Intel to embed ID numbers in chips? 207
DaBuzz wrote in to send
us one for the conspiracy nuts out there. Apparently Intel is
gonna be embedding IDs
in future processors so that we they can be tracked. This probably gives
the paranoid something a bit more worrisome to be
concerned about.
And what if I won't disclose that ID? (Score:1)
Really. Why will I use software that reads this ID in the first place? If I'm law-abiding citizen, I will just use software that doesn't, and will make sure that it doesn't by compiling it myself. If I'm not, I will use some proprietary thing that reads it, run it under debugger (oh, debuggers vs. undebugable code wars again, but this time with complete hardware emulators available to general public) and fake ID, just like people fake credit card numbers. And since Intel chip becomes a "credit card" that costs >$100 to replace, things will be very interesting.
Creepy (Score:1)
There's another little gizmo there. (Score:1)
If you suspect that the hardware RNG produces a bitstream with known correlations that an attacker could exploit, then scramble the bits further in software. For instance, instead of using the raw bitstream, pass it through your favorite stream cipher seeded with a key composed from a trusted random source like /dev/random. Or, for a lower-bandwidth application, read a random number of bits into a buffer, then compute the buffer's SHA-1 hash and use that as the next few bits of your stream.
Someone who knows more about crypto than I do can probably suggest a stronger scheme than the above. The goal is to make it computationally infeasible for an attacker to exploit his knowledge of the RNG's hidden weaknesses, while requiring many fewer trusted random bits than would be needed if the hardware RNG were not used at all.
You all lack vision (Score:1)
Capatalism is gasping it's last as history will later see it. Ironically many of it's last ditch survival efforts will be the keys to a new age that many don't see coming. The solutions to perfect privacy and security lie around the corner in disguises like this one. Don't be fooled, this particular effort (or rumor) won't work:
What I believe will work (I could prove it out for you, but that would be a book):
ID=Position in space time. Possibly averaged from a large number of particles (microscopic). Hopefully accounting for all functional particles in the object. (Item's ID would change if it broke or was tampered with for instance)
Everyone is given at birth a little black box(perhaps implanted) which provides identity.
Every posession (while they still exist) also has it's identity and permissions, like files in a unix file system, it will react to people and other objects appropriately. This most notable includes communication devices. Communcation devices at large are the most important of these, computers being a part of everything. The routing protocols will be fantastic feats of physics:)
Mundane things such as email are representative of the type of objects we will send. They could carry an id and therefore maintain your permissions across every system in the world. Of course on the flip side a system owner can filter email based on permissions as well as the obvious things making it possible to create "email contracts" meaning basically that "root" on said accepting system maintains root-like permissions while granting reliable feedback (such as when it was read) and allowing deletion or modification by the sender (before it is read).
Free software advocates rejoice. You may think this bodes ill for using "other people's information" without paying for it. But it also means that if we don't accept the invasion of privacy necessary to provide uncrackable licensing (and we won't) the capitolists will sell their programs to an increasingly smaller customer base until all information is open source as a matter of common law.
This is the direction we are headed. I have my timelines, but they are too sketchy to share yet. It will not be a violent revolution, but a light speed-technology driven evolution. Reader's of slashdot more than any other group so large and mainstream (relatively) should be aware of this due to the great content posted on nanotechnology and quantum computers.
As I write this I chuckle inside because from this perspective (and I am VERY confident in it) the founding fathers of our next age are you and I. In a world driven by information, we are they who fight for freedom.
intel & ID's (Score:1)
as any company using hardware dongles knows too well, any hardware is fooled too easily by software...
