DRM in Real-Time and Embedded Systems 201
An anonymous reader writes "In this guest column at LinuxDevices.com, Victor Yodaiken speculates on the implications (and potential catastrophic consequences) of Digital Rights Management Passport (DRMP) technology to embedded, real-time, and mission critical computer systems. Quoting from the article: "When a technology gets pervasively embedded in microprocessors, computer boards, and software, it will alter the performance of power turbines, jet engines, medical instruments, cell phones and missile guidance systems. Unfortunately, DRMP technology is incompatible with security and with the kinds of reliability needed in safety critical or mission critical applications.""
the final countdown (Score:5, Funny)
Operator:
Launch System: launch operation aborted, you do not have the rights to "the final countdown"
Missles? (Score:5, Funny)
Damn... (Score:5, Funny)
I still love the smell of napalm in the morning though.
Re:Damn... (Score:2)
Looks like people are still confusing Java and JS (Score:5, Insightful)
It's a valid point, tho. I like some of the workarounds, such as Opera's willingness to throw out all cookies at the end of the current session, if said options are selected.
Still, the author appears rather alarmist; DRM is a licensing technology, not a security technology, as the author stated. Thus, WHY would consumer-grade "hardware" be found in professional-grade medical hardware? That's like buying a Packard Bell for IBM's web server... it just won't happen.
On that note, it'd be interesting to see if Intel/AMD/MS/blah will try to include DRM in "server" versions of hardware and software...
Re:Looks like people are still confusing Java and (Score:3, Interesting)
And what about public funded government controlled institutions such as the NASA? They still use the 8086 chips, even though those are consumergrade, in their shuttles. If it functions it's good. Especially if the materials are cheap.
Re:Looks like people are still confusing Java and (Score:3, Informative)
I really don't think these chips are any different then what you could buy from an electronics store. We performed our own signature and time response testing after replacing anything so they were well tested prior to use.
Re:Looks like people are still confusing Java and (Score:5, Insightful)
Because Fritzie-boy is all hot and bothered to close up the "Analog Hole". That means that NO commodity DSP or processor chips can fail to support DRM. One consequence is that embedded device makers will have to get special exceptions for un-screwed up processors and memory (vastly increasing costs and development time due to red tape). If embedded and real-time manufacturers use commodity parts anyway to control their costs then they'll have to contend with DRM just like anybody else. This is where the defib machine letting someone die on account of a licensing issue comes in.
Remember "professional-grade medical hardware" uses many of the same components as consumer grade hardware. The difference is in how it is configured and even more importantly certified to operate correctly. Mandatory DRM basically means that the well EVERYONE is drinking out of is going to be pissed in by Rosen, Eisner and Fritzie-Boy.
Re:Looks like people are still confusing Java and (Score:3, Interesting)
Plenty of Real-Times on x86's (Score:2, Interesting)
What's wrong with cookies? (Score:2)
I haven't heard a single case in which some valuable information was stolen or some computer was hacked because of cookies - and I also can't imagine a way how something like that should happen.
Can someone please tell me why cookies are considered "insecure"?
How else shall we implement sessions? Query-strings? Awww.
Loss of transparency (Score:4, Insightful)
What's wrong with encoding a session identifier in the URL? You don't have to put it in a query string if you don't want to. The entire URL is available for coding state.
Cookies are evil and software architects need to get that through their heads. Unfortunately, many projects are staffed only with developers and application programmers incapable of a deep analysis of anything.
Re:Loss of transparency (Score:3, Informative)
It never takes too long for the cookie conspirators to come out of the woodwork, does it?
It's just about impossible to know what information is being gathered through the cookie mechanism
Wrong. The only thing a website can put in a cookie is what information you give it, or something they make up for tracking a session. And better than that, you can examine your cookie file and see what is there. If you don't like cookies that are attached to ad images, get yourself a browser that blocks cookies that don't originate from the site you are visiting.
What's wrong with encoding a session identifier in the URL?
Persistence beyond the surrent session? Easy and ubiquitous support in all web development environments?
Cookies are evil and software architects need to get that through their heads.
Riiiight, because you say so. You leave your tinfoil hat on, and 99.9% of the rest of the world will go on using cookies, especially software developers who can deeply analyze that you are full of it.
Re:Loss of transparency (Score:2)
That assumes no exploitable bugs. Not convincing. The 'something they make up for tracking' could also hide a host of evils.
And better than that, you can examine your cookie file and see what is there.
They can make it arbitrarily hard to know what they are up to, and if they are making it easier for other sites to get your information as well.
If you don't like cookies that are attached to ad images, get yourself a browser that blocks cookies that don't originate from the site you are visiting.
I already do this, and make my browser ask. I particularly like the new features where the browser remembers my decisions. Even so, this is a pain, and some site refuse to operate if you make the wrong choice (even crash the browser in some cases, but I haven't seen that in a while).
Persistence beyond the surrent session? Easy and ubiquitous support in all web development environments?
Logins are better for that, and my browser is happy to remember this when I go back. If you want data to persist, store it on your own server, not my client. This has the advantage of persisting even when I change machines/locations.
Cookies just aren't a very good design, and there is great potential for abuse without the user's knowledge.
Re:Loss of transparency (Score:2)
This is just bunk. What "exploitable bug" is going to give some website infomation about me that I never gave them? What could someone put in a session id that I would care about, if I never gave them any information? Come up with one concrete example here please, instead of making up conspiracy theories.
Logins are better for that, and my browser is happy to remember this when I go back. If you want data to persist, store it on your own server, not my client.
ROTFLMAO. You mean to tell me that you don't trust me putting a user identifier in your cookie, but you trust your browser to store your password locally? Time for a sanity check.
Re:Loss of transparency (Score:2)
If you would do a "deep analysis" you would recognize that if you don't trust a website, turning off cookies won't make your credit-card number any safer.
And if you trust a website, turning ON cookies won't make your data any more unsafe.
The effect of cookies on security is zero.
Also, cookies store data FROM THE SERVER on the client, not vice-versa. There are no accumulated risks on the server in any way. Maybe you should do some research (or "deep analysis") before posting such nonsense.
(And don't even dare to weasel out of your incompetence by pretending you meant the accumulating risks on the client. If you don't trust your own computer (which is ridiculous), you shouldn't put any sensitive information on it, whatsoever - again cookies don't make a difference.)
