Will Microsoft Code-Checking Plans Cripple the GPL?

Infonaut was one of many readers to point out that "Thomas C. Green at The Register seems to think Microsoft is after far more than the 'ubiquitous security' they're pitching to the mainstream press. In this lengthy article, he contends that Microsoft's latest plans are in many ways an attempt to kill Linux by rendering GPL'ed software unusable. Yep, that's freedom to innovate, I'd say."

Where did you say you wanted to go today?

[paiute]

Sorry, you can't get there from here.

Thomas, are you there ?

[forged]

I wonder is Thomas C. Green is one of the many IT analysts also reading Slashdot on a regular basis.

Thomas, if so, can you reply to this so that we may ask you questions in this forum ?

The Sky Isn't Falling Yet

[colmore]

The general thrust of the article is that under the new security system, GPL programs will not be able to be "trusted" by MS' hardware/software security system, so GPL based systems (like Apache web servers) will become unusable with mainstream computers.

I doubt this will happen.

Because, frankly, the invisible success of opensource is too widespread. I haven't looked at server statistics recently, but a significant percentage of webservers run on some manner of opensource program. Microsoft isn't going to be able to force half of the web servers in the world to switch over, and if people know that buying this new board from MS/Intel (which has few tangible benefits) will render half of the internet unusable, nobody is going to go for it. I'm not even beginning to think about the various governments that have begun to standardize around Linux, the opensource core of Apple's OS X, etc. etc.

Frankly opensource is too big. If Microsoft renders its systems incompatible with the GPL, then it will be Microsoft, and not the OS community, that suffers.

I say, let 'em try.

Re:The Sky Isn't Falling Yet

[GigsVT]

Need I break out browser market share statistics from 1996?

We need to fight every battle as if it is our last, things change too fast in the IT world to trust things like market share.

Re:The Sky Isn't Falling Yet

[Zathrus]

In-house is irrelevant. That's not what this is marketed/designed toward. What MS is attempting to solve here is "how can I trust party X out there? How do I even know that party X is party X? And how can I trust party X not to share my private information with party Y?"

It is, at least on the surface, a noble goal. There's still a lot of people out there that aren't willing to do transactions over the net due to security concerns. And even those of us who do use the net to do transactions know that there's pretty much nothing we can do about step 3 above -- if someone decides to share my personal data (be it my name, my address, my credit card numbers, or my social security number), there's pretty much no way in hell for me to ever track it back to them.

The problem is, these are tough nuts to crack. That's why they haven't been fully completed yet. Microsoft is taking the stance that the only way to do it is to have a centralized authority, hardware encryption, and trusted systems. The problem with this is that it must be closed source. You cannot open the source up, nor can you allow people to "self-sign" -- doing so just means that Joe Cracker can say "yeah, I'm trusted - give me your info" and the system will. Because it's designed that way.

Of course, there are a plethora of other issues here... privacy advocates will immediately scream about a centralized database of ALL the private information. Think the credit bureaus are bad? You haven't seen anything yet. And, afterall, we're talking about Microsoft here -- they don't exactly have the greatest history when it comes to security. And this isn't the kind of thing you can release and patch up later. It must be virtually air tight from the very beginning, or else you won't be able to guarantee the system as a whole (good luck patching that security hole on the embedded card reader over there!).

Re:The Sky Isn't Falling Yet

[serps]

Frankly opensource is too big. If Microsoft renders its systems incompatible with the GPL, then it will be Microsoft, and not the OS community, that suffers.

I say, let 'em try.

You think? I believe you're not looking at the bigger picture. The open source movement is a t a point where big business is starting to take it seriously. What Longhorn attepts to do is is dump linux from the desktop, because all the client progams will barf when they don't see MS-certified keys when they install. That's only half the story, though. You need those killer applications otherwise people will just install some other OS, and you've lost your leverage with the OEMshardware makers, and your momentum stops.

The other half is the network services. What if your online bank rejected non-WindowsDRM compliant Operating Systems? What if all the websites you wanted to go to required Passport, or conversely if those websites HAD to run .NET-compatible OSes in order to be accessed by WindowsDRM machines? Microsoft doesn't own the web, but if they make their own proprietary internetworking system (*cough*.NET*cough*) then they've won half the war. They can afford to play nice and let .NET become really popular before introducing "optional" security settings, then embrace and extend to taste. They need critical mass in both the server and the client to win the war, but they only need to break Linux's interoperability with Windows to relegate Linux into a niche market - an OS which doesn't "work" with the new Net.

