Slashdot Mirror
Microsoft's 'Palladium' Privacy/DRM Scheme
Paradox Jack writes: "according to this article at MSNBC, Microsoft has an ambitious new plan called Palladium to rework computer and internet security. This includes changes in hardware, digital rights management (on all sides), and far more. Now, who thinks this will actually work and is for our own good?"
from the way it looks to me, this system will actually protect your priacy and provide a decent amount of security. However, it is uknown as to whether or not microsoft will be able to invade your privacy, since they make the system. Have to double check that EULA! As for digital rights management, I am just generally opposed to it, as are most of you ;-). And anyone who gives up their freedom for an illusion of security deserves neither (one of those founding father guys).
Remove the DRM and this looks ok to me.
The GeekNights podcast is going strong. Listen!
This sounds like what States' Attorney Steve Kunney put into closing arguments this past week:
Somehow they know better than anyone else what's best for this PC ecosystem. What's good for Microsoft is therefore good for the economy, good for consumers and good for everybody else.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Having not read anything beyond the article summary, let me assure you that this is not in the consumer's best interest. It is a clear violation of my Fair Use rights. Clearly, it is my right to make a copy of any data. Information wants to be free.
The following actions must be made legal for me to tolerate the Microsoft.
Thank you for your time.
The article talks about hardware changes, including changes to the chip since both Intel and AMD are involved. Could this mean the end of x86-based open source OS's, including Linux and the BSDs?
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
-1 Flamebait
:P
-1 Troll
Yes, let us describe the internet as a wild west where only evil occurs. Then let us step back and remember that many of those problems (security, virii) are the fault of poor MS programming & user ignorance.
MS to the rescue of course, thanks MSNBC
Already I am shivering with all the downtime and DDOS attacks that Microsoft is preposing
Since Mircosoft seems to be unable to create something 100% secure, just wait until this new technology hits the streets.
:-)
It could make the world more insecure at the same time. One flaw in the new product is just another way for people to gain access to Microsoft platforms..
Its sad to see a company try so hard and fail at the same time. I'm just glad I don't work there..
if it's good, peope will buy it. even if it's slightly shitty, people will buy it.
but if it totally obstructs those features we love, average schmoes will go to wal-mart and buy the 'Lindows' computer. economics work themselves out.From the article: So far, the United States doesn't seem to have a problem, but less tolerant nations might insist on a "back door" that would allow it to wiretap and search people's data. There would be problems in implementing this, um, feature.
Microsoft has been releasing packages with these exact same features in them for years. With all the practice, I hardly believe that there would be problems in the implementation.
Kenneth Lay and Jeffrey Skilling announced an ambitious new technology that will protect investors from fraud. "Sure, everybody who wants to invest will have to buy our product first, but once they do, they'll be perfectly safe from all the, um, bad people who would otherwise take advantage of them", said Skilling.
I don't care if it's 90,000 hectares. That lake was not my doing.
"I firmly believe we will be shipping with bugs," says Paul England.
Even if that is not the goal, I guarantee that only Microsoft signed drivers will be able to be installed, finally closing that pesky "sound card and CD-ROM emulation" fair use hole that is robbing the MPAA/RIAA of additional royalties.
This is NOT about making things better for the user. This is about removing the ability for the end user to make decisions about how her computer operates.
It all sounds like marketing hype to me. Microsoft has an abysmal track record where security or privacy are concerned.
Moreover, Microsoft is under the eyes of various anti-trust agencies. How better to safeguard their market position than to bring the hardware people on board of Bill's boat?
By this they mean one of two things. Either it simply WONT run anything 'unauthorized' which brings up:
- will an independant developer have to jump through hoops to 'certify' every exe you compile to run on your own machine?
- will we have to go through another damn 'trusted' certifying agency a la SSL certs? Perhaps MS will be the last word?
Alternatively the OS might run things as long as the user tells the OS a particular binary is authorized. In this case I give it a good five minutes until some newbie tells the OS the latest email worm is an 'authorized' exe because they're looking to see that promised video of Brittany Spears some stranger w/ poor english apparently sent them out of the goodness of his heart.-j
Microsoft is also publishing the system's source code. "We are trying to be transparent in all this," says Allchin.
Uhhhh, did everybody else read that the same way I read it? I mean I know they arn't hostile to BSD style licences (heck they use BSD programs) but given the way they push security through obscurity using an open source model for this is like a glaring admission that closed source has some serious flaws.
I stole this Sig
"Though Microsoft does not claim a panacea, the system is designed to dramatically improve our ability to control and protect personal and corporate information."
Maybe this should actually read:
"Though Microsoft does not claim a panacea, the system is designed to dramatically improve THEIR ability to control and protect OUR personal and corporate information."
"If you put the federal government in charge of the Sahara Desert, in 5 years there'd be a shortage of sand". -Milton F.
No doubt, "its a funny thing", Mr Gates no doubt thinks, how every illegal act he and the executives at Microsoft engage in, eventually get found in email thru discovery. Ah, but to control who can receive and read e-mail, and to assure it's automatic destruction, how very convenient for the corporate criminal that would be to be able to just disovow any evidence to be discovered.
Well, if they do a good job, it will probably sell like hotcakes. It says in the article that they are going to release the source code, and that they don't have a problem putting palladium on a palm... hum.. new shift for MS, we'll see if it really turns out that way. (It would benifit them, the only way to get this running is to have it in *all* systems). Another interesting thing in the article was that it stated that only certain parts of the OS would actually use the palladium chip. So from my reading, and understanding, other applications, that don't use the palladium stuff, would be vulnerable just like they are today, and could easily be used to compromise the whole system. We'll see.
Quite Frankly, doing business in the OSS/FS field is like expecting to make a fortune out of donation-ware.
Finnish Uber Hackers have released a workaround that requires only 10cm of scotch tape and a paper clip to bypass the incomming authentication protocol, thus allowing you to recieve any data.
-- The morphemes of your disquisition are ascertainable, but they have eschewed an ambit of transpicuous exposition.
The article says, "people will have to trust Microsoft".
Now ignoring all the heat that Microsoft gets around these parts, it's usually a bad idea to trust one entity:
- Hollywood trusted DVD encryption
- Stock holders trusted Enron and Tyco
- Investors trusted Merrill Lynch & Author Andersen
- Pinto owners trusted Ford
Obviously, even with the billions at risk, a trust to not screw up is more of a faith. A prayer. A hope.
The difference here is that even more people will be putting their faith that Microsoft will do the right thing morally, and that microsoft will not screw up. Will not screw up even once. Like they'll never release a Microsoft Bob again.
Unlikely.
Sadly, if Microsoft wants to pursue this effort, it really has to be open, and, dare I say it, well regulated with many legal protections for the consumer.
While I realize this is Microsoft we are talking about, the idea of unifying most of our security technologies into an unfragmented shield against would-be attackers is IMHO a good one. Current security never offers a total solution because it has to be built piecemeal, usually with one or two crucial pieces being left out. I think Microsoft's really on the ball with the idea that hardware and software must work together in a consistent and inconfusing way so that even the average person can be protected from the worms and viruses that seem to plague the Internet. Having DRM in the system makes it a complete win when it means that your computer will be protected from infected MP3/AVI files carried in by CD-R. Hopefully, something like this can be worked out for Linux as well.
"* Stops viruses and worms. Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system."
So as part of this deal you are giving Microsoft the ability to control what programs you can and cant run on your PC. ThiI can tell you I wont be at the front of the queue for this feature.
That's apparently the basic concept. Only "authorized programs" ("Genuine Microsoft") will run. That's where we are now with the XBox. Read up on how the XBox boots, and you'll see where Microsoft is going.
This isn't security. Real security would mean you could run anything in a jail with no risk of it getting out and hurting anything. That's what a secure OS is supposed to do.
And if the Genuine Microsoft code has a hole in it, attacks may still work. Microsoft might set up memory management so that only signed code can be in executable pages, but that only protects agains one class of attacks.
What are the bets on whether the interface for this hardware will be open? How likely will it be that the licensing board allows OSS software to be written for the hardware? With DeCSS, we've already seen that OS-neutral companies are unwilling to allow their content to be viewed in Linux. Microsoft, being not so OS-neutral, is likely to take this even further.
So, this involves a new piece of hardware.
How long does it take mod chips to become available for consoles? Not very long. How long do we think it'll take for mod chips to sidestep the hardware portion of palladium, and enable you to copy protected information, to come along?
Not very long.
Keep in mind that one of the problems right now with releasing music/movies/docs on the net is that it's all or nothing: either you release it and it essentially goes out free, or you do everything you can (including attacking the little guy) to keep it from going out at all.
DRM would mean media companies could actually enter the market with and then let consumers choose whether or not to support them. They'd learn pretty quick what people are willing to pay for.
Moreover, people would still be able to release things freely. It's like open sourcing software: those who choose this route are free to do so, and those who choose to close their sources are also free to try it. This wouldn't be the end of the transport mechanism that the internet provides -- the real revolution.
Jesus Chris, people, give them a little credit here. At least they're trying to do something with security here, and what I haven't heard anybody mention is that they're publishing the source. Microsoft is one of the few companies that can drive an effort like this, so let's see where it goes before "screaming like a stuck pig" (look in the article for this reference).
Thats why they're making it open source.
MS wont let it be "certified"
Don't you all remember what the RIAA/MPAA originally wanted? They wanted to turn the computer into little more than a media device that _they_ could have some control over. Well, this is more or less what this Palladium thing is. Sure, it may enhance privacy, but it's plain to see that all Microsoft is doing is kissing the RIAA/MPAA's asses.
I mean, come on. Would you really want to buy a machine that would be Microsoft-only (ugh) and limit what you can or cannot do? Someone mentioned that if computers start being manufactured with DRM technology, there'd be a huge market for 'black hardware'. If palladium is deployed, this will become a reality.
Chipmakers Intel and Advanced Micro Devices have signed on to produce special security chips that are integral to the system.
*snip*
Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down.
Great, let's go ahead and lay the groundwork for hardware level watermarking/rights management. There's no doubt in my mind that the MPAA/RIAA absolutely will jump on this first, quietly or blatantly. There won't even be time for 'fair use' or 'compromise' by the time this hits mainstream. I've never been much of a conspiracy theorist, but you think it's possible that the MPAA/RIAA are handing Microsoft some money to incorporate some of their desires into this security move? They'll *always* have the last move, not us.
This is a pretty surprising article, really... got some stuff I'd definitely want if they can make it work. Even more surprising to me is that they're publishing the source code for it.
:-p
One hurdle is getting people to trust Microsoft.
If Slashdot ever manages to say it's a good idea, they've won that war. Anyone think it'll happen?
Does no one else notice the irony in having the company responsible for 90% of the viruses, worms, back doors, and trojans - all due to poor planning on the part of MS executives and programmers - suggest that now they can fix it for all of us?
If I were a conspiracy buff I'd think that MS created the security problems so that they could point to the "insecure internet" and offer some solution that benefits only them.
That anyone, much less some "internet guru" takes this at face value illustrates that P.T. Barnum was right about suckers.
No one ever had to evacuate a city because the solar panels broke!
to take this article seriously?
It's easier to vandalize a Web site than to program a remote control.
Seems like a sensationalist piece intending to attract attention through misinformation rather than inform the reader.
one word: we're doomed.
Privacy is terrorism.
Juarez
ROTFLMAO
It seems to me like this will open up a whole new world of spoofing. The systems necessary to completely keep unauthorized programs from running, and even controling e-mail, is a bit much. I bet hackers will just get a little more insidious. Name your program something windowsish sounding and I bet 9 out of 10 users would authorize it thinking it was ok. The system may not be extremely exploitable, but the user still will be. Also, who's to prevent one guy from using his lunux box to interpret code and do the things that people stop worrying about because they think everyone has this palladium stuff? I'm not one to like giving up control. I don't want anyone else telling me what can or can't go on on my computer. I guess that mostly addresses the DMA thing, but I needed to plug it.
Perhaps it would raise the "barrier to entry" for breaking into systems, but once in I think the potential to cause havoc is even worse. Even if they do have some of it implemented in hardware, there will always be a piece of software code somewhere that sends/receives info from that hardware. So now instead of klez spamming you and everyone 6 levels removed from you, your computer starts telling everyone you're an untrusted entity and you cease to be able to interact with anyone (at least anyone with the same system, but assuming this would become pervasive) over the internet. It's not exactly identity theft, more like you now have a big neon sign floating above your head saying "I'm a crook" and whenever you look up to see what's there it disappears...they only way you can tell is asking someone else if its there or not.
Having read the article, I thought - finally, they came up with a justification that can be sold to consumers for DRM - privacy protection.
Having the same systems implementing the filtering of spam (unapproved senders), restricting forwarding (unapproved redistribution), and also cover DRM (again, unapproved redistribution) allows the whole scheme to be marketed as an anti-spam system.
The marketing on "fair use" really is about certain fair uses such as backups. No software is going to be able to figure out whether a transformative use of digital content will be fair or not -- what is the difference between creating a digital commentary on a video (fair) and a remarketing of it? (say in the Spanish language). Nothing that can be discerned by a computer program, I assure you.
Still, it is encouraging to see MS taking security seriously, even if for the reasons of extending the reach of corporate profiteering. Actually, I can't think of any other reason that would motivate MS to do it, but so it goes.
Entertainment moguls boil in their hot tubs as movies and music are swapped, gratis, on the Internet.
Well, if they still have all their hot tubs and lovely little luxuries like that, how much money are they really losing from piracy?
the whole thing acts as though the computer was the weakest link...security between the keyboard and box eh ? come on...what %age of computer security 'incidents' occur because of hardware tampering ? Except in EXTREMELY HOSTILE environments...I do not think it makes any sense what so ever.
IMHO, this is just a dumbass typical M$ attempt to spread FUD and cash in on it. They would be better off concentrating on improving their OS and concentrate on such matters later on.
Good old WebElements has a little something to say about the biological reaction to palladium:
... jihad was also in that sentence too.
I wouldn't leave it to those guys to get anything right when it comes to actual security. M$ wants to put their own kind of "security" into the hardware architecture of every new PC sold. I'm willing to bet that one of these "security" features is to make it impossible to run alternative OS's and probably OSS altogether. And who knows what kind of stuff M$ puts into their code, they could probably have large backdoors that the user is totally oblivious to.
