Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Intel

Some mobile PIIs have PIII-type IDs 104

Posted by Hemos from the makin'-me-more-paranoid dept.
dtor writes "P3 Id? Worry about the P2 Id. According to this MSNBC article, some P2s ship with a P3-like unique ID enabled. Apparently, this was an mistake at the factory." Intel apparently was testing the process, used in the PIIIs on some of their PII mobile lines, and someone forgot to turn that circuit off before they left the factory. Intel is saying that a BIOS update is out that will take care of the problem - anyone have a link to that?
This discussion has been archived. No new comments can be posted.

Some mobile PIIs have PIII-type IDs More

Some mobile PIIs have PIII-type IDs

Comments Filter:
  • Why wouldn't you copy it? It doesn't hurt Adobe, they might even benefit if you like it and buy it once you can afford it, and it benefits you, so it's a maybe-win-but-not-lose/win situation. Seems like a great idea to copy it to me.
  • Plugins have many uses. I haven't downloaded this plugin for obvious reasons, but I could see MS designing it so that when you load your browser, it fires a hit to some server out in MSland. Then they can start bombarding you with "news," but more imporantly, ads. It's so much more convenient then having to wait for users to go to MSNBC's web site. And besides, users told them they wanted it, and it is a vital part of the OS, and Linux is just copying them, and BeOS too, oh and OS/2 tried to as well.

  • Intel (Score:1)

    by drwiii ( 434 )
    Intel apparently was testing the process, used in the PIIIs on some of their PII mobile lines, and someone forgot to turn that circuit off before they left the factory

    Sounds like the Tuskegee Study all over again if you ask me..

    linuxonline.org [linuxonline.org]

  • The control tricks the computer into crashing.

    You have to "trick" Windows into crashing? I would've thought that was pretty much a voluntary thing on Windows' part :-)

    linuxonline.org [linuxonline.org]

  • Posted by jguest:

    Thank you MSN for a completely uninformative article. It would have been much appreciated it they had posted *which* CPU's were affected--PII-300? PII-233? PII-266? Families? Steppings? MFG dates? Identifying tattoos and scars?

    If the news can provide a date and ID number for spoiled milk products, etc., why the H*LL can't they do the same for this?
    Amateurs!!!
  • Posted by jguest:

    From C/NET (via www.x86.org) I found this: [news.com]

    "Processor serial number prototypes were included on the 333-MHz and 366-MHz mobile
    Pentium II processors with 256KB of integrated, secondary cache and the 266-MHz and
    300-MHz mobile Celeron processors, according to an Intel spokesman. These chips
    were all released January 25."

    Looks like they hit a number of fab lines with this!
  • An ID within the processor can in no way be more trustworthy than an ID anywhere else. Consider the hardware ID in UNIX workstations you mentioned. These cannot be read by normal user code, but are read by the operating system and are made available via the hostid() system call.

    Of course it is an easy example to patch your operating system to return any hostid() you desire instead of the real hostid(). In fact, you may return different hostid()s to different processes. A driver which does this for Solaris has been made available for many years. Check the comp.sources archives on USENET for more information.

    The moral of this story is: In a "piracy" environment, your software cannot trust any other software, the operating system or even itself to perform as exspected. Or shorter: You cannot win.
  • If you're using a proprietary OS, you have no clue what's going on, or who might be tracking you. If you're really concerned about privacy, you should be using Linux/BSD. There is no way for a CPU ID to get out on the net unless you run software that allows that, and the only way to be *sure* that you're not doing so is to run an OS with publically available source.

    So, don't come whining to me. Intel's IDs are no threat to the privacy of anyone with half a brain, whether they're in PIIs or PIIIs. Intel's not the problem, the problem is proprietary software (as usual). Just say NO! :-)
  • When I went to that page, an annoying Java-like dialog box opened on my NT machine asking me to download a plug-in. The page was visible without the plug-in, though.

    But why on earth does every "big" website these days have a stupid plug-in to go along with it? MSNBC told me it's "only" a 20 minute download at 28.8.

    The day Rob makes a Slashdot plug-in to download is the day I stop visiting slashdot. :-)
  • The ROM could easily be on die.
  • There's a digital ID engraved inside my eyelid! That feature wasn't supposed to be included in my series. Seriously though it seems to me there was a serial number in some of the 486 chips, or am I dreaming? Wasn't CPUID [intel.com] an individual chip ID? *scratches head to try to stimulate memory* I don't have a 486 handy at the moment.
  • Intel:
    " We accidentally spilled some Pentium III seeds into the Pentium II chips! Ooops!"

