Slashdot Mirror
Analyzing Palladium
apeir0 writes "The Register has a story which proposes an ulterior motive to Microsoft's new Palladium: a GPL-killer. 'It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.' Is this a valid point or just paranoia?" Ross Anderson has been writing about this recently; we covered his paper a few days ago, and he's now got a Palladium FAQ up. Another submitter sent in this interview with the Microsoft manager in charge of Palladium. The Washington Post has a column. Update: 06/27 22:43 GMT by T : Bob Cringely also has a column on Palladium up, in which he says that several of his fears have been realized by it.
Our business runs Linux. We have depricated M$ and their products. We are fast. Our expenses went down hugely. Our services are reliable. We buy the best commodity components and build all our own machines. Life is good.
Adults are obsolete children. - Dr. Seuss
nothing new to see here. This discussion has already been had.
Until we fully know what Palladium encompasses, why are we jumping to these hasty conclusions? This is no better than when people believed that Windows XP would deny you the ability to play your mp3s, or play them at a much lower quality, because they weren't 'certified'.
Ok so they do this, Does this "fritz" thingy get installed on all motherboards or just Dells, Hpaq's, Ibm's...
It seems to me that if the hardware isn't forced we end up with 2 distinct branches of the computing world. those that will still bow to the MS gods and those who do what the hell they want.
Basically nothing changes???
Who run Barter Town?
9. Why call the monitor chip a `Fritz' chip?
In honour of Senator Fritz Hollings of North Carolina, who is working tirelessly in Congress to make TCPA a mandatory part of all consumer electronics.
Sig you!
He makes quite a valid run through his logic. It's not impossible, so I wouldn't call it simple paranoia. However I still don't think MS finds the GPL or Linux that much of a threat to its entire business. They're putting way too much effort into Palladium if it were only to make the GPL useless. It's really all about control, as a lot of people said in previous /. articles. It's somewhat about money, but at this point it's about growing an empire and making it even stronger.
Developers: We can use your help.
The Register has a story which proposes an ulterior motive to Microsoft's new Palladium: a GPL-killer.
I believe that comment was on topic.
MOC alert. (Moderator On Crack)
Look, lets not get our knickers in a knot. It may happen, but it's never going to be the only,
or even a high-level verification method. Obviously not, it's embedded in hardware.
I would think that an identification code embedded in hardware is going to be cracked, and in short order. What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique
identifier? And that he can't change that identifier without a new MOBO? Or that Microsoft is giving away his credit card number to anyone who can spoof his identity?
It's a common failing of software manufacurers to think that new hardware can solve problems that software cannot (CF pretty much every dongle ever made) Just let MS run with the ball until they realise that the same thing can be done in software at a fraction of the cost.
In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.
Call me crazy, but I think M$ just said that opening (some of) its source was the way to achieve trust.
... As a side note, we will publish the source code on that Trusted Operating Root. We will make sure that people have the opportunity to really go deep on that and kick the tires and know that what we're doing in there is what we say we are doing.
Juarez:
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
I can see this kind of technology being abused to the 1,000th degree. Imagine software that would automatically use your previous usage data to force you to buy individual features that you use the most, the next time your annual subscription fee comes around? Or deleting all your home movies because they didn't carry a copyright tag, and thus could be illegal? Or finding the cops at your door because little Timmy downloaded his favorite song on MP3 or Ogg?
It seems that we, the mass public, are expected to give up the idea than when we buy something, it's ours. Now that even seems to include our hardware, not just our software.
-- We live in a world where lemonade is artificial and soap has real lemon.
...for Palladium to get h4x0r3d and become as worthless as any existing DRM technologies?
From the article:
> For example, some mobile phone vendors use challenge-response
> authentication to check that the phone battery is a genuine part
> rather than a clone - in which case, the phone will refuse to recharge
> it, and may even drain it as quickly as possible. Some
> printers authenticate their toner cartridges electronically;
> if you use a cheap substitute, the printer silently downgrades
> from 1200 dpi to 300 dpi.
I wonder if there's a list of printers and/or phones that perform in such a manner. I'm not sure if the law would deem such behavior as "anti-competitive", but I as a customer certainly find it so, as well as offensive.
Apparently the US government does not think it's silly. Nor did the judge in the case who ruled against them.
Can I bum a sig?
Whilst Microsoft does not produce the most robust software in the world, they have repeatedly proven that they are masters of strategy and marketing. Getting into games consoles, PVRs and just about every other major electronic device that you use is just a prerequisit to being able to make this successful. Palladium is something to be feared.
Many of the sources ignore the possiblity to "flatten" or serialize the data to plain ascii. I assume no software can restrict taking stuff out of binary documents, and then sending that flat data to a friend. How stupid do they think we are?
And there ought to be equally flat formats for video and audio. Making things just "hard to do" won't help much. The physical/logical realities of the universe make all of this DRM thing a futile effort.
Save your wrists today - switch to Dvorak
Think about it for a second: a lot of people, though not the [MP|RI]AA, are going to be royally pissed off about this.
Therefore, they will be tempted to do something about it. So, we'll see one of these solutions:
Finally, I think the US
Again: I believe M$ is just testing the waters here. It's probably either a marketing test balloon or vaporware, designed to please the US government in these post-9/11 times.
Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.
YMMV, IANAL, Standard::Disclaimer and so on and so forth.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
its the SSSCA dressed up to look like something consumers would want, the entire thing reeks of "ca-ching" by the copyright holders (MPAA and RIAA respectively). Move along, nothing to see here.
Microsoft IIS is to webserving as KFC is to healthy eating
between this and biometric security methods. Very strong security. When the single layer is cracked, there is no backup mechanism, and resecuring and reverification of user are almost impossible.
Although, I guess if I had to choose between getting a new MOBO and new eyeball I'd pick the MOBO. Maybe this is Microsoft's attempt to be least-worst.
I don't think one can be too paranoid about Microsoft and their self-serving interests. It would be incredibly naive to assume that they are working on Palladium because of their altruistic and generous motives.
Personally, all I see here is more of the same anti-competitive behavior that got them into hot water in the first place.
I can't wait until their "accounting discrepancy" scandal leaks!
I should have picked out the nickname Demosthenes!Tecumseh.
Palladium, Microsoft's future?
.NET framework. Microsoft's new byte-code compilers (look's like Java might just have missed the boat). With a trusted compiler creating trusted byte-code running on a trusted computer. It now becomes possible to create different levels of certificates for different levels of access to computer hardware and personal data. In this way Microsoft will have completed their "finial software solution".
.NET byte-code this will not be a problem.
:)
Palladium if it ever actually comes to pass is probably the biggest and most profitable enterprise Microsoft could ever possibly have imagined. Why? Secure software running on a secure platform. But what steps do you take to make this idea a reality?
A trusted hardware base. All hardware must meet certain operational standards that are set out by a central organization. For hardware to be "compatible" it must live up to the minimum of these standards. Similar to government regulated health and safety standards on all current hardware, but in this case software regulated. While this might not appear in Palladium version 1.00 it will definitely feature in its future, as all the big media companies want hardware copy protection.
All software needs to be certified by the above central organization. It wouldn't be out of the question for Microsoft to create an "external sub-company" to administer this side of the business and not seem like it's trying to be a monopoly. This new company would deal with Sun, Linux, Oracle, etc, in the same way it would deal with Microsoft. Why this might happen I'll explain later.
How will this software be certified? If a software company just uses any old computer language to create a binary, what will get certified the source code or the binary? This is an important question, how do you check that the software that's certified has no backdoors? As backdoors are the single biggest problem within a closed "secure" system.
Here is what I think Microsoft is making a play for:
The answer is a trusted programming language a.k.a
Microsoft is predominantly still a software-based company. While the IBM PC compatible hardware is Microsoft strong hold it's not the only hardware option. To a large extent Microsoft has won the desktop market. The only way they will lose it is if there's a change in the Client/Server (Desktop/Internet) relationship. Microsoft saw with Java how this relationship could change and Windows could become no more then a footstool for Java applications. If Java had become the programming language of choice for creating Desktop/Internet applications Windows would have become a very easily removed part of the equation. Enter all the dreams of the Net-PCs, a slimed down computer running cheap to free operating systems with a Java run-time on-top. Here's the twist. Microsoft liked the idea and with its power in the desktop arena knew it could succeed where Sun failed. Microsoft Windows might not be the flagship of Microsoft for much longer, as Palladium could become the software platform of the future. Two reason why I think this: 1) They could create a more "open" version of Windows knowing this would help them in their antitrust cases. But really knowing that all software by default will have to run under Palladium anyways. 2) Palladium will be run on all trusted hardware footprints (PC, Apple, etc). But Microsoft will use its power over the desktop market to implement Palladium through Windows. Once it has been accept as the standard that Microsoft believes it will be, demand from users of other hardware platforms to support Palladium will create the need for all client operating systems / hardware to support an implementation and because its all based on
With this move Windows steps back becoming primarily a desktop only environment running Palladium for all import tasks. Windows users will still be able to play all their games and fun applications, which might not be trusted but Internet access and important data can only be accessed through Palladium. Windows would sandbox trusted and untrusted software apart. So at an operating system kernel level trusted and untrusted software runs differently. Plus with Microsoft changing its file system from FAT/NTFS to a Database system untrusted software wouldn't be able to get access to this partition, both at hardware and software levels.