If cookies are /bad/ isn't the point. (Score:2, Insightful)
The actual security (goodness?) of cookies isn't the point here; it's simply that "optional" technologies don't always remain so.
Re:Looks like people are still confusing Java and (Score:2)
Is the market for high-end medical technology big enough that Intel will be building DRM-free microprocessors and the HD makers will be building DRM-free HDs to suit the market's needs? Will this even be possible if CBDTPA passes in anything remotely resembling its current form? (read it yourself and you'll find the answer is NO!).
In any case, the author is better qualified than you are to determine what's alarmist and what isn't, unless you're prepared to discuss the RTOSs you've developed on your own over the years.
not exactly... (Score:3, Insightful)
The DRMP system is based on the premise that unlicensed use of software or data should make computers stop working. You could also argue that bridges should be designed to fall down if someone is detected crossing without paying the toll.
Ok, I don't like DRM either, but that's rediculous analogy. Most people's interpretation of DRM doesn't include making computers stop working if they're running unlicensed software. It's designed to stop a software package from running if it isn't licensed on the machine. I have a really hard time believing that DRM will ever be in anything like heart monitors or any other specially designed hardware. In my opinion, this guy really is just being alarmist.
Re:not exactly... (Score:5, Interesting)
The secret to all of this is that Intel will most likely have a way to completely and absolutely turn off DRM for the chip, because this really would be unworkable for embedded manufactures. Now the task would be for someone to find that capability and distribute it over the internet. This is highly likely to happen.
Is anyone else out there pissed at the fact that they will actually have to log on to the internet to even use their computer? I mean for broadband its ok, but there are a lot of dialup users out there, who don't need to log in right now to listen to music or to watch DVD's.
SECURITY == OVERHEAD (Score:3, Insightful)
Re:SECURITY == OVERHEAD (Score:5, Interesting)
Yep, and virus-scanners are a big pile of poo too, solving a problem that could better be solved by banning microsoft products.
Ever tried to compile an OS while your virus-checker scans each and every source-file in the entire program, each time you access the file?
DRM would be essentially similar: Although you could get admin on your NT box to turn the virus checker off while you compile, a DRM system would have no such facility (i.e. the administrator would be His Billness) and the system would have that very same requirement of scanning every file you access.
Think about it. Think about how long it will take you to check the certificate of every file in even just the linux kernel. It's some factor-of-ten slowdown or so for a virus checker, and will be similar for DRM.
Re:SECURITY == OVERHEAD (Score:2)
Re:SECURITY == OVERHEAD (Score:2)
Geez, the things we think up when we have nothing better to occupy our brains and haven't had our morning caffeine
Re:SECURITY == OVERHEAD (Score:2)
But a properly-written linux virus would know to look for LILO and work around it, just as properly-written DOS BSVs knew to work WITH the boot sector (such as by replacing it with the virus's own working boot sector), not against it, to improve their chances of propagation. The crappy ones just made everything stop working before they had a chance to infect another disk.
The limiting factor for a virus not carried by email is likely to be not technical difficulties, but rather the fact that floppy disks are no longer used much, even for sneakernet, and that people simply don't trade floppies that much anymore (outside of school environments, anyway -- those are still rich stomping grounds for all sorts of floppy-borne boot and file viruses).
anti-virus software != security (Score:2)
Medical Science (Score:2, Funny)
I'd hate to see a scalpel go bezerk in the middle of an operation - curse you technology.
Re:Medical Science (Score:2, Informative)
potentially messy... (Score:2)
Not to mention a laser knife, or one of those microwave or radiation "scalpels".
Oh, the mess...
Something as trivial as a malfunctioning X-ray device could possibly condemn you to a slow painful death in cancer.
Making a law that forces these things to be more complex and bug-prone with DRM would seem like a bad idea to any thinking person.
But I guess the glory of capitalism is that a lot of people doesn't care if a stranger die as long as they make a buck.
I highly doubt drm will be included (Score:4, Interesting)
And for Hollywood, Its not like some hacker is going to go into a hospital and turn a resperator into an internet file swapping server and take down the whole media industry. Come on and get real!
Drm will only be in pallidium systems so Microsoft can make more profits by being the gatekeeper of the internet and all multimedia. Infact pallidium is really not a drm sollution in itself according to their faq but will be used to enforce it. Its already in Windows2000 and WindowsXP.
I am sure Fritz will make an exception for many critical embedded systems if he decides to write another insane and unconstitional law. After all the military can not be bothered by drm when their systems monitor nuclear missles. All he cares about is his big fat paycheck by his employers. OOps I meant contributers.
Re:I highly doubt drm will be included (Score:5, Insightful)
I highly doubt you ae thinking... (Score:3, Insightful)
Please schedule immediate surgery to have the Fritz chip removed from your cerebellum before it is too late.
You have made a critical error in assuming that "Fritz" will have anything to do with the writing of any such law. The "Senator from Disney" did not write the proposed law. He merely took the money from the lobbyists along with the draft of the bill written by the lawyers retained by the concerned industry. There will not be any exceptions to the law - no matter how "sensible or reasonable" an exception might seem.
But let's not get despondent over this after all the bill still has to get through both houses of Congress and signed by the President before we have to worry about it. And once it passes Congress, but before it gets to the President is the time to fix it. Simply borrow a play from the RIAA and insert a paragraph to "clarify existing standard business practices". Here is my proposed "clarification":
No case may be brought before any Court using any section of this Act save by a licensed lawyer who has had a DRM protected override chip installed on their vagus nerve for a period of ten years.
Kind of breathtaking in it's simplicity eh?
Re:I highly doubt drm will be included (Score:5, Insightful)
Even then, it's doubtful if it will matter with many embedded real-time systems. And it ain't
gonna matter with consumer equipment, either. There will simply be massive "civil disobedience" and it will be roundly ignored.
There is an obvious precedent for this: In the early 1900's, laws were passed all over the US to prevent the use of automobiles. Speed limits of 5 mph were passed. Several states had laws saying that an auto had to be preceded by a rider on horseback. Others passed laws requiring that if a horse was nearby, an auto's engine had to be turned off to avoid frightening the horse, and left off until the horse was gone.
Such laws were simply ignored. Few if any policemen were silly enough to try to enforce them. They could be used occasionally for harassment purposes, but for all practical purposes, they were just the last gasp of a dying technology.
One of the fun legal things is that such laws are still on the books in many places. Almost all citizens are criminals. Nobody worries about this, for some strange reason.