Re:The Sky Isn't Falling Yet

[nehril]

FYI: there is NO source for accurate, unbiased information. All information you receive from others (especially from journalists) is inherently biased in some way. Consider that even "accurate" information is still subject to selection and "errors of omission." given that this is the case, it is your job as an intelligent reader to find the bias and extract what useful information you can.

the worst sources are the ones that seem to be "fair," because they tend to make you less alert to the bias that inevitably exists.

wrecking common standards

[sbuckhopper]

In other words, what MS is attempting to do here is the same thing they've done all along.

1. Take a perfectly good command standard.
2. Bastardize it for their own use.
3. Make it not-backwards compatible.

However this time they really win the game if they're succesfull. This is because if they can really implement this, they actually don't have to do the work of bastardizing the standard interfaces, they've inherintly done it.

What they're trying to do is make it so that a common interface is a MicroSoft interface from the start.

How many antitrust lawsuites do they want brought against them? I guess $30B can buy a lot of lawyers.

MS decides to get into the meat packing business.

[MongooseCN]

In other news MS has decided to get into the meat packing business. Their first products will be Gnu and Penguin burgers. Rumor has Bill Gates himself helps butchers the animals and is under investigation by the ASPCA.

interesting article. but...

[kipple]

you have a chip ON THE mobo that tells you if you can run an application. what if you're disconnected from any network? the chip must have some key that, applied to the application, will make it usable. Or will decrypt the application. Or will act as a general key to allow the cpu to run some code.

Still, it is something you have ON YOUR MOTHERBOARD. Like the CSS key... it's there, it will be just a matter of time before those evil linux users will find a way to bypass it, fake it, and run whatever they want. Bringing havoc on the pristine, certified, public-key signed microsoft world. Like a cancer...

....or at least I hope so. I have much more trust in a 15-years old linux north-european user, than in any chunk of Microsoft Engineers that live in their golden world, without Windows (hah! pun!) on the outside world.

However, this palladium-thing looks like the whole .NET thing. Just marketing hypes, nothing else. We've all seen what .NET has become... bugs even before it was launched. Palladium is just a way to scare vendors which would like to try linux.

Those guys at Microsoft are just playing the scary-announcement thing: to scare people before they make the next move. Then make them wait, then provide them a lot of useless marketing, then -before they will realize it- they have been embraced. And the empire extends itself.

Whops! sorry folks, I don't believe a word of this palladium thing until I see a working chip, and I see that it works better than current systems. THEN we can start talking about that, and hacking it. Unless the new DMCA won't make it illegal and punisheable by death ;)

cheers.

Ignorant FUD

[NearlyHeadless]

The article begins

Yesterday, as we all know, Microsoft fed an 'exclusive' story about its new 'Palladium' DRM/PKI Trust Machine to Newsweek hack Steven Levy (a guy who writes without irony of "high-level encryption"), presumably because they trusted him not to grasp the technology well enough to question it seriously.

This is the Steven Levy who has been writing about computers for two decades now, whose books include:

• Crypto : how the code rebels beat the government--saving privacy in the digital age
  
• Insanely great : the life and times of Macintosh, the computer that changed everything
  
• Hackers : heroes of the computer revolution
  

Obviously, with titles like these, he must be an ignorant Microsoft toady. On the other hand, Thomas C Greene, who has never spoken with anybody involved with the project, knows everything about it and what it is really about.

Re:Who will 'force them'??

[rseuhs]

If your new PC refuded to run unauthenticated binaries, that would pretty much kill Windows.

Let me explain:

IMO, the only thing that keeps Windows going is that people have so much software lying around that they have a hard time switching.

Now if the first PCs with this limitation come to the market that force you to replace all your software many would just switch to Linux because your software will become worthless sooner or later if you stay on Windows.

And if Microsoft is stupid enough to enforce Palladium in their OS, Wine/Linux will have BETTER WINDOWS COMPATIBILITY than Windows itself.