Now the "external sub-company" suggested above would be used as follows: This company would be "external" from Microsoft, and Microsoft would sell its MS-Palladium investment to said new company, which just happens to have Bill Gates as its CEO and many other big shots involved. This new company (which for ease of reference will be called "New$oft") will be now responsible for managing all the NS-Palladium implementation with all hardware / software companies. This implementation will required backroom access to all operating systems source code, to double check that there are no loopholes in the security of an implementation. Companies like Sun and Apple to an extent will have to allow Newsoft access to their primary intellectual property. Newsoft will check that the operating system cannot do any damage to the secure Palladium.NET network. As for Linux, Newsoft will create its own GPL distribution and modified Kernel, which it obviously has control over. This is all perfectly legal as Newsoft gives away all the source code for NS-Linux free. But when purchasing NS-Linux a license fee is paid for the NS-Palladium subsystem. All Linux updates will have to come through Newsoft before becoming part of NS-Linux. This will hi-jack Linux and removing control of the Kernel from Mr. T to Newsoft. Linux will still be as popular as ever but the distribution of choice will be Newsoft's because of market compatible pressures.
Now to the finial piece of the puzzle. Palladium will control access to different data and software features through certificates. Companies creating software that will run on Palladium.Net will have to get certified for developing different types of software. Meaning, not only will the source code be certified the companies that create the code will also have to be certified if they want their application have access to certain user data. This way only trusted companies will be allowed on the trusted Palladium.Net network. But the only way to create the byte-code is by using the Microsoft's Studio.Net tools. The byte-code that is created will have to adhere to standards that can easily be parsed for backdoors or loopholes. This way the certification of the binary process becomes a simple automated matter of checking the company's certificate permissions against what the binary byte-code is programmed to do. If the binary byte-code operates within the limits of the company's certificate we have a trusted program. This could even be applied to things like Palladium-Word macros, Palladium-emails to stop spam, the list of possibility is endless.
So to recap. All computer hardware is updated to have a Palladium microchip. The operating system has been updated to run Palladium's run-time byte-code. All software and software companies have been certified by Newsoft to be trusted. Linux is just another pawn in Newsoft's game of secure chess. Call this farfetched if you wish, but in Bill Gates wallet beside the picture of his children is a copy of this plan which he looks at daily, and smiles
"Palladium is all about deciding what's trustworthy. It not only lets your computer know that you're you..."
I refuse to have my computer settle any existential problems before I do.
Especially when running software sold by the pasty white guy with a red light on his head.
Leben Sie jetzt die Fragen.
I'm with Apple, and as far as I know they fully respect my privacy. Hell, they even make it easy to share my MP3 stuff and software, thanks iPod!,br.Besides, Apple is commited with the OpenSource movement and it even use GPL'd software as EMACS in MacOSX. Apple hardware may cost more, even more if you live in a 3rd World piece of country like me (I'm from Brazil), but at least you can keep your freedom and privacy!
Victor Hogemann - hogemann@mac.com
The whole concept of having a "root" super-user who can so anything and everything erases whatever security models we erect.
If this Palladium project encourages general-purpose Unix to move towards a more trusted model with ACLs and other features, then it is a good thing for all of us.
Conformity is the jailer of freedom and enemy of growth. -JFK
And how do you patch hardware when you find, 6 months in, that there is a flaw? This is a giant step backward in technology, designed to make people go out an buy yet more useless crap for their computers.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Will hardware DRM functionality go the way that the Pentium 3 CPU ID fiasco did. There was a lot of attention about the invasion of privacy and in the end it never got used. Will hardware DRM go the same way. Present but not used.
:)
Lets face it for the H/W manufacturers to implement this it's going to cost them money. How will MS get everyone to co-operate? Lets face it Big businesses don't play nicely together very often - why this time. What will be their incentive.
If this is an MS ploy to rein in the renegade Linux lovers its very subtle and very clever - it definately needs to be watched. MS is very good at thinking about the long run when it comes to competition.
Then again it could be bollocks and we're all wasting our time
.
"Things that you own end up owning you" - Tyler Durden (via Diogenes of Sinope).
Something like this takes place,but:
1. The PKI spec and reference implementantion is public.
2. PKI chips are manufactured my multiple 3rd parties.
3. The validation to get your keys will be done by trusted third parties.
4. Nothing changes. In the beginning, things might be easier for those running Windows.
The world is not dumb enough anymore to be fooled by MS, it does not have ultimate control anymore, they are under pressure from many directions in which an OS is used(mobile terminals, embedded devices, consoles, desktop computers, servers) - all of these have multiple serious contenders now with differing interests. No one is strong enough to kill everyone else.
Gratuitous linking in the headline summaries.... if I am looking for the story, how am I supposed to know that 'GPL-Killer' is the link I'm looking for, when there are 5 more in the paragraph and each looks as appropriate as the others?
The best place for the link is "has a story"... link directly to the content and be consistent. This one isn't too bad as some I've seen...
I think the market is silently going to take care of this. Would you rather buy an intentionally crippled product, or an 'open' competing product? Yeah, they might make those illegal in the US, but the rest of the world won't follow, so there will always be a steady supply of 'open' hardware (which will probably be cheaper, too). After which the American industry will scream bloody murder because of the unfair competitive advantage of foreign corporations using all this open stuff. Then they will buy some senators to overturn this initiative, and all wil be well...
Or so I hope.
superblog.org: all your favourite blogs on o
Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.
This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart. Initially, people might go for it. When an economic disadvantage is passed on to consumers - designing this, after all, isn't free, and developers who can't or won't pay the fees required to have their code "Certified" will be unable to develop for that market - and consumers of Palladium PC's will be unable to use their wares.
This will result in a incentive for a manufacturer of CPUs or motherboards to produce a non-Palladium product. People will move to those platforms for a variety of reasons, producing an incentive to produce non-palladium products, springing up a non-MS taxed industry. It probably would motivate a lot of busy people like me to start working on GPL products to fight against the mark of the beast. Sooner or later though, a hardware manufacturer will spring up to produce hardware to meet the demand. That's inevitable.
This, frankly, sickens me to think about. I'll become physically ill if Apple announces they're going to soil their OS X and Powerbooks with this platform.
..don't panic
Especially since just about everything under Windows runs at or about what would be root level? Access control lists just dumb down the control panels. At least in Unix when I say that something is running in user space IT REALLY RUNS IN USER SPACE.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Thus we can get an internal Microsoft definiition of Security:
making the world safe for Microsoft or a means by which competition to Microsoft can be locked out.
yeh, this is cynical. don't know where I would get such an attitude. maybe I should change my brand of coffee.
being able to trace the source on something means responsibility can be assigned.
Probably the features should be availble with the default setting of these features turned off.
I also imagine that such features would be spoofable, somehow.
[shrug]
"It is a greater offense to steal men's labor, than their clothes"
That is simply wrong.
In Windows you want to read a file whose access is denied to only a limited group of people, even having administrative access doesn't allow that. You must take ownership of the file, and generally admins are not given that privledge.
In the non-trusted Unix world, root can do anything anytime. It has alot to to with network security because any sysadmin or anyone with access to a sysadmin has the ability to usurup the security model and do whatever they wish.
Conformity is the jailer of freedom and enemy of growth. -JFK
You don't have to enable root. There are ways to just set up enough accounts that share the various powers of root, to never need root to be enabled anymore.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
It almost seems like the big companies are doing everything they can to make Orwell's book "[i]Nineteen Eigthy-Four[/i]" come true. They want to total control over what everyone does with their copy of some software, music or a movie. It'll be only a matter of time before some big company proposes tracking every single individual in a country. Hang on, I seem to recall this already having been proposed in a similar form...
So, what are we going to decide? Will we allow the big companies (the 'Party') to take away all of our freedoms one by one? Today fair-use, tomorrow anonymity?
It sounds to me like this would be the ideal time to use the united force of all people around the world who value their freedom to fight the sickening proposals being made by those who stand above the possible effects of their ideas.
Certainly, this technology might be useful in certain situations, but it should never be used to limit the freedom of the individual.
Are we willing to sacrifice our freedom for the sake of the profits of the 'entertainment' industry? It would hardly surprise me if after a successful introduction of TCPA, the number of sold CDs/movies and the profits made on movies in theatres would rapidly decrease, instead of rise, like they did before the introduction of TCPA (profits made by the entertainment industry has continued to rise in the past few years, despite the doubling of the number of sold illegal CDs and the exponentially growth of P2P software over 2001).
I propose that we, the people, make our final stand here and let utter defeat be the fate of our opponent(s).