Similarly, the recording and entertainment industries will come to terms with the Net. We will have the right to record things and play them later, or in our car or at a friend's house. We will have the right to back up our disks. We will have the right to upgrade our hardware and play our old purchased recordings on the new equipment. Attempts to stop this will simply be ignored, as the anti-auto laws were ignored.
And we will all end up criminals. But that's ok; if you're driving any sort of motor vehicle, you are probably a criminal already.
Re:I highly doubt drm will be included (Score:3, Insightful)
And that would cost Hollywood how much from the few people around the world who have enough time and a lab to build one? As it is hollywood is down only %9 this year of what it blames on piracy. How many millions of systems out their run kazaa or gnutella?
Now imagine lets say only 100 homemade computer? The piracy caused would be not even be seen due to rounding errors.
I admit the real pirates in China will make systems specifically designed to burn several hundred cd's an hour with non drm chips but they will not be made in the USA but in China or Twaiwan. Either way, real pirates will continue to pirate and these embedded processors will remain drm free. That or perhaps the cpu's will be bought oversea's at the expense of American jobs.
Positive use (Score:5, Funny)
I can't believe it... a last a positive use for DRM hardware !
Eventually... (Score:3, Insightful)
At a certain point we wont even know what is the truth, and wont have the digital rights to find out... or tell someone if we do....
Though when i first started preaching we didnt have the cute phrases such as DRM, but the concepts were there.
1984? He was only off by the year.. more like 2004 is a more accurate guess.
Re:Eventually... (Score:2, Interesting)
nurb432 is correct, though perhaps not quite in the draconian way he intimates.
The folk who pay the bills and want to make money in their businesses have a problem with the internet: they require a way to authenticate who people are (or more accurately, who belongs to the money).
The era which people (and their machines) can operate anonymously is coming to a rapid close. (although this may work with psuedonyms). The amount of fraud and cheating that occurs on ebay, on-line gaming and even how well google operates (and how it spoils the benifits of same) are but the tip of the iceberg of the impetus to bring authentication to the internet.
To those that believe that those god-like hackers will always be able to circumvent restrictions are dreaming.
Consider the following scenario: Wireless becomes pervasive, computers become cheaper and more ubiquitous - your typical consumer has a choice between a $0.50 internet connected player that comes as a prize in a cereal box and uses their DCMA account and spending $100 dollars for a hacked player that has to be constantly updated to circumvent the dynamicall downloaded encryption schemes - or playing on hacked on-line game vs a non-hacked DCMA version, or using a version of ebay where users are accountable for their behaviour, or a version of google that indexes only those pages where the source/nature of the content is verifiable?
Which will the typical consumer choose?
Walking into a store with a mask over your head is not acceptable in the real world, it will soon not be acceptable on the internet.
This brave new world also scares the willies out of me...
Was it Frost that wrote:
This is the way the world ends, This is the way the world ends,
This is the way the world ends,
Not with a bang,
But with a whimper.
P.S. Please tell me that the nurb in nurb432 doesn't stand for Non-Uniform Rational B-spline....
Re:Eventually... (Score:2)
Re: (Score:2)
Five years after pervasive deployment. (Score:4, Funny)
Hillary Rosen had warned China of the implications of the nation's failure to address music Piracy.
"We warned them there would be severe implications, especially after our merger with the BSA brought software piracy under our jurisdiction."
The RIAA used the Digital Rights override software installed in all US computer systems to launch 12% of the US nuclear arsenal at strategic locations in the piracy prone nation.
"We have to protect the profit margins of the music industry. Musicians have a right to profit from their work, no matter what any one government wants."
When a CNN reporter brought up the potential legal implications of such a move, Ms. Rosen replied, "I don't think that's an issue. If I, or any other member of the RIAA is arrested, the President's pacemaker will automatically disconnect, as will the embedded medical devices in the bodies of half the US Senators. We will simply revoke the digital rights of those devices, thus rendering them inoperable."
Not funny (Score:3, Insightful)
The truth about the USA (Score:2)
>the interests of the people who vote for you
The moment I read that line, I knew you were not from the US.
Have you seen the Robocop movies? All three? I know, the second was lame at best and the third was downright pathetic, but take a look at the way they portray OCP, the Omni Consumer Products Corporation.
Seems out of control, right?
Wrong.
The USA is not run by the citizens, it is run by the Corporations and the people with money.
Americans have been well trained to believe TV over all else. It is a nation of Sheeple, not people, sheeple. The one with the most money wins.
Most Americans know this or are in denial. Why do you think the percentage of eligible voters who actually vote is usually in the single digits?
Corporations have all the power.
And as for your belief that the same big money interests hedge their bets by donating to both parties, you're right. Microsoft gave to both the Gore and Bush campaigns, and I'd wager the cash given was roughly comparable in both cases.
Give money and you're buying access to an elected official. Plain and simple.
The concept of the USA being a democracy or republic is long dead. It's a fallacy believed by the foolish, the uneducated, the mentally challenged and those in denial.
Corporations run the nation, and the only force that can ever stand up to them are the politically connected special interest groups. However, they will never do so, because it would hurt them more than it would help them. Why would a special interest group take on a corporation and lose it's funding in the process?
The anti-trust laws exist for two reasons.
1. Give the impression that the government gives a rats ass.
2. To try and prevent a single corporation from being able to simply toss out the government. The 800 lb gorilla wants to keep all the other gorilla smaller. Of course it doesn't work that way. There are corporations with more power than the government, but the government has the guns and it maintains the laws that keep order, so it is tolerated by the ruling corporations.
Welcome to America. Be a good little consumer. Bend over so the corporations can have their way with you. Don't complain or a lawyer will get medevil on your ass.
Re:The truth about the USA (Score:2)
I kind of liked the TV show better. It has a real comic book feel that makes it more funny than just cynical.
I'm not that cynical about the political process either. Yes, there are way too many blatant abuses not to be alarmed by the posibilities, but there are good people trying to do the right thing as well. Don't tar all of them with the same brush.
Re:The truth about the USA (Score:2)
There ARE good people, and a few good elected officials.
Revolution is always possible, if the population rises up, and there's always the chance of someone else marching in and tearing up the nation.
What is now, will pass away, for it is the order of human affairs that nothing remains forever. Knowledge will be lost, and have to refound. Freedoms will perish and rise again from the ashes of oppression. The noble and admirable among us will lead us to greater things, but only after they have saved us from total oblivion.