If any of this even comes close to reality, it could really end up being a big push for Linux and the Linux desktop.
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
Hell naw! We'll break that shit in no time!!!!!!!!!
From the article, it appears that Palladium relies too much on software/hardware components that support it. If there is a break in the chain, the whole thing falls apart. And given the fact that Microsoft now wants yearly dues, will any IS managers want to think about locking themselves in with a product like this, even considering the possible benefits?
It makes sense for Microsoft though...It seems to me their grip is starting to loosen, and what better way to get it back then to develop a completely "secure" platform that will work ONLY with Microsoft products, all the way down to the hardware level?
-R
So the goal is "ensure ... privacy and intellectual property rights" - isn't that an oxymoron?
If you can hear/see it, you can copy it. But on one can know you're copying
it unless they invade your privacy. You cannot have it both ways.
But I LIKE barnyard porn!
God yer slow.
Even if it means having to pay for overseas shipping, I'll never buy a peice of hardware designed to prevent copying of software. It's just too counter-intuitive a concept to spend that much money on. The ability to back up software in an unlimited manner is a fundamental property of hardware that I will not do without. I find it insulting that there is a presumption of guilt about being able to copy software, especially after discovering that some of my favorite software on CD has been lost due to use and age.
If this initiative begins to make it into the hardware market, I encourage all of you to explain what it means to anyone you know considering the purchase of hardware. Explain why being able to backup software is such an important aspect of hardware, and why it would be worth even paying more, if needed, to have this ability.
Thank you.
Ryan Fenton
Some System Warnings.
The requested download of Linux.iso is not allowed, no signature was found. Press any key to continue.
Please be patient while the computer is cleaned of all unsigned Multimedia files.
In further news: You will require new digital camera and scanner software that interacts with the "Passport Chip" to auto generate signatures. You just wont be able to save those unsigned pictures of your family reunion sent to you by your Aunt X.
Get a free ipod.
... at the top of the msnbc page the post links to, and you know Palladium won't make it.
4 guys posing for a picture, looking like they just broke into your house and liked what they saw.
Not for me, thank you indeed.
Blearf. Blearf, I say.
OK, who here wants to let Microsoft decide what is an authorized program and what isn't??? Obviously a user can't "self authorize" or that would defeat all of the protection. Sounds like Bill Gate's dream system to me.
I'm an American. I love this country and the freedoms that we used to have.
My Boss Pitched this same Idea to me.
Boss: It's a hardware solution to anti piracy.
Me: Yeah, But how does it work?
Boss: You put it in their computer.
Me: Yeah, But how does it work?
Boss: You get them to put it in by telling them it will make it more secure.
Me: Yeah, But how does it work?
Boss: At the Hardware Level.
Me: Yeah, But how does it work?
Boss: *Gets pissed off and mutters something about
me being an idiot for not understanding a simple idea.*
So it goes...
Let's think what this means:
You won't be able to test the programs you're coding.
Does it also mean that sites with javascript need to come up with some form of authorization in order to make it run?
Or, generally, does every scripting language (that is allowed to run) need to check the authorization of the scripts? If it doesn't, you have a potential security breach again...
What about shell scripts, well... "batch files"? Would it be allowed to write some?
Hmmm. To me, this sounds like bullshit. It isn't possible to secure electronic systems. People (not all, but at least some) will always be able to control machines somehow.
Even if you need mod chips. Or even crack the certificate.
Microsoft knows what they're doing, and if this thing succeeds, you can forget about any non-Windows operating system being even remotely usable.
Microsoft holds a patent that describes a method by which hardware and software interoperate to guarantee "digital rights management" (aka fair use destruction and monopoly lock-in). The patent describes a mechanism in which there is a private/public key pair, with one half embedded in hardware (possibly the CPU). Only "authorized code" (aka Windows) can run in ring 0 (kernel space) on the CPU. Naturally, only Windows has the other half of the key.
This is probably how the Xbox prevents third-party operating systems from running, and it probably is why they originally applied for the patent. But it also has lots of uses in the monopoly business. This article describes how useful the patent could be in implementing the Hollings bill. Take it one step further and it's easy to envision a world in which this type of "protection" is not only mandated by law... but unimplementable by Linux hackers due to patent problems.
Hopefully, by the time this thing hits critical mass (if ever), Linux will be too firmly entrenched for the industry to allow it to be required. I think we're already there on the server side (1 out of 4 servers sold today ships with Linux, more if you include the ones they can't count). In another couple of years we'll be there on the desktop as well. But as they say, the price of freedom is eternal vigilance. Let's make sure we get heard.b
Tired of FB/Google censorship? Visit UNCENSORED!
I wonder about the assumption that information needs protection - at least as a default state. Seems to me that information should be free first, and then "protected" on an as-needed basis, and then only as much as is needed.
"What we have here, is a failure to communicate." - Cool Hand Luke
Firstly it doesn't matter if ms release the source code this is also being implemeted in the HARDWARE are you going to recode the hardware??. Some ppl have put comments down saying that this will be good for linux?? ye sure - this will be only only implemented in commercial OS's Apple and palm , so you may say "big deal" well what if the next gen "CD" will only play in windows and apple comp?? ohh yes that can and will happen if ms have there way, remmeber DVD'S. We all know ms code is notorious for being hole filled imagine if an exploit is discovered that gives a hacker full SYSTEM privelges this will give them MORE power then now . They could use the personsnal info in "the man" and could spoof being you!.All the old hardware will soon be outdates and useless because it may not funcuion properly with the new DRM hardware.This is the SSSCA!!!! cant you all see this!!! . Its just being implemented by Ms INSTEAD of the Gov , but it's the same thing , except Ms has full control of it what will go in it , what will play what they want , even the internet could be censored!!.Its so vague , its so scary , wake up you computer will truly belong to ms and not you when this is implemented.
Shin: a device for finding furniture in the dark.
... That hackers/crackers would only have to bypass one security "feature" Before I got rooted?
I can see the headline now.
The only security hole you will ever need.
Secondsun
There is nothing wrong with being gay. It's getting caught where the trouble lies.
People on /. rejoice when bugs are found in Microsoft's code. Then they complain that MS should do something about this, and fix it. Then MS takes steps to do something about it, and address security. Then people on /. complain that MS is trying to do something about security...
Oh, the irony indeed!
Ben Franklin also said "Those who forfeit some freedom for some security in the end lose all of both."
I'm not sure if that's exactly correct, but it's the same message/
Notice the absence of rival desktop OSs in that list, notably open source OSs currently running on x86...
:wq
:wq
It's nice to see Microsoft is improving its behaviour so much after all this time battling in court. Let's see..am I going to trust a company that's broken the law on numerous occasions, probably put money into the hands of politicians and accepted such from the entertainment industry, all to further their own financial gain, to put a chip in my computer that allows them to decide what I can and can't run? No. It's likely that this will still succeed, however, because these machines will be marketed to those that have little or no knowledge about their own systems. They'll pull into their local computer store one day to buy their first system, and right at the front of the store will be the shiny-new "Palladium-protected!" Microsoft system and accompanying OS (oh, but you don't own the OS by the way. You're just renting it). And that's the machine they'll pick up -- why not? The other systems don't offer any "protection," so this one's obviously top of the line. Our only saving grace is that the children of the bewildered parents will probably have the computers sent back when they find out they can't play their MP3's any more.
... So MicroSoft National Broadcast Channel asks:
The Big Secret
An exclusive first look at Microsoft's ambitious-and risky-plan to remake the personal computer to ensure security, privacy and intellectual property rights. Will you buy it?
And it makes it into slashdot? A site where 90% of the people (ahum) 'dislikes' Microsoft
Oh now I rember... this is one of those (quote) 'one story a day paid for directly by our advertisers'
So, Timothy, how much *did* microsoft pay for this
slashvertisement?
They'll only have the last move when we stand still.
This now concludes our broadcast day.
Whaaaaa ? My website is secure, TYVM, it hasn't been defaced even once. Nobody ever stole my credit card number, and my personal info is well guarded. I have never have a single virus on my many computers. And none of my intellectual property was ever stolen.
So what the Hell is the problem ? People are taking advantage of your computer-illiteracy ? Then learn, or drop dead.
I see this whole Palladium thing as a solution to a manufactured problem. Oh-my-goodness people on the Internet are filthy script-kiddies cracking servers and spreading virii mainly because Microsoft can't code secure programs ! And they're stealing music and movies because the RIAA can't sell CDs and DVDs cheaper !
And then they say the solution should be another patch upon this ? Why couldn't they get it right first ? Why can't they fix what already exist ? Microsoft is running so far away from the very concept of QA they try to sell a solution to the problem they are the most responsible for in the first place !
I wish they'd just stop thinking for me, or rather stop thinking at all. Their reasoning is flawed from the begginning: I don't need to have it fixed for me, I took care of that myself already.
So I'll just go on and ignore this stupid thing. Nobody'll ever force me to use it.
I say we boycott Microsoft until they start making their systems less safe and more pretty!
This post brought to you by the letters P, A, R, O, D, and Y.
I'm sure a MS's execs reply would be, "Of course you dont have to pay extra for a pc... [ you dont have to use a pc at all ]
Which might be just what I do -- move to mac.
I'm *really* sick of the adversarial attitude held by alot of companies latley -- "the customers are our enemies, we will dog them to do what *we* want." If you dont like this (and I sure dont), vote with your $$ and dont buy it.
Religion is a gateway psychosis. -- Dave Foley
In this anal retentive community, how come I (a simple foreigner, no less) am the first to flame the editor for spelling the name "ceasar" like that?
Bah! Truly a sad day for internet nitpicking.
Opinions stated are mine and do not reflect those of the Illuminati
First you guys whine because MS didnt use open source like linux and now that they do open source something you bitch about that too.
MAKE UP YOUR MIND!
some of you need to have sig's that read "Hello I hate microsoft and will bitch about anything they do.."
According to the book "Hack Proofing you Network", client side security is fundementally flawed and will always eventually be broken.
The reason for this is that the person owns the client and if they can spend the time, they can over-ride any security implementation. Just look at the X-Box.
You don't have to be particularly clever to have seen this one coming. And to see its almost certain inevitability.
There have been revelations that manufacturers have been thinking about building "security" (read copyright enforcement) features into disk drives (and announcing that they were really weren't serious about it when the public noticed) and next-generation DVD and CD drives. Mention has been made of the same ideas for displays and sound cards. Now CPUs and operating systems. The only things left are interface and memory chips - and who knows what's going on there?
When all of the CPUs, motherboards, memory cards, interface cards, and peripherals available in the market enforce "security", we're pretty much screwed.
Interesting to note that none of the six bulletted features, all relating to users' control and users' trust relationships, require anything new or different from current PC platforms. Therefore the only reason for Intel & co. to be involved must relate to other parties trust and control.
To give a concrete example, a virtual machine like Python or Java can offer complete control over what an application can do with your identity and information and guarantee the integrity of your PC. No hardware support is required at all.
However, for other parties to trust your identity and control the use of their information requires a locked-down platform. Again, a VM-like system is a solution, but the VM's integrity must be guaranteed for them to trust it, hence the need for a tamper-proof, hardware-based solution.
Now, here's the interesting bit. Both open source and closed systems appear to be converging on the use of VMs, but for different reasons.
In the open source world, Java, Parrot and Mono/DotGNU are seen as simply practical solutions to portability problems, with security and other factors some way further down the list. For closed systems, security (meaning keeping the information closed) will soon be the priority, far surpassing the need to maintain cross-platform (i86, PPC, ARM etc.) builds cheaply.
Open source advocates should not respond by continuing to develop more monolithic and fundamentally insecure C binaries - this will just leave Linux exposed to criticisms from future security-related interests, such as corporate IT management. Instead, we should embrace systems that can guarantee security - the difference being that it is security on the user's terms, not the vendor's. In fact, a high-level VM (like Java's) is the ideal platform for open source because (thanks to decompilers and the semantic equivalence of bytecode and Java source) it is impossible to ship code that isn't open.
There's a lot of positive spin for Open Source to be gained from this development, but the first thing to recognize is the critical importance of VMs (preferably a single "anointed" VM) to the viability of Linux platform.
I worry that an unholy alliance is going to form between the entertainment/media industry, the software industry and "national security" interests to push computers into becoming closed systems that can only play games and run software approved by a relatively small number of large organizations.
These restrictions would be justified on the baisis of national security as a way to:
1) prevent sinister interests from finding and exploiting weaknesses (security through obscurity)
2) prevent sinister interests from launching distributed attacks against such weaknesses.
3) provide a "secure" backdoor for use in monitoring sinister interests.
All of which would serve the entertainment and software industries desire to control who gets to view media, and how.
That's fine if you are dealing with software, but this is supposed to be at least partially a hardware solution.
I can just see the installation screens now,
Minne-snow-da: Winter is comming...
Didn't they try this already, with the XBox ? Let's have most game developers offer at least one game for our console so we sell a few hundreds of thousands of units, and the customers will follow mindlessly like the sheeps we are persuaded they are !
So in their view, Palladium systems will sell because there will be plenty of applications, and there will be plenty of applications because Palladium systems will sell ? This is running in a circle.
They're pushing their hopes way too far. The Nasdaq didn't fall by 20% for no reasons: the computer market is not some sort of bottomless pit, nor is it self-feeding past the saturation point.
Yeah right, like my wristwatch needs to be protected from crackers and prevented from infringing copyrights.
No one in their right mind is going to go along with all this drm crap. No one, that is, until the IP industry gets its bitches in Washington to pass legislation require all hardware manufacturers to build in support for it, and making it illegal for end users circumvent it.
Sound far-fetched? It isn't. In fact, there is an extremely good chance of this happening.
However, as a matter of principle, I prefer democracy.
If I remember my greek mythology correctly, the Palladium was supposedly used to protect the city of Troy. As long as the statue was there, the city would be safe.
The Palladium was eventually stolen and afterwards the city of Troy fell.
I don't know about you, but isn't it ironic that Microsoft names their next security product in reference to this same Palladium?
