Become a fan of Slashdot on Facebook


Forgot your password?

IBM to Disable serial number in Pentium III 53

Taz writes "IBM will disable the serial number feature before shipping their PIII. " The question is who will turn it back on? Without asking first?
This discussion has been archived. No new comments can be posted.

IBM to Disable serial number in Pentium III

Comments Filter:
  • by Anonymous Coward
    I'm sure there is some good reason to have the serial number. All cars have serial numbers. Does that mean Jiffy Lube is tracking us every time we get an oil change? Maybe, but who cares - they can track us via our credit card number, our liscense plate number, our ss#, etc... The chip serial number is to make life easier, not introduce something that couldn't be done already.

    Face it, it's damn easy to track you. Intel just made a way to make it even easier and everybody got pissed at them. The same people who started this who thing are the people who dissable their cookies and running cookiemunger and cookiesmasher, etc. because they think cookies let anybody track where you are and what web sites you've been to.

    I'm supprised people aren't complaning that its' too easy to track people via IP address. It's no different the the serial number, and you can't dissable it. Right now Slashdot has access to WHO I AM because my ip address is being sent to the site whenever I go to ANY PAGE. OH MY GOD, I'M SCARED (not).

    And the worest part, the serial number makes it much easier to stop pirating. When you install a priece of software, it can bind itself to your chip's serial number. Then no matter how many times you reinstall, it will still work. But NOOOO, so many people relay on stolen software (hey, can I borrow your office cd?) that heaven forbid there is an easy way to stop or at least slow down piracy...

    This is rediculous. Bring on the serial number, it's not going to effect MY life.
  • by gavinhall ( 33 )
    Posted by Mephie:

    Dell is also disabling the ID in the bios. It looks like Intel's about to learn just who it's friends are.
  • Posted by Lord Kano-The Gangster Of Love:

    ->Really paranoid people, change what it says via software.-

    I count myself among those people. At work, I enable cookies so that when I go to a supplier's website to check for parts availability I don't have to re-type passwords and whatnot, at home I disable cookies completely. IP spoofing isn't impossible if you have enough background in networking.

    However my idea is for some valiant soul to obtain his PIII CPU serial number and put it on the internet so that the same gurus who came up with spoofing MACs can spoof CPU IDs. Imagine how interesting it would be if 1,000,000 or more of us were spoofing the same number.

    I don't have the background in low level x86 architecture to do it myself, but there should be many people who do.

    How long do you think it would take for Intel to file suit in the spirit of Nintendo, to crush the dissemination of CPU ID spoofers?

  • Why? I'll explain a few paragraphs down.
    Face it, it's damn easy to track you. Intel just made a way to make it even easier and everybody got pissed at them.
    Wow, I think you answered the question you almost asked. Now you know why people don't like the ID.
    I'm supprised people aren't complaning that its' too easy to track people via IP address. It's no different the the serial number, and you can't dissable it.
    That's just false. Find another ISP. The difference between an IP and Intel's new serial number is what it's supposed to represent. The IP represents a node on a network (your computer). Anyone using an IP to track any specific person is a fool; hundreds or thousands of people could be logged on to any computer at any given time. Intel's ID is proposed as a unique ID per personal computer, mainly for license enforcement purposes. Pick any standard commercial proprietary software license and read it... get to the part about how it's licensed for use by one (1) person on one (1) computer. You can make one (1) backup copy. Note again the part about one (1) person.
    And the worest part, the serial number makes it much easier to stop pirating. When you install a priece of software, it can bind itself to your chip's serial number. Then no matter how many times you reinstall, it will still work.
    Here's the second most important reason I really don't care about this ID: I don't care about pirating. I don't depend on, care to use, or purchase any proprietary software.

    And if you're wondering, here's the most important reason I could care less what crap Intel packs into their chips: I don't ever plan on buying an Intel chip again. Buy an Alpha and be happy.

  • And the worest part, the serial number makes it much easier to stop pirating.

    So what you're saying is that Intel believes that the people who buy it's chips are pirates?

    As a user of GPL'ed (and BSD, Artistic, etc) software, I strongly resent the accusation that I'm stealing copyrighted works. If I were to buy a PIII, that accusation would be present every time I used the computer. The serial number is still present whether that "feature" is turned off or not.
  • Not all processors are ever going to support this CPU ID mechanism. For that reason, organizations and sites will NEVER require it in order for you to navigate or do normal things. More likely, e-commerce sites will offer to use it as an additional security benefit (for example, by not allowing purchases from another PC). This ID will never be a requirement. There are plenty of alternatives to Intel CPU's and I haven't heard of any of them implementing something similar.