When, where and how the old is destroyed is unknown. It is arrogance for any nation to believe it possesses the fortitude to endure forever. As mighty and well armed as we are, we do not have the endurance of the Roman Empire, which fell in its turn.
Perhaps the order we see now will endure for a thousand years or more. Perhaps less than ten. We will not know when this will end until it has ended.
Hm... (Score:3, Funny)
Is this another Y2k? (Score:2)
Where {blah} = y2k, now {blah} = DRM
Now I'm entirely AGAINST what DRM stands for, but that particular comment won't win any supporters after Y2k used it up.
Y2k (Score:4, Insightful)
Remember the 105 year olds getting the letters telling them it was time to sign up for kindergarten? That was a y2k glitch. On 1 January 2000 I visited the US Naval Observatory's Time Site and was informed that the date was 1 January 19100.
A cousin of mine was pulling a low six figure salary from 97 through 99 fixing COBOL systems. The bamks/hospitals/etc spent quite a bit of money fixing the systems.
Re:Y2k (Score:3, Insightful)
The fact that you never programmed the TIME into that embedded controller never seemed to occur to anybody.
Neither the Naval Observatory NOR the 105 year old folks had issues as a result of an _embedded_systems_ failure, which is what this thread is about.
Re:Y2k (Score:2, Funny)
DRM - Why? (Score:5, Insightful)
I know I'm an old hippie, but I really believe that if Microsoft and Hollywood spent a fraction of the resources they're throwing at DRM solutions into creating a workable micropayments system for the web, and IP owners started selling their goods at reasonable prices, they'd be minting it in no time.
When VCRs first appeared, Jack Valenti decried them as the spawn of Beelzebub, and foretold the death of the movie industry because of home taping. What happened? They now make more money on VHS and DVD than they do in the cinemas.
And just to prove that piracy *isn't* an issue - the release on DVD of Harry Potter *without macrovision* was the biggest ever DVD release at the time. How come, if everyone was just waiting to pirate it?
Re:DRM - Why? (Score:2)
...then the RIAA and friends would be unemployed very shortly. Micropayment allows individual creators to sell their work directly to consumers without needing middlemen like producers and distributors and industry associations. Why in the world would the big entertainment moguls want that to happen?
Re:DRM - Why? (Score:2)
(I didn't care about it one way or the other, therefore did neither.
Go ahead and Jump (Score:5, Informative)
1. Most military gear does not use off the shelf CPUs. An example - F/A-18E/F - while SuperHornet uses armored Cat-6 cables and PowerPC chips, they are specially made hardened chips for military and commercial sat applications. F/B-22 uses 486s as does F-15E but they are special 486s that come out just for military applications. If you sell a part to the US military for a system, you must produce that system for 15 more years. Since the new F-15Es for the US/Israel/Korea are just delivering now, one can expect 486s without DRM for a while, since F-22 may be in it's current model production until 2011, expect 486s until 2026.
Parts for missiles and PDAs sold to the Military are under the same rules.
2. Medical equipment - Usually use embedded OSes and Dragonball, 486s, ARM or Mot 68000 series chips, not the latest and greatest from Intel/AMD. They sure won't be running Palladium. I found that arguement by the author to be, well stupid.
3 I had another point, but I've got to go to work, and I forgot it. Sorry.
Re:Go ahead and Jump (Score:2)
Okay, in that case, I patent your third point. Now cough it up butthead, or smell my DRM homing missile !
Re:Go ahead and Jump (Score:3, Insightful)
The thing is embedded systems are now expected to do a lot more. They need to route packets act as web servers have embedded databases, in many ways act as embedded PC's. x86 processors are very good for this.
So what is intel going to do? develop a embedded x86 without DRM? How long before PC's etc start coming out with that chip instead of the crippled version.
Re:Go ahead and Jump (Score:2)
Well, they are allowed to kill people, break the speed limit, carry concealed weapons, etc etc...i`m pretty sure the public doesn't really give a shit if they are using chips which could be used to copy mp3's!
Re:Go ahead and Jump (Score:5, Informative)
Mil-spec parts already cost several times the amount of their commercial brethren, because that guaranteed reliability costs money. If you force mil-spec (and industrial) parts to be designed from scratch, the cost will be at least an order of magnitude greater than that--separate R&D, separate fab process, etc. Making 1000 DRM-free ARM processors is unimaginably more expensive than making 1,000,000+.
No, these embedded processors don't currently support DRM. The author's (persuasive) argument, though, is that if DRM becomes the new paradigm for hardware and software licensing, there will eventually no longer be commercially viable computing devices that do not support it. The military, and those industries that can afford it, will go the custom-designed route in that case. However, DRM will add a high cost burden to those operations.
Re:Go ahead and Jump (Score:2)
I find your assertion that the author is stupid to be, well, perhaps "a underinformed" opinion.
Boiling a frog (Score:2)
The part about ABC and XYZ word processor (or insert any content editing program) is very persuasive and will be the first place we will see this pushed beyond sensible limits. Many people will still say "shut up and use MSWord". Once it gets to this point it may already be too late.
My hope is that by raising awareness through intellegent articles like this one, more people will see the extent of the risks. The fact is that the kind of pervasive DRM that is being pushed is incompatible with many applications, and as the engineers designing these systems begin to understand the issues, they will apply "due diligence" as described in the article.
If the extreme DRM approach wins in the marketplace, we will all suffer from the kind of thing described in the article, and more. At the very least, it will increase the cost of developing and deploying the kind of critical systems described because they will lose access to a lot of commodity technologies because of these concerns. What will emerge is two technology worlds one with and one without locked in DRM controls.
IMHO, the DRM side will lose because of all the unintended consequences of their badly implemented technology. It's a monopolist's approach, and the real strength of PC hardware is the competitive markets for all the component technologies. The worry is that we will all be happily resting in the warm water before we realize it is too late.
Re:Go ahead and Jump (Score:2)
It's interesting that originally imaging systems used custom developed hardware, with multiple chip image processing subsystems etc. Now they use off the shelf hardware.
This trend is everywhere, embedded systems use more powerful chips as more powerful chips get cheaper. Even devices such as ultrasound scanners are using higher end and more powerful chips.
I think the clash will happen eventually, so I don't think it's that reactionary.