Site & blog: http://www.mayaposch.com
Palladium is all about deciding what's trustworthy
Microsoft control Palladium.. MS control what is and isnt trustworthy..
Yippee!
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
That takes "cojones". Does he think everybody's an idiot?
:-)
I hope CKK kicks Gates in the "cojones."
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
that MAME will be eradicated too? That's my only other reason for owning a computer.
Summation 2
I work for an SI company. A large one. With a huge degree of MS-related work. The MS reps tell *us* that they can commit MS resources (i.e. spend MS money) to help us win projects IF Linux or Apache are involved.
We're talking about people's time at many thousands of dollars per day. However much we need. They won't do it for almost any other project... So I'd say yes, they see it as a threat.
You know, We've all seen the little things..processor serial numbers and Wank-XP and the like....
...but this scares me....
Sig currently under construction. Mind the gap....
Perhaps we need a new version of the GPL that says "you can't have signatures of the executable be required by the hardware" or something along those lines.
If I thought this was a good idea and I worked as head of this project, I would compensate for the points your making. This plan is so large that they must have thought this through. I would get the manufacturing companies on my side, get the hardware and write the software, but only activate a small portion, probably just multimedia DRM. That could be used as the initial focus. If this were pulled off well and accepted, then I'd start to turn on everything else, like only running "authorized code" and such.
So if they want to get this adopted and in use - below the radar if possible - they have to do it very slowly. Get the stuff out there and then launch BigBrother.exe (or actually, bigbro~1.exe).
Developers: We can use your help.
The first method is similar to what ICQ-like programs do, but ICQ was not designed to facilitate one-off messages from unexpected people. For example, all businesses have to have "open" email addresses, as do a lot of other people, including students and faculty, and so forth.
The second method might seem superior at first glance, but requires perfect security in both the central database and every client machine that stores a digital ID locally. I think that that is going to be most unlikely. We all know that spammers will find it all too easy to create fake IDs, steal the IDs of innocent home users who think a firewall is a sheet of insulation used to stop a fire in a building, and generally make a mockery of Palladium.
It says Palladium will only run "authorized" applications. How hard is it going to be to hack the authorization code into any Open Source program? Maybe someone can make an authorization library anyone can include in their project.
I'm sure some hacker will figure it out.
Outdoor digital photography, mostly in New Engl
palladium CAN definitively be circumvented. Maybe a mod chip will be required to avoid querying the palladium chip, but it's just hardware. A few days ago I posted a comment here on slashdot, which generated a nice amount of discussion about that.
I understand now that if it's about public key cryptography on the chip it will definitively be a tough job to circumvent it. But it has to be done, no matter if it's illegal under the DMCA.
Some 30 years ago it was illegal for people with skin color different from white to sit in front of a bus. It was the law. Was it right to obey that law?
Mod me down as a troll, mod me down as useless. But I say that it is time to embrace our cyber weapons, our mind, our smartness, and fight out all those absurd laws - by disobeying it. No reason to fight back, definitively not in a court. The best ways to do that are:
I know I do sound trollish, but I do firmly think it's time to fight back against that. A law is supposed to protect the people - not the corporations!
last thought - if Palladium gets introduced in the US, and all vendors apply it, and the DMCA makes it illegal to circumvent it... do you, GNU users in the United States of America, really want those laws to block your creativity and your freedom? Do you know that other countries will probably not introduce anything like the DMCA, nor implement Palladium? Do you really want to be left alone in a world that will improve GNU systems, stuck on stupid law questions?
Now flame me.
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
The entire system, even with Fritz in the CPU, absolutely depends on the single private key: The one required by Fritz to boot the machine. And there is another key, the one used to sign the trusted software.
Frankly, I think it HIGHLY unlikely that one of these keys won't be uncovered, either by an insider or by a large distributted cracking project. And once a key is out, ALL THE MACHINES CAN USE IT TO BYPASS PALLADIUM.
Nuff said.
--
I refuse to use
File under 'M' for 'Manic ranting'
It seems to me that Palladium is essentially trying to create an illegal monopoly in something.
There must be enormous scope for an enterprising lawyer to tie this up in the courts in an anti-trust suit for years.
Sorry, you can't get there from here.
I for one am worried by this, as a previous poster said...very 1984 like...
Despite all the DOJ stuff Microsoft continues to try and rule the world. Where will the madness end. The megalomania shown by M$ is terrifying. Maybe bill has issues with his penis size or something and this is some kind of release..
Come on people it was only Yesterday
Don't worry about Microsoft. They're on their way to being a footnote. I chuckle that they think that when forced to choose between MS and GPL, people will go with MS. That's not a safe assumption to make... not a safe one at all.
Just keep coding. Millions of happy hackers > politics and license agreements.
I've heard that some Olympus cameras only enable certain features (QuickTime flipbook, maybe?) if the SmartMedia card has an Olympus ID.
It's also possible to hang-glide to work.
You're not going to do it though.
I thought I was paranoid when I tried to figure out WHY microsoft wanted to bail out apple a few years ago. Ofcourse no one could have guessed at microsoft's audacity in that microsoft saved apple since apple was its only seeming 'competitor' at the time. Pure diabolical genious, dont put anything past them.
nigel.
As long as there are administrators of a security technology, the security can be compromised. Any sysadmin in the world knows that with all the security they may put in place, revealing the root password means the front door's wide open.
There will always be measures available to circumvent security; as hard as the corporations are at work developing security, there's some 15-year old Lithuanian genius breaking it in a week. Still, I hope there will be alternatives (AMD to the rescue?) available to users who prefer to administer their own hardware.
$8.95/mo web hosting
I love the Palladium System. You could really do anytime anywhere with one rule book. And I also loved the concept of buying abilities by taking on disads.
MS just happens to be one big disad. The most serious mystery hunted you could ask for.
The general thrust of the article is that under the new security system, GPL programs will not be able to be "trusted" by MS' hardware/software security system, so GPL based systems (like Apache web servers) will become unusable with mainstream computers.
I doubt this will happen.
Because, frankly, the invisible success of opensource is too widespread. I haven't looked at server statistics recently, but a significant percentage of webservers run on some manner of opensource program. Microsoft isn't going to be able to force half of the web servers in the world to switch over, and if people know that buying this new board from MS/Intel (which has few tangible benefits) will render half of the internet unusable, nobody is going to go for it. I'm not even beginning to think about the various governments that have begun to standardize around Linux, the opensource core of Apple's OS X, etc. etc.
Frankly opensource is too big. If Microsoft renders its systems incompatible with the GPL, then it will be Microsoft, and not the OS community, that suffers.
I say, let 'em try.
MS is getting more and more annoying. The reason to use windows to begin with is that not all software supports Linux/BSD/Solaris etc. But now, with XP/2k there is again problems.
I will remove my windows programs and stick with only a unix OS. When it comes to games, there is Gamecube, ps2 etc which now are being so cheap that it's no point buying a graphic card more expensive than the console itself.
I've also, for the first time in my life, seriously considered buying a Mac. The only reason I don't have a new pc at home is that I think they consume to much power and are far to noisy. New PCs sound and consumes almost as much power as a good vacuum cleaner.
Staroffice/etc are good enough.
Mozilla is too.
The Linux kernal is stable.
There are games for linux and there exists cheap consoles.
Not that many programs work in w2k/XP anyway.
MS makes a, nowdays, very good OS. No argue there, but I'm not going to put up with all the annoying things that goes with being a windows user.
Why take shit from them?
I would imagine that a good number of those that hang out at this website remember the infamous "Halloween" memo that was an internal M$ document (it came to light during the big Nestcape/M$ trial back around 1998) that described what to do to keep Linux from rising like a fiery phoenix. The gist of it was, if my source was accurate, to change the standards every few months and force the hardware people to keep up. That way, Linux would constantly be trailing Windows on current hardware support. Of course, M$ said it was only an engineering whitepaper that was designed to be "information only" and no plans to implement said ideas were in the works. Umm...Yeah...Right. You say it, I'll believe it, Mr. Ballmer... This article describes a situation that eerily looks and smells like the Halloween document. Not good.
Be excellent to each other. And... PARTY ON, DUDES!
Let MS, et. al. implement this. The net, applications and computers will divide into 2 camps that which is easily accessible and open to everyone and that which requires proprietary equipment to access and not open to everyone.
When has something proprietary won in the market place in the long run? Other than very specialized limited market items, there are very few that have succeeded compared to the open market.
We need more capitalism not more authoritarism.
Sheeeesh... Nasty stuff. I don't think "Fritz" will be paying a visit to the Mac's motherboard anytime soon.
What's next, MS requiring a webcam mounted in each user's bedroom, sending images back to the Dark One?
blakespot
-- Heisenberg may have slept here.
iPod Hacks.com
Why does Bin Gates think his effort will fly when Intel's didn't? People just won't buy his stuff any more than they did Intel's! This is a market economy -- people vote with their dollars [euros,yen,etc].
