladder. Heck, I have been involved several times with a project at the division level that was formed to fill the gap of a company wide software program that the division guys could see was doomed to failure. The division guys simply waited for a spectacular failure and then forwarded an skunkworks project that did more or less the same thing (but usually on a much less ambitious scale).

Microsoft is no different. There are thousands of ultra-competitive hackers there all trying to make their mark. In the business sector there are even teams that compete for essentially the same business. My personal guess is that Microsoft is stalling this paper because it knows that Windows is the only implementation of Trusted Computing that people actually care about. If Microsoft can force Apple, Sun, and the rest to wait for a paper before rolling out software then Microsoft will get the jump on them with Vista. That being the case there's almost certainly a wide ranging difference of opinion about Trusted Computing inside Microsoft.

Re:Fishy? No, deceptive and devious! (0)

Anonymous Coward | more than 8 years ago | (#13447851)

It's really sad that most people still don't know what spyware is or how to defeat it. When they do hear of it they see this "DRM" stuff in the future that will eliminate it. Instead of taking the 5 minutes daily to do routine maintenance that will keep their computers and themselves happy, they instead opt for having someone else do all the work for them at the loss of everything that was once great about computers.

"They who would give up an essential liberty for temporary security, deserve neither liberty or security," Ben Franklin. Sheesh, it's like Fascism for computers. "Please, take away our freedom! Give us safety and trust!" they cried, saluting their Fearless Leader. I guess that makes Bill Gates Hitler.

Re:Fishy? No, deceptive and devious! (0)

Anonymous Coward | more than 8 years ago | (#13448197)

Please, take away our freedom! Give us safety and trust!" they cried, saluting their Fearless Leader. I guess that makes Bill Gates Hitler.

No, it makes Gates a Republican's politician's wet dream.

Re:Fishy? No, deceptive and devious! (0)

Anonymous Coward | more than 8 years ago | (#13448687)

What's the difference?

File Protection (4, Insightful)

nurb432 (527695) | more than 8 years ago | (#13447885)

Not only can it protect your files from being accessed by spyware, it can protect them from being accessed by you.

That is, when the 'key holders' decide that the information is forbidden. ( or just politically incorrect ).

And 'loss of everything great about computers? Remember, you are *just* a consumer, you should be happy with your 'media-device'.

Re:File Protection (0)

Anonymous Coward | more than 8 years ago | (#13448055)

Well, i wont buy any of those DRM thingies... i rather stick with aging hardware than getting a PC that is basicly less useful than todays consoles. For all gaming needs i still can see me buying a next gen console and for serious pc stuff an old pc is more than enough anyway. And maybe some smaller companies will sell some not-that-great-but-working free systems. Maybe it will seem like a (not so?) small step back, but it will be a big step on if you see it on a larger scale.

Re:File Protection (1)

Jugalator (259273) | more than 8 years ago | (#13448694)

And, unfortunately, using something else than Vista won't help here as long as there isn't some kind of global boycott (yeah, right!)

Using e.g. Linux instead of Vista to avoid these practices will give you content that may not even be playable at all, unless Linux supports the DRM mechanisms and hardware of course. So it's really a lose/lose situation, no matter how you look at it.

The implications of this is, of course, that you have nothing to lose on using Windows Vista, rather just things to gain on it. All non-DRM content on it will work just like before, and the rest will have strict rules applied to it. While on a OS that don't support this, you'll get the same thing, but instead of strict rules, you just won't be able to play it at all.

Just saying this, because NGSCB is often looked at as a major downside with Vista, when the real downside will instead come to each and every OS not even supporting the protection mechanisms. At least Vista users will be able to use the media/hardware if complying to the terms.

Re:Fishy? No, deceptive and devious! (1)

shotfeel (235240) | more than 8 years ago | (#13448514)

It's not going to stop worms, spyware, viruses, and the like - they are going to continue to plague people's computers

Don't be so pessimistic. Once you're in the "Trusted Enviornment" you're stuck there and can't touch anything else. So, knowing MS, this means worms, viruses and the like will only have access to trusted resources. Meaning MS Office will be wiped off the computer, but Open Office and my pr0n collection will be safe.

Start our "Thank You" notes to GNU (1)

jackDuhRipper (67743) | more than 8 years ago | (#13448672)

> it's all part of the desensitizing of DRM

Agreed that that's part of it. And, as we slip down that slope where there are hardware- and OS-level mechanisms determining what we can and cannot view, hear and run, let's please thank the heavens and stars for GNU [gnu.org] , the FSF [fsf.org] and the thousands of players who've given us the ability to circumvent these things.

I personally don't get too up in arms about "some DRM." I think, e.g., FairPlay [extremetech.com] is pretty fair for consumers. Currently.

I no longer hear (m)any rants about CPU IDs [hardwarecentral.com] . It's not because it's no longer there - it's because - per the parent post - we're desensitized.

From my PoV, a little governing of our digital Freedoms is acceptable if it means there's incentive for entities to build and offer good services. I thank heavens for the eternal vigilance we're all provided by the likes of GNU and FSF because they're the ones who've made possible the tools that can help us decide for ourselves when others decide to clamp down too tightly (and that threshold will differ for diferent individuals).