Re:Go ahead and Jump (Score:2)
So what is your point?
That all life will end before 2026 and worrying about anything after that year is pointless?
The ridiculousness aside (486s are useless today for normal use), why is everybody so shortsighted?
You understand neither DRM nor the article (Score:2)
For you and others, let me repeat that: Every component has to be DRM enabled, fulltime, or the system is insecure.
This eliminates your point 2, that medical equipment uses 486s, Dragonballs, etc. The OS is unimportant; the chip is unimportant. Each component has to enforce DRM or there's a security hole. It's all or none. This is another reason to dislike DRM, it forbids Linux and all other source-available OSs, in fact, it restricts what software you can run. But back to your point 2, ARM is used in PDAs, so it has to support DRM. Every component that can connect to other components has to be DRM enabled. Every component has to reject connections to non-DRM-enabled components. The medical system would have to be isolated from the rest of the world. So much for downloading new versions of software easily.
As for point 1, the military is moving to COTS (Commercial Off The Shelf) components precisely because the pure military market is so small. Imagine the per-unit cost of buying a thousand processors of a couple of hundred airplanes, when the development cost is just as high as a commercial processor. You thought $600 hammers were bad! Ha!
Re:Go ahead and Jump (Score:2)
there are only two operating systems allowed in JTA - Windows and Solaris. And the latter one was because they had no way around all the folks with Solaris boxen....
So - i'm sure you're asking "wait - what VERSION of Windows?" Ha. That's the funny thing. NT 4.0 is the latest supported Windows - actually.. my data is a bit dated, so i'm sure they're all the way up to W2k by now.
But bear in mind - when we would ask questions like "what version" they would say something nonsesical like "WNT 4.0" - but they'd not specify Service Pack, or what other softwre was included with that.... so it was really a meaningless stance that they took (i think the navy calls their initiative Navy 2000 or something..)
In any case - beyond the fact that they are locking out all competition to MS, here's the comical part... or maybe no so comical, depending upon your point of view.
NSA has outright BANNED XP... for good reason, obviously... between DRM, Product Activation and whatnot... oh, and the untold data that is collected to "give you a better user experience" - NSA has said forget it.. no way, no how are you going to do XP, military. They were dragged mid-lasts year into W2k - but i think that was mostly because the number of GSA folk selling NT 4.0 licenses have gone to 1 approved. ha.
In any case, all manner of weapon system, mission critical systems, etc are running Windows. As time passes, and more and more systems are a) going to have to be upgraded to run under XP b) contractors are going to have to install illegal copies of W2k and NT 4 (not going to happen) c).....
its the C that was don't know about. NSA is insistent that no one run XP. Great - so, when i go to buy some new machines next year, and they still haven't approved XP, where exactly am i going to get all these W2k licenses? The ones we have for our current machines are all tied to the BIOSes of our current machines - so i can't just move those over...
Sometime next year, this is all going to come to a head - someone is going to have to cave - and it will be the Military.. they will cave and give up mass amounts of data to Microsoft....
and you'll start seeing weapon systems, mission critical systems that are going to have to go thru the fun of product activation - which means if you have a guy, say in AFGANISTAN who had to field replace a computer, but migrated over the hard drive - he's going to have to call microsoft to ensure that his field intelligence systems are properly connected to the internet (right) or get on the phone with MS to get an activation code.
the military is going to have to come up with a solution soon - or else that boat that had to be dragged back to shore will be nothing compared to a system that wants to be product activated after a rapair/replacement in the field.... and it just stops working.
Military folk do not have the option - not at the working level.. so the idea that this may not happen because a couple of airplanes don't run Windows is naive - in fact MOST everything, from satellite control to security control systems to lots of "evil" little programs are all based on Windows. Do not be fooled - almost every non-airplane system in the military has solitare.exe preinstalled.
and the PHGs (pointy-haired Generals) who make these decisions in apparent vacuums have and will continue to mandate things like what operating system you should be running on your new systems - all in the name of "interoperability"... and not leaving it up to the engineers to decide what will be the BEST way to do it, not just the one that gives screen shots that they are used to seeing.
I must be missing something... (Score:2, Interesting)
Yes, yes, I know he sort of addressed this in the article, but not very well. These sorts of things seem to be specialized enough that if you have to have non-DRMP'd chips and none are available, you spec new ones and have them made. Makes it more expensive, yes, but not prohibitively so.
Gotta go re-read the dratted thing I suppose, but right now looks like flag-waving FUD to me. About DRM. Heh. No wonder slashdot posted it.
Hmmmmmmm (Score:5, Insightful)
A piece of code that runs behind the scenes and can stop the user accessing their data or even stop the machine from working at all. Didn't we used to call those Trojans?
Stephen
Tojans (Score:2)
Absurd! (Score:5, Insightful)
Not so fast there. With the possible exception of the cell phone, none of the systems you've described have any application whatsoever to digital rights management and the idea that DRM code will "somehow" find its way into every IC / processor, even when such application is utterly useless and contrary to the design constraints (and adds substantial costs) is simply unfettered paranoia. Code doesn't just "appear" by itself and attempts to push meaningless extentions of technology into areas which may risk lives is not going to happen. I can assure you that Boeing's fuel management control systems are not built from parts purchased at pricewatch.com, the differential resonance processor in an MRI isn't a .Net Managed Code resource, and the Navy isn't sourcing on-board trajectory guidance modules from RadioShack catalogs. Legislation that attempts to make that happen isn't going to fly because it would cripple the very industries that rely on technology to succeed and form the heart of Western industry. Even the worst case, the one you've predicted, isn't that bad; we'll just do like we always have -- if they build a higher wall, we build a taller latter. It's simple, really.
Look, I don't want to dismiss your ideas outright. In fact, I share your feelings about DRM -- In its present form it only protects the rights of the corporations, not the rights of the consumer. (In that regard, it should be called "Digital Restrictions Management.") However, this article furthers the same "idea taken to an extreme" paranoia that made people worry whether their car would start Y2K morning.
So relax; take a deep breath and go find something substantial to worry about. There are enough big problems out there without sweating the details of something incredibly unlikely to affect the world in the way you've described.
Re:Absurd! (Score:2, Insightful)
We are talking about something that could be manadated by Congress. These are the people who passed a law that (if the courts hadn't struck it down) would have made it a federal crime to say "fuck" on the net. So the question is not "should I be paranoid", it's "am I paranoid enough".