    This isn't like the web browser thing where all of the other competing vendors are going to decide to implement something similar. If they do, there will surely be a way to disable it (like there is now) for those that don't want to use it.

    I think you're being pretty silly, myself. Your broad statements about Javascript being a "pile of crap" and a "security hole" are unfounded. Instead of absorbing all of the mass-media hype try educating yourself about what these technologies can and cannot do and how you can and will be able to control them.

    Yes, vulnerabilities have been discovered in the various Javascript implementations, but they're typically patched shortly after their discovery and I know of no cases where they've been exploited maliciously.
  • That's basically saying Windows 2002 will only run on processors that have this CPU ID. This means only Intel PIII and derivatives will be able to run Win2002.

    Doesn't this seem slightly INSANE, or is it just me? If this bit of rubbish ever does come to pass, what's to stop competing CPU vendors from shipping all of their CPU's with the same valid ID (like, zero)? Or how 'bout an ID of the user's choosing?

    You people are getting just a little bit too paranoid here.
  • No company is going to voluntarily cut their market down to those few people that will end up owning a PIII or derivative processor with a functioning CPU ID mechanism.

    If the application legitimately needs the horsepower, other competing vendors will surely be able to provide a compatible processor (without the CPU ID mechanism). Why in the *world* would a software developer CHOOSE not to sell to those people?
  • The only thing any copy protection does is piss off the customer who buys the software. I don't know about you, but my machines change constantly, especially my wintel game machine. If my software stopped working becuase I upgraded my CPU and it had a different serial number I would be one exteremly pissed off puppy!!
  • The processor has no inherent ability to transmit the ID. It has no TCP/IP stack. It has no modem. It has no radio transmitter.

    This means, (follow me here, genius) that it takes _SOFTWARE_ to read the ID to the site.


    Use mozilla. Change fetch_id() to return random64(). If Intel has some sort of checksum/crc built into the ID, it'll be
    reverse-engineered. They have to tell people how
    to verify it or nobody will verify it. If nobody
    verifies it, random64() is good enough. Remember
    how AOL used to do batch credit card transactions?
    They used the simple checks to see if a card was valid. What happend? Right. People used card generators. Expect to see ID generators as well.

    All in all... a total non-issue. Like all online
    verification schemes.


    Again, wake me when you have a clue
  • As technology improves, more people will be accessing the internet through cable modems, ISDN TA's and ADSL boxes that work over ethernet. How long do you think it will be before the major browsers and HactiveX controls can read out and return your card's MAC address?

    Heck, you don't even need to be using your ethernet card to connect to the net... if it's just installed in your computer, you have a software-readable serial number in your machine. Or the ethernet chipset could already be on your motherboard, in workstations or high-end motherboards. Not removable.

    And even if Intel's serial numbers take off, it will take both OS and browser support to make it a viable solution for web sites to track you... and even then the browsers will probably allow you to turn off the feature that sends your serial number.

    So, for me, the serial numbers aren't a huge worry. My computers are already serialized.
  • Interesting PR move. IBM seems intent on NOT being Big Brother-like these days (with this and its Linux support and all). Anybody know what's caused this pleasant change in policy?
  • Someone says they'll ship their computers with it turned off. So what? You install IE6 and it turns it on. Or you load MS Office, and it turns it on. But so what?

    No one will be worrying about it. ECommerce? Say a web site requires your ID to process a transaction. Okay, a (possibly) legitimate use. (Bear with me a moment.) Like a cookie, the vendor knows who you are by your PIII ID.

    Now, pretend I'm not using Netscape or IE, but a browser I wrote myself. And this browser, instead of checking my CPU to read the ID, sends whatever ID I told it to use. And, just so the vendor will think I'm legit, my browser claims to be Netscape as well.

    Don't want your software to know who you are? hack the OS so that it gets the ID from a file or something instead of reading the chip.

    If it's not verifiable, it's of no use. No one's figured out how to change fingerprints yet, so they are considered hard evidence. Changing your appearance is not simple, so most people accept a picture ID (driver's license) as valid proof of identity. But no one would do business with someone based on something like a business card -- might be real, might be OfficeMax.
  • >I'm sure there is some good reason to have the serial number.

    I'm not

    The problem with the serial number as I see it is that people will put too much confidence into the value of this serial number.