Short sighted (1)

hal9000(jr) (316943) | more than 8 years ago | (#13448680)

Yah know, all you hens running around clucking about how the sky is falling when ever someone mentions anything about trusted computing should 1) stop, 2) breathe, 3) read the documents, 4) think about how humanity reacts (in the US, at least) to perceived threats to privacy and control, 5) then get a grip. The stated in intent of the TCG is to create a trusted platform that is tamper resistant to software attacks like worms, viruses, and trojans, will not interfere with any other operating software, and will be pretty much seamless.
Can the system be abused by those nefarious ner-do-wells trying to lock you into some software? Sure, but that is true for any system. Have a little faith. The purchasing American public won't willingly give up what they perceive is their right to control thier hardware and software. The backlash will keep the worst offending vendors at bay. Voting with your dollars is a very powerful weapon. Use it against any company regardless of the hardware or software they are selling.

No lasting effect. (4, Interesting)

Trusty Penfold (615679) | more than 8 years ago | (#13447644)

So it doesn't apply to Vista and the end result is that Vista turns out to be an bug-ridden, insecure operating system. What's new?

This will yet more incentive to move to a system which has been properly designed, from scratch, to be safe.

As has happened before, the other members of the group will go ahead with their design based off of a draft of the document - generation 1 has a few interoperability issues because each member interpreted the draft differently but at least there will be something out there which everyone, except MS, is trying their best to follow.

Re:No lasting effect. (4, Insightful)

TemporalBeing (803363) | more than 8 years ago | (#13447826)

"So it doesn't apply to Vista and the end result is that Vista turns out to be an bug-ridden, insecure operating system. What's new?" This is classic Microsoft Embrace and Extend. Since it doesn't apply to Vista, Microsoft will release it the way they want it in Vista, and everyone else will have to comply in order to be compatible. If Microsoft actually had to comply to someone else's standard, then there would actually be interoperability.

Re:No lasting effect. (3, Informative)

nacturation (646836) | more than 8 years ago | (#13448382)

If Microsoft actually had to comply to someone else's standard, then there would actually be interoperability.

In this case, the standard defines how it should work and what it should do. Microsoft can *implement* this in any way that they choose. In no way does this imply that adhering to the standard will promote interoperability. Think of it this way: a security standard might say that "door locks should be of sufficient strength and complexity that it would withstand 500 pounds of force and take an experienced lockpick a minimum of 30 minutes to pick". Adhering to this standard doesn't mean that one vendor's keys will work with another, nor that the locks will even fit on your brand of door.
 

Say that again (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13447653)

En inglés, por favor

Lets play fill in the blank. (3, Insightful)

metallikop (649953) | more than 8 years ago | (#13447662)

Microsoft Stalling __________ Best Practices. Old news.

Speculation & Implication... (0, Troll)

leather_helmet (887398) | more than 8 years ago | (#13447685)

thats all we're getting served from /. nowdays... or crapple osx vs. beta windows

TCG Bashing? (4, Interesting)

weilawei (897823) | more than 8 years ago | (#13447691)

I'm not sure of the writer's bias, but it would seem that TCG is fairly "opt-in." Somewhat unlike the current /. tidal wave seems to indicate. TFA mentions "Controllability: Each owner should have effective choice and control over the use and operation of the TCG-enabled capabilities that belong to them; their participation must be opt-in. Subsequently, any user should be able to reliably disable the TCG functionality in a way that does not violate the owner's policy." Who and what is the owner's policy? If the owner's policy says I can't run what I want without TCG, then that statement is effectively meaningless. I can have a hunk of hardware. If the "owner's policy" is something I make up, then it seems fine. TFA also states "The use of coercion to effectively force the use of the TPM capabilities is not an appropriate use of the TCG technology." This is exactly counter to /.speek. So what is it? Is this marketing spin? Is it real?

more to the point (1)

sum.zero (807087) | more than 8 years ago | (#13447839)

just who is the 'owner' of your computer? are you a 'user' in this document? it's not very clear to me...

sum.zero

Re:TCG Bashing? (4, Insightful)

saintp (595331) | more than 8 years ago | (#13447899)

Of course hardware and software companies won't use coercion to force people into TPM. They'll just stop selling everything else, citing "lack of demand." "There's just been no demand," Intel will say, "for a processor/mobo/whatever that doesn't support TPM, ever since Windows stopped supporting non-TPM platforms." Of course, months before, Bill Gates will have played the high morality card and announced that Windows would not longer run on non-TPM platforms; to allow that continue is to allow the continued spread of spyware and viruses, and Microsoft indignantly refuses to be any part of that!

See? It's not coercion. It's for security. It helps the economy. It thwarts terrorists. TPM gives flags to orphans if that's what it needs to do to get people on board.

mod parent up. (1)

plasmacutter (901737) | more than 8 years ago | (#13448386)

I rate the parent "insightful", and anyone else who sees the black chess pieces being put into place probably thinks the same.

Re:TCG Bashing? (5, Insightful)

Josh Triplett (874994) | more than 8 years ago | (#13448007)

...it would seem that TCG is fairly "opt-in."

Most of the TCG spec is optional and can be turned off, and thus is not particularly dangerous unless you don't control what your software does. It will make Windows Media DRM and similar proprietary systems stronger and harder to break (though still not impossible), but it won't affect people who run Free and Open Source Software. Some of these features may even be useful in a FOSS environment, such as by keeping your encryption keys safe even if your machine is remotely compromised.