If you don't want your Unix Sysadmins to "usurup the security model", don't give them the root password. Pretty simple solution. And yes, as the previos poster stated, you can give all the necessariy capabilities to administer a server to non-root accounts.
Besides, what difference does it make that a windows administrator account has to take control of a file before reading it? As an Administrator, he can also restore the previous control when he is finish, as well as clear the event log and hide his activities. How is this any better?
I almost spewed up my iced mocha latté when I read the opening paragraph of the article:
Even someone with the most rudimentary liberal arts education knows what happened to Troy and the Trojans, right? No? Well, here are the relevant parts of Homer's Iliad and Vergil's Aeneid boiled down into one paragraph:
The Greeks went to war against the Trojans because one of their kings' wife, Helen, skipped town to hop in the sack with a Trojan prince. The war went on for about ten years or so with no clear victory in sight for either side. Finally, however, the Greek soldier Odysseus (a.k.a. Ulysses) hatched a clever plan--the Greeks would build a huge, wheeled wooden horse and offer it to the Trojans as a sign of surrender. Unbeknownst to the Trojans, however, Odysseus and a crack team of Greek soldiers would be holed up in the horse's body. Lo and behold, the Trojans accepted the horse and opened the gates to let it in. That night, Odysseus and his posse got down and started kicking some serious Trojan ass from inside the city. In fact, the shrine of Pallas Athena (the Palladium in question) was where the Trojan king Priam and his remaining family members took refuge. But it didn't matter; the Greeks came in and slaughtered them.
Three thousand-odd years later, the term "Trojan horse" has taken on a special meaning in tech jargon. Perhaps whichever marketing dweeb at Microsoft came up with the name "Palladium" for a security product should have paid more attention in that world literature class.
(As a side note, with this story in mind, using the brand name "Trojan" for security tool of a different sort is also ironic.)
:wq
No, I don't think that's what it is about at all, the key point is that it breaks root into (at least) two privilege levels, one of which is entirely user-inaccessible and belongs only to the operating system vendor.
The problem here is that you can never, no matter what kind of access you have to the machine, take control of features that allow you to e.g. access kernel memory.
Unless of course the kernel has bugs...in which case you might be able to defeat the access control chip.
I prefer not having an access control chip, and being able to modify the behavior of the kernel, especially on machines that I never put on a public network anyhow.
That is farfetched. I'm sure he doesn't have pictures of his children there; probably a calculator that calculates his net worth in terms of how many people he can buy with it.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"So even if they put a TCPA-compliant Linux on that hardware, because that hardware mix is not approved then they won't be able to use TCPA-restricted services. They won't be able to communicate with TCPA-locked clients and suppliers.
Even if they buy TCPA-compliant boxes with TCPA-crippled Linux, they will have to run only TCPA-approved applications. A TCPA-approved application can not trust data from a non-approved application (or else the app is at risk of being damaged/subverted by the data -- a buffer overflow or other attack can make an app do unapproved things). So they can't have TCPA apps read the output from custom programs, and can't create services for clients which involve their own unapproved software.
I thought Palladium was a company that produced role playing games. Old favorites such as Robotech and Tenage Muntant Ninja Turtles come quickly to mind. The only real difference between the two, I guess is,:
1. With RPG's you knew the rules up front
2. Rolling the dice an accepted part of the game.
Well, I guess the only real difference is #1 above. Everyone already knows that you have to take you chances with M$.
The wages of sin are unreported and back taxes are hell to pay.
Lets not say a word to make sure that Microsoft actually goes ahead with this process instead of /. crying foul microsoft realizing they are doing something wrong and changing it. Then when everyone or at least some adopt it we can scream foul and have true ms backlash. Sound like a plan
***I GOT NUTHIN***
taking out a full page ad in major newspapers saying:
"Do not believe Stephen Levy, MS Palladium is not the light."
?
-- You don't shoot to kill, you shoot to stay alive.
I was one of those that bought a PC using IBM's next generation MicroChannel Architecture. Where is MicroChannel today? It never caught on - a failure in the marketplace.
These beasts were expensive to upgrade - $350 for a sound card. One day I said NO MORE and built a new machine using an off-the-shelf motherboard for a fraction of what I paid for the MicroChannel machine.
Palladium could very fail in the marketplace as well. I was bitten with the Microchannel Curse once. It will never happen again.
Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC?
Absolutely right.
Then, lets not forget cartels like the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), who have successfully lobbied for and purchased legislation to enshrine their oligarchy into US law.
These are the very people who are pushing for this sort of nonsense, and a software monopoly as a result would be fine with them (indeed, perhaps even preferable to a free market, since it is only one point of pressure/influence they would require).
We are absolutely kidding ourselves if we do not think this is a serious threat to Free Software, the GPL, and our very freedom as human beings.
The Future of Human Evolution: Autonomy
Comment removed based on user account deletion
The SOURCE code which shouldn't be in a vulnerable place on the server anyway.
They belong and should reside on development machines and on distribution servers which us MD5 to verify the veradicity of the sacrosanct code. Like they do now!
If M$ minions think that this will give them a lever to oust the Linux community, they'd better look again. If they think somebody will hand them the keys to the kingdom and say sure, you decide who we should trust, when nobody trusts them, they must be listening only to their own lawyers argue at the anti-trust trial.
The http protocols are open source. The whole infrastructure is open-source.
Unix/Linux servers number in the millions and serve over half the web.
There are 25,000,000 Mac OS 6..9.x and X users out there. There are 25,000,000 Unix and Linux boxes out there. As much as M$ might want to try, they can't balkanize the 'Net that way. There is NO posible excuse for suddenly locking out 50 million users.
Nobody's gonna buy it. The class-action lawsuits, the criminal investigations, will begin before we even have a total count of the clients, servers and hosts.
Too many systems would suddenly go missing for it to go unnoticed. You can't sneak this one under the radar and hope the Justice Department won't notice.
This is not something that businesses and politicians can rally around. Specially given the fact that it would be so fuckin' obvious that not even a lawyer could deny it. Well okay. Maybe a lawyer could deny it, they can deny that the earth goes around the sun, but getting a judge to buy that argument would be a real stretch.
That would launch an anti-trust suit by prople with serious weaponry since many the many police and military sites would suddenly become unreachable. And when these people don't trust you, they tend to shoot.
Redmond might not become a smoking crater but it would certainly become a ghost town.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
The T30 security chip looks like a big mystery to everyone. I've been to a presentation of the new TP and no one could tell what the security chip does, or what it is there for.
We've been told that it might be used for storing passwords instead of storing them on the HD, and it can do more than that, but it is still unclear, so if a customer asks you about it, there's not much you can tell.
After reading the FAQ, I'll make sure I know where I can find the setting to disable it, as it seems it's all I want to know about using the chipset right now!
I really don't know windows very well, but I'm sure there is one account (superadmin??) that can change these privilages. Which is basically root.
In Unix you don't have to give all your admins root priveleges, in fact you don't have to give any of them root privilages. Just one person needs it incase something breaks, which I'm sure is true in the windows world that you need a superuser in case something major breaks. Everyone else can be given just the priveleges they need.
Doesn't the computer misuse act prevent putting in code that will disable software?
In a standalone environment, there is a super-user for each machine.
In a Domain, you can assign user privledges to whatever level of detail you require.
Conformity is the jailer of freedom and enemy of growth. -JFK
Are we working on trusted computing platform in the open source community or is the whole idea flawed? Maybe "trusted computing" is just an euphemism for a system that allows corporations to charge consumers more and more for less and less. Like copy-protected CDs could be said to be more "trusted"--by the companies that produce them. Those companies could produce hardware that only plays copy-protected CDs and doesn't allow copying, but it wouldn't add any value for the consumer.
It seems that the challenge to the open source community is doing what we can to bring back value to crippled hardware/software. Trust should be someting a corporation has to earn in the consumer's mind, not the other way around. It should be the job of companies to devise schemes to verify the identities of their consumers. Like SpamNet was devised to protect our inboxes from spam, companies could devise collaborative ways of protecting themselves against fraud.
...I'm switching to MAC...
Suppose you want to bypass the whole thing by setting up a virtual machine to run your very own user environment? The virtual machine COULD be registered with the "thought police," but the apps it run need not be.
Within a virtual machine, you could run and store whatever file formats you want, and it would be transparent to the host operating system.
You could run one virtual machine or a host of them, depending on your needs or desires.
Stuff that comes to mind immediately is the Java VM and VMWARE. With both or those, the host operating system (and hardware) has NO idea what you're doing. In fact, I used to run Windows 2000 within a VMWARE session (under Linux) because that configuration was more stable than running Windows on the hardware alone.
This amounts to using Paladium precisely for what is was designed to do. The fact that you can run the world's largest trojan horse under it means nothing, for all it would see is a large program.
But what was the easiest way attackers ever took down Troy?
The trojan horse.
Karma: Bored. (Thinking about resurrecting the "Anyone else is an imposter" joke.)