Absurd not. Be alarmed. (Score:3, Insightful)
So why is it that every major chip maker is coming out with DRM when there is NO "consumer" demand? DRM is univerally loathed and no one wants to buy it. The reason is that it's being pushed by publishers, who have displayed their greed before, and the chip makers themselves who would love it if everyone had to constantly buy new equipment. It's not economic! It will cost more, it's performance will be poor by all measures and no one wants it. Yet it is hapening.
If the chip makers can get away with it on your PC they WILL get away with it elsewhre. History shows that todays big iron is tomorrows embeded system. If they can't, they will continue to push legislation that forces it. In the mean time, it's much easier to push DRM onto closed boxes that few people other than embeded systems designers ever examine or care about. EVIL. Cars, ironically, are a great example of demand for gimped up systems that defeat the end user. Yes, in the end those gimped up systems might refuse to start a perfectly sound engine. The author is entirely informed and correct.
Comparing this to Y2K hysteria is at best ignorant. The alarms should be loud and clear. "Digital Rights Management" IS and extreem concept on it's own. The whole idea of you being deprived of control of YOUR machine because you might "steal" a look at your entertainment without paying a fee to a publisher is a radical concept impossible to impliment in the past. Libraires will not be possible if DRM takes hold and is accepted. DRM will be used to impliment the DMCA's non reverse engineering clauses for embeded systems, regardless of performance because clueless executives make up for their ignorance with greed. The author's insight into performance issues for embeded systems and how it will happen is a useful thing to consider.
Re:Absurd! (Score:2)
Re:Absurd! (Score:2)
This is not alarmist, there are real issues being raised. Even he would admit that some of it is rhetoric, but this doesn't diminish the points.
DRM(P) (Score:2, Funny)
This is the most important paragraph. (Score:5, Insightful)
Bold is mine. This will not just apply to software, it will apply to everything. Music, books, art, etc. The list goes on. Anything that you create now, even if it is for your own amusement, will be shut down by Digital Restrictions Management. This is just one step in the control of *creation of content*.
Entertainment companies do not want to just control all of their content, they want to control ALL content. You will need to register with 'a third party' for a signature to release your *own works*. Of course, to keep the sigantures from just being owned by 'anyone', they will be prohibitively expensive. You will be unable to compete with the entertainment companies, the software companies, and all others. You won't even be allowed to release your own works of art, music or writing.
Somehow I doubt that a themometer will be allowed to shut down anything, in law or in practice.
It is the independent creation of content that is being threatened, and don't you forget it.
automotive thermometer - halt (Score:2)
Don't forget the practical implications of hardware and software enslavement. The author points out the practical considerations. You have pointed out the loss of a free press. The two are equivalent and one will invariably lead to the other.
Consider an automotive emmisions control computer. It may refuse to start your engine if it's last recorded information indicates that the engine will polute. Oh yeah, that might be codified in future laws to enforce exitsting laws on polution control so that break tags and inspections become redundant. Sounds good? The state, we can be sure, will continue to exact yearly fees to own such an automobile, perhaps to combate software "fraud" like fixing your car or examining it's computer without the appropriate licenses, certifications and equipment. Can you imagine a world where people used to just fix their cars in their garrage? Ah!
The code in such embeded systems will be designed to make you buy a new car every four years. It will invariably refuse to start if you miss a monthly oil change a yearly check up or you car is just older than five years old without a huge fee.
Right now so much as release of information on the correct interpretation of diagnostic codes is being debated by lawmakers. Do you think those folks have a clue as to what is comming? The people who gave you DMCA and are considering forced DRM have no clue about such implications. Continue to sound off while you can.
Content creation is important as it allows us to create free software that maintains user control over equipment. It also enables us to make our case for such things being a good thing to begin with. The second is an old and well know benifit of free press. The first is new, but vital for the second to be true as you point out.
Re:automotive thermometer - halt (Score:2)
Imagine the result when the smog-prevention chip refuses to let an ambulance or fire truck start. Imagine the cost to taxpayers when they're forced to fund new vehicles on a regular schedule rather than on an as-needed basis.
It sounds ridiculous and unworkable, and everyone will hate it, but that's never prevented gov't from going gung-ho down such a path in the past, and it certainly isn't stopping the tech industry in the present.
As to free press, in Iron Curtain days, printing presses and typewriters were required to have a print sample on file, so people who wrote or published unpermitted works could be readily ID'd and prosecuted. A DRM chip would have made the state's job SO much easier...
Re:This is the most important paragraph. (Score:2)
Re:This is the most important paragraph. (Score:2)
Get a law passed forcing DRM and goodbye freemarket and its ability to correct in this situation.
Perhaps market realities will impose themselves EVENTAUALLY- but you can't count on that being any time soon.
This is why DRM will fail (Score:5, Insightful)
This is also why Palladium will also fail. Microsoft has said that to be useful, Palladium must run on 100 million machines. In order for it to be useful at all, it must fault towards false negatives (i.e., if it thinks something is wrong, it prevents execution rather than defaulting to execute). Assume that a)Palladium works properly 99.9% of the time and b)that each person tries to run a Palladium enabled program one time per day. Even working 99.9% of the time, there'll still be 100,000 errors per day (and we assumed that each person only tries to use Palladium once in a day, too). Because of the way Palladium works, these errors can't be corrected in house, meaning each person must call Microsoft HomeBase (or internet in, if Palladium lets them) and have the error corrected by a person. This process won't be automated by definition, otherwise it could've simply been part of Palladium itself.
Suppose Palladium shits and dies on you while you're trying to do a presentation of your big proposal? Suppose IIS shuts down your business site on the day after Thanksgiving? This isn't something you can fix yourself, you have to fight 99,999 other people for the phone lines to get the error corrected. There's just too much risk using this sort of scheme even in the business world, much less in mission critical embedded processors.
Learn from History from the Greatest President (Score:4, Insightful)
Republic is destroyed."
--U.S. President Abraham Lincoln, Nov. 21, 1864
Signal Faded (Score:2, Interesting)
So does this mean that if I'm driving into New York while talking on a GPS enabled cell, the DRMP in my fancy new phone is going to detect that I don't have the right to be driving and disconnect my call?