I assume that immediately after the specs are released, kracks to change your ID will spread out everywhere...
btw: what about users of AMD, Cyrix, PowerPC and else ???
only if you're dumb (Score:1)
of course, closed-source os'es will probably ride right along, happy to increase their "licensing" robbery.
ecommerce does not belong to intel (Score:1)
that crap about sites requiring this id thing
would alienate non intel users. looks like thats
what intel wants. MS probably too. fuck em!
besides, as mentioned in earlier posts an OS can
overide anything that gets
sent out over the network. sure you can encrypt
something. and sure you can just take the encrypted version from another chip anyway.
processor upgrades would now be a real hassle for
commercial software if it used the IDs. more reason to us free software.
Apparently, I missed something! (Score:1)
I fail to see what the CPUID has to do with anything. It's not as if the vendor can press the magic button and your cpu transmits it's ID. Software has to do that, and software, source or binary can be modified.
It's just another trivial security scheme that will prevent casual fraud. A determined hacker will just disassemble the code, and change the instruction that fetches the cpuid to a literal load instruction, and viola, a fake ID. It's basically the same procedure that game crackers have used for years to patch binary games so they don't ask for the secret code from the cheap cardboard decoder wheel.
Given that, the real worry is that casual fraud goes away, but determined systematic fraud becomes easier.
I thought they already did? (Score:1)
One thing I can see this being used for, though, is license schemes like current Unix platforms using flesLM. Not that that's good or bad, IMHO, just feasable.
... and the connection with MP3s etc (Score:1)
Probably fairly trivial to crack, but still, enough to get the clueless 90% of users to pay.
This isn't new (Score:1)
Your ethernet card has a unique id.
If you've got a static IP you've got a unique id.
etc.. What sucks is it will probably raise the price of their hardware.
BIOS-based Opt-out? (Score:1)
Plus, I'm guessing that the software to be modified is the apps, not the OS, as it's the apps which talk over the network. (At least, I hope they don't plan on embedding this thing into TCP/IP itself...)
what's wrong w/ ids? (Score:1)
It happens all the time.
licenses tied to CPU *suck* (Score:1)
A response to the article: did I miss anything? (Score:1)
What about emulators?
On a Macintosh running VirtualPC, couldn't one, in theory, tamper with the code, and forge a CPU ID since it's not tied to hardware?
With the ability to ID the chips, comes the... (Score:1)
This is a great thing for anti software piracy people.. I can see its use.. I just don't like it though..
!Xabbu has spoken
(and chances are no-one) will hear.
We already have this (Score:1)
read this message, not previous one (Score:1)
And adding to the conspiracy ... (Score:1)
Ethernet Cards, SCSI Drives already have ID's (Score:1)
Don't panic. Ethernet Cards and SCSI disk drives already have embedded ID or serial numbers for a long time now with little impact on privacy.
read this message, not previous one (Score:1)
1) have a lot of things to lose (like money, or possessions) that criminals can track and hunt down the rich. I don't think I have this, and the average person doesn't either.
2) have criminal activity to hide
Please enlighten me, b/c the pros (as described on the web page) seem to outweigh the cons.
lt;tim><
what's wrong w/ ids? (Score:1)
Also, if everybody shares information, it's suddenly not a big deal anymore. Think of your phone number. If you're like most people in urban centres, you're one of millions of names in the phone book. And hardly anyone cares about that. And now because there's some method of identifying who you are on the internet, you're worried?
As for tracking--could you fill in the rest of your sentence (as evidence of_______)? I can't think of anything that I personally do that can be used against me in some way. That's not to say that everybody has nothing to hide, just that most people don't, and the proponents of this kind of privacy is assuming that EVERYBODY should be appalled at these actions against privacy.
<tim><
Why it's worse than you think (Score:1)
<tim><
MAC Address Question (Score:1)
--
Every Ethernet Card has Programmable MAC Address (Score:1)
--
Random number generation is easy (Score:1)
If there's a person available, random number generation is easy. Attach microsecond timers to keyboard inputs and your distribution curve for interkey press rates will be *completely* random.
Once you pull the pin, Mr. Grenade is no longer your friend.
