A Conversation with Cory Doctorow and Hal Stern

ChelleChelle writes "In a rare meeting, popular sci-fi writer and co-editor of the blog Boing Boing Cory Doctorow and Sun VP Hal Stern consider the open source approach. The resulting interview deals with the pros and cons of going open source, as well as the issues of security and privacy. From the article: 'It seems to me that one of the big problems with the filters you've just identified is who gets to set policy in the machine. As a science fiction writer, I am offended by sci-fi movies where it turns out that the rocket ship has a self-destruct button, it has been pressed by accident, and now the whole thing is going to explode. ... By the same token, I often wonder whether trusted computing architectures that allow remote parties to enforce policy on your hardware are a good idea. Although we can imagine beneficent examples of this, this is what spyware is, by definition, right? Spyware is remote parties setting policies on your computer against your wishes. Is it ever a good idea?'"

Scifi FOSS Punditry?

I demand to know what Kilgore Trout says about all this.

Cory's shirt

What I really wan to know is where can I get that shirt that Cory's wearing?

Re:Cory's shirt

http://paizo.com/cgi-bin/WebObjects/Store.woa/19/w a/browse?path=store/apparel/tShirts/offworldDesign s/v5748btpy7rmu&wosid=5t479QhI8uSZwaO0CHUAww [paizo.com]

Cory Doctorow

Cory Doctorow. Biggest self promoter, ever.

Re:Cory Doctorow

Bummer I don't have mod points today.
  I sometimes wonder if Cory and Xeni Jardin have hit on some sort of self-satirical performance art, and we're just not in on the joke.

Don't lend Trusted computing legitimacy

TCPA and DRM (Especially Palladium) are not means of improving computer security. They are there to subvert the ownership of users of technology in favor of powerful companies. DRM isn't going to safe guard medical records. And TCPA isn't going to stop a space ship from Self Destructing.

What will help computer security are good security practices.

At my house, everyone logs in to a Linux powered Domain, LDAP coated in SSL for Authorization, Kerberos for Authentication. Traffic (especially Wifi) encapsulated with IPSec. SE Linux policies in place. Directory service authorized Radius Server with MySQL server Accounting, and cataloged MAC Addresses in OpenLDAP. These are good security policies. Everyone should have some variation of this.

If I were on a space ship, I damned well better be able to secure my systems against unauthorized access. But DRM and TCPA do not make this happen.

Re:Don't lend Trusted computing legitimacy

I suppose you run your air conditioner 8 months of the year, as opening a window would be security madness.

Good security practice starts with a question: "What am I protecting?". If it isn't particularly valuable, you don't spend a lot of money(or time) securing it.

I can not let you do this Dave...

But you can always take advantage of GPLV3 to remove my DRM synapses

That was an imposter!

Everyone knows Cory Doctorow wears a red cape and goggles.

Somebody had to do it

http://xkcd.com/c239.html [xkcd.com]

On the bright side, Cory is using an analogy that might spark some brain cells in the semi-joe sixpack crowd.

Not Trusted Computing

What they said is not what Trusted Computing does. It does not enforce policy on your machine.

Rather, it provides a way for people to prove what policies they are enforcing on their own machines. And thereby that will allow someone to say, I won't give you this data unless you are running a certain policy (that will protect my data). Today, that wouldn't really work because they couldn't tell what policies you were running. But with Trusted Computing, it will be possible. You will be able to prove your policies and they can decide whether to give you the data depending on what your policies are.

It may seem like a subtle distinction, and in a way there's not that much difference. But saying that third parties can enforce policy on your machine evokes many images that just would not happen with the real Trusted Computing. It suggests that your machine could be made to spy on you or do some other bad thing and there's nothing you can do about it. But that's not true. You always have a choice with Trusted Computing to tell the other guy to stuff it, you just won't take his damn data if he wants to put so many restrictions on it. Just like today you don't have to shop at Apple music store if you don't like DRM, you can download music from independent bands who make it freely available in MP3 format.

The whole point of Trusted Computing is to keep things completely voluntary. It aims to replace legal restrictions (that you have no choice about) with technological ones (that you can always choose not to use). It adds choices and options without taking any away. It lets people who are honest prove that they are honest: when they agree to the policies in return for taking the data it lets them prove what policies they are truly following.

Honest people have nothing to fear from Trusted Computing. In fact they will gain many advantages by letting them prove their honesty and gain others' trust. The only people who will be hampered by Trusted Computing are those who would aim to falsely agree to observe copyright restrictions and then violate them once they get their hands on the data. Unfortunately, judging by the negative reception to Trusted Computing, such people make up a substantial fraction of the online community.

it is a good idea...

>Spyware is remote parties setting policies on your computer against your wishes. Is it ever a good idea?

If you actually own all the remote machines. For example your workers do their job at home.
M$ doesn't own my machine.