    They are already talking about the serial number being a secure method for e-commerce. It's about as secure as your credit card, and probably less so. Sniff around the network and you'll be seeing these ID's fly around the net without too much trouble. Hmmmm. This looks like a good one. I think I'll be that person for today.

    How will you know that the serial number you are using is actually your real serial number, not something that somebody's managed to slip to you. Not quite like a trojan, but something close. Now you can't access your bank account. Or the same or a different program has sent your serial number to somebody who's computer now has full access to your bank account.

    Software that will use this serial number will get hacked, just like how Office 2000 will get hacked to prevent the "registration" that Microsoft wants.

    Upgrades will be hell. Which is what I see as the number one reason for not having everything go off the serial number.

    >All cars have serial numbers.

    This is true. But it's not too hard to have the VIN (Vehicle Identification Number) changed for various reasons. Some car afficianados want their car to be so perfect that if they take an existing car and change the paint color, they'll have a new VIN cut that now identifies the new color, not the old color that it was orginally painted. It can even be changed to reflect a color that wasn't available on that model at the time.

    And then again, what use is the VIN anyways? Well, for tracking ownership, via title, which also relates to taxes, such as licensing. But when I fill up with gas, the gas doesn't care what VIN I have. It doesn't care if I've replaced the alternator. The tires don't have anything to do with the VIN. Even things that may very well have a VIN attached to them, such as a car door, can be replaced without repercussion.

    That doesn't appear to be this case here

  • by ardy ( 12967 )
    I thought Intel was shipping the chips with this
    feature defaulted to OFF?
  • Remember that really nasty virus last year, which could reprogram the flash BIOS on some machines? I'm guessing that the same principle could apply to the ID switch in the BIOS. If a programmer really wants to turn on the ID without the user's permission, there'll probably always be a way.
  • So, you aren't doing anything "wrong" with your computer. Does it bother you that Intel assumes you are []? According to David Aucsmith of Intel, "The actual user of the PC -- someone who can do anything they want -- is the enemy." If you choose to do business with a company with such open contempt for its customers, go ahead.
  • wait a minute, If I need my pcSN to buy something off the web, humm that could suck. I mean think about it, User/Password/SN, All this info goes together, If I'm at work and not at home then I can't buy anything off the web at work. This sounds very limiting, and not at all good for e-bizz.

    Although I'm sure they'll come up with something to get around it.

    Look ma that just lurker posted!
  • Let's build a startup daemon into the linux kernel that checks for the P3 cpu id: and if it finds it, installs a wedge to always report a CPU id of 666

    daemons like 666 don't they?
  • Oh c'mon. you know whether or not the psn is activated when shipped is meaningless, because most software companies will probably require that it be switched on to install their software. I see this in my crystal ball...

    MS Office 200X Setup
    MSOffice requires that your PSN be activated for setup. Do you wish setup to automatically activate it?

    [ YES] [ NO]

    yes = we got your id, so you can use our program.

    no = go buy yourself another program. you dont get jack from us.

    BOTTOM LINE = buy an AMD, because even without the psn, p3's performance still suck!! that's my $0.02
  • maybe privacy isnt a big deal to you, but to a lot of us, it is. if you want to be tracked so easily, why not start logging your daily computer activities and mailing it to intel or microsoft or whomever. but please don't so readily support something that tries to force the rest of us to do so.
  • If this serial number scheme is still there. Why did the boycott stop? I know I'm not buying one. I'll stick with LinuxPPC.
  • Alright, suppose now that there is a security risk and that it is a risk to my privacy and I'm paranoid and all that. I don't really know either way, but just hypothetically, assume this. Now since Intel will release some "software program" to disable the serial #, then what do I do if I'm not using windows? Linux runs on x86. BeOS. Many *nix variants. Is Intel going to release a binary that'll run on ANY SINGLE system? There are an awful lot of differant configurations they have to worry about. Even on Linux, there's libc5 systems and glibc2 systems. You see the prob?
  • This is my thought...

    Since there was so much fraud with overclocking CPU's and that Jazz, this is one way to IDENTIFY THE CPU as what it says it is... like the VIN number on your car, it should be able to tell you all the aspects about the chip itself... ie.... Where chip was manufactured, what clock speeds, cache, etc... Maybe programmers would be able to use this number to tweak programs to perform accordingly to what info is determined... I don't know...

  • ... i mean whats the big deal with them why is everyone so freaked out.. (i dont know what they will enable/disable/do) someone tell me! :>

Money is better than poverty, if only for financial reasons.