There's another little gizmo there. (Score:1)
licenses tied to CPU *suck* (Score:1)
It is conceivable that there would be an option to upgrade one's CPU; you'd have to first "de-authorise" your software so that it no longer runs on the old CPU, change CPUs and "re-authorise" it.
On the Mac there is such a scheme, where authorisation is done on a per-hard-disk basis, using a copy-protected floppy. (Not that I approve of it; I'd rather it wasn't there, but at least it allows customers to upgrade their machines.)
</DEVIL'S-ADVOCATE>
Woo hoo! (Score:1)
Woo hoo! (Score:1)
If some moron wants to overclock and is willing to suffer the consequences, this ID number will do nothing to stop them. This is in fact much better than forcing the CPU to a specific clock, since it does allow the home user to overclock.
This is provided that Intel actually registers each ID number with the CPU's speed and provides that information via the web. I don't see any reason why they wouldn't though.
Here is somthing to think about. (Score:1)
If Intel is really serious about this and wanted to get our support and do the right thing they would use all those lobbiests that we all know they have in Washington and get a bill passed. This law should force any program that uses hardware serial numbers to include compilable source code. It should make any other method of serial number access illegal. Then we can choose, without decption and abuse, what level of authentication to run programs encription etc, is acceptable. Accept no less.
Lets see if they care as much about their customers rights as much as they care about the damage overclocking does to their reputation.
Anyone remember the rumors of MS doc "fingerprint" (Score:1)
This was being designed for the leaders who run the corporation known as CHINA. Ugh.
And before you think something like that oculd never happen here, two words for you: "piracy" and "anti-terrorism".
-Scott
PS - Makes a great companion technology to digital paper too!
We need Open Design Hardware (Score:1)
hostid - finally the question dies (Score:1)
as for the paranoid bit - oh give it up.
Very, very, scary (Score:1)
Bit by bit, Richard Stallman's paper The Right to Read [fsf.org] (from the 2/1997 Communications of the ACM) is coming true. Read this paper. It's scary, especially when you realize that he's talking about things that are already happening, or at least being proposed.
David Gould
ROTFLMAO. Good point though. (Score:1)
Apparently, Ken Thompson added a piece of code to the C compiler that would detect when it was compiling the Unix login command and insert a special password. He then added a piece to detect when it was compiling the C compiler and add both of these routines. He then compiled the standard C compiler on this doctored version: the source is clean but the binary contains his hacks, with the effect that he can rootshell any Unix system that was compiled with any version of the C compiler that was compiled with his C compiler binary. He claims he never actually used this.
The point is that not only can you not trust binaries that you are given; you can't even trust binaries that you've compiled unless you trust your compiler, i.e., you wrote it yourself in assembly. I guess even then there could be hardware back doors, so you'd better make your own processors too.
But then, I'm not sure writing it yourself is such a good solution: I know there are no back doors in code I've written from scratch, but how far would I want to trust my own debugging skills? Dunno.
David Gould
One more reason to use linux! (Score:1)
If Overclocking survives, WHO CARES? (Score:1)
Think about it. It's basically going to be a serial number inside the chip that you can use to check against Intel's product database. They're chucking a random number generator in there for encryption schemes because:
But, as I said, since it's not invading your privacy any, and if overclocking survives as a viable alternative to those who use it, WHO CARES?
Chas - The one, the only.
THANK GOD!!!
ID is an inefficient way to prevent overclocking (Score:1)
Vacancy (Score:1)
Then I remembered all those 486 motherboards out there with extra sockets that were supposed to be upgradeable to Pentiums, and then I remembered all those motherboards with a disabled cpu soldered on because the co-processor upgrade included another processor (and a price that reflected it!), and then I thought about all the mothers at Intel.
Overclocking (Score:1)
Try looking at the fscking chip! The rated CPU clock speed is printed on it. If it's filed off, don't buy it. Sheesh...