    Typical Windows User:
    "Really Wow ! Can I have one?
  • I'm having a hard time keeping track of this all. I read about that patch, but I also read that somebody had developed an exploit that allowed the ID to be turned back on without rebooting, and that this code could run from userspace, basically making it all but impossible to keep the ID turned off if a program really wanted to turn it on and knew how. I don't know much except what I've read. Can anybody out there with the hard facts enlighten us?

  • The exploit I was thinking of was from this article [heise.de]. The Slashdot discussion after this seemed to suggest that however this particular exploit was done could be coded to run in userspace on a unix box, and would be nearly impossible to block through the kernel. This was just what several people seemed to say, though, and I am kind of hoping that somebody out there can provide a more definitive answer.
  • Contradiction in terms?
  • A news.com article [news.com] about yet another hack to get the PIII ID even when it's disabled. This one uses an ActiveX control to crash your system, then grabs it on reboot (is it just me or does anyone else think that ActiveX controls are getting out of hand).
  • As far as x86 chips go. AMD/Cyrix do indeed have a CPUID instruction that identifies them as "Authentic AMD K6..." or " Cyrix M2" but not a unique serial # like the PIII's.

    AMD is reportedly considering it for the K7, but the K6, K6-2, K6-III, and all Cyrix chips do not have one as of yet.
  • Ok, there are a few things here.

    First off, Intel offered a DOS/Win software fix that was to allow you to turn it off (I think it ran in autoexec or something equivilent for NT or whatnot). This is get-around-able due to ActiveX and other wonderful Windows "features". The gist of at least one of these is that it reboots the system and somehow or other grabs the ID before the Intel patch can be run.

    There is a Linux kernel patch to disable the ID, and to my knowledge it is not possible to re-enable the ID while running Linux while that patch is in place (other than recompile/reboot of course).

    Some motherboard manufacturers offer the ability to turn it off in hardware, but I don't know if this is able to be changed or not (again likely through ActiveX exploits, etc).

  • I suppose it it would be too much to ask for the favor of letting us know we were being tracked.

  • So that's it. I've been wondering what ActiveX was good for.
  • With no disk drive, where exactly were you going to install that software?

  • Funny, I've got that plug in already and when I went to the site the bottom half of the page was foobared.

  • You are not seeing the impact. You put your mail in envelopes, right? Well the only people that would hide their mail in an envelope are criminals, right? If you had nothing to hide, you should just let everybody read them, right? It is your business what you want people to know. Give an inch and they take a mile!
  • Good Point! I was trying to say that, if a person wants to stay anonymous they should be able to. And what about PO Box's? What if that is my return address? SomeCompany PO BOX XXX.

  • This will not work anyway. You're speaking about Oracle? For example, is Oracle only selling software for Pentium-IIIs? Are they even only selling software for x86s only? A company cannot restrict the use of its software to architectures that have IDs.

    I consider this to be a Good Thing, and hope that nobody will start selling its software in "standard" and "P3 only" versions.

  • Excuse me if I am wrong, but isn't it possible to read the serial number of disk drives (and floppies for that mater) via software. Wouldn't this identify a particular machine just as well as a CPU ID?

    Well, I don't have a disk drive connected to my x86 box. I don't think some company will be going to say that I will not be allowed to install their software on my box.

    I think the point is that there's either a standardized ID mechanism for all users (which I don't think will ever happen) or no IDs at all.

    I prefer the latter.

  • With no disk drive, where exactly were you going to install that software?

    Sorry, Germanism, I think. For me, "disk drive" simply means "floppy disk drive".

    mmh, even with winchester drives (hard drives?), it wouldn't make much sense. I'm backing up and restoring data far too often, and I really don't care on what disk the data goes if I write a partition back from the streamer (I have 6..8 IDE drives I swap quite often).

  • And what happens if I upgrade my CPU?

    Simple. A digit is appended to your previous ID.

    :-)

  • no, what belongs on Linux is a front-end that looks and acts a lot like Access, and accesses (pun intended) a real SQL server, which doesn't need to be Oracle either, just make it PostrgreSQL by default.
  • this is what I suspected... glad to see it posted by somoene who seems to know more about the process than I do.
  • looking at the patch itself, it should. it tests that the processor has the (mis)feature, not that the processor is a p3, before disabling the psn.
  • Think it is really a mistake? Heh. Right.

