My collegaue Seth Schoen has written an audacious article for Linux Journal in which he calls on the architects of "Trusted Computing" [TCPA|TCG|Palladium|NGSCB] systems -- which ostensibly solve some of the Internet's security problems by adding cryptographicallly secured tamper-detection to the hardware of the commodity PC -- to add a feature that he calls "Owner Override."
Trusted Computing proposals have drawn fire as tools for lock-in and other anti-competitive strategies; Seth's Owner Override allows the owner of a computer to override the Trusted Computing security when it is in her own interest.
For example, you could use Owner Override to tell a "lie" to your bank, which insists that you use Microsoft Internet Explorer to access its website, and convince the bank's webserver that your copy of Opera or Safari or Mozilla is really Internet Explorer. This is possible (even routine) today, but in a Trusted Computing universe, it will be impossible, modulo Owner Override.
Fortunately, this problem is fixable. TCG should empower computer owners to override attestations deliberately to defeat policies of which they disapprove. Giving the owner this choice preserves an essential part of the status quo: third parties can never know for sure what's running on your PC. TCG already defines a platform owner concept. The TCG specification also should provide for a facility by which the platform owner, when physically present, can force the TPM chip to generate an attestation as if the Platform Configuration Registers (PCRs) contained values of the owner's choice instead of their actual values.
APIs and a clear user interface for the override mechanism could be specified by an appropriate TCG committee. Only the platform owner should be able to do this; whenever a machine provides an inaccurate attestation, it does so for what its owner considered an appropriate reason. This change would do nothing to undermine the basic security benefits of the TCPA hardware, including those outlined in the Safford article; you still could tell whether your computer had been altered.
David Robinson used the data from the 28,657 people who self-selected to take the Stack Overflow survey to investigate the relationship between programmer pay and the conventions of using either tabs or spaces to mark indents, and found a persistent, significant correlation between using spaces and bringing home higher pay.
It’s the end of an era, sort of: Fraunhofer IIS, the developers of the MP3 audio compression format, announced that they are ceasing their licensing program. In a blog post, spokesman Matthias Rose says that it’s had a good 20-year run and is obsolete. But it’s also true that the decoding patents expired last year, […]
Freddy deBoer writes that he’s been telling the same joke for years about Silicon Valley’s only product, which might be universalized as “At last, a way to verb with nouns on the internet!” But the social-media techopoly is stable, now, and so the venture capitalists have moved on to the three terrible trends that will […]
Even though credit cards now feature an EMV chip for securing transactions, they still have to include the magnetic strip for compatibility with older point of sale systems. Because of this, there’s no way for the chip’s new security capabilities to protect against card skimmers in the wild.How do you protect yourself from legacy-technology-induced fraud? […]
As the old saying goes, “You should sit in meditation for 30 minutes every day. Unless you are too busy, in which case you should meditate for an hour.” Since most of us have an endless list of things to do and people to see, carving out quiet time can feel impossible, especially when most […]
The Bragi Dash Truly Wireless Smart Earphones are far more than your run of the mill Bluetooth earbuds. While the earpiece design makes these earbuds ideal for exercise and activity, and passive noise cancelling is conducive to a more serene listening experience, these buds go well beyond just playing music.First of all, they can actually […]