Schwab
Chill out, folks (Score:1)
Some software companies are already using unique IDs on Intel-based machines to license their software - an ethernet card MAC address. I know Pro/ENGINEER's NT version used to do this (and I assume it still does). So it's not such a big deal in the software licensing area. It's actually only a major problem for pirates (besides, who uses proprietary software anyway? The free stuff's much better. *grin*).
As for E-commerce, I can imagine the only good it would do is if a site required you to give them your CPU ID in order to buy stuff. Well, I wouldn't buy stuff from them. There are plenty of people willing to take your money without violating your privacy, so I don't imagine that scheme would go very far.
I don't see this as being a big deal, one way or another. It's not a huge privacy problem (the "stolen PC" argument is lame, because as others have pointed out, you still need some software to broadcast this ID), and it's not a very useful feature, either.
Annoyance Factor (Score:1)
Yes, hardware keys suck. But if it's not the CPU ID, they'll find another way (MAC address, dongle, whatever) to lock you down for a license.
You know, I wonder how much a company like Sun spends dicking around with licensing issues every year. Another good reason for software companies to move to a "free software, pay for support" model.
zdnet bombs again (Score:1)
I wonder why.
'As soon as you go on the Internet, you will be detected.' - Cryptographer
Who said that?
I gleaned just two pieces of information from this article. Intel will put two new features in its chips, and members of the ACLU are worried about the chip IDs. It's not clear whether all of the doomsday speculation that follows is part of Intel's master plan, or just extrapolated predictions by unknown persons and a journalist with a deadline. Where is the support for all of this? Are Intel's statements confidential? Why do I torture myself by clicking on these zdnet links???
Helps with theft (Was: What drugs are these... ) (Score:1)
Many/most PC thefts these days involve opening the case and swiping the memory and CPU, both of which are difficult to identify, and easy to sell. Most companies could easily add the CPU IDs to their asset database and report them stolen. When the police catch up with someone with a dozen CPUs stashed under the bed, they could actually *prove* that they were the ones that went missing from xyz corp last week. It would also help you get your parts back if they were found, as you would be able to show they were actually yours.
As for the rest, you are right, and I think the writers should hang their heads in shame for writing such an ill thought out article.
Adrian
Whats the big deal??? (Score:1)
Reverse biased zener diode (Score:1)
I guess if you amplified this noise, then applied the output to a short monostable or something else to produce a spike given a certain input level, you would get a series of spikes separated with truly random intervals
... for probably less than a couple of dollars worth of parts. And a few dollars more to connect to perhaps the COM port.
Fraud protection (Score:1)
With chip ID coding, now you can be sure of the chip you're using. I stopped purchasing Intel CPU's for this reason. Cyrix and AMD have extremely stringent, tamper-proof markings. Intel only has silk-screened letters on a soft plastic cartridge. I think Intel is moving in the right direction, even if some people here think it's for the wrong reasons (product tracking, et. al).
I don't like buying junk.
Kriston J. Rehberg
http://kriston.net/ [kriston.net]
addendum to whole discussion (Score:1)
As to licensing for a CPU. Any software that locks to a serial number is as brain-dead as software that locks to a particular family/model/stepping or any other identifier in the system. If they want to enforce licensing well they will use dongals. That way they have control over the identifier, and you have control over which ONE machine you want the dongal plugged into.
Next up. Unless Microsoft and company want to master a new CD for each CPU, the Windows (or whatever) setup program will negotiate with the CPU's challenge/response serial number thingie. When this happens, a value will be stored somewhere (registry anyone?) which, if not matching the live one it just got from the CPU, the software stops, moans, self-destructs, whatever. Ask yourself, is there really any way to do this? Can we not simulate the process and then put the bogus, but workable key wherever it goes?
Ways to complicate life for people trying to break this: Pass laws (won't really stop anyone). Require intervention (once or often) with a remote server acting as license master (pointless, doesn't need the CPU serial number, think StarCraft). Well there is an infinite number of ways to make this task more difficult. Each of which has at least one workaround.