In other words, MS will be offering a semblance of what *Linux and *BSD already offer, except with the addition of DRM to violate our fair use rights and enslave us to the RIAA/MPAA.
How much is the RIAA/MPAA funding this behind the scenes?
This is really little more than a giant smoke screen to interweave DRM into the very fabric of all software.
Also, why would anyone use this over what *Linux and *BSD offer? Linux and BSD already great security and stability, but they don't shove DRM down your throat. Furthermore, Linux and BSD will also be able to take advantage of these new "security-class chips".
Finally, consider the source. When has MS ever given anyone a good reason to trust them? MS saying they'll help us is sort of like Jack The Ripper saying he's a protector of prostitutes.
social sciences can never use experience to verify their statemen
This is so laughably stupid it's amazing. Do they not know about screen capture? Or - if that's disabled - digital cameras? I can just imagine the whistleblower at a future Merrill Lynch taking a picture of a future Henruy Blodget's "it's a piece of shit" email and sending it to the press - while the IT manager is shocked and dismayed that Microsoft's "secure email" failed so spectacularly.
sulli
RTFJ.
This article just lost all credibility.
1) Wrap yourself in the flag and use inertia of post- 911 paranoia
2) Use the popular Bush-ism sentiments (e.g., anyone who disagrees with us is a godless evil-doer)
3) Be a friend to other big businesses:
- to Intel and AMD, who will have new chips to peddle just when they're reaching the point of diminishing returns on processor speeds. No more wasting millions on sub-micron research - now you get to sell the stuff you've already sold just by adding simple new logic for security. Damn near pure profit (remember when CD's replaced records?)
- to the RIAA and MPAA just and their evil empires are in danger of crumbling (regarding those godless thieves, a.k.a. people, Microsoft will quote Richard M. Nixon to the *AA's: "once you've got them by the balls, their hearts and minds will follow"), and
- countless other companies (read: stock market)
Since it is a huge new source of potential revenue (for Intel, AMD, Microsoft, RIAA, MPAA, and countless others) those business will put pressure (and money) on the US government (which has already proven to be big business's best return on investment ever) who will undoubtedly enact the legislation that Microsoft wants - all alternatives to Microsoft will be ruled as unsafe and therefore tools of terrorism and be made illegal
4) Tell lies to kill the open source argument "Microsoft is also publishing the system's source code. We are trying to be transparent in all this, says Allchin. " (bullshit, say I)
5) Announce this new good-citizen behavior before the anti-trust actions are finished ("see, we're really good guys, honest")
6) Publish press-releases masquerading as news through the news outlet that they control
7) TGD (total galactic domination) now within reach - laugh all the way to the bank
The time is nigh for Microsoft's wet dream: Business and world circumstances are approaching a critical mass point for Microsoft to explode its grasp to own and control everything. And they'll have control of and access to (sure, Microsoft won't have a back door - they're trustworthy) all your personal data. Be very afraid.
That's what the whole MS antitrust lawsuit is all about. The government wants more control over MS code, they want to have control over technology, they want to supervise everything, and they want to take away control from the consumers.
I've come to realize that every Microsoft's new announcments have something to do with the lawsuit. Despicable.
The anti-trust lawsuit won't be dropped until MS becomes the governments puppet.
Microsoft is also publishing the system's source code. "We are trying to be transparent in all this," says Allchin.
This is an interesting move for Microsoft. It's likely that the source code, despite being open, will have a substantial intellectual property portfolio to ensure that there are not interoperable free versions. Why not? They made the substantial investment in the technology, why not let them reap the rewards if society adopts this technology!
This should prompt more timely mea culpas from Microsoft when security issues arise (as they have done in the existing Open Source community).
The proof's in the source.
....needs to gather up all the old boxes you don't weant to personally use, stick your favorite distro on there, then give them away or sell them *cheap*. Take the time to do this. I picked up a ton of functional old pentium 1's and 2's for like ridiculous cheep, 10$ abox, almost all functional. some are going as presents, some are being sold to small businesses, some I'll use to make small LAN systems for home or office, etc, and ALL will get the linux treatment. Think of the old folks centers and the veterans places and whatnot that would love a configured donated computer. How about neighbors? They got kids who would be thrilled to even have an ol;d 100 mghz jobber, or do you have any elderly neighbors with no machine? There ya go. show em some simple stuff, ask them their interests, google around a bit and make some bookmarks for them, etc. spend the time to get the firewall going, come over and get them setup online for the first month. Spread the word. what you pay for a video game and the time it takes to play it every day for a week you can do several old boxen and give them new homes.
This is something EVERY geek can do, do one a month from here on out, it'll sure help! show em some alternative news sites, show em how to use forums and chat and email, it just ain't that hard. also tell them "OK, now I did my part, now you do YOUR part which is to explore and LEARN. Look stuff up if you don't know how to do anything, use the man pages, do this and that yadayadayada. this is most-doable. Give back to your community past playing quake and doom all the time. Even non coders like me can do this. I OWN a screwdriver and got "insert distro A" into cd drive down. Basically that's all it takes, that and a paltry few dollars. I'm pretty poor on a really low mostly fixed income and can still do this. The internet is such an enabling effort, the more people on it who really can grasp the concept of open source, and who can get some REAL news and views for a change instead of the shamestream news, and who AREN'T tied to the mindset that microsoft= "the entire internet and all the computers in the world" the better off all of us will be.
p.s. you'll still have time for games porn and music, just give back a little. There's old boxes out there laying around by the quadzillion, might as well use them!
I was aghast at the article and I shouldn't've been. It's on MSNBC and is intrinsically unable to cast Microsoft into anything but godlike form.
... oh, wait, the common man is not a production house. Suddenly that "our" becomes "their".
... the fiasco that occurred such that we don't have encrypted phones everywhere today. The gov wanted free, backdoor access and the industry (and consumers) knew that it would be selling unsecure products therefore. The consumers didn't want pervasive phone encryption that wasn't secure from the gov; and the consumers simply don't want pervasive Internet security that doesn't allow Libertine file sharing.
... what, is AOL, Hotmail and other such services going to deny members outgoing mailing privileges? Obviously not.
Obviously, MS is trying to link concepts of "your security and privacy" with "intellectual property rights" in the consumer's mind, and there's simply no functional reason to do so other than bowing to the big IP producers in Hollywood. (The article says "[Microsoft researchers] quickly understood that the problems of intellectual property were linked to problems of security and privacy"; I'm sure that the consumer's security and privacy were obstacles to controlling the IP that flowed through their computer.) I don't know if this bowing thing is due to fear of litigation ("our clients allege that Microsoft willfully constructed and distributed an operating system that allowed easy violations of copyrights") or simply from being paid off in some manner like partnerships; perhaps both.
But, statements like "cries for a safeguard" and "easier to vandalize a Web site than to program a remote control" places the article firmly in the ranks of propaganda.
"[T]he system is designed to dramatically improve our ability to control and protect personal and corporate information"? Who's "our"? I'm sure the system will make give you incredible control over that movie, song or book you made
The IP industrials have their own controls, and when they've implemented them (various forms of copy protection) the consumer mass has either raised an uproar or produced a crack. That alone shows the lifecycle of control (plan, implement, ruckus/crack, retreat/pointlessness) and thus that controls are a pointless exercise. The point is further made even if an end-run is made around the consumer by embedding controls into the OS. Despite MS's near monopoly position, MacOS and Linux are viable alternatives to MS Windows, and I've seen people make the switch when sufficiently motivated. Does MS expect the people on college campuses (who are doing a large fraction of the file sharing) -- with all their computer-saavy and access to IT skills -- to just sit in their dorm rooms and offices and let some ACCESS DENIED message blink in front of their faces when they try to fetch or open the latest sn0g, pr0n, m0vie or w4r3z?
The privacy solutions raised in the article aren't anything that can't be made with software right now. We could encrypt all our outgoing packets right now; every email could be encrypted, and every file put up on FTP and Web sites. Why isn't that kind of security pervasive? I think that answer is more along the lines of "we [the people] don't want it" rather than "encryption software isn't pervasive". I am reminded of the Clipper chip
There's more outrageous propaganda: the system "[c]ans spam". Oh, puh-leeez. The age-old problem of mailbox access will still be there; we can stop spam now with restricted mailbox access, but we just don't do that since a restricted mailbox is a big problem against receiving mail in general. So perhaps this Palladium plan will address outgoing verification, so
This further piece is even funnier: the system "[s]afeguards privacy", so "it's possible not only to seal data on your own computer, but also to send it out to "agents" who can distribute just the discreet pieces you want released to the proper people." Ah, built-in file sharing, and until somebody logs on, downloads and then blabs, Hollywood isn't going to know.
Finally, the last laugh: "[c]ontrols your information after you send it". This must mean the end of cut-n-paste from a window; either that, or you will need Microsoft Visual Implants {tm} so that encrypted data will be emitted from a screen pattern and then safely reconstructed into an image upon your retina.
Sorry to degrade into sarcasm, but the article -- and the Palladium system -- really deserves my scorn. You can keep reading past the article's last laugh but it is just more smoke and mirrors.
[also misbehaves on Kuro5hin as Peahippo]
Stability isn't the same thing as security. I have exactly the same problem running a binary on Linux as I do on Windows - integrity isn't guaranteed (uncontrolled pointers...), rights can only be given at a very coarse level (run as root, write anything in this directory...) and so forth.
Windows is about to fix this with Dotnet. Palladium will just be icing on the cake for the DRM crowd. Meanwhile, precisely nothing equivalent is happening on what we refer to as the Linux platform, only in assorted addons (Java, Dotnet, Parrot etc.) which are semi-integrated at best.
----"Microsoft knows what they're doing, and if this thing succeeds, you can forget about any non-Windows operating system being even remotely usable."
;-)
Oh come on. OK, how?
----"Microsoft holds a patent that describes a method by which hardware and software interoperate to guarantee "digital rights management" (aka fair use destruction and monopoly lock-in). The patent describes a mechanism in which there is a private/public key pair, with one half embedded in hardware (possibly the CPU). Only "authorized code" (aka Windows) can run in ring 0 (kernel space) on the CPU. Naturally, only Windows has the other half of the key."
Patent? Ohhh yeah, those things. Did anybody tell you that the US is NOT the world government? Well, not every country agrees with "Our" patent system. If that's true about PKI in the cpu, will there be ICE's? I bet so. Every encryption is breakable (by brute or bugs). Even their (e)x-box drm crap doesn't work, given the right xboxes hooked up inside the bios
----"This is probably how the Xbox prevents third-party operating systems from running, and it probably is why they originally applied for the patent. But it also has lots of uses in the monopoly business. This article describes how useful the patent could be in implementing the Hollings bill. Take it one step further and it's easy to envision a world in which this type of "protection" is not only mandated by law... but unimplementable by Linux hackers due to patent problems."
So what, it's a law. Just becauase it's a law doesn't mean you agree with it OR do something that they dont like. They can arrest you for it, but if it's been released, they cant do anything to silence it.
----"Hopefully, by the time this thing hits critical mass (if ever), Linux will be too firmly entrenched for the industry to allow it to be required. I think we're already there on the server side (1 out of 4 servers sold today ships with Linux, more if you include the ones they can't count). In another couple of years we'll be there on the desktop as well. But as they say, the price of freedom is eternal vigilance. Let's make sure we get heard.b"
Pay attention to the messenger. Of all the news agencies, it's MSnbc. Who else would report with that much enthusiasm? And it also makes me think there's some intentional holes in MS update. How else do do you think they can get rid of all their "un-DRM'ed" systems? Prolly flip a k-byte somewhere on the HD, but most users wont be able to find it.
Anyways, this whole article reeks of MS fud. And so what if AMD wants to make these chips. I'll know who I won't buy from. AMD made good and cheap stuff now. That doesn't mean I'll trust them in the future.
Wasn't Microsoft found guilty of Criminally breaking federal anti-trust law?
Or maybe I'm confused?
I think will be the point that defines the plan as an attempt at real security or a plan for world domination. If they do open the code, it shouldn't be terribly difficult for the community to see what Palladium does, and Microsoft is smart enough not to leave the plans for world domination out where Slashdot readers can find them. If they renege on open code promises, we can't take any of thSFÜother promises about Palladium at face value.
A lot of people would get very upset if everything had to be microsoft certified. There are plenty of people who would never allow such a thing to happen, so there is nothing to worry about.
Let's take a look at these new innovations:
So MS is going to claim it invented encryption and checksumming in 2002. Most Windows users get viruses via email scripts, which aren't programs. So this won't cut down on viruses (why would MS want to when they can claim that the virus writers are just getting savvyer and that you need to buy a more secure system to stay one step ahead). I've seen the "unsolicited mail you might want to see." Hotmail calls them newsletters and prevents you from blocking them. Bull$hit. No company is going to spend the money to store, manage and distribute your information if they aren't getting paid or reading your information. If you're already talking to the lender, why can't you give them the information yourself... or are people really too lazy to write down their name, address and phone number? Yeah, it's funny how people didn't buy into DRM the first time around, kinda like pay-per-view DVDs. But if we sugar-coat it and convince consumers that they can benefit from DRM (after all, a reader of a protected Word document can't copy its contents down while he has access to it and redistribute it later), they will accept it, the music industry will turn to us for DRM-formatted CDs and MS will control the audio CD format. Great. The future of the PC redefined by a paintball arena manager. Because terrorists and hackers keep welding antenna-laden black boxes to my keyboard and monitor. Now that's innovative... convincing consumers that someone is trying to wiretap their watches so they will pay more to hardware-encrypt data between the crystal and LCD. With the current U.S. push to chip away at privacy rights in the name of preventing terrorism, the FBI/the CIA/Ashcroft would be speaking out against this if it really protected the individual's privacy. Please note that this is a Newsweek article, not an MSNBC article. Newsweek's parent, The Washington Post Company, cut a deal with Microsoft about two years ago in which MSNBC would publish Newsweek.com in a more cost-effective way than the WashPostCo could.Whether you want to trust Newsweek's articles about Microsoft any more than you would trust a MSNBC article about Microsoft is up to you.