Re:The time has come....

[colmore]

It's struck me before that what we need is a "rootless" Linux distro.

One of the main obstacles toward using Linux is installing software. Whenever I try to get my friends to switch over to Linux, and I'm talking about experienced computer users with Unix experience, the inevitable huge stumbling block is "well how do I install anything?"

What Desktop Linux needs is a semi-protected mode (no login) similar to the priveledges of the default Windows user, you can change settings, install software, view the whole directory structure, but you can't change anything that would cripple the system to the point where "click here to restore default settings" (another option we need) wouldn't fix everything.

Linux software should be as easy as download to the desktop -> click to install. Right now the learning curve of linux has been pushed back only a few steps, it's easy to setup a default config, and use the web and email and anything setup by the distro, but you still have to learn all sorts of crazy convoluted things to do anything beyond that. The difficulty of a task shouldn't be greater than the task's complexity.

Once that is done, someone needs to write a book/series of visible articles entitled "So, you're tired of paying Microsoft $100 per year"

Re:Who will 'force them'??

[vidarh]

You don't get it. Of course they won't make new PCs refuse to run unauthenticated binaries right away. That would of course kill them.

The "safer" way for Microsoft, is to make their next version of Windows warn you whenever you try to do something "unsafe". Imagine if each time you connect to a webserver not running this security stuff, you get a window saying that you are connecting to an insecure site and that you should ask the site operator to upgrade to a secure system.

Then give users the option of blocking unsafe sites permanently.

Then after somewhere around 70-80% of all systems are "secure" they issue an upgrade that make your machine refuse to deal with unsafe data by default, hiding an option deep down in Windows to allow it. Possibly allowing you to "self authenticate" old applications.

After a while, you then make the authentication mandatory.

This has the possibility of working, if they aren't met with solid opposition from the start, and if they have the sense to do it gradually enough to not alienate too many people.

Keep in mind that Windows is based on obsoleting things. There's so much old software that stops working between versions of Windows, that that argument simply don't hold - your Windows software WILL become worthless sooner or later, but people still stick with it.

And as for switching to Linux, you might not have that option, as the entire point about Palladium was that it is mean to be enforced in hardware via alliances with Intel and AMD (for now).

Microsoft may be evil, but they aren't stupid... People can't afford to take the risk of discounting their ideas.

Oh yes it is. You're just not looking far enough.

[hoggy]

If MS starts this scheme in 2 years, it will take another 7 years until 90% of their users have it (and that's still not enough because 10% is still too much to lose).

Microsoft can afford to take the long view. The biggest driving force of Palladium/Longhorn will be the DRM technology. People want to consume media and the media companies will require rights management. The media companies can also afford to take the long view. They only need to keep crushing P2P upstarts through sheer weight until the laws and technology to support DRM are widespread.

If only "trusted" apps running on a "trusted" operating system can play music and video, then people will buy those. Remember the vast majority of people aren't interested in their rights - and before anyone starts, I didn't see any groundswell of ordinary people defeating the DMCA.

There is no "Linux" to defeat this. There are only distributions. The big commercial distros are the ones that will end up on ordinary people's desktops and they can either play along or not play - it'll be that simple. When it comes to pleasing shareholders I can guarantee that they will chose to play along.

You just can't afford to be complacent on this issue. This is the biggest failing of the Open Source movement - there is no movement, just a bunch of people writing open source software. This works fine when there's no threat to the freedom, but when there is there's no organisation.

The closest thing free software has ever had to a movement with principles and goals is the Free Software Foundation - and look at how ridiculed RMS has become.

People like sitting on their butts and whining a lot more than they like actively campaigning.

Quality of life.

[Jennifer+E.+Elaan]

Actually, corporatized industrialization has lowered the quality of life for humans. Starting with the beginnings of the industrial age, where women and children were being forced to work in terrible conditions, to now, when the average work day has not decreased at all (and increased in a lot of professions). In fact, now we have the problem of North American excesses lowering the quality of life elsewhere in the world, especially in developing countries that can get more money from selling their crops as cattle feed in the US than from selling it to their populace. Guess which they choose?

