Disappointing announcement. M4 brings a significant uplift over M3, and the ST performance of the M3 Ultra will be significantly worse than the M4 Max.
Even for its intended AI audience, the ISA additions in M4 brought significant uplift.
Are they waiting to put M4 Ultra into the Mac Pro?
The author seems misinformed about the purpose of TPM to DRM schemes.
The purpose of a TPM, in this case, is not to provide encryption, but instead to provide so-called ‘authenticity’. A TPM with its attestation capabilities can allow a remote validator to attest the operating system and system software you are running via the PCRs which are configured based on it, with Secure Boot preventing tampering. [1] Google tried to implement APIs to plug this into the Chrome browser, which was later abandoned after backlash. [2]
In this case, the TPM can allow services like Netflix or Hulu to validate the hardware and software you are currently running, which provides the base for a hardware DRM implementation as stated in the article. Don’t be surprised if your non-standard OS isn’t allowed to play back content due to its remote validation failing if this is implemented.
TPMs also have a unique, cryptographically verifiable identifier that is burnt into the chip and can be read from software. This allows for essentially a unique ID for each computer that is not able to be forged, as it is signed by the TPM manufacturer (in most cases Intel/AMD as TPMs on consumer hardware are usually emulated on the CPUs TEE). If you were around for the Pentium III serial controversy, this is a very similar issue. It's already used as the primary method of banning users on certain online video games, but I wouldn’t be surprised to see it expand to services requiring it to prove you aren’t a “bot” or similar if it gets wider adoption.
There is a great article going more into detail about the implications of TPM to privacy from several years ago, which was the basis for this reply. [3]
I'm extremely familiar with the capabilities of TPMs (I've worked on deploying remote attestation services at multiple companies), but here's the thing - streaming vendors don't use TPM-based remote attestation. None of them. It doesn't happen. Could it happen? Yes, but it would buy almost nothing - remote attestation is something that's viable in enterprise environments where you can bind TPM identity to inventory entries, and not in the real world where you could just plug in a second TPM on a USB adapter and fake the measurements. And how would you prove the attestation came from the same device that has the reported GPU key? Remote attestation is only useful when bound to other hardware keys, and there's no way within current specs to perform binding between the TPM and the GPU - pirates could just pass the attestation query to another machine.
Depends on your definition. If you count video game anti-cheating software as DRM, the answer is yes. Apart from that, I’ve only currently seen TPMs used as a hardware identifier (in the same way a monitor serial is) for software licensing. The capability does exist however.
I can picture expensive looking lawyers arriving at their door, carrying leather briefcases and delivering an ultimatum:
"Listen carefully, my friend, let me help you out. Here are your options:
1) Delete the code, stop working on it, take this $1 million, and enjoy some peace. Think about your family, you deserve a stress-free life. If you choose this, you'll never hear from us again.
2) Keep resisting, and I'll personally see to it that not a day passes where we don’t make your life difficult. You'll end up spending most of your time, energy, money, and sanity fighting a battle that, for me, is just another Tuesday.
Yeah, there are examples of it happening here and there. That's part of why I'm surprised it doesn't happen more. It seems like an easy avenue to hire talented and passionate people who want to work on your thing.
Not particularly relevant due to lawsuits involving game cheating, where the circumstances are very similar.
Beeper is lucky they weren't sued under the DMCA anti-circumvention clause, as they clearly were bypassing the technological measures Apple uses to prevent genuine devices from connecting to iMessage & Apple services.
I wonder if any of the encryption stuff Apple uses would give them an argument, like convincing their system to generate keys.
I think you’re likely right though. If they had such a claim I think their lawyers would have been on it instantly.
That’s why I mentioned the CFAA. Accessing servers without someone’s permission is the exact kind of thing people have gotten very stiff punishments for under the CFAA in the past. It’s basically the main reason I know the law exists, stories about peoples ridiculous punishments for relatively benign things.
Sure it’s useful for real things. I bet you can prosecute ransom under it. Or hacking to break into a rival company.
But it’s also great for when someone embarrasses a politician with stuff that they published on their own website and “something has to be done”.
Even for its intended AI audience, the ISA additions in M4 brought significant uplift.
Are they waiting to put M4 Ultra into the Mac Pro?