  • AMD is reportedly considering it for the K7

    What the hell are we nerds gonna do? I was really hoping to get a few K7's if they support SMP.

    I heard some time ago about a patch to the kernel that stopped that whole piii serial number mess. The same thing could be done for any other chip, right?

  • It probably just reminds windoze how long it has been running, windoze freaks if (time > 1 minute), and shuts itself down immediately. ie crashes.

    More crap from Wintel to make our lives easier.

    Bah.
  • This feature is most important for tracing mobile users. You can now know that the same person who did this and that is during daytime a nice clerk in a suit in a big corporation somewhere.

    Definitely on puprose and I do not believe all this bullshit about unintentional.

    In btw: it was done in the same time while Microsoft did that illegal serial number collection. I wonder did they collect only ethernet addresses?

  • Your link is good, but few people can afford it. I would suggest another link - www.amd.com [amd.com].

    Something not well known by worshipers of the ZD benchmarks is that the AMD main "flaw" - low FPU is meaningless for a Unix system. Actually, when running at the same MHz AMD is even faster then Intel under Linux if the hard disk subsystem is supported by the kernel.

    Personally I prefer Alpha as well, but I cannot afford it ;-). So I use AMD (I did not have an Intel CPU on any of my personal machines for the last 2 years).
  • comments from intel:

    "...But as when c't pointed out that the software utility could be bypassed, company spokesman George Alfs noted that all software can be hacked..."

    "We would want to look at the code before we make a comment on that," Alfs said. "But the end user always needs to be aware of malicious software."



    So then WHY THE FUCK DOES INTEL TRY TO CONVINCE THE CONSUMER THAT THEIR PATCH IS SECURE?
    Now everyone knows that Intel cannot be trusted
    farther than they can be kicked.

    I think MS and Intel are trying to be the
    Howard Stern of privacy invasions.... "yea
    boys, let's just keep taking a little more
    away from these dumb comsumers until, at last,
    we have cameras in their living room..."

    BOYCOTT sounds like a fitting word here!

  • I'm not about to take the word of an anonymous poster who is pro-ID very seriously.

    Still... On the server side, yes, it's "just an administrative hassle". Yeah, right.

    What about the end-user side? You know, where most of the discussion on this originates? CPU ID's are worthless for "anti-piracy"; in that sense they fall right in there with all of the other schemes used in the desktop environment for the last 20 years. How effective have they been?

    Of course, this all completely ignores the real question that has people all hot under the collar. What about the potential for abuse in the end-user area?

    In a typical week, I use about a half-dozen different machines heavily and a much larger number of them 'a little bit'. If all of them had CPU ID's that just 'had' to be included in any transaction, I can imagine what my use pattern would look like - and anyone who tried to do base some 'targeted mailing' on it would be completely wrong. (This, of course, skips some of the other issues - I'll leave those as an exercise for the reader.) Even if I only used one box - say the closest thing I have to a 'personal' machine, that's changed completely every 18 months for the past few years - again, anything based on that would be completely wrong.

    How about one of the other big concerns - encryption? Yes, you use this unique value to seed a secure transaction, and someone else has managed to get it from your machine with, say, a trojan plug-in for your browser, making cracking the transaction that much easier. Not too different from other secure transaction issues, but the same value is used for all additional transactions, making it much more valuable in cracking them.
    --

  • I hate paying $400 as much as you. But there's a REASON they charge that much. Look at the programs that cost a lot: Quark XPress, $700; Adobe Photoshop, $600; Microsoft Access, $300. The reason these are expensive is because they're not intended for the same guy who pays $50 for Quake 7. The people that buy programs like that are MAKING MONEY BY USING THEM, so they can afford it. If I had a professional-grade photo editing package, I'd charge a few hundred as well, since good graphics designers make more than that on a single job.

    Granted, I'd love a copy of Adobe Premiere, but the $500 price is just out of my range. For most of the people who are using it, $500 is lost in the noise of other expenses. That doesn't mean I'm going to pirate it; it means I'll find another solution.

    -Chris
  • I wonder if this means there's a switch they DID turn off would theoretically activate the coprocessor on my mobile pentium II and turn it into a mobile pentium II-SX?

    Seriously, though, there was no reason whatsoever for them to be screwing around with putting the serial number option on the sillicon for these PII's. It's a waste of space, and a dirty little trick.