And, to top it all off, in the past 30 years or so, incidences of stress-related mental illness has increased by something like 500% (I forget which study I read that in, but anyway).

And what do we have to show for it? Do we have more time to spend with our friends and families? No, all we have is a few new toys (although, as a geek myself, I have to admit that they are fun toys). If we see an average person working one day a week and making enough money to support themselves and their families, then that would be a massive improvement in quality of life.

In fact, we have seen the opposite; the two-income family is so common that it has become difficult to be one-income anymore. The quality of life has decreased enough that the average two-income family now lives about the same as an average one-income family in the 1920's.

Remember, those who do not understand history are doomed to repeat it.

Re:Quality of life.

[markmoss]

Starting with the beginnings of the industrial age, where women and children were being forced to work in terrible conditions, as opposed to the wonderful conditions on medieval farms, where since most peasants couldn't afford an ox they'd hitch their wife to the plow, medical care was unavailable to the poor (90% of the population) and downright hazardous to the rich, the population was kept in balance by starvation if plague and warfare didn't kill enough, and even the upper classes ate so poorly as to average almost a foot shorter than today.

the average work day has not decreased at all (and increased in a lot of professions. It depends on how you count all the "work" time I spend on /. ;-)

developing countries that can get more money from selling their crops as cattle feed in the US. Really? I thought most third-world farmers couldn't afford to ship their crops to the ports or the cities (whether for sale locally as food, or to ship overseas) - maybe because most of the foreign aid went into Swiss bank accounts rather than things like roadbuilding, or tractors and fertilizer to make the food farms more efficient. Or their government pressures them to grow cash crops for export (to get more hard money for those Swiss bank accounts) rather than food. Agricultural subsidies in most first-world countries do screw their own consumer/taxpayers as well as third world farmers, but the bigger problem is with the third world governments.

in the past 30 years or so, [Diagnoses] of stress-related mental illness has increased by something like 500%. Maybe now doctors call it "mental illness", where 30 years ago they'd just say "take a vacation". Unfortunately, that doesn't mean they are better at diagnosing mental illness, but rather that they've better learned how to phrase it so as to get the medical insurance to pay. And to whatever extent there is a real increase in stress: It may be hard for you kids to believe this, but 30 years ago the industrialized countries were already fully industrialized and had been for 50-100 years. Maybe "Republicanization" is causing increased stress to US workers, or maybe it's that 4-6 months a year we work just to pay the goddammed taxes, but if stress was due to industrialization, it would have peaked long ago.

And do you think medieval peasants, Roman slaves, Egyptian peasants in 3,000 BC, or any other lower classes in the old days were free from stress? No, they _died_ instead of just getting a little squirrelly.

the two-income family is so common that it has become difficult to be one-income anymore. (1) It's quite possible to raise a family on a single moderate income. Mennonites do it all the time. They just don't buy toys, fashionable clothes, prepared foods, etc. And, because my wife can't hold a job for more than a week before she starts telling the boss how to run it, I raised two children on my one paycheck - and for the first 8 years, it was the tiny paycheck of an enlisted serviceman. Just don't think you've got to buy everything they show you on TV.

2) A pre-industrial farmwife worked much, much harder than a modern working mother. Yes, I know it's hard to get home from 9 or 10 hours of work, toss dinner in the microwave, run the vacuum around the floor, get the kids ready for bed, and toss the clothes in the washing machine. Try cooking food from scratch on a wood fire, washing those clothes by hand. and cleaning the carpets by taking them out to the clothesline and beating them. If you can't afford to hire help, you'll soon be happy to go back to a dirt floor and greatly lower your expectations of personal cleanliness - even if you don't have anything better to do all day.

(3) You don't know how the average one-income family lived in the 1920's. You only see the top 10%. For the rest, no refrigerator, no car, electricity and running water optional, and generally the wife was working outside the house too as much as childbearing and care allowed.

working one day a week and making enough money to support themselves and their families. Scale your lifestyle back to that of Abraham Lincoln's parents, and it ought to be possible. If not, it's because of the ridiculous tax burden we have allowed our local, state, and federal governments to impose. I do know people who support themselves on less than 1 day a week work, but they get their wages in untaxed cash and the cardboard crates they live in have so far escaped the notice of the tax assessors...