

Nexus: An Operating System for Trustworthy Computing - wmf
http://www.cs.cornell.edu/People/egs/nexus/index.php

======
asciilifeform
I prefer Richard Stallman's term: Treacherous Computing.

These academics, like many others, have sold their souls. Books on "trusted
computing", "remote attestation", and similar freedom-destroying garbage have
become disconcertingly plentiful at my university library.

We must fight it to the last bullet. Because once we lose the general-purpose
computer, we aren't _ever_ getting it back:

 _"The "you don't own your computer" paradigm is not merely wrong. It is
violently, disastrously wrong, and the consequences of this error are likely
to be felt for generations to come, unless steps are taken to prevent it."_

Ethics for Programmers: Primum non Nocere
(<http://glyf.livejournal.com/46589.html>)

 _"Who should your computer take its orders from? Most people think their
computers should obey them, not obey someone else. With a plan they call
“trusted computing”, large media corporations (including the movie companies
and record companies), together with computer companies such as Microsoft and
Intel, are planning to make your computer obey them instead of you."_

Can You Trust Your Computer? (<http://www.gnu.org/philosophy/can-you-
trust.html>)

Buy, maintain, and cherish true general-purpose computers, my friends, for I
fear that within a decade, they will be contraband items.

~~~
barnaby
Yeah, why is anybody posting about this garbage on HackerNews?

There are no startup opportunities for "trustworthy" computing, because there
simply aren't any customers for "you do it the way we tell you, or else"
products.

~~~
wmf
HN is for hackers, not just entrepreneurs. As a hacker, my interest in the
technical aspects of this project slightly outweighs my disdain for its evil
nature.

~~~
tptacek
Explain again how this is evil? If you can protect a computer from a virus,
you can protect it from a DVD ripper.

~~~
asciilifeform
> If you can protect a computer from a virus, you can protect it from a DVD
> ripper.

The antivirus vendors, champions of "Enumerating Badness",
(<http://tinyurl.com/8a2uk>) would like us to think so.

Yet it is pure nonsense. It is much the same as saying that if a house is safe
against burglars, it must also be "safe" against the owner engaging in
officially forbidden sex acts in the master bedroom.

~~~
tptacek
Marcus Ranum also believes that closing holes in Linux is "enumerating
badness", and counts as one of the "dumbest ideas in security".

Since you didn't make an argument that refered to any technical detail of the
antivirus/antimalware problem on general purpose operating systems, I'm
content simply to point out that your sources are both comical and non
authoritative. Also: let me strongly encourage you to run your views on
computer security past Ranum, and report back his response. Warn me first so I
can get a get a cold glass of milk to blast out my nose when you do.

~~~
asciilifeform
I have never heard of Ranum before. He was simply the top Google hit for the
well-known phrase "enumerated badness." For all I know, he might also be, say,
a Creationist. This is immaterial.

Please make an actual argument, as opposed to trumpeting my supposed ignorance
of everything in general terms.

Does your front door lock work by checking a video feed against a database of
known burglar mug shots and clicking shut in the event of a match, or by
_staying locked_ sans a key?

Security through enumerated badness (as opposed to actual robustness, as in
the above example) is Bad. The phrase has a meaning. If you believe that it
means something other than what I believe it to mean, please say so.

So far, all of your arguments have been thinly veiled appeals to authority.
Please take a moment to think of one which is not. I would like to believe
that you have genuine thoughts, and would like to hear them.

~~~
wmf
I don't think tptacek is defending the AV industry; I suspect he's advocating
systems that are either inherently virus-resistant or use whitelisting, which
is pretty much the opposite of what we usually call "antivirus".

If we ever want to escape from the current computer security morass, we're
probably going to need something _like_ trusted computing, if not necessarily
exactly what TCG is proposing.

~~~
asciilifeform
> If we ever want to escape from the current computer security morass, we're
> probably going to need something like trusted computing

Limiting malware to an officially approved subset is a curious definition of
"escape." And any program which causes my computer to deliberately act against
my orders is malware, whether it was created by a script kiddie or a multi-
billion-dollar media cartel.

~~~
tptacek
Nobody here disagrees with that. What's funny is that it's the current
situation that allows companies like Sony to do that to your computer.

~~~
asciilifeform
Let's posit that Sony (or another company) is in the consortium holding the
TPM root key. They will then be able to install a truly undetectable and
unremovable you-name-it.

You are quite correct in implying that a TPM would prevent a repetition of the
Sony scandal. It would do this simply by preventing discovery.

Of course, it is also possible that Sony in particular would not be given
access to the magic key. They may have to pay a steep tribute to, say,
Microsoft, to slip the payload through.

Whether _currently sold_ TPM chipsets are capable of such feats is immaterial.
The camel's nose is in the tent.

------
tptacek
For the past couple years, Intel has had a different but related approach:
they use a combination of a coprocessor (with its own OS and memory aperture)
and hardware virtualization to run a TCB alongside Windows, from which you can
run antivirus and attestation code.

------
nishantmodak
Nexus overload. I thought its the new mobile platform. and now its the new OS.

I thought chrome was just a browser and then now chrome is also a OS.

d'oh.