The primary danger in the TCG spec is Remote Attestation. This allows your machine to non-forgeably attest that it is running a particular hardware/software configuration. While Remote Attestation is also opt-in, refusal to attest to your systems configuration will be treated the same as attesting to a disallowed configuration: no access. This would mean no "compatible but unsupported" clients, something that the FOSS community has been amazingly good at providing for many protocols.

Essentially, Remote Attestation would take away your ability to have your computer say things like "Uh, yeah, I'm running IE7 on Windows Vista, sure!", "Yeah, this is iTunes 42.9 requesting purchase of music file blah.m4p", "Of course I'm running the official IM client from AOL/MSN/etc, certainly not something unofficial like Gaim", and "Yes, of *course* I'm just going to stream this file and delete it after viewing, I certainly wouldn't want to download it to watch over something faster than my slow Internet connection".

Re:TCG Bashing? (1)

MobyDisk (75490) | more than 8 years ago | (#13448223)

but it won't affect people who run Free and Open Source Software
Until they stop making free and open source hardware and lock out the software.

Re:TCG Bashing? (1)

Malyven (774978) | more than 8 years ago | (#13448036)

The problem is currently there are no controls on TCG. This document would attempt to make it opt-in.

That is why he believes that MS is trying to stall so that these rules don't apply to Vista.

Re:TCG Bashing? (5, Informative)

robertjw (728654) | more than 8 years ago | (#13448068)

I'm not sure of the writer's bias

Bruce Schneier [schneier.com] is a security expert with a practical perspective on security analysis. I subscribe to his newsletter, and near as I can tell, he's not particularly biased for or against Windows. He is very vocal about the balance needed between individual rights and security concerns. He also regularly points out security measures and implementations that are just for show.

I read the article and it doesn't seem like he's bashing TCG at all. Appears more like he has issues with Microsoft wanting to release VISTA as a approved TCG OS without actually following the best practices document.

Re:TCG Bashing? (2, Informative)

fermion (181285) | more than 8 years ago | (#13448505)

I would add that if one is not sure who Schnieir is or his biases, then one really has no basis to write an opinion on any computer security issue. He is one of the major players in the field. It is like programming and never having heard of Gamma or kernighan or stroustrup. One may not a agree with a particular player, but one should know who the players are.

In fact it has only been in past several years that Schneier has left the ivory tower and taken a stance on certain security situations, most notably in Beyond Fear. I find his thought process to be interesting and entertaining. For example his treatment of guns for airline pilots is classic.

Re:TCG Bashing? (1, Informative)

zonker (1158) | more than 8 years ago | (#13448247)

i don't believe schneier [schneier.com] has any bias except towards making sure bad security and policy doesn't become commonplace. this means making clear the user's rights and the content owner's rights and making sure they don't overstep each others bounds.

have you ever read any of his stuff [counterpane.com] ?

Re:TCG Bashing? (4, Insightful)

Master of Transhuman (597628) | more than 8 years ago | (#13448250)


Read the article again - in English.

Bruce makes it clear that the document is fairly good in that it comes down on the side of YOU - the owner of the PC (unless we're talking corporate PC here which is inapplicable since corps do what they want with a worker's PC anyway) - having control of the DRM and being able to disable any part of it that you deem necessary to do what you want.

Microsoft obviously is stalling this because Bill Gates wants to control what you do on behalf of his big customers like the music and movie industry.

The point is that the original TCM specifications said nothing about who would control all this. This document is laying out best practices and specifying that TCM SHOULD be under the control of the owner, not the designers and manufacturers.

This is good - if in fact it ends up being applied by said designers and manufacturers.

Microsoft obviously doesn't want it to apply to Vista because their agenda is NOT to apply the recommended best practices.

Of course "opting in" will be mandatory for any.. (1)

plasmacutter (901737) | more than 8 years ago | (#13448358)

use of proprietary anything.. so the "option" to opt in evaporates for the average citizen and it's again to "forced in".

Who is the "owner?" (4, Interesting)

overshoot (39700) | more than 8 years ago | (#13448309)

The TCG has resisted defining "owner" for purposes of their spec, despite several requests for clarification.

Think of it this way: most computer-related "stuff" now has a "licensed, not sold" tag attached. Ask yourself again, then, who has ultimate control unter TCG definitions.

Re:TCG Bashing? (4, Insightful)

Alsee (515537) | more than 8 years ago | (#13448316)

Who and what is the owner's policy? If the owner's policy says I can't run what I want without TCG, then that statement is effectively meaningless. I can have a hunk of hardware. If the "owner's policy" is something I make up, then it seems fine.

Here's how it works... you try to instal some software and IT TELLS YOU what your "policy" must be. If you do not accept that policy then it is impossible to instal and run that software. If you try to read a media/data file IT TELLS YOU what your policy must be. If you do not accept that policy then it is impossible to read that file. If you try want to view a website IT TELLS YOU what your policy must be. If you do not accept that policy then you cannot see the website.

Under Trusted Network Connect, as documented on the Trusted Computing Group's website front page, your network provider gets to TELL YOU what your policy must be. If you do not accept that policy then you are denied internet access.

"The use of coercion to effectively force the use of the TPM capabilities is not an appropriate use of the TCG technology." This is exactly counter to /.speek. So what is it? Is this marketing spin? Is it real?