In the end what do we gain? What do we lose? It's debateable either way. If we were required to use our VIN as a password would that be a gain or a loss? I'm tired, I'll sleep now. Hope this makes sense in the morning.
This is stupid!! (Score:1)
So, the cpus have an ID. How does that make Internet commerce more secure? Can't you make your browser just lie about the number when it sends in your request?
I see how this identifys computers in case of theft, the police just run a program on your computer that checks the number.
But I don't see how this makes internet commerce more secure, unless some sort of crypto is built into the chip too.
Short-sighted solution bringing long-range harm. (Score:1)
Like any scheme that systematizes, quantifies, and collates identity, it invites mountains of abuse. Identity fraud is already a pervasive problem in our modern society (e.g. credit card fraud, fake IDs, IP swiping, etc.) Intertwining identity with computer hardware, in which there is already too much complacent faith, will bring new efficiency and detriment to misusing identity information.
On reflection, there are dozens of ways this instantly available personal information can be used to hard. Here's just a few that jump to mind. It invites malicious folks to victimize users by capturing their chip ID and having their CPU 'blacklisted' from the net by falsely reporting it stolen, or very effectively impersonating another user on the net. It won't be long before some hacker develops a hardware or software interception mechanism to fake the ID of the CPU, completely undermining this scheme and opening new opportunities for misrepresentation.
And because the misused identity is associated with the computer, this form of fraud will be far more nefarious than plain old IP swiping or email faking.
And while Intel claims they are not keeping a database of users associated with chips, it is inevitable that such a database will easily come into existence. All it takes is for some website to obtain your name and read the chip ID and voila. In the wrong hands, this is a spammer or unscrupulous marketers dream. With a mere visit to a website, without relaying any information, the site automatically has your address, phone number, email, etc. If the information is associated anywhere, it will be available everywhere. That's the nature of the modern age.
Intel is just making that insult to our privacy one step easier.
cpu ID != tv serial number (Score:1)
what's wrong w/ ids? (Score:1)
as for tracking, well, they do it now with cookies, so just go ahead an disable them, you can always turn them on for the odd site that you do trust and needs them.
oh, and if you don't like the idea that the net remembers what you said, make sure you stop posting anywhere! I for one don't mind people finding out what I've posted, since I consider postings to be public, so I think services like dejanews are a good thing.
Creepy (Score:1)
I like my privacy. The personal information currently available for identification is plenty.
What about transfer of ownership and upgrades? Sounds like a pain in the ass to maintain, anyway.
A much unneeded complication.
The option to "opt out" doesn't make it any better. It's just too easily abused, and creeps me out.
"May you spend two hours in heaven before the devil finds out you're dead." --Irish Toast
BIOS-based Opt-out? (Score:1)
re: what's wrong w/ ids? (Score:1)
thats still no good (Score:1)
--Dast
A future so bright you'll need to wear sunglasses (Score:1)
As many have commented already, giving a unique ID to each processor is neither an interesting way to promote secure e-commerce nor required to protect buyers against overclocking. But there may be several unconfessed reasons for promoting such measures.
In principle we could avoid disclosing CPU ids,
but imagine that in some way most of the commercial online services start requiring access to our CPU ids for granting access permission. This may be forced by government or become part of "standard" corporate policy in their quest for more and more private consumer information.
Then either you comply and give away another part of your privacy or you don't comply and, as e-commerce and other online services become more and more predominant, your options become increasingly limited.
We already have many interesting examples: credit cards and cellular phones are already means to disclose our shopping habits and our location, for instance. Yet it is becoming quite difficult for many of us to avoid using them.