This whole idea sounds very suspiciously like a plan that was made if SSSCA went into US legislation, but somehow I doubt hardware makes are going to implement this unless Microsoft makes it impossible to install Windows without this and that would be suiside during the transistion period. You'd end up having to buy a new motherboard to use the OS..
I for one can't believe that one... virii aren't that easy to get rid of. They'll just have to be closer linked to legit software now. There is no such thing as 'untrickable' verification. If you intercept the data at the right point, it can be messed up. This just means virii writers will have to embed software to defeat palladium in everything.
From the article: It's easier to vandalize a Web site than to program a remote control.
Translation: The author of the article has done neither. If you are an editor, this is one of those phrases that tip you off that the author is willing to say anything to make the article more interesting to the average reader, even if it is entirely invented. Further translation: It's time to fire Steven Levy, the author.
This article, I'm guessing, was paid for by Waggener Edstrom (wagged.com, as in "the tail wagged the dog"), Microsoft's PR company.
Notice that they are already preparing you for the reality of Microsoft's efforts: "I firmly believe we will be shipping with bugs," says Paul England.
The article says, One hurdle is getting people to trust Microsoft. Here are more than 200 pages in which the U.S. government said that Microsoft could not be trusted: U.S. Justice Department complaints against Microsoft.
Will we begin trusting people who have abundantly proven that they cannot be trusted, and have been convicted of breaking the law? Will the government let Jeffrey Dahmer or Charles Manson free? Will an adversarial, self-destructive company suddenly become charitable?
"Apple. Computing with no boundaries" Seriously, Jobs and Co. are probably drooling at the thought of this going forward and mucking up everyone's attempt to use their PC's for what they have become accustomed to, not to mention the added cost involved that will level the price playing field even more. Once the genie is out of the bottle, there's NO WAY to squeeze it back in. The growth of Napster alternatives since the RIAA shutdown shows this clearly, and an alternative OS that allows people to have what they are used to will suddenly look really, really good. Good Lord, the confusion this would bring to a client/server environment running different OS's is mind-boggling.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
This idea is not about helping customers' privacy, or even about protecting RIAA's royalties.
This is about Microsoft building proprietry encryption into email, software, data, web sites etc so that only computers running Microsofts increasingly expensive software can access this data, or communicate with all the millions of Microsoft users, and only companies that pay the Microsoft tax can produce software or drivers for Windows. DMCA will help enforce this, and stop those pesky open source people producing acompatible open source O/S
The Bush government will like it because what is good for Microsoft is good for America, and besides the privacy won't stop the US government reading any data at wire speed.
I am sure that Microsoft will require lots of private personal details as part of the registration process that can be used to provide users with lots of useful product information from Microsoft partners.
The music/movie industry and their powerful lobby will like it because they will believe that it will stop piracy. I am sure they will try to make this law !!.
well its good that they are looking into it, but this is hardly long enough, to get a good product, remember this is MS we are talking about, Win, has been out for how long and is still yet to even be remotely secure!
Microsoft, Apple, the MPAA and the RIAA are the Inner Party. Their secret goal is absolute power. Power is not a means, but an end.
The Inner Party, if not stopped soon, will take over the entire world. The next thing you know, Digital Rights Management will be present in every part of life.
Upon birth, your DNA, along with biometric scans of every part of your body will be encrypted and stored in two places: In a huge central government computer, located in the Ministry of Love, and in nano-sized implants located throughout your body, implanted upon birth. These implants will contain every piece of known information about you: Police records, medical records, bank records. The implants will also have a Global Positioning System, among other "convenient" features. A history of every location you've been to since birth will be stored, for investigation purposes. Your pulse, blood pressure, and other values will constantly be read and stored as well, for both medical and investigative purposes. Huge computers will constantly perform consistency checks and automated investigations of every person in the world every so often. If any patterns are present in any of your records or positioning coordinates that suggest any kind of abnormal activity, you'll be snatched off by the Thought Police and taken directly to Room 101.
Soon, they will know your every move, your every transaction, your every thought. It'll be like Johnny Mnemonic meets 1984 and the Biblical Antichrist all in one, And Microsoft will be at the helm of this innovative technology.
Ooooooooh well. I need to get another Negra Modelo, while I still can.
I wonder how many windows users STILL have not installed the Root Certificates Update Patch on their machines?
I installed the root cert patch on my laptop's Windows 98 OS. Within two days, the laptop's hard disk failed. I bought a new hard drive. I installed Windows. I installed the root cert patch. The new hard disk failed two days later. I sent the second hard drive in and got a third hard drive. I installed Windows. I did not install the root certificates update patch.
Will I retire or break 10K?
Funny (not ha-ha) how the announcement for this did not come out until after closing arguments have already been completed for the opposing 9 states case in the MS Monopoly case. Would have been nice if they could have included an injunction against this future system as a remedy. Who wants to bet against this being another future Monopoly case example and cause for action in the future?
If MS has a patent on this, and vendors demand proof of identity by use of Palladium, then there will be a lot of people who can't ID themselves since they don't use MSOS, since Palladium won't be part of anything non-MS. For this reason alone, I don't think that Palladium has a chance.
...since the camera will recognize you're trying to take a picture of something secure and meltdown, or explode, or call the gestapo, or something.
if they want to do it with ADCs (plug the "analog gap"), i can't see them not doing it with purely digital devices (cameras, video cams, scanners, yadda yadda).
Facts do not cease to exist because they are ignored. - Aldous Huxley
For the love of cheeseburgers, don't let this happen.
I was hoping Activation in XP would cripple the release, it didn't. Now this.
They are probably rewriting TCP/IP to be "secure" and require "special hardware" meaning the Internet will be locked out to all chips except Intel & AMD running windows. Bye, bye *NIX.
And after Microsoft locks down the world for Paladium security, it'll take a cracker 3 days to spoof a Microsoft certified macro that will be just as evil as Nimda.
Microsoft makes a big announcement of a 1.0 system (with flaws admitted to be introduced) they lock out all other computers and don't accomplish there promises.
Please don't buy into this UNLESS, they are willing to put some money behind it. (I value my corporate IT at $100,000,000. If one virus gets through, you pay me based on what is infected).
---- Smokin' another sig.
This may be M$ last hurrah.
They have obviously lost touch with reality. Maybe they've been listening to their lawyers.
For all Bill Gate's money, his entire wealth has been based on reducing over-head. Not even production costs. OVER-HEAD. The guy doen't have a clue.
CIO are talking to Linux vendors. HP is advertising Linux machines. IBM is gung-ho on Linux. Governments are refusing to consider closed-source.
M$ now has a competitor. M$ is DOOMED. Its not IF, its now just UNTIL.
Like the insane drift towards higher production costs that can break a studio if the audience using what ever brain cells remain in its media-addled pates decides NOT to make its way to the latest budget-&-ball-busting cinematographic turkey, in lemming-like waves throwing bills from its wallets at the bubble-gum chewing minimum-wage earners at the Odeon as patrons hurtle over the cliff, or simply slip and slide in the darkened meat-locker on the oozed-out-through-the-bottom-of-the-bag pop-corn topping to smash their skulls on the arm-rest mounted "bucket-O-Coke" holders.
Like Josip Brox Tito's insistence to the firing squad that his people loved him and his wife. Followed by eleven shots from the twelve rifles.
If Bill Gates went out holding a lamp and shining it into the faces of every stranger he encountered, he would have a longer road to tread in the search for anyone who has not been burnt in someway or another and still trusted M$, than that walked by Diogenes in his search for an honest man (There is no record that Diogenes ever bothered to even head towards Redmond.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
It's absurd to think that such a huge company that has control of such a huge share of the market with software that has such huge security concerns, can come up with something that actually *is* secure. If this takes hold, all I can say is that the OEM's will be getting my business, NOT Dell, HP, or any of the other major players that are going to incorporate this nonsense into hardware.
Just the same, I especially liked this passage:
Controls your information after you send it . Palladium is being offered to the studios and record labels as a way to distribute music and film with "digital rights management" (DRM). This could allow users to exercise "fair use" (like making personal copies of a CD) and publishers could at least start releasing works that cut a compromise between free and locked-down. But a more interesting possibility is that Palladium could help introduce DRM to business and just plain people. "It's a funny thing," says Bill Gates. "We came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." For instance, Palladium might allow you to send out e-mail so that no one (or only certain people) can copy it or forward it to others. Or you could create Word documents that could be read only in the next week. In all cases, it would be the user, not Microsoft, who sets these policies.
I started reading, and I thought..."it's obvious where this guy is heading - protect the commercial interests, screw the consumer." Then I read a little further, and noticed Bubba's comments on 'ordinary people' - but does it mention that nasty P-word (Privacy)???? No way. It talks about being able to place constraints on EMAIL! Oh happy day! And guess what...this isn't about ordinary people, because ordinary people usually don't have any reason to put such constraints on their e-mail...but corporate executives *cough*gates*cough* certainly do.
Overall, I think this whole thing is a crock, being masqueraded as something we need. Even if we do need it, I'd argue that the last person we need it from is Billy.
And I'm sorry to say this too, but there is no real alternative to Microsoft software for Joe Six-Pack . Microsoft has seen to that. I wish that there were.
(btw Ramms+ein, are you the German rock band?)
Geez, this sounds like a nice rehashed Hailstorm to me. M$ wants to introduce more big brother ware to its vapid platform, AT WHAT ADDITIONAL COST??? Not that I really care, my mac and linux webserver have a security solution that works without hardware taht will only work "if we ship 100 MILLION" peice of shit privacy invaders, because we all know that M$ will abuse this with their EULA to learn litterally everything you do. This will be the death of them, or us.
"You never want a serious crisis to go to waste." - Rahm Emanuel
Makes you want to return to the days of ISA cards...
Run away...really far away...
Shining Light Productions
"Meeting the Needs of Fellow Programmers"
This article smells like a trial balloon. "We'll invite in a reporter to say nice things about us and see what public response we get." We need to make it clear that putting Microsoft-designed security/DRM hardware in our boxes is not an option and will never be.
I really liked this comment from the article:
An endless roster of security holes allows cyber-thieves to fill up their buffers with credit-card numbers and corporate secrets.
As "neat" as it would be if my Apache logs indicated someone was trying to do a buffer overflow on me using credit card numbers, I think some poor Newsweek reporter got nailed by buzzword overload and just started spewing gibberish.
Maybe next cyber-theves should start using the text of MSNBC articles on buffers.
The information in this article suggests that "Pallaidium" really isn't about security for computer users at all. Rather, it's about the security of the income streams of Microsoft and large content providers, who will be able to lock up content and make it self destruct unless you pay big bucks. Microsoft has already made Microsoft Office and Windows XP stop working if you don't surrender your personal information to them for inclusion in their massive databases. And XP nags you to death to give up still more of your private information to Microsoft's Passport system, which has already been shown to be insecure and puts all of your eggs in one basket. (If the account is cracked, anyone can use your credit card numbers, etc.; you're in big trouble.) And all of this is under the control of a company that has been convicted of unscrupulous business practices. (The current hearings are about the penalty.... The courts have already affirmed that Microsoft is guilty.) How much do you want to bet that developers will have to pay money, sign a contract, and promise that they won't develop for other platforms before their software will be "authorized" to run on this system?
Microsoft has shown that it can't make a product that provides security to users. Its Outhou... I mean Outlook and Internet Exploder are the main vectors for viruses and worms. All of its efforts have been concentrated on locking up content, for example with new locks in Windows Media Player. Please tell me: Why should consumers trust Microsoft even one little bit?
Screwy. I've never had that reaction to the root certs patch, but I must have told windowsupdate to download it about 10 times over 3 months before the installation did not fail.
This section leapt out at me, because it implies that DRM could be used to enhance fair use ability. Whilst that may be technically true, in the sense that configurable DRM can be set to grant broad usage rights, we have seen time and time again that the Entertainment Oligopoly will restrict usage rights as far as they technically can with no regard for either fair use rights or the end user's convenience.
DRM stands for Digital Rights Management. Both the content providers and the end users have rights, but DRM technology is usually aimed at tipping the rights balance in favour of the former. Of course, it is always going to be technically hard to distribute data widely in a way that mechanically prevents IP infringement. Most attempts to date do far more to impede non-infringing usage that they do to prevent "piracy".
It's easy to say that the Entertainment Oligopoly are looking to legal ruses and constraining technology to support their failing traditional business models. I agree that businesses have no right to change the law merely to preserve their revenue flow. But it must be said that the preparation of complex content, such as a Hollywood movie, does take substantial financial resources, which must be recouped somehow for the enterprise to be sustainable. Maybe Hollywood actors are paid too much, and maybe many Hollywood movies are populist and shallow, but the key point is that the preparation of this content is the livelihood of many people. Would the world be a better place if we only had skunkworks movies? Is there an alternative business model that could offer quality movies? It does no good to yearn for a politically ideal world without any plan to get there.
The MSNBC article also mentions the possibility of disappearing e-mail. Who do you thing would want this the most? An ordinary citizen who tracks his correspondence with friends and family? Or a corporate executive (such as Bill Gates) who wishes that the sort of paper trail that was brought out in the Microsoft-DoJ case had somehow conveniently evaporated? Or the executives at Arthur Andersen, Enron, Qwest, Global Crossing, Waste Management, Rite-Aid, and other companies that were engaged in criminal activity, market manipulation, and shady accounting practices? Hmmmm.
Another motivation for Microsoft's "Palladium" scheme could be Fritz Hollings' SSSCA -- the bill, now in the Senate, which would require copy protection to be built into every product. What if the SSSCA passed... and Microsoft was, conveniently, the only entity whose operating system met its requirements (perhaps because no other company would stoop so low)? This announcement sets the stage for Microsoft to turn on consumers and computer users everywhere as never before, supporting legislation that would make it illegal for them to use products that did not have built-in handcuffs. Sad, but not out of the question given Microsoft's total lack of ethics.
The product manager's name is Mario Juarez. Yes, pronounced "war-ez".
I don't know about you, but I'm stocking up on hardware and software NOW. As the article said, future improvements aren't going to be about speed but "security" (read: copy restriction at the cost of improved speed). This means that what we should do now is get the fast and free computers before they are no longer available. This stuff might become very expensive and rare -- available in places like the ghettos in 1984. Get two or three parts of everything. Maybe some LUGs can start "freedom hardware pools" where we will change out parts as the break.