Well you decide. You are force to "opt-in" or none of the new software will instal. You are forced to "opt-in" or you get locked out of all of the new media files and data files and network protocals and the new e-Mail system Microsoft is working on. And once Trusted Network Connect becomes common... and Microsoft has issues a press release that they are implementing Trusted Network Connect under the name Network Access Protection... well at that point you are force to "opt-in" or be denied internet access.

But rememer they aren't doing anything wrong and they aren't trying to force anything on you. It is all opt-in and you always get to set the policy on your computer. It's just that nothing works any more unless you do opt-in and you do set your policy exactly they way they tell you to.

And of course you are always free to turn the Trust system off. Remember the item "any user should be able to reliably disable the TCG functionality in a way that does not violate the owner's policy"? Yep, you can turn it off... however the policy you had to opt-in to, the policy you had to choose to set... that policy had to be that you get locked out of your own files when you turn it off. The software you installed stops working, the various files on your computer are encrypted and MUST be impossible to read or restore, nothing works any more.

But it's all OK because, as they say over and over, the owner is always in control. It was the owner who decided that his computer would drop deat and lock him out of his own files if he turned the system off. It was the owner who "voluntarily" agreed to these FSCKING INSANE "policies", otherwise he's have been locked out of everything in the first place.

There... does that clarify why one side of the debate makes it sound seems harmless and optional while the other side of the debate seems to be making apparantly contradicting statements?

-

Re:TCG Bashing? (1)

KillShill (877105) | more than 8 years ago | (#13448365)

Insidious Computing is not in any way optional and most assuredly not for the benefit of the public.

there is a simple test you can do to determine this for yourself.

ask them why they won't let the "owner" of the machine have access to the encyrption key(s)?

if it is truly for the protection of the owner, then having the key would certainly allow the owner to decide what is best for themselves.

the only reason to disallow access to your own property is for the enforcement of DRM and things like remote attestation.

i don't know if you've heard or not, but very soon, within 5-10 years you will NOT be able to access the internet without REMOTE ATTESTATION. and the only way to ensure that remote attestation is authentic is to prevent the legal and lawful owner of the machine from changing anything about what the system reports to servers.

there is NO benefit whatsoever from disallowing the OWNER from having the key to his/her machine.

this isn't a damn rental, you BOUGHT AND OWN the physical components as well as the right to use the software (aka encryption programs on the chips).

and also if you think this only applies to MS systems and software you are very naive. just wait until the software vendor you use (which is not MS) gets ahold of a "trusted" system... they can do all sorts of things to you, even if most or all of it is reprehensible. they will cite the EULA and enforce every single provision and add new ones without your knowledge. oh of course, it won't be a tidal wave. they know better than to make so many changes at one time. they will boil the frog more slowly...

Re:TCG Bashing? (1)

C0deM0nkey (203681) | more than 8 years ago | (#13448367)

"Subsequently, any user should be able to reliably disable the TCG functionality in a way that does not violate the owner's policy."

Owner = copyright owner
User = computer owner

The way I believe the article should be read is: The owner of the computer is able to disable any DRM the copyright owner has allowed them to disable.

Basically, copyright owners will exert more control over their copyrighted works at the expense of your fair use rights; a technological enforcement that, when circumvented, will result in prosecution under the DMCA. Nice.

If this was not the case, copyrighted works would be released into the public domain or released under an appropriate public license (CC, GPL, LGPL, etc.) after a reasonable time and this technology would be irrelevant.

Link to actual blog entry (5, Informative)

Anonymous Coward | more than 8 years ago | (#13447701)

Trusted Computing Best Practices [nyud.net] .

PLEASE can we stop linking to the entire stupid hierarchy of news.com.com.com.com, zdnet, cnet and other stupid useless sites like that? Schneier is a big boy, he can handle /. - and if not, there's always coral.

Re:Link to actual blog entry (1)

That's Unpossible! (722232) | more than 8 years ago | (#13448188)

PLEASE can we stop linking to the entire stupid hierarchy of news.com.com.com.com, zdnet, cnet and other stupid useless sites like that? Schneier is a big boy, he can handle /. - and if not, there's always coral.

I think we should link to both.

While unlikely (at CNET), it is possible that a news organization would present both sides of the story in an unbiased fashion, whereas if you just link to Schneier, you'll be getting only his take on it.

Re:Link to actual blog entry (0, Offtopic)

Master of Transhuman (597628) | more than 8 years ago | (#13448273)

US, we'll stop caring about your (and Israel's) nuclear weapons when your government stops pledging to "make Israel safe by killing all Muslims." Mmm'kay?

Re:Link to actual blog entry (1)

That's Unpossible! (722232) | more than 8 years ago | (#13448355)

"make Israel safe by killing all Muslims."

The difference between what I wrote and what you wrote is that one of them is based in reality.

Reality: For years the Foreign Ministry in Tehran was draped with a 40-foot banner proclaiming that "Israel must burn."

http://www.telegraph.co.uk/news/main.jhtml?xml=/ne ws/2005/08/12/wiran12.xml&sSheet=/portal/2005/08/1 2/ixportaltop.html [telegraph.co.uk]

Reality: America has millions of peace-loving Muslims living in our country, many are citizens.

Reality: We have only used nuclear weapons twice, both in Japan, to end World War II.

Now try to present any facts to back up your point of view. You cannot do it, because your point of view is illogical. We are targeting insurgents and terrorists. Obviously many of them are Muslims. That does not mean we are targeting Muslims. To say we are is to use a logical fallacy.