But I have almost total faith, that something as simple as a sharpie pen will defeat the application certification mentioned in the articlem, and MS's billions spent on research will have been wasted.
dmarien
Ross Anderson indicates: The question is: security for whom? The average user might prefer not to have to worry about viruses, but TCPA won't fix that: viruses exploit the way software applications (such as Microsoft Office) use scripting. He might be worried about privacy, but TCPA won't fix that; almost all privacy violations result from the abuse of authorised access, often obtained by coercing consent. If anything, by entrenching and expanding monopolies, TCPA will increase the incentives to price discriminate and thus to harvest personal data for profiling.
The most charitable view of TCPA is put forward by a Microsoft researcher: there are some applications in which you want to constrain the user's actions. For example, you want to stop people fiddling with the odometer on a car before they sell it. Similarly, if you want to do DRM on a PC then you need to treat the user as the enemy.
Seen in these terms, TCPA and Palladium do not so much provide security for the user, but for the PC vendor, the software supplier, and the content industry. They do not add value for the user. Rather, they destroy it, by constraining what you can do with your PC - in order to enable application and service vendors to extract more money from you.
I believe the thing to remember about this is that while industry will provide us with products, only the consumer decides if that product is in demand. While a business may find these products useful, home audiences are not likely to. With that in mind, the industry may find their portion of the home market dwindling. And while the "average" user might be content with using the same thing at home that they use at work, I believe when they realize that they are being constrained [read: restrained] that perhaps we'll begin the process of escaping this straitjacket that is being laced up around us.
If it doesn't fix the problems that the "average" user runs into, why would it be of interest to them? If a business analyses it's money spent on security and trust, versus the money it spends on virus', other IT-expenses that flow from these issues, including the cost of rolling out a new OS..where is their money best spent? MS does a great job of soaking you with their advertisement, until you just can't live without their newest product. Then they discontinue the one you like, shift liscencing, and give you no choice but to upgrade. TCPA sounds great for closed and secure environments, even some corporate environements.
I don't know about you, but I remember "growing up" in the information age, where computers empowered us. Are we wanting to wrap ourselves up now in this restraint and limit what we can do to what a corporation believes is right for us? I do not wish to be an animal that is herded by the shepherd of Corporate America.
Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
So I won't be able to play MP3s on my PC any more?
And you can't play burned games in your Playstation, and copy protected games can't be duplicated, and servers that enforce cd-keys can't be worked around...
In the digital world, everything's a signal. You have an input signal and an output signal, and a black (or not so black) box between them. There will ALWAYS be a way around this type of encryption/protection/'feature'. The FUD that spreads on this topic really amazes me.
I liken this to Chris Rock's take on drugs (apologies ahead of time)...
"Even if you got rid of all the drugs...all the smack, all the herb, all the blow, it's not gonna matter. Why? Cause people wanna get high. You'll have guys becoming scientists down in their basement...
'Yo, check this out, check it out. If you take a baby's bottle, fill it with a little gasoline and a lima bean and suck, mista you'll be F'd up!'"
And the same applies to all this DRM crap. Someone will always come out with a workaround. Fifteen minutes after they release this motherboard with a smartchip on it, some guy will have an IC that you can solder over some leads that makes it worthless, or some software that intercepts the signal, changes it, and makes the chip think it's receiving legal information.
My only problem is the fact they're making law abiding citizens become criminals because we HAVE to.
--trb
Comment removed based on user account deletion
...until you need to buy pc modchips from shaddy overseas vendors just to accomplish the tasks we already take for granted.
...what you can do when you have $50B in petty cash.
Current law : "I will move any bit stream" New law : "I will ONLY move a keyed bit stream" I'm glad I've retired from the tech field. But I am sad for my children....
I seriously don't understand. Ok, so you won't be able to modify the source, recompile and run the program (or you will be able, but won't be able to access special features which are only enabled if your program is signed). But surely someone will write and sign a VM soon enough. That VM will allow access to all the features and run any kind of code. Will I have to sign my Java program to get the already signed JVM to run it? I don't think so. It will kill Linux? Surely someone will write a signed emulation layer which will allow the Linux kernel to run as is on the new Palladium enabled CPU. It'll perhaps run somewhat slower, but it certainly won't kill Linux.
How can the PC stay a turing complete platform while at the same time disallowing certain actions? As long as I can access bytes within a file and put pixels on the screen, how can a piece of hardware prevent me from decoding and playing a copy protected movie?
First the FAQ is blatant M$ bashing. Not really worth the read. Second in the interview they mention that the drive will not function if stolen. That could be a HUGE problem. How are you supposed to clone drives to bigger drives etc.
Let's develop this even further ...
I look at this problem as a question of stable/unstable systems - think the physical world:
- A ball at the top of a hill is an unstable system - any disturbance will make the ball roll down the hill. To keep the ball on the top of the hill for a long period of time, one needs to frequently provide energy so that the ball stays/goes back to the top of the hill.
- A ball at the bottom of a valey is an stable system - the ball will only get out from the valey in case of a major disturbance. For small disturbances the system is self-correcting - the ball tends to roll back to the bottom of the valey.
So - social systems can also be stable or unstable. An example:
- A bunch of kids left alone in a room with a pile of candy. They are told by a grownup that if they get the candy something bad will happen, and then the grownup leaves. Now, one kid gets the nerve and goes and gets a candy. Nothing happens. Then another one. Still nothing. The another and another and another. This is an unstable social system - the candy won't last long.
Back to our problem (finally). I believe this is an unstable system. My reasoning is as follows:
a) From the side of hardware manufacturers:
- Any hardware DRM implementation will be more costly than a non-DRM implementation. At the very least, more space will be needed in the CPU, which means a bigger die, which means a more expensive CPU (the bigger the die the more likelly it is it has some failures, meaning less working chips per wafer meaning less more money per chip).
- Inicially the majority of the software out there will not require Paladium/DRM. Only new programs might require that.
- Thus (at least in the beginning), machines without Paladium support will be both cheaper and suitable for the biggest majority of software/consumers (thus having a competitive advantage). This makes it very tempting for hardware manufacturers to NOT produce Paladium-compatible machines.
b) From the the side of software producers:
- A Paladium/DRM license costs money. Implementing software which requires Paladium/DRM is thus more expensive than non-Paladium-compliant software.
- Similarly to the hardware side - in the beginning, the majority of machines will not have Paladium support. In order to reach a sizeable portion of the market, the software must thus support non-Paladium-compliant hardware.
- Thus software producers that want to reach the biggest portion of the market will either produce non-Paladium compliant software or software that will work in non-Paladium compliant machines.
Puting it all together:
a) Hardware manufacturers will have a competitive advantage in manufaturing non-Paladium-compliant machines (cheaper and work with almost all software)
b) Software producers will have a competitive advantage in producing software that works with non-Paladium compliant machines (the majority of the market) or even non-Paladium-compliant software (which has the aditional advantage of not requiring a Paladium license).
As i see it, the current situation is a stable situation. A great deal of energy (read money) must be spend in order to change the status-quo. Software developers need to be convinced (as in paid) to do Paladium-only software while hardware manufacturers have to be convinced (again paid) to develop Paladum-compliant machines.
The temptantion for software producers or hardware manufacturers to put out products that do not require Paladium will be huge given that any one that does so will have a competitive advantage (which will translate to more market share) in relation to the ones that remain Paladium-only compliant.
As soon as one company leaves the pack and starts increasing their market share others will have to leave too in order to stay competitive.
The only way to avoid this would be if all consumers would at the same time change all their machines and software to be Paladium-compliant. In a Paladium only world there is no market for non-Paladium machines or software.
The whole Palladium concept relies on trust and cooperation between hardware and software vendors. If there is one company that should not be leading a project like this, it's Microsoft. How long will it be before the anti-GPL features of Palladium are redirected against Microsoft's competitors? Are the non-M$ software companies really that stupid? How long before certain hardware manufacturers achieve "most favored" status at the expense of their competitors? Considering how the "M$ trust deficit" helped kill Hailstorm, I wonder how they think something like Palladium will fly.
The only sure winner in this scheme is Microsoft, and for that reason alone, the rest of the industry has to rally against it. If this ever comes to pass, I can think of more than a few software companies that I can short-sell as part of my "Palladium early retirement" plan.
Maybe that's how to kill Palladium. Have some geek-friendly organization develop the "Palladium 500", a list of 500 companies that may be hurt by Palladium, so as to trigger a short-selling festival if this nonsense ever gets off the ground. The mere existance of such a list would serve as a wake up call to those who are in a better position to help with the political and financial issues. Believe me, any CEO whose company is on a list of targeted short-sellers is going to scream loudly. Would you buy stock in a high-tech company if a bunch of geeks was preparing to sell short? The beauty of this plan is that no one has to actually short any of the stocks, the mere existance of a list would do the trick.
I don't see what any of this has to do with people trusting the internet for transactions. How can I trust my transactions any more than I can trust it now with an SSL based system? Ok, so under Palladium I would know that my Netscape binary has been reviewed and was trusted. But I pretty much believe that already. That's not the reason people don't trust internet transactions.