One thing is certain: digital rights management has momentum, and is gaining more and more of it. The increased profitability of corrupt corporations and corrupt governments are at stake, and the fall of Napster is the first sign that the Internet is not government-proof.
-- Ken Kinder ken@_nospam_kenkinder.com http://kenkinder.com/
Nice troll
How quickly we forget that they gave themselves that ability by EULA The XP EULA states 'You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer.' To do this they must be able to read your files at will. What kind of privacy is that? That's M$'s stated policy and that's what you can expect.
Encrypting data between the keyboard and the monitor is good only for tin foil hat types and making sure that Other OS are deprived of hardware. Hollings might like this crap but the rest of us just won't buy it. How much more bloated and useless can M$ get? All of this junk to replace user accounts, file permissions and there means of actually insuring security and privacy.
It's reassuring to read that 45% of computers are built by small shops that have no incentive to follow M$ down. To paraphrase Bones, "It's dead, Jim."
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Quit it with the straw-man arguments, troll.
...the one issue I have with DRM is that, once it is in place, publishers can and will use it to take away rights that we currently enjoy. Just like Macrovision restricts our right to make copies for our own private use, and region coding prevents free traficking of goods.
"Piracy" is wrong any way you slice it, I welcome measures that will put a stop to it. I also welcome technology that gives the consumer more choice, like the options of downloading a movie for viewing once at $3 or downloading it for $15 for unlimited viewing. But I will oppose any measure that will take away rights that I already have, in the name of opposing piracy.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Hey tard, grow a neuron. Anything's being hackable does not mean you have the right to hack it.
'They also realized that if they wanted to foil hackers and intruders, at least part of the system had to be embedded in silicon, not software.'
No, the only reason you need new hardware is to prevent people from copying CDs and DVDs.
The title of the page is 'The Big Secret', but it should be 'We Think Our Customers Are Stupid'.
From the article:
Let's hope that in setting the policies for its use, we keep in mind the key attribute of the woman embodied in the first Palladium. Athena was the goddess of wisdom.
Let us also not forget that Athena fought against the Trojans, so perhaps the statues of wisdom was on the Trojan side, but the incarnation of wisdom was on the greek side
An aside: Why does my sristwatch need security?
I'd do something interesting, but my server can't handle a slashdotting.
I haven't read their actual proposal, but my psychic abilities tell me it is going to look something like this:
1) Microsoft is trustworthy (we will treat this as an definition, so it must be true).
2) All things must go through Microsoft and use Microsoft's (closed) protocols (after all, MS is defined as trustworthy, anything that relies on outside sources and don't go through MS must be evil).
3) Pass legislation to make copying illegal (this should stop all illicit copying: it works for the MPAA and the RIAA).
4) All computer systems, if they can't run MS protocols, need to be replaced with computer systems that can. If they are running anything other than Windows XP, this needs to be fixed. (MUST be using MS products, remember?)
5) MS is trustworthy (see #1 for the proof).
Integrate Keynote and LaTeX
Maybe they're just using a BSD-type core, ala osX. Not that I actually read the article -- I don't need another ulcer. Besides, unauthorized programs don't run on my Linux box, either, and I don't worry about my freedoms in that regard. If you check closely enough, the Joe Average (read: the other 99%) doesn't really give a hoot anyway as long as all they have to do is plug it in and it seems to work. Notice the word "seems" in the previous statement. Just my observation here: Joe average so often doesn't know or care when it _doesn't_ work, because "It's just so Haaarrd to learn all that...". Perhaps this is the ultimate sign of a commoditized market (not that I agree with the cattle-like will to stupidity). Just my opinion, etc.
C|N>K
They never did say whether the DRM and other stuff would be on by default. Mabye if the OS(ie Linux) didn't make use of the DRM chips on the mobo, it would run like they were never there.
Why yes I am paranoid! Thanks for asking!
it's nitpicking. Bored today?
There are two ways to do that: by banning any software not directly trusted by Microsoft, or by passing the data around encrypted until it reaches the screen (and, of course, trusting that the screen's private key will never be discovered). I'm not sure which is scarier, but I honestly don't think even Microsoft has the power to accomplish either.
And they claim this: "Eventually, commercial pitches ... can be stopped before they hit your inbox--while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards." There is no way to allow email from strangers without also allowing commercial email from strangers. It's possible to reject all unsigned email (and thus, at least, know who is sending you spam). All hail the death of anonymity.
And last, it pains me to see that "security" has stopped meaning "protecting your computer and data from attackers" and now instead means "protecting your computer and data from you." A computer that enforces DRM isn't more secure. More authoritarian, more expensive, and more likely to let me watch DVDs, but not by any means more secure.
Everyone with the resources files for patents not only in the US, but also Japan, Europe, etc... I bet that if you look it up you'll find that the MSFT DRM patent is in process in every major economic market in the world.
If you looked closely at the article you'll notice that it is actually credited to Newsweek.
A well-crafted lie appears unquestionable - Dama Mahaleo
Yup there already is a secure OS that provides great strides in privacy as well. You don't need any special hardware to run it, and it doesn't cost you anything. It doesn't include any DRM garbage and it's called Open BSD.
Duris MUD - The best pkill MUD. Ever.
I don't know "ceasar," but which one of the caesars was ol'boy talkin bout?
It's a brilliant name. They're talking about supplying a Palladium to a Troy, which will thereby prevent things like "Trojan horses" from bringing about the downfall of that Troy. The Palladium provided security. Microsoft wants to supply a Palladium. Jumping Jesus on a pogo stick, man, this isn't that hard to fathom.
If I may, I'd like to thank my grade school teachers for their emphasis on reading comprehension and critical thinking skills.
Microsoft at its best. They have been hunted down by being totally insecure. And they don't seem to have any (to I need to emphasize that word) solution for it. So what do they do: they make sure they get some publicity and define new standards for secure systems.
I guess this is what the company has been doing all the time: missing the main stream and afterwards redefining what the stream was actually about. Big compliments to BG.
And naturally when they succeed (which is not sure), the rest of the world can follow. It is questionable if and when other OSes will have access to the new specs of the chips and if they are willing and able to introduce new versions that will use those chips.
I guess it will be business as usual, everyone follows M$ and the ones that really get the $ this time is the entertainment industry (guess who will pay them?).
The site where: "I'm right, as long as you ignore the things that prove me wrong", became a valid method of debate.
They also realized that if they wanted to foil hackers and intruders, at least part of the system had to be embedded in silicon, not software. This made their task incredibly daunting.
So there you have it. They believe that security through obscurity will be sufficient if that obscurity is in the hardware, buried under a layer of ceramic or epoxy. In other words, using hidden encryption keys in the hardware so that the key exchange won't be accessible via software tools. And the only way this can work is if everybody upgrades all their hardware at once. Fat chance! I'm all for cryptographically secure hardware--but only if I am the one setting the keys, not some secret industry / government consortium. DRM is absolutely not possible with obscurity and therefore is our enemy.
What to do about this?
1.) Don't buy or support M$ software. That means being choosy about employers too.
2.) Implement excellent free software solutions that will be inherently incompatible with any nonsense M$ pushes. The more people satisfied with Linux/BSD, the more people that will refuse this rubbish.
3.) Don't buy any hardware that supports any standards they dream up.
4.) Come up with our own open hardware/software security model. Be innovative. Find a way to make security and encryption easy for the average user.
5.) Spread the word to the non-tech folks. Use propaganda if needed--fight fire with fire.
Can't wait to start getting email from spammers that I can neither copy+paste into SpamCop, nor forward to the Abuse dept.
Hey, kid... wanna touch my "kernel patch"?
-- Alan Cox
From the article:
... Early opinion makers are giving them the benefit of the doubt.
One hurdle is getting people to trust Microsoft
Why? Why on Earth, after all that's happened, would anyone give Microsoft the benefit of the doubt? Fool me once, shame on you. Fool me twice, shame on me. Fool me a dozen times, I must be a fucking idiot.
TheFrood
If you say "I'll probably get modded down for this..." then I will mod you down.
Microsoft have finally realised that there are free (beer and speech) alternatives that do 95% of the things that Windows does, and mostly at least as good as Windows does them.
We thought they'd struggle. We thought they'd adapt. I think they've actually decided to follow through on one of their antitrust assertions, that the best price point for Windows is $800. Yes, $800. Sure, they said, they'd lose a lot of customers, but they'd retain a lot of customers - those who didn't have a choice, they noted - and they make more money out of them.
This is along those lines. In even three years time, anybody still using Windows will be doing it because they don't know that they can switch, because they're not allowed to switch, or because they absolutely cannot switch. It's a captive market, pretty much by definition, because it's free to switch. So they can turn the screw. They can squeeze and squeeze and squeeze. They can lock people in harder than they we can imagine, all the time cranking up the dollar cost in obfuscated software-as-a-service licensing, and raising the cost to leave them (because all of your data becomes unreadable).
Does it sound insane? The tighter they close their fist, the more star systems - er, customers - will slip through their fingers? So what? Whenever one leaves, pass the cost onto the rest. And keep doing it. The beauty of this system is that if you have one customer left who can't afford to switch, the arithmetic works! This isn't hyperbole: what if that last customer is the US government in some form? Say, the military. How much is it worth to the DoD to keep renewing the licenses for Windows For Warfare? How much is it worth for them to hush up how insane it was to allow themselves to get tied in to proprietary software, when the dangers were clear?
But it won't even come to that, because enough businesses are already locked into the mindset that they can't give up Microsoft. My own employer's IS department won't even trial Star/OpenOffice. It fills them with primal fear to consider moving away from MS Office, ever. To suggest to them that we could trial non-Microsoft OS's would be anathema. Hell, it's not their money they're spending, and nobody ever got fired for buying Microsoft (nee IBM).
So, sure, pile it on, Microsoft. The nightmare scenario is, of course, hardware that will only respond to Microsoft's patented security systems, but there are enough generic non-PC devices out there using the same hardware (I develop them) that even the most corrupt and insular legislator would have to listen to the storm of protest that would erupt if Microsoft OS was made mandatory in desktops, servers, embedded systems, set top boxes, PDA's, MP3 players, cellphones, desktop 'phones for that matter (and no, I am not joking about this last one - I develop VOIP 'phones that have an OS, versioned software loads, even a web browser).
This looks horrid, but I don't believe that even Microsoft can railroad it through on the hardware side, and without that, it only effects those people who can't or won't switch from Microsoft. I pity those people, but there'll be fewer of them every year, so eventually we won't even be tortured by their piteous wails as Microsoft gouge deeper and deeper. My only worry is that most of the final holdouts will be spending my tax dollars, so Microsoft will get my money anyway.
If you were blocking sigs, you wouldn't have to read this.
You would have had less problem if you removed
winblows and installed a decent OS.
You could have upgraded to Linux or OS/2
Well, I guess Palladium is better than Microsofts *previous* privacy policy, "Pandamonium"
palladium is on a list of purchases that get watched by the DEA. It's used to make amphetamines in a homemade drug lab.
Strangely, a google search fails to turn this up, or indeed much else on Microsoft's wonderfully transparent new idea. The idea that they've already agreed (transparently?) with Intel and AMD, so don't tell me this is a brand new project.
As with all verbal promises, this one's not even worth the paper it's not written on. How high is the Cynic-O-Meter reading here? I'm betting by "publishing" they mean "making viewing of representative samples of the source available under strictly limited and NDA'd conditions to selected high level purchasers in government, industry, and, hell, even some of those long haired hippy academics. But not the pinko ones, obviously."
The rest of this is article is just blurb, but this, if true, would shake Microsoft to its very foundations. Want to bet it later gets dismissed as a misquote? I'll even venture that "transparency" replaces "trustworthy" as Microsoft's meaningless-blurb-word-of-the-moment. Hell, they might even go as far as trying to assimilate "freedom" for their cause.
If you were blocking sigs, you wouldn't have to read this.
The hardware market is low-ball commodity. High volume, low margin. Very very competitive. The software market is becoming commodity with a low cost alternative. MS sees it's rather unusual monopoly position ending.
So they create a platform that addresses a perceived need. Security. Lock it up, in other words, lock everybody except those who cooperate, out. No more commodity. No more competition.
The problem is, without the very competitive market, hardware prices will rise. Software will become more expensive to purchase and maintain. Indeed that is the whole point of the exercise.
What if nobody buys it? What if the white boxes, no os, grow from 45% to much higher? Everybody who goes along drops in sales? The idea will die.
Will you now go pay another $500 for a system because it has some stamp of secure approval on it? I doubt many will.
Derek
Palladium + hydrogen = cold fusion
Sure it will work.
If Microsoft were to release any code under a BSD style license. Any patches made through peer-review could be covered under the GPL. This would force Microsoft into one of two things.
1) Not patching security vunerablities or having to jump through many hoops to publish a closed-source or BSD style covered patch without infringing on the terms of the GPL.
2) Changing the license of the code to GPL, which as we all know, would prevent integration into Windows, or a commercial environment, unless of course they feel like making Windows Open Source as well.
Of course, the chances of a release of code under a BSD-style license are slim, but it is the only OSS model they do not object to. Therefore to seems less hypocritial they may indeed feel forced to release it under a BSD-style license. Though I hate to see the GPL used in this fashion, I believe it is the only way we (the Open Source Community) can still maintain our dignity by protecting computers from any security flaws in the code yet disassociate the Open Source community with Microsoft.
This strategy would allow the Open Source Community to give Microsoft a taste of having to actually play by our rules. This is a good thing as the GPL does a great job of making sure that a corporation cannot simply lift the patch and convert it to closed source, or a BSD license allowing them to do what they want with it.
You gonna keep hiding behind that userless-name? Why doncha tell me who you are.....
J-C
Seeing that the article says stuff about Intel
and AMD (ok, AMD is new to this) just makes me remember about the Windows 95+VM86 thing. This is
scary.
An endless roster of security holes allows cyber-thieves to fill up their buffers with credit-card numbers and corporate secrets. It's easier to vandalize a Web site than to program a remote control.
.
.
Just makes you want to stay in bed in the morning, huh? What a big, bad, nasty world.