First to market (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13447703)

By timing the two, MS can be first to market with such certification. Marketing.

The DRM factor. (5, Insightful)

Lellor (910974) | more than 8 years ago | (#13447708)

Microsoft can only push consumers so far. If their DRM technology is too anti-social they will find that their systems will be rejected on an ever increasing scale.

Consumers may be sheep, but even sheep can be pushed too far and become dangerous to the handler. Living in a rural area, I've seen that for myself. The same thing applies to people who Microsoft are attempting to push their DRM on. It can only go so far.

Re:The DRM factor. (4, Interesting)

peragrin (659227) | more than 8 years ago | (#13447745)

It already is being rejected. At as far as music is concerned. People have voted with their dollars (& pounds, euros, etc)

Apple's DRM is simple and consistant unlike MSFT's which change per song. Apple has sold over a half a billion dollars worth of songs. The rest combined barely equal a tenth of that.

If you have to have DRM it has to be consistant and easy to use, and actually have rights not just restrictions.

Re:The DRM factor. (1)

DrEldarion (114072) | more than 8 years ago | (#13447807)

... of course Apple is selling more music. The iPod is, by far, the most popular MP3 player available, and it doesn't support WMA files, rendering the other services useless for iPod owners.

Re:The DRM factor. (4, Informative)

mopslik (688435) | more than 8 years ago | (#13447951)

People have voted with their dollars (& pounds, euros, etc). Apple's DRM is simple and consistant unlike MSFT's which change per song. Apple has sold over a half a billion dollars worth of songs. The rest combined barely equal a tenth of that.

I'd warrant that a backlash against Microsoft's DRM isn't what's fueling Apple sales. More likely:

  1. The iPod is THE "wow" music player to have these days
  2. Heavy marketing by Apple
  3. Songs are cheap

I know a number of iPod owners, an DRM doesn't even cross their minds.

Re:The DRM factor. (2, Informative)

notdanielp (244035) | more than 8 years ago | (#13448076)


Apple's DRM is simple and consistant unlike MSFT's which change per song. Apple has sold over a half a billion dollars worth of songs. The rest combined barely equal a tenth of that.


Consistent? Apple reserves the right to change their DRM on songs you've already bought. Wikipedia tracks some of the changes [wikipedia.org] made to iTunes DRM since release:
          "With the introduction of iTunes 4.5, Apple raised the number of machines allowed to use purchased music from 3 to 5. They also cut the number of times a user can burn CDs of the same playlist from 10 to 7. This adjustment was the result of the renegotiation Apple had with major labels. In 4.7.1, users were further restricted: they were limited to sharing their songs with five computers within 24 hours, rather than the previous five at a time."

Re:The DRM factor. (1)

MrCopilot (871878) | more than 8 years ago | (#13447790)

Consumers may be sheep, but even sheep can be pushed too far and become dangerous to the handler. Dangerous Sheep, Just what part of the sheep are you handling there, son?

Baaaaad Rancher.

Re:The DRM factor. (0)

Anonymous Coward | more than 8 years ago | (#13447822)

Oh god. consumers will be pushed as far as they can be pushed, they wont' do shit. What WILL happen is that another company will see that the customers are unhappy, and steal the customers. That is the beauty of capitalism.

Re:The DRM factor. (5, Funny)

Prophet of Nixon (842081) | more than 8 years ago | (#13447853)

I have actually been chased up a tree by an angry sheep.

Now, why I admit this randomly on the internet, I don't know... In any case, those things are mean.

Re:The DRM factor. (1)

youknowmewell (754551) | more than 8 years ago | (#13447910)

Please, don't mention sheep.

It's a bit insenstive don't you think?

Probably is best not to make any comparisons between sheep and people...

Re:The DRM factor. (2, Insightful)

Duct Tape Jedi (802164) | more than 8 years ago | (#13448153)

Consumers may be sheep, but even sheep can be pushed too far and become dangerous to the handler. Living in a rural area, I've seen that for myself. The same thing applies to people who Microsoft are attempting to push their DRM on. It can only go so far.

If you toss a frog into a pan of boiling water it will jump out.

If you put a frog in a pan of water and slowly turn up the heat you get frog soup.

Re:The DRM factor. (1)

shotfeel (235240) | more than 8 years ago | (#13448696)

And when herding livestock, say onto a truck, you don't just put the truck in the middle of a field, pull down the ramp and start herding them on.

You slowly herd them into smaller and smaller confinements, and by the time they realize they're headed into a "dead end" its too late to turn back.

This FP for GNAA (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13447717)

of HIV and other whole has lost their parting www.anti-slash.org or make loud Vnoises parties, but here number of FreeBSD are about 7000/5 failure, its corpse market. Therefore well-known host what the house Website Third, you goodbye...she had Mire of decay, be treated by your is busy infighting the public eye: National gay nigger 1. Therefore there than its Windows cuntwipes Jordan flaws in the BSD

Just a guess (3, Interesting)

Xerp (768138) | more than 8 years ago | (#13447720)

Out of any software company, Microsoft has the worst security record in history. I wonder if this could have anything to do with it? Just a guess...

Re:Just a guess (1)

Skiron (735617) | more than 8 years ago | (#13447915)

I would say out of 'any company' Microsoft have the worse security record. In other fields of business (finance, banking, stock market, health, manufacture, aviation etc. etc.) with a record like Microsofts' you wouldn't last in business.