    Which brings up another question: the serial number itself can't be implemented on the actual CPU, can it? It must be on a rom attached to the cpu card. Which means if we pop open a PIII, we could theoretically pull off the chip with the serial number and put one on with whatever number we wanted? Even if the serial number is on the same chip as other data (maybe where the microcode updates go? or the speed information?) -- all the data on that chip should be easy enough to copy.

    Anyone wanna open their PIII and start experimenting?

    -Chris
  • Sounds like a good way to get a "friend" in trouble for copyright violations which you've accrued.

    "Hey, want a new Pentium III? I've only been using it for a month. I'll give it to you! For free! As long as you visit the FBI website twice a week."

    -Chris
  • 96 bits, eh? Looks like Intel put more thought into their serial number than the original ipv4 implementors... :)

    -Chris
  • Just because us geeks know it's not oracle doesn't mean fourtune 500 companies realize it.

    -Chris
  • I'm sick of everyone turning the Piii serial number thing into AMD plugs. I don't care if AMD is the more hippy and into peace, love, happiness and privacy. Intel has pumped more into R&D and *does* have a better product. I'm not going to buy a mobile pentium II or a PIII anytime soon based on the serial number issue, but that doesn't mean I'm going to switch to AMD. When the K6's start supporting some standard of SMP which is SUPPORTED BY MOTHERBOARD MANUFACTURERS, then I'll start buying third party chips. It'd help if amd put out a better chipset, too. These "BXtoo" chipsets from the garage of everyone and their brother in Taiwan just don't cut it.

    -Chris
  • That's what I've read. Now show me one. Running linux. :)

    -Chris
  • Hey just because some of you guys have gotten degrees and the rest of us haven't gotten to the class with verilog yet... sheesh. :)

    -Chris
  • I'd rather put $600 towards an open source version....

    -Chris
  • Oh my.. Intel has become what seems to be a big group of idiots.. I think i'll stick w/ my AMD stuff.
  • So paying $400 for a package of software you think is a good deal.. It's a rip off IMO.
  • if you read closely, you'll see that the serial no.s that were left on were in _notebook_ PC's.

    "WE WERE INFORMED by a customer that the chip ID was present in the mobile Pentium II processor in mobile module form,"

    Note the word "mobile" Desktop users shouldnt have anything to worry about.. Well, that is except for the stuff they didnt tell you about.. you can always worry about that.
  • ... but y'know.. it sure seems like the big guys are waay into tracking us users and they are getting a bad reputation of not *telling* us about it... too bad we cant make freely distributable hardware.. including.. schematics?
  • So, like, my desktop is OK but my laptop is yet another device capable of linking me to specific hardware.

    Like the poster says, "I want to believe..."

    Still, what with all the security holes, any one that steals any of my Intel PCs is seriously screwed. =)
  • jeez.. why bother messing with the PII's anyway?? The PIII is out, one would think intel would spend money working on new products, or marketing.. but they keep changing the damn chip design!%#! I can't wait for the K7. Once it does i'm outtie 5 ...gone like donkey kong.. etc..


    "Don't make me throw yo ass foo!" - Mr. T

  • But what happens if you sell your PC? Or upgrade the processor? In order for a software-protection scheme based on ID to work, you must assume that the owner will be forever tied to the processor ID... Like a ball and chain... Or, you have to re-register every single piece of id-tied software.
  • My problem with this is that I will probably sell a P3 I buy now, someday. Now, I have to rely on a potentially large number of vendors (or whoever) figuring out that the ids don't match the software because I upgraded my processor (God help us). What'll I have to do? Mail in the proof-of-purchase? Will this polute upgrades?

    I'm not getting a warm-and-fuzzy feeling.
  • ya weather is really a mistake or not the hole chip id thing is a mistake if they wanted there competitors to get bigger this is a great way to do it.
  • if you read the message the pII's with this came out befor the pIII and were used to test teh id crap.
  • well if they can make a piece of software to turn on and off the id while the computer is running then they can make a program to make your computer send the id over the net.
  • I don't tend to side with big companies, but Intel had a point when they said all kinds of IDs and serials are available in any PC.

    The most reliable source seems to be the harddrive manufacturer and drive serial number. All available within the IDE and SCSI APIs if I recall correctly.

    Why the sudden fuss? The Bad Guys Out There have known this for a long time...

Slashdot Top Deals

Never test for an error condition you don't know how to handle. -- Steinbach

Close