Computer security is enough of a worry that the software colossus Microsoft views it as a threat to its continued success: thus the apocalyptic Bill Gates memo in January calling for a "Trustworthy Computing" jihad.
Hello, FBI? I would like to report some crazy dude with funny lookin' glasses screaming and moaning about a Jihad. Yeah, he keeps muttering stuff about world domination, and how everyone is out to get him. Yes, his name is b-i-l-l. .
What Gates did not specifically mention was Microsoft's hyperambitious long-range plan to literally change the architecture of PCs in order to address the concerns of security
As opposed to hyperactive, which is how his mother describes him.
"This isn't just about solving problems, but expanding new realms of possibilities in the way people live and work with computers," says product manager Mario Juarez.
Someone let a typo through. The word is 'limiting,' not 'expanding.'
"We have to ship 100 million of these before it really makes a difference," says Microsoft vice president Will Poole.
Linux, BSD, and OS X anyone? Now, more than ever!
Tells you who you're dealing with--and what they're doing. Palladium is all about deciding what's trustworthy.
Trustworthy: RIAA, MPAA, Microsoft, FBI, Intel.
Untrustworthy: Your Mom, anything with the letters GPL in it, your cat Skittles, you. .
The system uses high-level encryption to "seal" data so that snoops and thieves are thwarted.
Snoop and thief meaning the end user.
Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system.
Like that pesky GPL virus. That one gives me the shivers.
Eventually, commercial pitches for recycled printer cartridges and barnyard porn can be stopped before they hit your inbox--while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards.
Like reminders to renew your MS software subscription.
Microsofties have nicknamed these services "My Man."
In my neighborhood we call him "The Man." Damn fool is always keepin' us down.
In all cases, it would be the user, not Microsoft, who sets these policies.
Of course, your system would come with preset Microsoft friendly defaults. And just to be sure that everything is working correctly, upgrades will reset those defaults.
Intel originally turned down the idea before eventually embracing it.
See, I told you that truck loads of money can make a difference in the world.
By then the special security chips will be rolling out of the fabs, and the computer makers--salivating at an opportunity to sell more boxes--will have motherboards to accommodate them.
Of course, the initial developments will cause a temporary rise in costs. Over the long term costs will drop. Unless they don't.
Don't mind those stuffy looking men colluding behind the curtain.
"We don't blink at the thought of putting Palladium on your Palm... on the telephone, on your wristwatch," says software architect Brian Willman.
We also don't blink at anticompetitive licensing agreements.
but less tolerant nations might insist on a "back door" that would allow it to wiretap and search people's data.
I just love getting screwed through my "back door."
"I firmly believe we will be shipping with bugs," says Paul England.
After all, they have a reputation to uphold.
When Microsoft manages to get Palladium in our computers, the effects could indeed be profound.
Yeah, about as profound as a game of Pong.
The middle mind speaks!
what a lame spelling error for me to make
From the article: And what if some government thinks that Palladium protects information too much? So far, the United States doesn't seem to have a problem, but less tolerant nations might insist on a "back door" that would allow it to wiretap and search people's data. There would be problems in implementing this, um, feature.
Ok, so let's think. The USA will have the We-Own-Your-Computer bill (remember this ships in 2004), so of course they don't mind. The EU, on the other hand, already has a privacy bill. I wonder what the EU, which is already investigating Microsoft on the Passport system, will think of this one?
So, all my secure information will be available for any nation to come and read?? Just who is secure here?
The manufacturers are going to be extremely happy about this. It's the only way for them to get people to buy computers again, since most people computers computer are powerful enough for their daily application. And when enough early adopters buy it, it's going to snowball, ie: child can't talk to mother because his system is secure and her's isn't.
But, seriously, if they do get this Palladium to work, then I am not going to use computers again. What will be the point? It's going to remove all freedom from computers, essentially turning them into TV's.
In a world chasing imaginary terrorists for purely propaganda reasons, though, I'd certainly see that average people will want it.
Sad.
Karma:This parrot is dead! (and so is the joke.)
MS Bob - No explanation requred.
USS Yorktown - 'nuff said.
IIS - A webserver so holy it could put the Pope out of commission.
Hotmail acquisition - Couln't get it to work for a while without existing open-source software.
MSN.com - For a while didn't allow any non-MS browsers to access the site.
Windows ME - short lived.
Permissions of Win2k and XP - Was it supposed to work?
.NET - cracked before it was released.
Palladium *new*
Does anyone else find it strange MSNBC is always bashing MS? Perhaps something's going on we don't know about.
This is the Internet. You can say "fuck" here. - AC
...bill gates is going to get you through the back door.
Again.
We always say that we need to write to congress when a stupid law is about to be passed. Maybe we should write to the chipmakers and let them know that the consumers are against this. If the chipmakers(Intel and Advanced Micro Devices for starters) don't think they will make a profit from this(or get negative publicity), then they will drop it.
Tell that to Jon Johansen.
This isn't a good thing for anyone running *nix out there. Note that Microsoft has the hardware makers, Intel, AMD, and motherboard companies, all signed up to implement their version of DRM. Basically, you will no longer be able to run any OS other than windows on these systems. (Check out the X-Box if you don't beleive me) Implementing a key system at the hardware level is a terrible idea, especially since it is Microsoft dictating who and what software will recieve the other half of the key. Besides increasing "security", Microsoft will be able to take *nix out of the market- it simply won't have permission to run on any post 2004 microprocessor.
But, then again, I may be thinking of the wrong type of "security". I was talking about digital privacy. They must be talking about market security.
-jokerghost
the way to make the pc more secure is to install linux on your box and block microsoft boxes i use one microsoft box for browsing certain websites if its affected by a virus the os is restored from a disk image thats your answer people block microsoft see how they like it!
Repackaged and preprocessed, the sequel to "Hailstorm: All Your Info are Belong to Us" is proving to be another attempt to control every users personal information by leveraging a desktop monopoly.
At least one can hope this one is as transparent as the first.
Remember that MS has a patent on a DRM OS. Once they have this in place they'll start lobying the government to force all systems to be DRM compliant, and I can guarantee that NO Open Source software will get a license to be a DRM Operating System.
Who the hell needs insecure, buggy boxes that ONLY run Windows? The "only runs Windows" is in the article. As for insecure, remember that M$ has proven its inability to protect it's own proprietary information. Their proprietary DRM scheme as embodied in WPA is so weak that it ONLY inconveniences the honest end user who wouldn't think of going to a cr4cKs/w4r3z site to get the key needed so he can use his own legally acquired software.
Who the hell needs DRM whose only purpose is to keep the "pigopoly" at MPAA/RIAA happy?
Where the hell does anybody get the idea that Microsoft DESERVES another chance?
Tech Public Policy stuff
They're talking about supplying a Palladium to a Troy, which will thereby prevent things like "Trojan horses" from bringing about the downfall of that Troy.
Here's the irony: that Palladium was ultimately a failed source of protection for Troy. Palladium prevented nothing. Palladium did not protect, because it was stolen itself. Troy fell. It fell because of the Trojans themselves and their love for a giant fake horse.
This is nothing but poor naming on the part of Microsoft. It's twisted logic to assume that we want a Palladium to fail us once again. Palladium failed the Trojans; why should we want it fo fail us?
Correct me if I'm wrong here, but how can a system propose to supply DRM and privacy. The key to effective DRM is knowing who has a certain piece of something and how they are allowed to use it. This of course requires identity. Privacy on the other hand has the main goal of avoiding knowledge of who you are and what you are doing. That lack of identification is what allows services like Limewire, Kaazza, and others to thrive (well maybe not thrive but you understand). I don't see how one system can proport to support both of these goals at the same time and accomplish both.
THIS SPACE FOR RENT
This is a prime example why the OS portion of MS should be broken off as a seperate company. If the people who control this process are selling software that needs to have permissions enabled in order to run, and they are competing with others, there is a clear conflict of interest. If we create two companies, let's say Windows and Microsoft, then there is more ensured fairness. The windows company will ensure that the largest number of people have access to the approval process in order to please their stockholders. As it stands now, keeping compteitors to all of the MS products out of the loop has a very nice ring to it.
THIS SPACE FOR RENT
I make no claim that this is intentional on Microsoft's part, but this is what just happened on my computer (dual-boot Debian Linux/WinXP), but I found it interesting.
I just installed WinXP to replace Win 98 (too many crashes when I boot to Winblows to play games). Afterwards, I was trying to install OpenOffice. I tried to download OpenOffice several times from several of the different mirrors, and was unable to. It would download 99% of the way and then stop. Finally, I decided to download Mozilla (which would have been my next step anyway), and after I installed it, I used it to download OpenOffice, without any problems.
While I have no indication that this is intentional on Microsoft's part, I find it spooky that I was unable to use IE to download OpenOffice, a potential major competitor to one of MS's most profitable programs. Though I doubt this was intentional now, I can easily envision a future where MS will refuse to certify or allow any competing or especially !Open Source! programs to run on their DRM computers.
I also am afraid that we will be forced into DRM. Microsoft will continue in its tradition of embrace and extend, by making DRM enabled computers able to receive files from both DRM and non-DRM computers, but unable to send files to DRM computers.
BAM. Suddenly MS now controls DRM for all machines used in the US. Not only does this mean control of information, but it could also wipe out all other OSes since only Windows would be Palladium compliant. On top of this MS would then get royalties from hardware companies, which would be... hmm... ALL OF THEM.
Sure this may sound a bit scary, but it is highly possible. Now, picture this:
A few years down the track after Palladium is adopted. DRM would be in everything, from CD players to high end digital projection systems in theatres. Using Palladium, MS could decided it doesn't want to certify RIAA and MPAA content. It could effectively hold both to ransom. Now, not only has MS got control of machines, but it would then have control over content as well. The ability to decided what bands CDs can be played and what movies get made.
So sit back in your Microsoft Certified Chair (tm) while you read the Microsoft Certified Slashdot(tm) on your Microsoft Certified DRM Compliant Computer(tm) while you drink your Microsoft Certified Beer(tm). Welcome to the Microsoft Certified World(tm). Where do you want to go today?* (*notwithstanding anywhere you want to go will be controlled by us, therefore you will only go where we will tell you to go.)
-----BEGIN PGP SIGNED MESSAGE-----
l vs mW+W51IACeJQMe
- ----END PGP SIGNATURE-----
Hash: SHA1
It seems, that author of the article honestly believes, that those four people on the photograph are helping out to make world more trustworthy. He describes cyberspace as an endless roster, full of security holes which are abused by cyber-thieves and viruses. After terrifing readers he shows bright future and solution which seems to be naturally obvious, politically correct and somehow product of evolution.
I know this music because i lived in a dictatorship. One of the best weapons anyone who wants to have a control over anything is whip&sugar. Scare first and give sugar when object get scared, therefore getting control over its fear.
What he forgets to say is that those holes exist because of software houses incompetence (oops). Author tries to get around problem and while hiding real causes of timeless insecurity problems, he offers something he himself does not understand. Anonymity, security, solved intellectual property problems and one-click-away perfect technology. If he would, he could not have presented this kind of solution.
He writes what he thinks users want to read, without giving them any other options or alternative solutions. He forgets to say, that future of economy might lay in services and company, which gets the control over how services will be offered will surerly have most power.
He mixes a lot of things that have nothing in common. Services offered by companies (for example email) and functions that should be strictly in hands of the user (choice of anonymity). Time, when everyone was able to manage anything well enough is slowly coming to an end. Level of knowhow needed is rapidly growing and only groups of organized individuals or companies are able to maintan it and continue to offer good services. That might be one of the reasons, why businesses are turning toward Linux. Platform is not important any more.
Whenever any authority tried to decide what was good or bad (fair use of intellectual property) it ended as a control over the whole process (and it was not the user, who had it).Added cost of PC or earlier upgrade means nothing in comparision with the fact, that companies would get (?almost?) complete control over anything anyone does with any computer. It seems, that user would be put in front of decision: comply and do what is not forbidden or become an outcast.
"In all cases, it would be the user, not Microsoft, who sets these policies". This might be true, if Palladium was a framework, not a product and would become an open standard, without any patents and free of charge. In other words something users and companies are welcome to use and not forced. "Microsoft is also publishing the systems source code". I run searches on Microsoft web site and Goolge and found no source code or any other information.
What else will Palladium bring than more control to large companies?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9FlvG8KCvYwHJjIURAuz4AJ4w+CwD4+ybbwX3GIy
4LOZUlJ/3/eG5FAUGO9Mv7E=
=9QKF
I've had this problem with IE multiple times - it's some sort of bug in their http support. And it happens to anything - I was unable to download the Visual Studio Service Pack, Gentoo Linux, and a couple game demos, along with an IE patch. It does seem to go away in Moz though, but Moz has enough problems with HTTP of its own (like the pipelining features).
using namespace slashdot;
troll::post();
The statement "The only rights you have are the ones you buy" is even more true now.
Bad Microsoft (smack) :)
Heres what you _can_ do:
1) Encrypt data so that only someone with a decryption key can decrypt it. (Without using the key a good system will take _many_ years to crack by the best people and equipment)
2) Ask people nicely not to forward your email to the boss, and not to copy your IP, and sue them if they do.
3) Not run risky daemons/services/etc... on your network-connected computer, use a firewall, not store sensitive documents unencrypted and not use Outlook.
Heres what you _can't_ do:
1) Trust a remote system just because it has your lap-dog drm system in it.
2) Trust that no-one will crack your amazing system, on their own machine, in their own home, and then use it to copy protected data, forward protected emails, and save self-destructing documents.
3) Control what i do with my own computer - because lets face it, unless i'm accessing a remote system, its really none of your f*cking business.
When will they learn that we're not interested in following stuped artificial rules. The computer is free, with data on it, i can do anything, i don't need my hardware reading secret flags to tell me that i cant 'do that'. As the famous icon says, its My computer.
This comment does not represent the views or opinions of the user.
Dickhead
So who controls what public keys are burned on (meaning what private keys are allowed to "authorize" programs)...well, Microsoft will certainly put theirs in there so the OS will boot. A user can also add them, but maybe only if they boot the computer with a switch on the motherboard set to some way (just an example, they key is its not something a random virus or buffer overflow exploit can do). And if you work at a company, the company will probably puts its own public key in there also before they give you the computer.