Electronically identifying and tracking our cars, our phones, our computers, even our pets, is just the beginning. As biometric security systems get cheaper and more effective, we will probably see their usage spreading widely. Soon you may have to show your iris or a fingerprint to access common services which now require a simple password or a PIN. Then YOUR BODY will be electronically identified and tracked, everywhere. Paraphrasing Philip Greenspun (http://photo.net/philg/), this is a future so bright you'll have to wear sun glasses.
VIN numbers are different.... (Score:1)
But it seems to me that with this Intel proposal, one runs the risk of vendors secretly tracking what computers on the Internet are spending the most money on whatever items. And making money off of the data.
I have no idea how this works with a multiuser system, but I can just see the new flood of junk mail to those computers that actually do commerce on the Internet.
Comparison to hard drive, computer, broom, or other serial numbers are not valid since they cannot be queried in software and collected by some outside organization. THAT's the problem I have with it.
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
"We could be happy if the air was as pure as the beer"
Brilliant Move (Score:1)
What I think would be good, is to have a write once bit on the cpu that is set whenever the FSB or Mult lock exceeds the rated speed or setting. This would be good to protect people from buying 2nd gear that has been o/c in the past, also would eliminate Intel's claim that they have to honour the warranty on CPU's that have been O/C. Think, if they do not have to honour, then they have no incentive to prevent the hobbyist pushing thier hardware.
As a means of identity on the net, well that is not quite true as it just identifies the cpu in current use.
Ice
read this message, not previous one (Score:1)
And how do you define criminal activity? What you amy think is leagal might be considered horribly illegal by the controling body. Imagine if your beloved Linux became criminal activity. Not fun (for you).
- alex
There's another little gizmo there. (Score:1)
I'm no cryptoexpert either, but I think there are certain kinds of non-randomness which are hard to test for, if you don't know what you're looking for. On the other hand a nonpseudo random number generator is something I've always thought should be built into chips. But then maybe that's just because I got burned by the terrible PRNG's in Numerical Recipes first edition, which the authors thought that they had tested to ensure they were sufficiently random...
Processor-level /dev/random! (Score:1)
Ultiamte Copy Protection (Score:1)
a) E-Commerce..many people use one computer at home and one person uses many computers at work. There is no one to one ratio.
b) And unless there is a compulsive registry of ID to purchaser then knowing a criminal's ID does not help you find them.
c) If there is a no-ID patch like the article said, then stolen computers will just be patched, therefore no problem. Unless it is only a PARTIAL patch, then it is really not a opt-out patch at all.
This ID is perfect for one and only one thing. Software companies can sell software licensed only to work on a specific CPU. They could sell software over the internet knowing it can only be run on the target machine. Kind of the ultimate proprietary software. To be any more securely restrictive you would have to sell it as a ROM.....
Obliged to help? Not likely! (Score:1)
Whenever you upgrade your machine, or the CPU or just the NVRAM chip you just submit a change request to customer servervice and you get a new license.
No problem and usually no big deal to get it done in a timely manner.
I don't see a problem with this CPU ID thing at all. And BTW if you have a network adapter in your computer, you already have a sort of hardware ID. Every ethernet card has it's very own ethernet address, which is unique and can be used for software licensing as well.
ID is an inefficient way to prevent overclocking (Score:1)
And you first need software that will take your CPU ID and send it out to the net.
It's Not a Bug! It's a feature! (Score:1)
-t.
tm or ppc? (Score:1)
Aren't all computers planned to be obselete? And in any case, up until October you could run the latest version of the Mac OS on computers all the way back from the 040 days ('90? I forget). Try running Win98 on a 486. Linux is, of course, a different matter. And if you look closely, the only proprietary things on the new pro G3s is the ADB port (for dongle & ColorSync compatibility) and the Mac OS itself. Think before you speak.
Can We Still Change This? (Score:1)
Also, what's to keep Intel or any other chipmaker from doing this without telling us? How do we know they haven't already?
Its the Mark! (Score:1)
...use Linux.....God's weapon against MS!