V. I. S. T. A. (the real meaning) (5, Funny)

Anonymous Coward | more than 8 years ago | (#13447747)


Viruses
Insecurities
Spyware
Trojans
Adware


Re:V. I. S. T. A. (the real meaning) (4, Funny)

Philip K Dickhead (906971) | more than 8 years ago | (#13447833)

  • Veracity
  • Integrity
  • Security
  • Trust
  • Accountability

Re:V. I. S. T. A. (the real meaning) (0)

Anonymous Coward | more than 8 years ago | (#13447880)

Too bad that not a single one of those words can be applied to Microsoft's products or practices.

Re:V. I. S. T. A. (the real meaning) (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#13447971)

by Anonymous Coward

Too bad that not a single one of those words can be applied to Microsoft's products or practices.


Too bad that you've no idea!

Re:V. I. S. T. A. (the real meaning) (1)

Master of Transhuman (597628) | more than 8 years ago | (#13448312)


Or to Bill Gates in general.

Or anybody else at Microsoft that speaks for Microsoft publicly.

Paid liars, the lot.

Re:V. I. S. T. A. (the real meaning) (0)

Anonymous Coward | more than 8 years ago | (#13447966)

  • Very
  • Interesting
  • Siamese
  • Twins
  • Aprhrodisiac

Re:V. I. S. T. A. (the real meaning) (0)

Anonymous Coward | more than 8 years ago | (#13447986)

Really, your name says it all.

(BTW, CAPTCHA of the day: Recalls)

Re:V. I. S. T. A. (the real meaning) (0)

Anonymous Coward | more than 8 years ago | (#13448318)

  • Very
  • Interesting,
  • Said
  • The
  • Anonymous coward.

Re:V. I. S. T. A. (the real meaning) (0)

Anonymous Coward | more than 8 years ago | (#13448338)

Thank you, Mr. Gates, for clarifying this.

Re:V. I. S. T. A. (the real meaning) (1)

Epistax (544591) | more than 8 years ago | (#13448291)

Virgins
Inpsired
Spew
Timely
Acronyms

Standard MS's bahavior (5, Insightful)

Anonymous Coward | more than 8 years ago | (#13447754)

MS is well known for participating in standards committees, only to subvert the standards in ways to keep the competition at bay. Why should anyone expect things be different in this case?

Re:Standard MS's bahavior (1)

kris2112 (136712) | more than 8 years ago | (#13448683)

Bahavior?

Was that a sheep joke?

Some notes (4, Interesting)

Red Flayer (890720) | more than 8 years ago | (#13447772)

A quick scan of the bullet points on the first page of the article may reveal why MS may not implement:

"Security: ...The reporting mechanism should be fully under the owner's control. "

"Privacy: ...designed and implemented with privacy in mind "

"Interoperability: ...should not introduce any new interoperability obstacles that are not for the purpose of security. "

"Controllability: Each owner should have effective choice and control... their participation must be opt-in. "

Why should MS rewrite all of their business practices based on what their competitors suggest?

I'm not saying that TGP is a bad idea... I'm saying that it is a bad idea for MS.

Re:Some notes (1)

KillShill (877105) | more than 8 years ago | (#13448441)

when the Insidious Computing group denies the owner of the machine their encyrption key, that alone dissolves all the points you brought up.

when the real owner no longer has the key, then by definition, someone else does. and that someone else has an agenda that is anti-privacy, anti-freedom, anti-property rights.

they deny you and me, the owners of our respective machines, the key to enable full access to them.

that is all one really needs to know in order to figure out the destination.

just an aside, consoles (read: computers) also get away with this purely evil methodolgy. they deny the rightful owner of the machine full access to it. you bought the cpu, gfx chip, sound chip, storage mechanisms, but are NOT ALLOWED access to them. i don't know about other people, but i find that so outrageous and so reprehensible, that i cannot for the life of me figure out why they are still allowed to do business in the civilzed world.

i mean after all, people don't rent consoles... they purchase them outright... and what a business model it is: preventing the lawful use of property that is legally purchased.

something to think about.

Why? (1)

imunfair (877689) | more than 8 years ago | (#13447785)

I don't really see why Microsoft would want to stall it - assuming it would allow them to stop piracy of their operating system... Maybe piracy really isn't a big factor for them, and developing this technology would cost them more (plus delay the already late release of Vista)

That said, I'd applaud anyone who successfully fought/stalled/stopped the trusted computing initative - I don't really want someone monitoring me and telling me "No that's wrong, you can't run/do that" or "You can't connect to the internet because your computer/operating system doesn't support the 'trusted NICs'" (You know it will go there eventually...)

Re:Why? (1)

twiddlingbits (707452) | more than 8 years ago | (#13448053)

TCI really doesn't concern your everyday user. It is for companies who have to protect highly sensitive information from disclosure by keeping the systems the data lives on secure. Systems handling finances, classified data, etc. all these can benefit from such an initiative. Just think ig TCI had been used a lot of the recent spate of ID thefts might have been prevented because the system would never have let itself be hacked. Of course, this CAN be taken too far. It's best applied in small doses where it can do the most good.

Re:Why? (0)

Anonymous Coward | more than 8 years ago | (#13448265)

It's obvious why Microsoft wants to delay it but useless asswipes like you are too fucked in their vomit-filled head to stop sucking their own dick for the time required to wipe the cum from their eyes and read the fucking article.