One thing I find interesting about this proposal is that it requires some level of code review before release of any software. All source would need to be submitted to a third party to ensure that the code can be trusted. That sounds like quite a mess to me.
Devon
Unique IDs went over real good when Intel tried a few years ago.
As for M$ having wont the desk-top battle. There are 50 million machines opned by people who WANTED to buy them rather that the 250 million machines bought by people who were'nt using them, looking for the >st ROI and st cost.
Linux is gaining %-age in the flat desktop market and that's coming out of M$s %-age.
The web sever market is definitely not IIS.
There's 25,000,000 Mac users out there and they bough their machines because they wanted it.
There's 25,000,000 Linux users out there and they bough their machines because they wanted it.
There's 250,000,000 M$ users out there and the machine was bought by the company they work for because it was cheaper, not easier to use or better.
Palladium (a toxic metal and a mythical calamity ending in the sac or Troy,) is based on trust.
Given the hunk of Swiss cheese that M$ has created and shilled all these years, would YOU trust them?
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I see this as nothing new--Windows has been on the Fritz for years.
The Palladium system will not rely on a single security system. It will use a variety of techniques for securing access - hardware and software. This not only increases the security aspect but allows vendors and content creators to choose from a list of what they want to use.
I think MS has learned that their reputation preceeds them in the content creation industry and will do what it takes to gain that trust.
The Register calling the author of "Hackers" a hack is pretty ridiculous. Or was I just missing that the typically wry British sense of humor?
Comment removed based on user account deletion
Secondly, I do not believe a piece of hardware like this would be kept out of Linux. What are the hardware manufactures going to say "the interface details are only for Microsoft". Now there is an anti-trust suit waiting to happen.
Once it is into Linux then it is what everyone has been waiting for, ubiquitous secure communications. BUT with software emulation any data transformation can be emulated and therefore spoofed. Look at the numeric processor emulation. AND the more a system is trusted the more spoofers are protected by the "it can't be done" mindset.
How long until someone is rooted through the TCPA?
ok .. so they chip my pc to id itself.. with this id they can track my web habbits... software installed ect ect... if i wished to become anonymous.. i'd have to find either some hardware or software bypass for it...
would this be a violation of the dcma? yep the dcma can be applied to everything.. even sex.. sue the semen that bypassed that condom!
They have failed, miserably, in the PVR market. They have failed, miserably, in the game console market... twice (WinCE in the Dreamcast, Xbox). They have failed, miserably, in the personal accounting market (Intuit has repeatedly cleaned their clocks). Their entrance into the handheld market has been anything BUT a runaway success, though they leveraged confusion at Palm to grab a nice chunk of the market.
They have 4 major successes. They took the OS monopoly granted them by IBM (as a result of IBM facing an antitrust suit) and built a successful empire. They leveraged internal knowledge of "Chicago," (Windows 4.0/95) to get Office 95 on release and establish a near monopoly on desktop office suites. They leveraged their OS and finances to establish a near monopoly of Internet web browsers. They also used financial muscle to clip Borland off at the knees and establish a near monopoly in development software.
However, in the cases of their successes, they really leveraged a critical mistake by their competition. Even NT Server's rise was a combination of marketing and boneheaded moves by Novell. Novell has let everyone believe that they are dead, so NT ate a lot of their market. Linux is now a huge portion of the market.
I really don't understand why everyone believes that Microsoft is invincible. Look at how WordPerfect, Netscape, and Novell dropped the ball. Also look at how Apple dropped the ball.
Microsoft is great at release early and release often. They put out near beta code quickly to establish a beachhead. They then keep running at you, hard. Fail to innovate (Netscape and Real) and they will clobber you. Keep running ahead, and you can be the Intuit of the world.
Microsoft has a LOT of failures. MS SQL Server has NOT defeated Oracle and DB2 for the Enterprise "mass" market of databases. MS SQL Server gets most of its success from MS Shops that web deploy apps with VBScript ASPs. Low end web publishing uses MySQL+PHP, while the higher end does Java+JSP+Oracle. Those of us in the technically complex world without the heavy Enterprise backing do either PHP (or Perl) with PostgreSQL in the Unix camp OR ASP with MS SQL in the NT camp.
MSN has never defeated AOL, despite its early predictions (and 7 years of being pushed in MS's monopoly Oses). You're insane if you think that Xbox is competitive with the PS2 or Game Boy Advanced. It has been running even with Nintendo's Gamecube in 1 of the 3 major markets (trounced in two others) while Nintendo hasn't released a major title yet.
UltimateTV was a total flop. There are lots of failures, not just Microsoft Bob.
Get a grip people,
Alex
Two posts to the same Register article in as many days. Whatd they ever do to you to deserve that kind of slashdotting?
Liberty in your lifetime
You simply can't force everybody to use paladium based on hardware.
There will off course some professionals jump on the train, for specific security related items.
Just imagine, in China you have both the greatest software piracy and hardware manufacturers in the world. They shure will have a way to circumvent this, simply by not adding the technology
The paladium if introduced will establish a kind of monopoly, but not M$. No, red China will have the fruits of it.
This will be the dilemma: trusting M$ or Chinese hardware
And if it's incorporated in Intel, well buy AMD instead
All users: business, personal, educational, etc. should sign a petition and affirm that they will adamantly refuse to do business with hardware and software companies that support this latest attempt at a Microsoft market stranglehold.
LET THE INDUSTRY KNOW CLEARLY THAT WE REJECT THIS AND IT WILL COST THEM DEARLY IF THEY SUPPORT IT.
I will be the first: Netgraft Corporation will NOT do business with any developers who produce hardware that supports Palladium, any distributor that sells Palladium-scheme hardware, any software vendor which utilizes Palladium hardware, and any company which does business on the Palladium platform.
If someone starts such a project to collect these names, please contact me.
Even if this were the case, do you think it would actually work? I mean, we all know linux, at least in the server environment, is on it's way to becoming a standard. As for the desktop, there are dozens of developers who are working on getting in on that market...
According to the original article on MSNBC, "As now envisioned, Palladium will ship "in a future version of Windows." (Perhaps in the next big revision, due around 2004.)" So, given the track record MS has with releasing OSes, we can probably expect to *just* see this in what? 2005? 2006? Then we're going to have to wait at least one or two revisions for the masses to use like it was 'intended'.
Do you really think Linux won't be a viable option for your grandfather's desktop in 4 years?
/Steve
to Palladium-enabled (cough) devices? What if AMD or Cyrix decided to maintain the status quo and keep on manufacturing x86 chips. Or even migrate the x86 onwards and upwards but in a non-Palladium way?
The downside of this would be that the incompatibility issues between MS and GPL would be magnified. However there are upside issues too. The consumer, when informed that their CDs won't let them make mp3s of the music they just bought would be more likely to move to a GPL solution. The CDs which are incompatible with GPL might become less desirable. EU companies, outside the authority of US legal issues could mine out a larger niche in the market.
In fact, I see a much larger role for EU in open source projects as a result of the short-sighted efforts of US legislation (patents, etc.).
No one ever had to evacuate a city because the solar panels broke!
Someone pointed out that they doubt the GPL is Microsoft's primary target -- that if that were the case Palladium is simply overkill. This is a good observation and I wanted to add to it. While Palladium potentially has very negative consequences for not only Open Source / Free Software but all software in general, Microsoft wins on several fronts with this approach. You might remember that Microsoft openly opposed the so-called Holling's Bill that would mandate this kind of technology. Why? Because while it would have similar results (actually the bills proposed would be more broad) the power would be in the hands of the lawmakers and more importantly in the hands of the copyright holders -- the movie and record industry. By pushing their own solution, rather than a legal one, Microsoft maintains control of the technology. To the legislators, they seem like the "good" guys (despite the monopoly convitions [how long before we finally punish these criminals?!]) and Microsoft will also get the backing of "Hollywood." It's about gaining the upper hand. They know that there are forces out there that want this kind of technology, however, it's in Microsoft's best interest to be the "innovators" and have everyone fall in line under their proposal. I think this is the real motivation -- it further secures their position as the dominant market leader. No one will want Microsoft to go away if they hold the keys to your security -- all your information, your applications, everything is in their hands. So not only does Microsoft become indispensable, but they also get to screw over the competition (which includes GPLed applications as the article points out). While security and "trustworthy" computing are nice ideas, Microsoft is the LAST company I want to hand over this kind of control to.
Who said Freedom was Fair?
Intel put a GUID in every processor to make each computer uniquely identifiable. The market screamed about loss of privacy. They really shouldn't expect the market to react favorably to having GUIDs in everything. It will come down to one company offering a piece of hardware or software with no privacy and a competitor offering privacy. The market will decide who is favors.
Hardware manufacturers aren't stupid. Especially if rights managment is costing them money. Look at what is happening in the DVD Player industry as we speak. Manufacturers are making an end-run around the digital rights tax.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
Unfortunately, this idea just might fly, and the reason is corporate america.