NaTaS
http://natas.startx.org
What's behind it? (Score:1)
You could just as easily embed the clock speed the chip was sold at as you could embed a serial number (much easier actually)
the e-commerce possibilities could only be realized with a standard that ALL hosts adhered to.
IMO the whole reason intel is doing this is for Intel. They want to enable node locked software licensing. If they are the only ones that support this "feature" then you will only be able to run PC-nodelocked software on INTEL PCs.
I am not completely against hardware IDs for systems although it doesn't seem to make sense in the home PC market where a large number of users regularly upgrade CPUs and motherboards. If all your software was node-locked you would need to contact each vendor for new licenses with each CPU upgrade.
For a commercial UNIX workstation you are usually only running one or two nodelocked apps per machine. With PCs you run many different software packages. What a pain if your machine running turbo tax crashes in the middle of the night on April 15th.
If Intel succeeds in this, what are the chances that it would slow down the upgrade cycle?
They could be shooting themselves in the foot.
Time to buy stock in AMD and Cyrix (Score:1)
Using the chip id to identify 'hot' PC's should be a resounding failure since 1) not all chips will have the id and therefore cannot be required and 2) a determined theif would use the 'patch' that would be out shortly after the release of the new chips to mask the chip id.
Since overclocking is more a function of the motherboard/chipset than of the processor, Intel would be reliant on MB manufacturers to enfore the no overclocking mandate, and that should be unlinkely.
The only possible benefits I would see out of this is from a consumer standpoint of being able to identify that a chip really is rated at the advertised speed, and possibly using the id as an alternative to the hardware keys ("dongle") on expensive software. Again, since it's only on Intel PC's the usefulness is REALLY limited.
The prng should be interesting, though.
I would love to see ID's (Score:1)
Another reason to use AMD (Score:1)
ahh well. Like i want one of those
energy hoggin overclocked crap a-s chips
with POS technology anyways.
intel's fast. thats it.
put it this way: i could put a Jet engine
on top of a pinto and it'd go real fast, but
it'd still be a piece of sh-t
Sounds like it might be tough to implement. (Score:1)
Big Brother Inside (Score:1)
until your IP addy (or other electronic tag) will be as tracable as a telephone number. How can we protect our privacy. One idea might be a chip swap
in a back alley somewhere... But wait, the chips will have GPS tracking built in..
Big Brother Inside (Score:1)
Big Brother Inside (Score:1)
Any hole in a system that is open to private information will be exploited.....
This is really funny.... (Score:1)
I think this is another piss-poor attempt of Intel trying to provide people with a false sense of security. How will people who do not have Intel chips (or a PC for that matter) be able to buy goods online if such a CPU ID is required to conduct e-commerce. I'm pretty sure no e-vendor would limit their customer base to Intel users only. I think this is a waste of research time and anyone who buys an Intel chip because of this feature is an idiot. I hope Intel chokes on its own poo with this one.
A summary of Intel's stupidity regarding this issue:
1) "Stolen PCs cannot get on the internet"
- I would love to see how they try to implement this.
2) "The plan calls for Intel to put a machine specific ID and a random number generator in every processor"
- I doubt that it will be truly random. I bet someone will break the algorithm in less than a year forcing Intel to recall all of their processors. Bwahahahahahahahahahahaha!
3) "But with an electronic ID attached to each processor, consumers will be able to check their processor against Intel's database of products and find out at what speed the processor was sold."
- It would be easier if Intel just made software to test this instead.
4) "Intel says they're not keeping a database matching users to their ID numbers"
- Then how will they know if it is stolen? I could just call up Intel one day and tell them that was stolen then that will prevent him from getting online
F0 0F C7 C8
EOF
97 percent of you are missing the point NOT! (Score:1)
I wonder how many H-1 Visa employees at Intel worked on this and how many of them already have given blueprints of the algorithm to their cousins in New Delhi.
