My collegaue Seth Schoen has written an audacious article for Linux Journal in which he calls on the architects of "Trusted Computing" [TCPA|TCG|Palladium|NGSCB] systems -- which ostensibly solve some of the Internet's security problems by adding cryptographicallly secured tamper-detection to the hardware of the commodity PC -- to add a feature that he calls "Owner Override."
Trusted Computing proposals have drawn fire as tools for lock-in and other anti-competitive strategies; Seth's Owner Override allows the owner of a computer to override the Trusted Computing security when it is in her own interest.
For example, you could use Owner Override to tell a "lie" to your bank, which insists that you use Microsoft Internet Explorer to access its website, and convince the bank's webserver that your copy of Opera or Safari or Mozilla is really Internet Explorer. This is possible (even routine) today, but in a Trusted Computing universe, it will be impossible, modulo Owner Override.
Fortunately, this problem is fixable. TCG should empower computer owners to override attestations deliberately to defeat policies of which they disapprove. Giving the owner this choice preserves an essential part of the status quo: third parties can never know for sure what's running on your PC. TCG already defines a platform owner concept. The TCG specification also should provide for a facility by which the platform owner, when physically present, can force the TPM chip to generate an attestation as if the Platform Configuration Registers (PCRs) contained values of the owner's choice instead of their actual values.
APIs and a clear user interface for the override mechanism could be specified by an appropriate TCG committee. Only the platform owner should be able to do this; whenever a machine provides an inaccurate attestation, it does so for what its owner considered an appropriate reason. This change would do nothing to undermine the basic security benefits of the TCPA hardware, including those outlined in the Safford article; you still could tell whether your computer had been altered.
Neglected public payphones in New York City are being turned into “GuyFi” stations: a place where one can rub one out for the sake of “stress relief.” Annalee Newitz reports on the wank booths from a company named “Hot Octopus”… The company reported that at least 100 men used the booth on its opening day […]
You’d be forgiven for thinking the videocassette format long-dead, but it turns out that Betamax is still around. Sony is finally going to withdraw tapes from sale, bringing a 40-year story to an end. The last recorders were sold in 2002. ベータビデオカセットおよびマイクロMVカセットテープ出荷終了のお知らせ [Sony; via The Verge]
A leaked Comcast memo discloses that the company’s consumer data caps have nothing to do with network congestion, contrary to its public claims. The internet service provider has often complained (such as when lobbying against net neutrality) that it must impose limits on service to prevent network congestion. The argument suggests that these measures are […]
Remember back to the time when people thought java was just a hip way to talk about coffee? Or you vaguely remembered from geography class that it’s an island in the South Pacific? We’ve come a long way since then and now that we’ve rocket blasted into the tech future, you’re going to need to […]
Plastic is so 2013. You don’t want to buy something only to throw it away or lose it and barely care. You like nice things and want to hang onto them. The Plazmatic lighter here is a high quality, high tech alternative to the typical cheap, plastic lighter you get at the old gas station. […]
Real engineers build things. Super cool engineers build things with their hands and fingers, like our engineering forefathers did. No idea where to even begin to do that? This step by step Arduino course is now 92% off and is going to get you up and running, from zero to hero, in no time. So […]