Consider, the reason for M$ dominance in the PC world is that corporations bought into the whole PC/DOS/Windows thing. It enabled them to give unprecidented power to Joe Average in his cubical, and made business a lot more profitable.
M$ then got into homes because Joe wanted at home what he had at work. Schools followed to prepare their students for the cube farms. M$ maked gazillions and for good or bad we're stuck with them.
However, this came with a downside, especially of late with the explosion of the internet. CorpAm is losing billions due to virii, DoS, support, etc.
Palladium is the answer that CorpAm wants. It stops unauthorized software from getting onto the machine and causing headaches for the IT Dept. Filtering Dos attacks is a walk in the park as you have a sig to check against (besides, if everyone has palladium it would be very difficult to mount a DDoS attack, as you couldn't distribute your DoS code to cracked machines).
Once CorpAm jumps on board, it's only a matter of time before it makes it's way to into the home.
But will it kill GPL? I don't think so. For starters, I don't think a soft/hard - ware combination will work, software will always be a weak link in such a system, and could be cracked, which means that it would be a purely hardware solution. I don't see a problem with a chip that signs every packet that I send out on the net, nor do I see a problem with a chip that stops unauthorized software from running - the kernel just has to play nice with the hardware. I could imagine that the chip would act pretty much like antivirus software does now - "the app isn't signed, are you sure you want to run it?"
The bad thing about this is that you'll lose anonymity.
A final thought - there is so much hardware out there (here?) that doesn't have this technology, that it doesn't make economic sense to suddenly have all software/hardware manufacturers switch to Palladium.
Besides, hands up who wants to run M$ Windows XPalladium... um.. that's one... no sorry that was just a nervous twitch...
Comment removed based on user account deletion
Palladium and it's supporters seem to make the assumption that users don't trust the net for commerce because they don't trust the identity of the entity they're doing business with, and that giving them trust in that identity will solve the problem. I think that's a wrong assumption. I think people do trust they know who they're dealing with, and they don't trust the entities they're being asked to do business with. For good reasons, apparently, given the penchant for companies to disclaim all responsibility for broken products/services and to sell all manner of information about their customers to everyone else under the sun without concern for the consequences to the people whose information they sold. That can't be solved by just a better way of verifying identity.
As for the verified-software part, that'll last right up until the Executive Vice-President for Sales of the company can't install the latest and greatest screensaver his friend the vendor rep sent him because it's not authorized software. Then IT will be ordered to knock holes in the system for him and the whole thing will become pointless.
Then there's the whole digital-rights part of it, but that's another argument for another forum.
I find it amazing how folk can start a sentence 'I don't know anything about this' and then go on to pontificate. Examples of this behavior include practically every Senator's reaction to the pledge of allegiance rulling (I haven't read the rulling but I'll make a dumb-ass statement to protect my base) and 50% of the posts on Slashdot by Linux people on WNT.
Under WNT you can set the O/S up with very strong file access permissions. It is not unusual to configure a WNT machine so that administrators don't have access to user's files and if you read the manual you can set the system up so that nobody has system privillege, administrators who can mod user accounts cannot modify the system log etc.
With W2K and later you can turn on the encrypting file system. By default the administrator still has the ability to recover files via the recovery root. But you can export that to a floppy disk and put it in a safe. You can also integrate more powerful Key Recovery systems from third party vendors that enforce dual control over recovery.
UNIX was not designed to be a secure O/S. The security it does support is a subset of the security mechanisms of MULTICS. The design observation made at the time being that the machines of the day (early PDPs) could not support a complex security model.
It is unfortunate that so many people mistake age for security. By the time VM-UNIX was developed the VAX 11/750 VMUNIX was developed on was capable of supporting a sophisticated security model as VMS proved. But like so many UNIX design features what had originally been a shortcut had been elevated to the status of dogma.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
M$ is shaped in Bill Gates' image.
He's a bully. Because he managed to strong arm the OEMs he a rich and arrogant bully but he has no idea how arrogant and bulling people can be.
If he was smart, he'd start his own church and proclaim itself as God and get it over with.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Matt Loney of ZDNet wrote an op-ed piece, too.
I'm not sure what the secret to success is, but the secret to failure lies in trying to please everyone -Bill Cosby
Overall, the Palladium FAQ is interesting, but I think Mr. Anderson is overlooking a major point when he talks about how the TCPA will affect the GPL: what, exactly, constitutes the source code for a binary which has been cryptographically signed?
The GPL is a bit vague on what exactly constitutes the "source code" for a work: it is defined as "the preferred form of the work for making modifications to it". For a program which won't function fully without being signed, a strong case could be made that the "preferred form" for modifying the work is the source code plus the key used to sign the binary; after all, if the "source code" doesn't include enough information to reproduce the binary actually distributed, it's not useful for modifying the work. The GPL also specifies that for an executable program the source includes "the scripts used to control compilation and installation of the executable", which for a signed executable would include the script to sign the binary.
Thus, the danger to the GPL might not be that it will lead to GPL programs that you can't actually modify, but instead be that it will be impossible to get a GPLed program certified. Even if it is certified, it will be illegal to redistribute the resulting binaries without the key, which of course won't be available. If the person or company that produces the program is the sole copyright holder, they can of course distribute it anyways, but it won't be redistributable.
So I'd say that TCPA, Palladium, and other DRM schemes do pose a threat to the GPL, but not for the reason Ross Anderson claims.
Human/Ranger/Zangband
So how long d'you reckon it will take for someone to work out where to use a black marker in order to circumvent it?
The months are just too short. I can count the number of days on one hand.
If they can really pull this thing off, your computer really won't be yours anymore, other things and places will be controlling it and in a sense your computer will be asserting a power over you. This is sickening!
Given that Microsoft and x86 have a strong hold on the computer market, it's fine that Palladium is going to run on that combination, but what about Sun, SGI, and Apple?
.edu's have a thick and manly investment with Sun -- for example half of umich's engineering workstations are ultra 10's or better, and I'm sure the same is true at many other schools. Professors and techy students aren't going to be happy about losing Sun as a usable platform because it's not palladium-compliant or whatever.
It doesn't look like Apple is getting brought into this at all -- I've heard no mention of either them or Motorola (they make Apple's CPU's right? or am I wrong?) being involved in the whole debate -- and a lot of people use macs.
Furthermore, a lot of
Maybe macs and Suns will become more popular because of this Palladium thing because you can still pirate software and not let MS root your box.
What do you think?
-S
I do know windows very well, and you miss the most obvious issue here. On any windows domain there is a user who can change the passwords of other users who have forgotten their passwords. If you can change someone's password, you can pretend to be them and socially it is not that hard to do this on their day off. This is why biometrics etc. are interesting to many people, because forced password changes are necessary to avoid data loss, so extra authentication is the only way forward.
Personnally, I think a lot of Linux advocates are a little too bit full of themselves. I mean, Microsoft isn't going the Palladium route because it want's to crush Linux. It's going that route because it thinks it's a profitable one that will benefit them in the long run. This isn't a direct blow to the GPL and Linux. Hurting Linux and GPL is an aftershock. MS doesn't give a damn about Linux because they're sure that the RIAA, MPAA, or whoever provides the content will feel better trusting Microsoft then some open source project.
Pay attention to the hardware world. There is a move away from the centralized chipmaker (design, test, fabricate in one facility). It is more common to outsource pieces of the design/fabrication process. It's not cheap to have a custom chip fabricated, but it's a lot cheaper than building your own fab. (Yes, there are benefits to having your own fab, but it's a huge risk in your first few years.)
Second of all, Intel and AMD are the only games in the x86 desktop/server town. There is an Apple town, there are towns where Motorola is mayor, and Transmeta has moved in on a few. Don't forget to count the mobile processors. Your list is short by at least half, and I am sure Slashdotters could come up with more.
Does anyone have any information pertaining to AMD's answer to TCPA?
jack's bicycle is music to my ears
It's quite amusing how much you guys get your panties in a bunch of this kind of stuff. But don't get me wrong - I AGREE WITH YOU. This news probably means the end of humanity as we know it. Hell, probably the universe.
There once was a monkey named Joe.
The monkey that once was had a moe.
One day the monkey decided to become a bumpkin.
So he moved to Redmond.
Now, we have a monkey named Joe in Redmond with a moe.
The monkey one day decided to shave his moe away.
The monkey changed his name, for he no longed liked Joe.
Changed his religion too.
The monkey is named, Bill, his religion is Christianity.
It all fits, Mr Bill G. Christianity is really none of what I just said, instead he is a Muslim prick with no dick.
True, but Windows is designed to allow for other forms of log in (write your own GINA.exe).
The point is that if you use EFS you can set the system up so that the system admins have absolutely no way to read a file - even if they dismount the disk and put it in another machine.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
In other news: US senator Hollings and former MS CEO Bill Gates was found dead in Mr. Gates home. Police reports that they have secured vital evidence in the form of several drawings found at the scene.