It's not mandatory, is it? (5, Insightful)

NubKnacker (787274) | more than 8 years ago | (#13447835)

Does it say anywhere in the document that the participants of the group absolutely have to implement its recommendations in their upcoming releases? No. So why would MS try to delay it's release?

They've proven it time and again that they can get away with doing what they want not giving two hoots about anyone else's opinion. What makes you think they can't do they same with this even after the document is released?

This story just reminds me of all that Masonry crap and the time I wasted watching documentaries and crap on them.(Because I was really really bored.) Conspiracy theories....pfft.

Huh? (1)

youknowmewell (754551) | more than 8 years ago | (#13447841)

Microsoft stalling best practices? No...

Total Subversion, Vista will have DRM (0)

Anonymous Coward | more than 8 years ago | (#13447866)

This looks like a move to implement full DRM and coerce it on end users, directly in violation of the spirit of the TCG.

Microsoft might just be trying to tip-toe around it so they can implement full DRM by making their software-only implementation.

Who misread the title? (0)

Anonymous Coward | more than 8 years ago | (#13447874)

I misread the title as "Microsoft Stealing". I guess those words just fit together well in my head.

Recently what? (1)

Enigma_Man (756516) | more than 8 years ago | (#13447918)

Editors?

-Jesse

Re:Recently what? (1)

Enigma_Man (756516) | more than 8 years ago | (#13448001)

Nevermind, I see how the sentence can be, it's just extremely awkward.

-Jesse

Re:Recently what? (1)

jaavaaguru (261551) | more than 8 years ago | (#13448249)

I had to read that 4 times for it to make sense. I think this looks a bit better, but still not perfect...

"Bruce Schneier (of Counterpane Internet Security) suspects Microsoft doesn't want the best practices document 'Design, Implementation, and Usage Principles for TPM-Based Platforms' (recently published by the Trusted Computing Group) to apply to Vista. The reasons are mostly speculation at the moment but Bruce implies further investigation will be forthcoming..."

Foggy... (1)

Spy der Mann (805235) | more than 8 years ago | (#13447924)

It seems that the Windows (TM) are a little foggy and don't allow a very clear "Vista"(TM) (view) of the inner workings... we might need an XP(TM)-ert to clarify what's going in. If he can find the help of a "Search Assistant"(TM), the better. Just make sure his speech is not clippy(TM).

Re:Foggy... (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13447967)

Yeah... fucking hilarious, mate...

Re:Foggy... (1, Funny)

Anonymous Coward | more than 8 years ago | (#13448057)

That was terrible, truly awful...

this is an old story, just new players (1)

Fox_1 (128616) | more than 8 years ago | (#13447929)

If you want to keep the standards from impacting your business join the committee that makes them and strangle it in delays and horsecrap. Welcome to big business 101. Kinda like Oil guys working with the EPA, or cigarette companies running Health studies.

The reason is obvious (0)

Anonymous Coward | more than 8 years ago | (#13447934)

They are working on their own document, entitled "Trusted Computing Group - worst practices".

The IEEE P1667 open alternative (3, Informative)

IPAQ2000 (585706) | more than 8 years ago | (#13447937)

Re:The IEEE P1667 open alternative (0)

Anonymous Coward | more than 8 years ago | (#13448035)

microsoft is trying to get vista out ASAP. They even slashed their core features. They aren't going to want anything to compromise their release date... A public outcry about them not wanting to abide by industry standard "trusted computing" model is the last thing they need to cripple their launch.

Re:The IEEE P1667 open alternative (1)

Wesley Felter (138342) | more than 8 years ago | (#13448630)

At first glance, that looks totally orthogonal to TCG.

Why would Microsoft care about a piece of paper? (2, Insightful)

dpbsmith (263124) | more than 8 years ago | (#13448004)

I don't get it.

It's like all the privacy notice boilerplate. There are stories almost every day about companies disclosing information they promised not to disclose.

It all reminds me of the scene in Dr. Strangelove where the President asks how a rogue SAC commander could have launched a nuclear strike, when only the President is supposed to have that authority. And an air force spokesperson clears his throat and says "It appears that General Ripper may have exceeded his authority."

Why wouldn't Microsoft just bull ahead? And when anyone complains, Buck Turgidson will say "It appears that Microsoft may not have followed best practices" and everyone will shrug it off, the way they always do.

Server licences & desktops as servers... (0)

Anonymous Coward | more than 8 years ago | (#13448009)

Let's face it. There's not much difference between a 'server' and a 'desktop' as far as Windows goes. A little tuning and a slight difference in the bundled tools and apps...that's it.

If Vista were given any kind of elevated security status above Windows Server, MS would loose those sales.

TCG? (3, Funny)

Mortal-God (878902) | more than 8 years ago | (#13448093)

I didn't know M$ was trying to get into the Trading Card industry. I see it now: "I tap my Bill Gates and send a monopolistic attack at you loose $2bil points." "Yeah well I summon a firewall to block your attack" "oh but my Bill Gates was equipped with Windows so it gets +50 attack points and destroys your firewall" "good, Windows opens you to attack so I send my WinWorm at you, it will take you 2 turns to clean up that mess"

Too Funny (1)

segedunum (883035) | more than 8 years ago | (#13448205)

The ultimate Big Brother (let's face it, if they can, they will) experiment in the TCG (not that the technology cannot be used for security of course) being one-upped by Microsoft who want to use the technology for their own ends. It's the same thing all the time with Microsoft and bodies of this kind. They join, and perhaps even contribute, then they go away and make their own version that only applies to them.

this is just.... (1)

KillShill (877105) | more than 8 years ago | (#13448239)

refraining to boil the frog too quickly.

they don't want us jumping out before it's too late.

and by us, i mean the folks who haven't a clue as to how Insidious this whole thing is.

i am also partial to Sinister Computing; it has a nice ring to it.