Inconsistent "benefits" (Score:1)
Anonymity is getting more and more just a privilege for thouse knowlegeable enough to make themselves anonymous.. If this id is used for tradeing and authentication, I would sure stop to trade. The id has to be implemented with software part on the cpu, since the physicaly cpu has to be alike. It would amaze me if noone found the way to change that around pretty fast.. realy amaze me.. now that would be fun... uhm.. mayby I should get one of thouse alpha's anyway
A response to the article: did I miss anything? (Score:1)
The implications of this action go far beyond what was stated in this article. Chip-based ID numbers give few benefits and alot of responsibility given to those who have proven themselves otherwise time and time again.
Tying commercial ID to a piece of hardware, especially a piece of hardware replaced as often as a CPU is ludicrous! What if I upgrade? What if I have more than one computer? What if I'm at a public terminal, or a friends computer? What if my computer gets stolen? Will someone be able to transfer funds from my accounts because they stole my laptop? What if someone breaks into my computer and sends death-threats in my name? A piece of code I can carry on a disk (or beter yet, in my memory) is far more portable and universal as a personal ID.
Second, if Intel is so worried about overclocking fraud, why not just encode into the chip what speed THEY sold it as, and release the code required to query the chip. If someone thinks they got burned on an overclocked chip, give them the tools to take their grievance to the BBB, the Police, or a pair of hired thugs if you're so inclined. As to theft, don't CPU's have Serial Numbers already? This won't make fraud and theft go away, it'll just make it more difficult to detect.
It also seems to me that a persons ID could easily be stolen. Just write a daemon to watch for the incoming CPU ID query, intercept it, and reply with a packet you stole from a remote system by sending it a query packet. The only alternitive is to have the CPU compare every bit of data that goes through it with what a query packet looks like, which seems to be quite a waste of valuable CPU space & time.
Incidently, the patch that intel offers seems more like placing a piece of tape over the bar code, rather than removing it. Can the CPU be un-patched?
Anonymous speach is extremly important in any society that claims to be free. Sometimes a responsible citizen is forced by honor to break the law. What of the political dissident who wishes to speak out, but can't because any message they send will cause them do dissapear?
A section of the chip capable of generating random numbers (utilizing quantum effects) would be extremly handy....In fact, I think it's the only good idea in this entire proposal.
This "revolutionary" (or is it counter-revolutionary) double-edged sword is very dull on the side I'd want to use, and I could shave with the other.
ZDNet sucks my bunghole (Score:1)
http://www.techweb.com/wire/story/TWB19990120S0
Of course it's for software! (Score:1)
Prepare for the Shut Down (Score:1)
get stolen
Then they put them in your dog, so he is easier
to find.....
Then they put them in your computer, so they can
lower cost, and reduce fraud......
Then they will put them in your children, so you
can be secure in knowing your child's whereabouts
.....
Finaly they will put them in you, so you can't
break their laws
-Master Switch
what a relief! (Score:1)
That means $$$ -> MS :( (Score:1)
tracking customers/users (Score:1)
See (http://www.msnbc.com/local/KNSD/119513.asp) for an example of what grocery club cards can to do you.
Avoid trading convenience/pocket change for privacy!
Are you doing something illegal? (Score:1)
Inconsistent "benefits" (Score:1)
IMHO, I think security takes a giant step backwards when you start authenticating machines instead of people. My take on this is that now anybody with physical access to my computer is me for the sake of ecommerce... I find this very disturbing. Also, unlike a password, once somebody figures out how to spoof your CPU ID, it can't be changed!. Finally, I don't understand what this will do for me that a good public key system won't do much better...
what's wrong w/ ids? (Score:1)
overclocking (Score:1)
Depends how they get the official clockspeed... (Score:1)
Couldn't you put the clock ID bits in some sort of microcode?
Overclocking (Score:1)
The question is, will intel stop multiplier locking their chips so its easier for those who want to overclock to overclock.
Somehow, I doubt it.