User Management Inside
Submitted by doc on Mon, 08/01/2005 - 13:54.
it should be no surprise that Apple's Intel Strategy reportedly includes use-managing DRM BS. There is much to be admired and appreciated about Apple; but its paranoia about What Users Might Do and its coziness with Hollywood both come at a price: your freedom.
The euphemism for user management is "trusted computing". Read more about how it's applied in OS X here.
Of course, this really isn't trusted computing at all. It's distrustful computing. It's one more way that you don't own, or control, your own software. Or even your own computer. In a very real way, Apple hardware sold with Intel Inside will be less yours than the computer you're using now. Your freedom to use your own computer for whatever you please will be deeply compromised, just by the presence of a chip that gives the manufacturer a way to restrict what you can do.
Unfortunately, this won't be an Apple "feature" alone. The chance that it won't be addressed by Microsoft's Vista applications is approximately zero.
Which leaves Linux. Naturally.
Maximo Park
Our Earthly Pleasures download english mp3 song - Your Urge, Parisian Skies, Parisian Skies...
john
Cool
I agree with Gruber
Daring Fireball... http://daringfireball.net/2005/08/trusted
I second that.
Totally agree with Gruber.
Buy Macs before Mactels arrive
Take a look here at Kevin's Blog and you may agree with me. Or, at least get the word out.
Trusted Computing
Doc,
** Trusted computing doesn't keep you from doing anything with your computer.
** You have to turn it on in order to reap any benefits from it, encrypted e-mail and securing credit card info, etc. If you don't turn it on, you have a PC with a little chip that doesn't work and doesn't do anything.
** Trusted computing provides an integrity metric and authentication for PCs. It does not CONTROL you or keep you from doing anything.
** There is enough independent research on the web from academia that shows that trusted computing is NOT a "digital rights management" scheme... though it certainly **could** lay the groundwork for DRM given certain other complementary technologies.
** Am I not correct in noting that Linux source code has been modified to support trusted computing/trusted platform modules? I recall reading that this was the case.
I think everything I state above is factual. But that doesn't keep the cant from going out and being replicated that trusted computing is JUST as you suggest it is.
Now here's the really weird part: I think trusted computing presents the GREATEST opportunity yet for Linux to unseat Microsoft within the enterprise by leveraging the hardware/software security that is necessary to secure critical information. Microsoft's dilly-dallying and making a Longhorn far longer has opened a considerable (a-hem) Window for Linux.
Finally, I've just gotta say this. The notion that somehow folks who see trusted computing as a beneficial thing are somehow being duped or that we're all tools of the great machine (not that you've said either, but it's something that's out there) is utter poppycock. The more you really dig into the technical side of trusted computing, the more you come to see as a positive and something that **can** help PCs from being hijacked as drones, **can** help deal with the threats of malware and hassles of adware, and **can** keep my bits from out of the prying eyes of those who would seek to turn them against me.
"Remote Attestation" and content access monopolies
The Trusted Platform Module provides the hardware functionality for digital rights software to provide effective remote attestation and digital key withholding.
Both Microsoft and Apple have plans for media-digital-content-viewers that, at the request of a digital content provider, will not allow the user to view or access specific digital content if the operating system has been modified in certain ways.
Because, for the foreseeable future, it impossible for the digital rights management software to detect if an individual modification to a particular subsystem is hostile to the goals of the demanded digital rights, all software and subsystems relating to the operating system with storage and input to display will have to be digitally signed by Microsoft or Apple before it can be accepted by the DRM subsystem. Microsoft and Apple are effectively locking the user out from changing parts of the operating environment.
Because it is possible for hackers to read digital keys used to encrypt content direct from the computer's memory, the operating system has to be built with the ability to lock the user from being able to access pages of memory used by the mediaplayer and digital rights management system.
OS based Digital Right Management systems are based on the principle of locking the owner of the computer out of the ability to access sections of memory and disk space used by the DRM mediaplayer systems.
Locking the owner out of parts of the computer has become a major security issue.
Microsoft's Mediaplayer, Active-X ( still used with some DRM ), Real's realplayer, Adobe's PDF viewers, Apple's Quicktime and even Microsoft's and Sun's Java JVMs, have in the past had remotely exploitable vulnerabilities.
OS based DRM combined with TPM based encryption along with enviable future vulnerability holes in media access offers the malware/virus/worm creator the ability to hide a virus from any antivirus tool or live forensic analysis. Existing stealth viruses already have ability to hide the modifications it has made to files, going undetected by antivirus programs.
Crackers and hackers always find ways to exploit the code to access or share protected content. There is not a DRM system that has not been cracked within months of widespread release. The focus on the code use d in such systems also comes to the attention of malware/virus creators. The same holes discovered by those who just want to freely access content may possibly also be abused by those wanting to crack into your computer. Similar holes in other types media viewers, the webbrowser and email programs, are increasingly being used for criminal gain by phishers and spyware makers.
Some vendors have also reportedly have in the past purposely left backdoors in the source code to allow access by US intelligence agencies. This has not only become a major issue for other countries who fear spying, since those discovered backdoors quickly become the criminal's frontdoor into your PC.
DRM encryption offers the ability for the malware to store content, and without the keys to decode the content, it is hidden from any forensic analysis.
Hollywood and the recording industry hold an effective monopoly on a large section of popular content. Both Microsoft and Apple are now offering the ability to content providers the ability to demand that users must use unmodified systems to view said content. It lock you out of parts of your system that will inevitably be abused by third parties wanting to abuse you.
NZheretic Aka David Mohring
DRM= no sale
I don't buy music CD's with copy protection; I don't buy music online because of DRM. When Apple includes hardware DRM features in it's new computers, I become an antique computer collector. No new Apple sales to me. Ever.
Cory Doctorow agrees with you
Cory Doctorow agrees with you:
http://www.boingboing.net/2005/07/31/apple_to_add_trusted.html
and so do I:
http://macbeach.blogspot.com/2005/08/drinking-kool-aid-apple-to-add-trusted.html
Ditto Cory
Cory has the best line line, too: My data is my life, and I won't keep it in a strongbox that someone else has the keys for. As I see you used as well. :-)
Of course, leveraging the points made elsewhere in this series, if we applied the same logic to money, we wouldn't have banking.
Still, I agree with Cory on this one.
I want to thank Apple for reminding me of why RMS was right in the first place, and will stay right for the duration.
By the way, this story isn't about What Apple Is Up to, but a war between markets that are open in name only (providing a choice only of closed silos) and markets that are open and free in the deepest sense of both words. That's what customers want, even if the ones busy wanting it are still in the minority.
Jeffsters
"Which leaves Linux. Naturally"...out in the cold.
Apple's use of DRM
Apple is entering the wild world of Windows pirates and cannot afford the 15 to 20% piracy rate that Microsoft can. If Apple is to survive they must use this DRM system to protect their software sales. If they use the system to make cheap movie downloads more feasable, I look on it as a win, win situation. We all know Apple's DRM situations are far less restrictive than Microsoft's.
One step at a time?
How do you know what Apple's future uses will be? Today, locking down MacOS to hardware. Next week locking down data files.
Apple must survive
Apple makes integrated systems - combining software and hardware into a smooth running system unlike Windows.
But, Apple makes the bulk of its profits from hardware sales. Software sales are a drop in the bucket. Thus Apple needs to protect its hardware sales.
With the move to Intel, Apple cannot afford for Mac OS X to be used on non-Apple computers. Thus, Apple is justified in providing DRM for Mac OS X.
I applaud Steve Job's decision on DRM. This is coming from a Mac User who has owned 18 Macs since April 1984.