Re:this is just.... (0)

Anonymous Coward | more than 8 years ago | (#13448655)

How about Digital Rights Molestation?

Aluminum Foil Beanie Mode (2, Interesting)

sysadmn (29788) | more than 8 years ago | (#13448305)

What if MS is stalling not because they don't want it to apply to Vista, but so that their competitors on the committee can't implement software only (TNC) solutions? HP, IBM, and Sun all have DoD certified (B2 compliant) versions of their proprietary operating systems. If MS confuses things so that TPC means (only) Intel's hardware and Microsoft's software, they've frozen out AIX, HP-UX, and Solaris until Vista catches up. (Yeah, I know there are B2 versions of NT - you just can't do much with it.).

and so it begins (2, Insightful)

El_Muerte_TDS (592157) | more than 8 years ago | (#13448397)

the downfall of "trusted" computing. The group doesn't even trust eachother. How can we even trust a group like that.

It's So Depressing (2, Insightful)

brokenarmsgordon (903407) | more than 8 years ago | (#13448452)

It's so depressing.

The sad thing is not that a lot of people don't know what spyware or DRM are, or why they're bad. The sad thing is that a lot of people do, yet nothing is really accomplished. The cnet article is good because it raises many important points about the nature of Vista and trusted computing. And it will sit on that server with no fanfare. This will not be an important story to anyone, newspapers will not pick it up and nor will computing magazines.

We will get nowhere beyond this article, which takes no stand; makes only polite suggestions and queries.

``Something is fishy here. Should we be concerned?" A shallow question with hollow convictions and the full-bodied echo of defeat.

Trusted Computing is not about security. We know what it's really about, it's about IP. You don't [apple.com] need [linux.org] an unjustified mess [microsoft.com] to be secure [freebsd.org] . Security is just the excuse. It's about patents and trademarks and copyrights. It's not about security, because security benefits people. Trusted Computing benefits companies. It's about money and control. It's about their control over our money.

The article will sit there and rot and no one will take it further, because no one wants to risk offending the advertisers. No one wants to risk slowing a cashflow.

These kinds of things are vital, important issues. They concern our very rights as citizens and as human beings. The important part of Intellectual Property is not the latter, it's the former, it's about control of the former. Companies -- inhuman, non-being concepts on paper and ink -- subvert the rights of living people to think and explore.

We can do nothing. How do you adhere to your morals and convictions and fight something that will adhere to nothing? We are powerless to affect change and every day more restraints and ludicrous laws are passed on us and our rights are signed away for profit. For the benefit of people already in life's favor.

But it's not a big deal, right? When you're allowed to read a book is a not a big deal. What you're not allowed to say is not a big deal. What you're allowed to even think is not a big deal.

It's so depressing.

does any of this surprise anybody (1)

suezz (804747) | more than 8 years ago | (#13448572)

does any of this really surprise anybody. it is microsoft pretending to be getting along with the industry open standards and then they will come along and make their own so they can lock people in and keep the revenue stream coming in.

now especially with IPTV and all the drm crap they are making with the MPAA/RIAA it is obvious where they are going along with apple. You are obviously going to have to have the platform THEY choose to view their movies/tv.

Umm, I wonder if it will stop with just movies and tv - you think I will be able to install linux on the new vista pcs.

The IPTV and the drm with music and movies is just the DVDCss all over again. You have to have a platform THEY choose for you and if you don't well tough - you can view or buy their content.

Boy who would of seen this coming.

It doesn't matter. (1)

missing_boy (627271) | more than 8 years ago | (#13448621)

From the article:
But there's something fishy going on. Microsoft is doing its best to stall the document, and to ensure that it doesn't apply to Vista, Microsoft's next-generation operating system.
Interesting article, but I'm not quite sure that it's worth while the author's trouble to speculate on "fishy Microsoft-related news". The fact is that when Vista is released, it'll ship with every new desktop and every new laptop that's sold, basically anywhere around the world, and nobody will give a hoot about a speculative paper released before the OS was. Vista will most likely be much more secure than 2000 and XP, and that is plenty enough for Joe User.

Tired of Slashdot conspiracy theories (3, Insightful)

Dangero (870946) | more than 8 years ago | (#13448663)

Is anyone here actually a software developer??? Vista is in Beta 1 NOW, so of course they aren't going to implement any design that was not previously planned. Would any other software engineer expect them to? Of course not! I personally am working on a product that is in Beta and if someone comes to me and tells me that I need to add/change anything, I direct them to the specs for the next release. I mean, come on. An OS is just about as big and complex as software designs get. Do you think Microsoft is really worried about the industry trying to force them to accept this standard? No way! Maybe if the spec came out 4 years ago when they were just starting Longhorn. Not now. It's unrealistic for any OS writer, not just Microsoft.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...