So it won't be as sinister as you might think, but obviously Microsoft gets an advantage in having their key in there...welcome to the world of public/private keys. And check Verisign's stock price in 12 months.
- adam
like microsoft could pull something like that off. that haven't been able to get anything right for how long??? i wish they would just GO AWAY!!!! hey, remember the movie the net? Isn't kind of ironic they have a network called the NET and they try to come up with this kind of like gatekeeper crap? makes one wonder...
===== Fiction ebooks and paperbacks.
However, it is uknown as to whether or not microsoft will be able to invade your privacy, since they make the system. Have to double check that EULA!
Palladium will be the first MS product without an EULA because they'll have already taken those rights out of the Constitution. How else can they implement this?
The "Article" bears more resemblance to an M$ press release than a serious act of journalism.
Anyone know the background to the hack who wrote it?
Hmmmmmm..... Deep fried and look like Squirrel.
I'm sorry but we live in a metric universe.
The EU doesn't allow software patents, as a rule. There are some exceptions, but in general...
Female Prison Rape in NY
I thought that it had to do with printing. "Palladium" is the name of the printing model out of MIT and DEC's "Project Athena", and was adopted as the standard print model by POSIX.
"Cool!", I thought, "Finally, we are going to get an ubiquitous, cross-patform printing service!".
Then I find out that it's a plan to turn your entire PC into a "Winmodem". Ugh! 8-(.
-- Terry
If memory serves, palladium was the element used by Pons and Fleischmann to generate cold fusion.
Strangely evocative, innit?
Ron
I mean, come on! Where's the track record? Why can't Microsoft deliver a good, secure OS before making a ham-handed attempt at 'Palladium' ??
Sometimes I wonder if the 'soft' in 'Microsoft' comes from the softness of their brains...
I see this as a problem for users of Windows XP, as well as anyone who decides they need to upgrade to the next generation of Windows after XP. I am still using Windows 98 and haven't felt the need to upgrade at all. In school, I was taught that if something worked for you, why upgrade it? The only people who will be affected by Palladium will be the users who upgrade to the latest version of Windows, put it on their system via Windows Update, or have Microsoft automatically update their system for them. I don't see this being a problem for the informed computer user.
Pretty clearly, Microsoft is attempting to forever entrench its OS into the business world by creating a closed-source solution to a problem of its own creation.
;-)
So M$ assures us they'll deploy Palladium on the Palm platform. It's hardly a desktop OS. We'll see Palladium offered to Linux distros only after Bill Gates is reported alpine skiing in hell.
So where is beared ole Karl Marx when you need him? If information workers no longer control the tools of their own production, they'll become the New Serfs of the New Economy.
Information workers of the world, unite! You have nothing to lose but Palladium.
This is my post. There are many others like it. If you don't like what you read here, go try one of the others.
--lotta good info there. query? For a pretty much n00b, which of these do you suggest? Notice I didn't ask which is the best, more for a newbie, which would be the best to get beyond the canned mainstream distros? If it wasn't from the big brother cootie factor, I like the looks of the nsa brand. I also hear all the time on this board about the openbsd. Trouble is, it seems all these directions require more than a little amount of pre-knowledge, and given that any of them is hard to do, which might be the best stepping stone?
crawl-walk-run in other words.
Thankyou
Unfortunately, if Microsoft pulls any crap like this *I*'ll be the first to fire a class action lawsuit at the company and sue them for millions of dollars in damages (damages being my right to not run Linux). People have to get up and sue Microsoft more and more and MORE or we'll never see the end of this evil.
Everyone wants a Tux in their life.
I use linux. I don't need anything better than my Duron 900 anyway. If it won't run linux and whatever other software i want, i simply won't purchase new hardware with this system in place. It's BS like this that make it ever more likely that I will move to a different country.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
This is a horrible idea, and noone sane will adopt it!! Think about it! Integrated security into CPU's. This also means integrated anti-piracy, fair-use "security" too! And no one has the ability to tell whether Microsoft will sneak some kind of "extra feature" into the product!
-------
"In times of universal deceit, telling the truth becomes a revolutionary act."
-- George Orwell
4) Tell lies to kill the open source argument "Microsoft is also publishing the system's source code.[']We are trying to be transparent in all this['], says Allchin. " (bullshit, say I)
I think will be the point that defines the plan as an attempt at real security or a plan for world domination. If they do open the code, it shouldn't be terribly difficult for the community to see what Palladium does, and Microsoft is smart enough not to leave the plans for world domination out where Slashdot readers can find them. If they renege on open code promises, we can't take any of thSFÜ other promises about Palladium at face value.
Read it again. Did Allchin say he was going to make the code OSS? No, just that he was going to publish it. Sounds like Shared Source to me...
Do not be deceived.
This is not about giving the consumer freedom. It is about controlling all facets of a consumer's computing life.
In order to achieve the power and control (which leads to money) that Microsoft relentlessly pursues, they need the cooperation of hardware manufacturers. Otherwise, if features we did not desire were implemented, we would simply go to Linux. We would have a choice. Choice is good for the consumer, but that takes away their power. Your ability to go somewhere else takes away from their ability to control you and the world. But if the hardware itself is designed to run their software and conform to their plan, it would be extremely difficult for the consumer to have any choice. There aren't too many hardware manufacturers. Software is easy and cheap to design and share. Hardware fabrication plants are extremely complex and expensive to design and run.
After they have gotten the hardware manufacturers to go along with their plan, the next step would be to get the politicians to support their cause and draft laws that would require "trustworthy" computing. In a post-September 11 world, with the political and media hype about terrorism and security, that would be very easy to accomplish.
We cannot afford to be ignorant. This really is about choice, freedom, and ultimately, livelihood. These are the things at risk. What they want is the ability to control our lives for their ulterior motives.
I'm sorry to say this but many of the strategies employed by Microsoft remind me of the Nazi's.
"One World, One Web, One Program"
- Microsoft Promo Ad
"Ein Volk, Ein Reich, Ein Fuhrer"
- Adolf Hitler
A word is enough for the wise.
Hardware DRM and software DRM.
Kinda reminds me of the CBDTPA.
Now I begin to realize why it never got brought up in the Senate. Someone realized that Microsoft was heading there anyway.
Microsoft is now effectively a branch of the US Government.
"Evil will always triumph because good is dumb." -- Dark Helmet
Those two words pretty well sums it up. In all serious though, it's going to suck ass when we have to buy mod chips for our PCs.
Maskirovka
Hardly anybody important, anywhere in IT, is talking about Linux on the desktop.
Don't fool yourself that anything else is the case.
Linux is killing commercial Unix, and finding a solid base in the server room. That's pretty much it.
Generally when you decide to control something you need to ask yourself who will be in control?
In other words, sometimes it's better to live in an uncontrolled world free of controllers.
One-way hash functions: In a nutshell, a one-way hash function is a function that takes a variable-length string of input data and returns a fixed-length string (the hash) that represents it. Due to the mathematics involved, it is computationally infeasible to derive a different input string that will evaluate to the same hash. The same input data always produces the same hash.
Symmetric (a.k.a. "secret key") Cryptography: Basically, you take two inputs, the "plaintext" and the "key", and you feed them through an algorithm to get the output ("ciphertext") that looks like jibberish (a process called "encryption"). You can then take the ciphertext and the same key, feed them through the inverse algorithm, and get the original plaintext (a process called "decryption").
Asymmetric (a.k.a. "public key") Cryptography: It's just like symmetric cryptography, except instead of using the same key for both encryption and decryption, you use two different but related keys -- one for encryption and one for decryption. You call one of these keys "private" and you never let anyone see it. You call the other key "public" and you distribute it to everyone.
Other people can encrypt data using your public key, and that data can only be decrypted using your private key. The other thing you can do is encrypt data using your private key, so that it can only be decrypted using your public key.
But what use is that, you say? Well, you can encrypt the hash of the program you're signing using your private key, and distribute the resulting cyphertext with your program. If other people want to verify that your program is authentic, they can compute their own hash of your program, and then decrypt the cyphertext of the hash you computed. If both hashes are the same, then your program is verified, because only someone with your private key could have generated that cyphertext.
This is how all digital signature systems work.
For more information (especially if I confused you), see An Introduction to Cryptography (PDF), which explains it much better that I can.
That Windows loaded PC's a couple years from now will ONLY be able to run Microsoft Browsers...
Mike
It's not like we're going to end up having a choice here. If Microsoft tries to do this and people start jumping ship to Linux or Mac (assuming Apple doesn't follow suit), then Microsoft and the *AAs will go to Washington and demand legislation to mandate DRM in every OS (and Fritz is already chomping at the bit to get something like this passed). And you can bet that they'll get open source outlawed in the process. After all, what's the use of having DRM if someone can have access to the source and just remove it?
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
The scene: Late 2005. A user is reading e-mail on a Palladium-equipped computer.
User: "Computer, open e-mail #37."
Computer: ["tah-dah!" noise] "This e-mail is protected by digital rights management. You will not be able to copy it or forward it to others."
User: "Riiight. Copy the contents of e-mail #37 to the Clipboard, and paste it into a new message."
Computer: [beep] "Access denied."
User: "Take a screenshot of the e-mail, feed it to my OCR software, and paste the results into a new e-mail message."
Computer: [beep] "Access denied."
User: [sighs] "Use text-to-speech to read the article, record the speech, use speech recognition to decode the recording, and paste the results into a new message."
Computer: [beep] "Access denied."
User: [Picks up a digital camera and points it at the screen]
Camera: [beep] "Palladium OS for Cameras 2.0 has detected DRM-protected material in the viewfinder. Please point the camera away from the material, or the camera will shut down automatically."
User: [Throws camera across the room, picks up pen and paper, begins to write a longhand copy]
Ink Pen: [beep] "Palladium OS for Ink Pens has detected an attempt to copy DRM-protected material. Please desist immediately, or the pen will automatically run dry."
User: [Screams, stabs finger with pen, begins copying the e-mail in blood]
Paper: [beep] "Palladium OS for Digital Paper has detected--"
User: [Tears paper to shreds, begins writing on the wall in blood....]
Moments later the DRM Police arrive -- having been tipped off by all the equipment -- and find the user huddled in the corner, laughing maniacally and muttering "I did it! I did it!" Fortunately, the DRM Police can't read the writing on the wall (their Palladium-equipped sunglasses polarize whenever they look that way), and the case is eventually dropped for lack of evidence.
OEM?s are wimps. Remember when the athlon first came out and asus denied it even had an athlon motherboard because they were scared of the big bad intel? Or how compaq killed the alpha because they did not want to frighten intel so they signed a contract in exchange for cheaper prices for pentiums in there consumer desktop divisions?
.net my services will finally take off. After all you agreed to use it didn't you? If you don?t agree to it USE A TYPEWRITTER will be Microsofts attitude. This is why ms wants drm so bad. Sure it will prohibit piracy but it will also insure their renting schemes and license hikes at the hardware level. Very, very dangerous in my opinion. My guess is the 2nd version of Windows.net will not run without drm enabled hardware. This would make the OEM's cream in their pants. Microsoft always lets the OEMS do their dirty work and this is probably MS's latest scheme. Sadly, I guess 5 years from now we will all be running linux on slow and expensive macs. This will be our only choice for a cost effective linux platform. We need to write our representatives because the linux marketshare won?t make a difference with the oems and yes it will go through. If Microsoft and the OEMs are for it then their is no stopping it. With or without linux.
Like it or not consumers want to buy the latest and greatest versions of Windows and intel chips for the cheapest prices. Consumers who need a newer pc will not invest thousands of dollars for yesterdays software. They want to be on the edge of the upgrade curve for their investment. An oem can't sell pc's without the latest version of Windows or else they will go bankrupt. Linux only makes up %2 or %3 of their sales. Most use it for servers anway so they wont care. If I were Michael Dell I would discontinue linux immediately and sell these drm cripples pc's before compaq or gateway do to outcompete them. If I didn't do this I could lose my job and bankrupt my company. Its sad but true. This is how OS/2 lost. It was beginning to get popular right before Windows95 came out. Then out of nowhere it vanished. Even IBM sold out due to fear from Microsoft after they invested billions into it. It was a waste but their pc division would of went belly up if they didn't cave in.
The only thing we can do to stop this is to email and snail mail your elected official and explain to them what your opinions are and also explain how it could physically cripple the whole IT industry. This is worse then the anti-trust violation of the bundling of IE. Much, much worse at a whole different scale. At least with the internet explorer case, consumers benefited by having a zero cost browser. This new scheme offers no benefits besides to lock consumers into agreeing to buy only microsoft operating systems with dracionian eula's attached to them that will prohibit fair use. Who knows, maybe
http://saveie6.com/
Tells you who you're dealing with--and what they're doing. Palladium is all about deciding what's trustworthy. It not only lets your computer know that you're you , but also can limit what arrives (and runs on) your computer, verifying where it comes from and who created it.
Well they could verify who made it...if they are using the same system!
* Protects information. The system uses high-level encryption to "seal" data so that snoops and thieves are thwarted. It also can protect the integrity of documents so that they can't be altered without your knowledge.
I think I could do this with a simple script, and don't forget the permissions, or if I feel realy paranoid I could use pgp.
* Stops viruses and worms. Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system.
It's called permissions pall! Don't run as root all the time. Could this also be done by just thinking of what you want to install. Oh if you wanna talk about the 'other' stuff that's installed when you use say-kazaa or something, that's you fault for using it.
* Cans spam. Eventually, commercial pitches for recycled printer cartridges and barnyard porn can be stopped before they hit your inbox--while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards.
Personally I just set up a filter and my computer won't even download the crap.
This SIG pulled due to lack of funding. (This damn war is costing too much!)