Marines and DRMP (Score:4, Funny)
He underestimates the military, take the Marines for example, they are men who solve problems by eliminating their causes. After the first instance of this happening the word will spread quickly in the software developer community of how a bunch of angry Marines showed up at Microsoft HQ (DMRP division) and rammed armed stick grenades up the developers Rectums before pulling all the pins with a string (Paralell processing).
Re:Marines and DRMP (Score:2)
DRM not the only use of TCPA (Score:4, Insightful)
However, his contention that the only use for Palladium/Trusted Computing Platform technology is DRM is wrong. It could be used, for example, with the Brazilian voting machines, to make sure that what you think is the output from the voting software really is. Without keys protected in hardware, you can't be sure. With TCPA, the output from the software (over the net or on floppy disk) can be signed with a chain of keys right down to the hardware. Without hardware help, there's no way to hide keys on remote systems.
On a less serious note, you could be sure that your opponent in a network game is a person, not a gamebot.
That being said, DRM would still be the #1 use for the technology.
Re:DRM not the only use of TCPA (Score:2)
The output from the voting software will be whatever the people who control the DRM system want it to be.
And once the DRM system is compromised, you won't even know who controls it.
Re:DRM not the only use of TCPA (Score:2)
Re:DRM not the only use of TCPA (Score:2)
The hardware can always be fooled -- I can open up the "real" keyboard's hardware, wire it up to send the signals I want to transmit to the rest of the machine, and provide another keyboard (hooked up to intermediary hardware) that the user sees and uses -- in short, a man-in-the-middle attack. The same can be done on the output side; there's no guarantee that the hardware signing the input is really the hardware that the user is touching.
I designed and built an online voting system for CSU, Chico; I've given the security of these things a lot of thought. Simply put, it can't be done.
Does this mean...? (Score:2)
Some of this idiocy should begin mitigating when campaign finance reform kicks in next election cycle. I just hope it's not too late. Does anyone want to take odds on whether there ARE elections in 2004?
Look at the footnote.... (Score:2)
Footnotes:
3.TPCA says that the hardware device that stores and handles encryption can be turned off locally. However, what this will mean in practice is that any DRM sofware will detect failure and refuse to operate.
So if I am running Linux (which doesn't give a rats ass about DRM) turning off the hardware won't matter to me as NONE of the software I run expects any DRM hardware to be in place. Same thing with an embedded real time OS running in a medical instrument or in my car, etc.
Re:Look at the footnote.... (Score:2)
The article is FUD, pure and simple. (Score:2)
LEGAL LIABILITY
I wouldn't be surprised, also, if some of the mission-critical applications that the author claims may be affected are covered by explicit legal requirements for certification which will proscribe the mischievous addition of functionality which is both unrequired for the operation of the devices in question and which by its presence will undermine their reliability and safety.
By all means sound the warning bells when some of these bought toyboys introduce particularly inept legislation, and use excessive scope in their proposals to argue that they and their corporate sponsors are too stupid and self-interested to be permitted to decide on these matters, but don't pretend that just because one interest group has its head pushed so far up its posterior that it resembles a klein bottle it will be allowed to get its own way even if the result is that aircraft may start dropping out of the skies. All that does is to play into the hands of the content-distributors' efforts to portray their opponents as turning hysterical now that someone is finally doing something about their thievery.
Re:The article is FUD, pure and simple. (Score:2)
Papermill refiner : ( converts wood to chips )
Software function : select correct pressure for rotating plates to keep them 1-2 mm appart.
Energy used : 70 Megawatts
Consequences when the thing fails
Multiton Iron Plate Go Rolling Across Control Room, Killing Operators ( it happens )
Hardware used : Consummer grade PC. ( from the local shop, no joke )
Now, these thing are pretty stable these days. However, to do the high-level control, regulars PC are used doing various anaylsis on the signal. Fourier transforms, cross-corelations. About all mathematical anaylsis is used to keep those plates at the optimal place. The energy used is the main cost for running the papermill.
What if the input signal from the refiner happens to have a patern that matches DRM signature ? Well, the PC will just prevent a fourrier analysis on the data. Best case, the lowlevel embedded stuff will do its job, and you have a refiner running with non-optimal settings that will cost a few tenths of cents per ton of paper. Worst case, this disruption in the control system cause a break : at least 1000000$ damage maybe deaths.
Sorry to burst you bubble, but the walmart PC is actually used to control dangerous machinery, and often the task it does is signal analysis. That is the exact thing DRM is targetting.
Re:The article is FUD, pure and simple. (Score:2)
There is no reason to believe that after the bill becomes law and the recommendations of the Broadcast Protection Discussion Group (try googling for "Plugging the Analog Hole". You know how to use google, don't you?) become law and regulation, that non-DRM processors (or DACs, or several other classes of electronic component) will be available in the US.
Need a better logo (Score:2)
The picture should have a fat white man's legs and ass with his pants down around his ankles. His pockets are stuffed with money and congressmen and he's taking a shit right on top of a copy of the Constitution. That would be a better icon than a hand with a microphone.
Computer industry might LOVE this. (Score:3, Insightful)
The computer industry is currently reeling from the high degree of competition that has been brought about the commoditization and universality of the PC architecture.
In the bad old days, IBM deliberately kept product lines separate and incompatible so that they could segment individually manipulate different groups of customers. Certain product lines were arbitrarily designated for certain classes of customers (small business, large business, scientific, etc.) If competition developed in one area, they could cross-subsidize and lower prices for that group while raising them for another. The victimized group couldn't do much, because migration to the more cost-effective hardware was too difficult. High margins were maintained.
With DRM, we can foresee a return to the golden days of yore. If DRM makes computers useless for applications where security and high reliability are required, voila! we have market segmentation.
We could have cheap consumer PC's with DRM in them, basically unusable for many applications for the reasons so clearly articulated by Yodaiken.
This would, of course, create a market for exactly the "very expensive nonstandard hardware" he talks about.
Vendors could make high margins on products like "medical computers," knowing that hospitals did not have the option of migrating to commodity consumer PC's.
Forget the military, business is in danger (Score:2)
No, it's not the military that should be fighting against this. It is every IT department on earth. Why would ANY business ever buy a piece of equipment that permits an outside entity to muck around with it, or even disable it? In this nightmare future, there is no such thing as a "production" system, because entites outside can change or disable the system configuration at will.