But of course you may have access to the specifications of the new cpus, you little open source cur! In fact we'd love you to know every little itty bitty gritty programming detail of those chips, how they work, what the new registers are and what exactly that bit 6 in register MSSC14 does... It just wont do you open source commies any good, because you see, before those cpus leave our factories, they go through a testing machine that will a.) ensure that they're working properly, and b.) load a public key. (We'll even tell you what that key is so you can tatoo it on your cocks for whatever good it will do you!). Now what will happen is that the cpu will after going through power-up load a chunk of memory into a private on-chip static ram and start executing that code if and only if that code has been signed with the private key we keep in the safe. Everything else, follows naturally... the chunk of code verifies that the bios's signature is correct, the bios verifies that the bootstrap loader's signature is correct, the bootstrap loader verifies that the kernel's signature is correct, the kernel verifies that the device drivers' and application shell's (scum like you would call that 'init') signature is correct, the application shell verifies that the application's signatures are correct. Oh and don't even think about halting the CPU and modifying main storage thus injecting your open source poison into the machine. We'll just encrypt whatever goes out or comes in on the address and data bus so you wont even know what's going on in your own system!
... at the time that the ``Trustworthy Computing'' initiative was announced that it was all just another marketing ploy. Sure looks like the people who were thinking that were right on the money.
CUR ALLOC 20195.....5804M
Any form sombody wants to control what i see, do, or want is bullshit an a invasion of privacy. how many people get viruses? well only the morons...dont have to be a fuckin genious to not get a virus. There will always be a backdoor in windows. shit the NSA has a team of people that oversee the dev of new microsoft os's. Do you really think they just packed up an went home? FUCK NO. i'll switch to penguin. shit I won't buy any amd or intel chips when this shits implemented. I jus wont. There go's a pile of money out of their pockets. They can kiss my ass. shit i'll learn how, dev the equipment, an build my own microprocessors if I have to. FUCK MICROSHIT
http://www.nytimes.com/2002/06/20/technology/20COD E.html
Worked real good 'till they met Odysius.
http://www.theregister.co.uk/content/4/25843.html.
What's missing is any mention of how fast such a system will be
when public-key crytography is implemented on silicon. The system
was to secure communication between "the keyboard and processor, and
processor and video card." That sounds very slow to me.
The other topic not mentioned is how the system might be integrated
with operating systems other than Windows. Ignoring producers of
other operating system is not in the best interest of Microsoft. If
Microsoft actually expects such a huge project to succeed, they must
consider how other operating systems can use the technology.
I was impressed that the story mentioned that (some of ?) the source
code will be publicly released. Seems like a step in the right direction.
I see this move to fix the security problems with hardware as a sign that MS is unable to do it with software. :)
Linux is capable of a much better security than win, and the only way that Palladium is going to work is that the new os gets a architecture that doesn't even resemble win.
I think other key considerations are to make software piracy impossible and I'm afraid (or happy? Perhaps, now more people will move to Linux) that the new platform will be closed.
It is all very vague now, but I fear that only programs developed with MS programs will run on it and that there will be a massive lock-in effect for those who jump in this train.
Excuse me, I'm going to polish my debian machine
With the Bush administration in I bet it will be mandated to use one of these dumbed-down boxes in the next couple of years. Anybody with a regular PC that can openly process information will be branded a terrorist. Don't believe me? Look at the sad state of the internet now. If you posess DeCss you are guilty of a crime. DeCss CAN be used to encode encrypted DVDs into MPGs but it doesn't mean that YOU DO. But the law says that because you capable of commiting a crime you will. So don't be surprised when you become a criminal for owning a regular PC because it lets you be a hacker. And the open-source world is in toruble too. Big industry believes closed-source is more secure since it would take you longer to figure an application out if you had to reverse-engineer it (also a crime if I'm not mistaken). They'll probably outlaw open-source in 5 years as well. All in the name of your security. Glad I'm not an American.
Does anyone remember the DRM OS implementation that MS patented last fall?
Seems to me that they will probably charge anyone that wants to make any software that might be interoperable with theirs.
It would also allow them to charge/sue any OS that tried to mimick the same type of functionality, effectively shutting down any *nix based systems... assuming people and especially corportations, believe that the "new features" are imporatant and useful.
... No matter the cost."
{begin playing "the touch", while blasting through minions)
Kudos if you actually get this.
so we all will be installing Mod Chips in our PCs in 2 Years.
However, a band of smart geeks (erm Greeks) found a back door into the city, disabled the protection mechanism thus leaving the city wide open to attack.
OK: they won't switch this feature on right from day 1, but only when there is a critical mass of this out there & running. Remember: with the new M$ licence and the upgrade-over-the-net philosphy, they can move in this direction very quickly.
For every person that would not allow it, there will be 1,000 that will. This is exactly what M$ counts on - and the fact that the vast majority of folks out there, don't blink an eye at the reality that 90% of everything they use (Office, IE, Outlook etc.) is all made by the same company. It has always amazed me at what people will put up with on their computer, that they would NEVER accept with anything else.
"Palladium" is named after the Trojan religious artifact sacred to Athena/Minerva. As the story goes, the city of Troy would be safe so long as the Palladium remained safely in the city. So, the Greeks (foremost among them Odysseus/Ulysses) broke into the temple and stole the Palladium.
MS's new digital management software is named after a famous theft?
A spreadsheet "runs", a word macro "runs" and both have been known to hold virii in the past.
So what can MS mean by only allowing authorised programs?
It's sadly the thing that the Public deserves
for failing to notice the master it serves,
There's one that sit-rocks with barely a chin
and one insane monkey with really bad skin
They both have a vision that covers the globe,
with Bond villian schemes and the patience of Job
They're planting the seeds and the crop they will grow
is money for nothing unless we say Whoa!
Cake or Death? Cake Please!
The Palladium (the horse of Troj) also was the reason of the conquest of the city when it first came in to the city.
The armies that wanted to conquer the city builded a wooden horse and kept a task force in it. The soldiers in the city saw the horse in the open and dragged it in their city. When it was there the soldiers in it waited until the night and got out of the horse and opened the gates. Then the ciy was conquered.
Does this mean that M$ wants to take over the chip producers?
"Microsoft announced today, that they plan to take over PCs, literally. Their new project, code-named 'Scrotum' is aimed at designing a complete built-in control system for PCs. Scrotum will scan data that passes through the computers processor and look for special 'skid-marks'. These skid-marks will tell the system what can and can't be done with a certain piece of data. For example, someone may send you an email advertising a product. Scrotum will detect that this email is âbullshitâ(TM), from the skid-marks it finds in the data stream. The computer will then delete this email automatically, saving the user time and effort. Bill Gates has coined this process 'mail filtering' and claims that it could revolutionise the email industry. But thatâ(TM)s not all, we spoke to a Beta tester with Scrotum: "The system is incredible, last night I was searching a file sharing network for the new Britney song, when suddenly Scrotum interrupted and deleted it, claiming it had detected 'bullshit' in the mp3 data- streams' skid-mark. I've since, stopped listening to Britney Spears!"
Microsoft expects Scrotum to ship as soon as the code compiles on an Intel processor - at the moment it keeps crashing stating a 'bullshit error'"
This comment does not represent the views or opinions of the user.
The community complains loudly about companies that want to forcefully restrict liberty for users and developers alike. But has the community come forth with its own proposal?
How do we implement rights management for the independent author? How do we support code signing for the independent programmer? I should have an Open system that allows me to produce my documents, write my code, distribute what I want, and have everything appropriately signed by me.
Are we up to this? Are we able to propose alternates? Instead of just saying "no", shouldn't we be constructive and say "this is how to do it"?
I'm willing and able to work towards this, altough it's not something I can/want to do alone. Any takers? Let me know.
free the mallocs!
Because it is not open source...
It will be a really long time before we really know if it really works or if it is just a bunch of bull kaka marketing to sell more Microsoft.
Microsoft always makes the same mistakes:
1)Market a new idea that sounds great but is actually nothing but a marketing gimmick.
2)Sell it to everyone with a smile on their face thinking no one will be smart enough to know it is just snake oil.
3)Deny it is snake oil even after thousands of people are hurt by it.
4)Fail to see how hurting their own customers hurts Microsoft.
If Microsoft wants my trust back it needs to do full discloser. Full discloser is best practice, it is like labels on food. If you know what's in it and you still get hurt then it is your own fault. But Microsoft says you do not need to know what's in it, just trust us, buy this it will never hurt you.
I would not touch any security based system that is not fully disclosed, how could I suggest to my superiors that they should use this new technology, it would imply to them that I felt certain it would protect their data when in fact I would not know. And I am certain the end user Licence prevents any liability on the part of Microsoft and its partners.
So if you missed it I sum this new thing up like this:
If it's not open source it's snake oil marketing.
Why hide it if it works ?
They can talk about adding all the new gimmicks they want but they still have to convince the buying public to upgrade from their older versions that don't have these "features," and their monopoly power ain't what it used to be. They should perhaps spend a little time studying those Windows XP sales figures.
Seriously, I use Windows 2000 and there are a few new features in Windows XP that might be worth the upgrade. But I'll be damned if I'm going to get their software if I have to deal with their new registration BS, especially when there is currently verey little that NT 5.1 can do that NT 5.0 can't.
Okay, how many times have we proven that if they build it, someone's going to hack it? The only way for this to work is if Windows was the only OS out there and this Palladium thing is the only whatever-you-want-to-call-it box out there. We all know that that is not only NOT the case, but it will never be.
Hmmmmmmm, never heard about copy and paste, yeah.......
It won't matter if MS releases the source because most likely a lot of this will be patented. Probably all owned by Microsoft no doubt--or they'll start buying all the companies that have these patents if not. Open source projects can't affort to pay patent fees (assuming M$ gives out licenses), and any for profit software company will be crushed by the monopoly if they are perceived as 'competition.' The US government has really dropped the ball with their anti-trust lawsuit--hopefully some other countries will step in...
This is part of the reason that I think that these attempts at DRM systems are really an attempt to control all communications by a few big corporations. Think about it--patents will give MS and some of the big chip manufacturers almost exclusive control in the computer and networking environments. The keys to create and release content will most likely be held by the big media companies--'content' meaning all video, still image, and audio data...and probably text. The future of communications (the telephone, document transfer, music, motion pictures) will all be digial and accessed by the internet. Therefore anyone wanting to communicate over long distances (as we do with the telephone now) or send a message to a large group of people (such as your own original song, or a usenet like post) will have to:
They could reject anyone whose opinions they don't agree with. The future doesn't look very good at all if they succeed...
Hogwash. We don't go by metric time; and as far as I remember, one light year is the distance light travels in 365 days.
One of the really interesting implications of this article is that it shadows an intresting occurance in Orwell's 1984. The fact that you can create a word document that can only be read for a week is unsettling. If it can only be read one week, then presumably it can be reverse engineered by M$. Meaning that if M$ has the keys to the kingdom be integration into IIS, frontpage, or any other software it supplies, any information can be altered by M$ to its own advantage. Didn't like that stock tumble, oh well let's make a few ticker changes...everyone knows Palladium keeps all the information secure and honest. If M$ pops the marketing scheme the way it has been with some recylced lyrics and flashy promos the general public is going to believe what M$ tells them because they think it is in their best interest.
They are the gatekeepers.
They are guarding all the doors.
They are holding all the keys.
Which means that sooner or later someone is going to have to fight them.
Morpheus, from the Matrix.
Oh come on be serious, MS is a big company so it would be absoluteley daft of them to even consider invading peoples priva... oh, hang on, _NSAKEY anyone? >:|
Any hint, ideas?
Two words:
Clipper Chip.
*IF* this idea comes to fruition, what howls will rise from the populace that has to take their xmas presents back to get a vsn 1.1 chip dropped in because of some..., i don't know..., FLOATING POINT Error ?
I'm not sure why everyone gets so scared of this patent anywhere. The moment the patent prevents a competitor from entering the digital rights management market, the patent will be dropped faster then the DoJ could say anti-trust.
Only a few days after that other guy beat him to death with, iirc, a chunk of pipe.
here
From Greek Mythology Link "The Palladium is the wooden statue that fell from heaven and was kept at Troy; for so long as it was preserved, the city was safe." As we all know Troy was taken with the help of a trojan horse. So we must assume that M$'s Palladium won't help against trojan horses either.
He saw some dirty arabs and fired. Too bad it was just some friendly kurds, BBC reporters and his fellow cowboys.
Oh well, you got the idea, anyway.
any extra shit M$ puts between the user and a program always makes a program crash.
Cans spam. Eventually, commercial pitches for recycled printer cartridges and barnyard porn can be stopped before they hit your inbox--while unsolicited mail sent by Microsoft "partners" can arrive if it has credentials that meet M$'s standards.
/. If the government wants us to respect the law, it should set a better example.
...belomg to ms?
...um...like...a sig...
Is the VIC done yet?
From being used by you in ways of which the RIAA/MPAA does not approve.
Oh! You mean you want to protect a confidential email from prying eyes?
What are you, a terrorist or something? What are you trying to hide?
Exceeding the recommended torque is not recommended.
A related story presented by Computerworld, Microsoft plans security chip for next Windows , raises as many questions as it provides answers.
"The company wants future PCs to contain a security technology called Palladium, and is in discussions with Intel Corp. and Sunnyvale, Calif.-based Advanced Micro Devices Inc. to develop the chips..."
According to Mario Juarez, group product manager for the content security business unit at Microsoft; "We're talking here about rearchitecting the PC platform."
Many end-users will surely dislike Palladium's DRM features, but "if you're the Hollywood people, you're thrilled," said Martin Reynolds, an analyst at Gartner Inc. in Stamford, Conn. (Reynolds was briefed on Palladium by Microsoft.)
When asked whether users would be required to run Windows in order to take advantage of Palladium's features, Juarez replied, "The short answer is 'yeah.'"
In a related note, Microsoft was recently awarded a U.S. patent on a "digital rights management operating system".
Well, I've got this to say about Microsoft. They are clever...
Microsoft is using their X-Box console for PRACTICE for Palladium! By making it a console, they made SURE that the vast console pirate community would be hard at work on hacking and chipping the thing! As hacks are found, they will improve their protection until it gets damn good. And because it's not a computer, there's no need to worry about any anti-trust laws hindering them working on making the perfect DRM machine.
I'm willing to bet that X-Boxes will get revised to not work with the chips, and their "signed code only" bit will keep getting improved again and again until people aren't able to chip their way past it and retain all other functionality.
Hollings wanted the industry to come up with a drm system - is this it?
This comment does not represent the views or opinions of the user.