Defenders of this technology say, "Yes, but they won't do that." Maybe not, but how can you be sure? What if you are in a business that competes with one of your own vendors? Obviously, such conduct would be illegal, and, as we all know, companies never do anything illegal. Also, this is an exciting new opportunity for a DoS attack. Suppose you have a production server that allows file uploads for legit reasons? If people upload improper content, no biggie, you just delete it, right? Not anymore. Someone uploads a renegade copy of Sierra's "Cooking Light" software and BAM! One of your production servers shuts down.
Now I realize these scenarios are unlikely, but my point is that they are not impossible. And that alone should scare the excrement out of any CIO.
Besides, its not all that unlikely. Let me tell you a little story from my own personal experience. I worked for a "pre web" electronic commerce operation. We used AIX and Netware. TCP/IP was just becoming a big deal (although the web wasn't here yet -- it existed, but basically just at CERN and other research institutions), so we decided we wanted to do our IPC over sockets. This meant we had to install TCP/IP NLMs (remember NLMs?) on all of our Netware servers. I got this job.
Now, I wasn't a CNE (I probably shouldn't have been given the job), but it was just installing an NLM on our test servers, and I knew my TCP/IP, so no big deal. We had five test servers. We purchased 5 legal copies of the NLM. I took one of the floppies and went from machine to machine, installing. Five minutes later, EVERY SINGLE EMPLOYEE IN THE COMPANY, about 45,000 people all over the USA, started getting those annoying netware broadcast messages (this is the MS-DOS era folks) that a Novell Software License was being violated on the network. These messages came every few minutes.
This was my early experience with digital rights management. I got it cleaned up within the next twenty minutes, but you had better believe that it is not a good thing to annoy an entire company, even for half an hour.
This is NOT A GOOD THING. An inexperienced person can install software on a test system and interfere with an entire corporation. Now imagine this with outside entities able to reach in to you corporate network and do things like this.
If I were a CIO, I would have a policy that forbade ANY DRM enabled equipment to be attached to my corporate network. Period. And I would see to it that every vendor I worked with got a copy of this policy.
Gene Spafford (one of the foremost computer security experts, and founder of COAST, the reliable systems project at Perdue University) defines a secure computer system as one that does "what you expect, when you expect it." No DRM equipped system could possibly meet this definition. Ever.
Think about this when you are making purchasing decisions and setting coprorate policy.
Get real... (Score:2, Insightful)
I think that papers like this do not help our effort. Let's attack the real problems we face today, rather than making up imaginary ones.
He didn't quite connect all the dots (Score:2)
Seen Ed Felton's list of devices called Fritz's Hit List [freedom-to-tinker.com] that will either have to be DRM'd or not sold in the US?
It's literally true based on the text of the SSSCA, now CBDTPA. Add this to the discussion by the creator of a real-time version of Linux and you should have a feel for just how big a disaster our friends in Hollywood are planning for us.
Read Plugging the Analog Hole [eff.org]. This plus what he describes means that tech R&D and manufacturing of both hardware and software will simply have to move out of the US if the Hollywood agenda becomes law.
Where? Interesting question... and this is one reason why I'm learning a foriegn language right now.
The odds that US the high-tech community will come up with an effective and useful political response to prevent this agenda from happening such as the creation of an AARP/NRA-style political organization approaches zero.
Apparently, nobody with the $500K (estimated) needed for startup money for such an organization thinks organizing to protect our rights is worth doing. If nobody's willing to pay the the cost of freedom while money will do it, nobody's going to be fighting for it when the cost climbs to "our lives, our fortunes, and our sacred honor". Perhaps the article being discussed here is the right explanation as to why our high-tech corporations who seem to have the most to lose are doing a credible imitation of "deer in the headlights of an oncoming car". Should I happen to be wrong, I've posted here and on K5 the basic recipe for putting such a thing together...
Would our legislators voluntarily commit economic suicide on behalf of the USA? Certainly. All they have to do is buy the rationalizations of the people who are saying "it can't be bad" on slashdot, accompanied by massive campaign contributions to ensure that the arguments of the anti-technology forces aren't scrutinized too carefully. Anybody who's checked Open Secrets [opensecrets.org] to find out where the money of people like Fritz Hollings, Congressman Coble, and Senator Dianne Feinstein knows that money's already been spent. Remember when a group of high-tech executives went before a Congressional Committee to try to get SSSCA derailed and got roasted for "favoring the right to piracy" when they tried rational arguments unaccompanied by campaign funds?
I'm a little surprised to see such anti-tech arguments on this thread, but I guess it would be more surprised to find that the content provider PR agencies hadn't thought of having some of their employees posting to slashdot and other online forums in the hope of dividing high-tech public opinion and reducing the chance of effective political organization against them. You really think that they're going to depend on "useful idiots" to make their arguments here for them?
Remember that the Hollywood content providers are playing to win and any economic damage done to US companies or high-tech workers and any human lives that get taken in the process that they can't be held personally accountable for is simply collateral damage.
Your jobs from grunt to high-tech CEO will be part of that collateral damage.
Already happening, but not on /. (Score:2)
That's a totally different system (Score:2)
Re:That's a totally different system (Score:2)
Now, for DRM purposes, a content vendor may want to say "only trust these authorities", and either embed this in the content. But there is a problem because if you build your own tools from source, your not going to be able to certify it with an authority that this vendor trusts. You might be able to get the binary certified, but that would defeat the purpose of open source, and it certainly wouldn't work for Gentoo Linux for example. This is still tricky because someone would be certifying that the source meets the TCPA guidlines, and it's hard to see how this would be available. You could get the source, and fix bugs, but it would take a long turnaround to recertify the new version to be "trusted" again.
This has little to do with securing your system. My point about securing the external interfaces is not that scanning is not useful, but that it doesn't help that much after you get compromised. You might be able to detect the intrusion this way and maybe even avoid running the infected code, but there are always going to be windows of vulnerablility where the exploit code could be compromising any or all of your 'immune system'. The intruder can update any database you might use to detect the intrusion. Burning a DB to a CDR and putting it in a read-only player is good, but the detection code can get disabled too.
The upshot of this is that once you detect the intrusion, it is too late, and you might not even get the chance to detect, so you had better concetrate on keeping the bad guys out even before thinking about detection. OTOH, belt and suspenders isn't a bad idea when it comes to security. Same thing with other critical systems that where failure might even be life threatening, although here the issue of trust is a bit different. Multiple systems with multiple ways of ariving at the same answer, voting systems, etc. You have to be careful that your checks and balances actually improve stability, not decrease it.