Police say that there was several different images on those drawings depicting a penguin, a devil, a platypus and a blow fish. Due to this evidence, US president Bush have ordered the complete destruction of the Antarctic and a small unknown island called Australia. "The world must be saved from these devil worshipers!" Bush said in a speech last night to the Christian right-wing.
How the blow fish fit in to all of this, nobody knows.
How long will all this last after one disgruntled engineer posts the critical Palladium specs to an anonymous forum (electronic or otherwise). Or, when foriegn intelligence agencies steal Palladium's secrets for their own nation's defense interests. Palladium's weaknesses will leak, it is just a matter of time before it is an expensive useless chip in our then-new computers.
Healthcare article at Kuro5hin
I am wondering what one is supposed to do when your cable or DSL DHCP server decides no to talk to you because the modem has determined that you aren't "trusted". Cut off from /., not to mention the rest of the Net, how long are you going to hold out? Oh, I see, your ISP won't do that. Mine will. RoadRunner is Time Warner and I seem to remember that they are a content provider...and somehow associated with AOL also. Content and IP providers love this because the field is so heavily tilted in their favor. Hardware vendors love it too 'cuz they get to sell virtually every PC on the face of the earth all over again. Intel and AMD are already signed up, as is IBM (I believe...tried to check on the TPCA web site but predictably, since I am not a member, I wasn't trusted enough to get beyond the opening page) and prolly Moto and Transmeta too. Not only do the the biggies support it, word is that they will be putting the encryption device on the processor once the concept has been properly rammed down everyone's throat. Oh, did anyone mention that Longhorn is suddenly delayed so that every Microsoft product can be rewritten just in time for the final Palladium rollout? And if Office for Mac is included in the rewrite, doesn't that mean Apple will fall in line too? And y'all thought that the February focus on security meant Bill wanted to plug the leaks in IIS, didn't ya? Jerry Sanders puts out a little smoke in front of a judge, gets XP for the Hammers for being nice as long as he does the encryption thing on chip, Intel gets to save face by including those same extensions, and oh by the way, might as well do Yamhill while they are at it cuz Jerry had to give them a license for all the new X86-64 stuff as part of the package. Yes, when Longhorn comes down the chute, Wintel fans will all be using processors running identical code. One big, happy family. Ok, maybe I have been reading the Reg too often but seems to me a very well thought out plan that will click along under the radar until it has so much momentum that it can't be stopped.
Microsoft has the power of marketing and an installed base. We have the power of numbers, of skills, and of a culture of open design.
Intel, Microsoft et al. are proposing a system whereby the processor validates every and all hardware and system software before allowing a system bootstrap. This is all fine. Will this also mean that only a particular release of software (Read: Windows) kernel will load? I don't believe so. If the software is "trusted", by whom is it trusted? By Intel? Surely, they build the processors. And who will they trust? Microsoft? Yes. But they must also trust others, or they may be charged with cartelization. An Intel chip must have a specification open enough to allow trusted parties to build software for it. We must make sure the government forces Intel to allow this. And then we must build a system that Intel will trust. We must start a Palladium-equivalent counter-initiative, and we must start it NOW.
There must exist an open system that will boot in DRM enabled machines, and that will provide reasonable DRM protection while still maintaining what we believe are consumer's rights. Microsoft must not be the only one holding the ball on this.
A DRM-enabled linux/bsd/whatever must exist. Please think about this. I'll come back with more thoughts, but please, if you think this is a good idea, mail me.
free the mallocs!
This scheme will only work if there's a big enough body of software
out there that 1) plays along with the Fritz chip and 2) everybody
absolutely needs.
I've managed to get along for years without a Windows partition on my
PC and if necessary, I can punt the three or four apps I don't have
source for. It's been years since I've seen a popular Windows app
that didn't have an open-source equivalent. I suspect most people
will find that there's very little software out there that's
indespensible enough to warrant letting Hollywood take over their
computers.
The only possible killer app is the ability to download commercial
movies or music, but all that saves me is a drive out to the local
HMV. Big furry deal. It's not like the commercial download services
are actually worth using.
This whole scheme will only work if the Wintel platform is the be-all
and end-all of computing. It isn't anymore. They might
still get this through, sure. But they might also just alienate their
customer base enough to make it worthwhile for everybody to switch to,
say, a Linux/AMD or Linux/PowerPC base.
And that certainly couldn't happen to a nicer bunch of people.
If you don't want your Unix Sysadmins to "usurup the security model", don't give them the root password.
And since the root account is an all-or-nothing situation, they can't do any administration without the root password.
I guess they can run around the building changing toner cartridges or something.
Which reminds me, when are you going to fix the LJet4 up on third, sysadmin-boy?
(sysadmins are the janitors of IT)
Microsoft is the company that could gain the most from this.
Not only will they sell yet another version of Windows, but they can now protect all those documents that leak out that. You know, all those emails and memos that are used against them in court and the media. With TCPA, no one could decode these critical pieces of evidence. After all you can't prove someone is doing something wrong if you can't uncover the facts.
And the Monopoly Grows!
-RandomIO
Wow. Now I know why all those formerly smug bearded fucks are so angry at Microsoft and have done everything in their power to block NT.
The subject says it all. Is MS really talking about having custom hardware embedded on motherboards, much as the Clipper chip was supposed to do for TVs? I hope/expect that Palladiums enjoys just as much success as Clipper: none whatsoever.
You could view the separation of hardware and software like the separation of church and state - it's not healthy for the two to become too intermingled. Yes, I know about Apple - were we all using Macs, there would probably be no Linux today. I can understand how MS tried to set standards for PC hardware, but to date they've been "minimum" standards that don't impose limits on hardware and manufacturers. They've also been quite co-operative about it. For example, the PC97 spec was helpful to Linux programmers as well, by the way it set minimum hardware standards and clarified some things, IMHO (natch).
Still, haven't we all been here before?
(this is not a
Hey,
We've seen this before (with a slight new wrinkle.)
Keys not withstanding, this is a hardware crypto system decrypting ciphertext into plaintext, and forwarding the plaintext to file descriptors.
Wrote a paper on this, short synopsis is;
1- Only way to secure the hardware is to keep it out of the hands of people who could modify it.
2- Without secure hardware, software can not be secured (ciphertext is available before decryption, plaintext is available after decryption)
In short, stop looking at the FUD, and focus on the flaws in the design. This is not a very good system.
Know any 14 year old crackers?
As a matter of fact encourage it. Demand it. What do you think will motivate people to change OSs? Let MS and Fritz create these new OSs/PCs. Everyone will just start buying PCs from the local mom and pop's and putting Linux,BSD or some other OS on them. If people stop buying MS en-masse what do you think will happen? I say go for it MS we're behind you all the way...he he he!
My next machine will be a Sun or Apple box, as neither of them are listed as members of that silly group.
The interview with the project manager states that this started as a pet project of some tech employees. They were working out what was possible, supposedly on their personal time. Then they raised it as a project idea and it was approved by management. Since it didn't come down from management, I'm more inclined to think the technical implications were well thought through. Once management got wind of it and realized the possibilities more ego went into it. Since this project was actually started 4 or 5 years ago I'm inclined to believe they thought it through. There's no guarantee, but when it comes to the methods of pushing out features they're pretty smart.
Developers: We can use your help.
Stops viruses and worms. Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system.
Cans spam. Eventually, commercial pitches for recycled printer cartridges and barnyard porn can be stopped before they hit your inbox-while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards.
Those who would give up an open computing environment in order to be free from Spam and Viruses deserve neither. Besides, Microsoft has never been able to accomplish these with software measures, what makes them think hardware measures will do the trick. Or maybe they just won't allow any non MS software to run. How long before someone cracks it, or users complain that they can't run XYZ.
Or you could create Word documents that could be read only in the next week.
Now how does this differ from the current system. Seriously, I have long term issues with the word format being a write-only black hole of information. 100 years from now, ascii documents should be easily read, but will the same be true for word documents?
JET Program: see Japan, meet intere
all such security systems are by definition only a single bug away from total failure. don't be so worried.
You make a great point -- you're right, we should watch what we do and say.
B this is just the initial stage of "freaking out." I, for one, never thought that anything short of an *obviously* oppresive gov't law could stop open source or the GPL.
But now that is changing. I'm worried. Here's why:
If the TCPA's ideas becomes law, and old applications are made incompatible, or more likely, obsoleted by new ones, people will be required to upgrade to new hardware/software to get much of anything done, as I see it. Upgrading is a source of revenue for corporations (e.g. MS), I think it's safe to say they would try for this if they could.
If this becomes standard and exclusive, there isn't a whole lot the OS community can do, especially if it is illegal, IMO.
The only thing to stop this is a huge outcry from the tech community and/or the education of government officials. Past that, the Joe Publics will have to become angry. And considering the Joe Publics I know, that isn't likely unless the idea of their computer being run remotely is spread around.
I think Joe Public can handle not stealing music. He might be used to it, but after all, by common definition, he is stealing it.
I think Joe Public won't mind the "extra security" if he thinks it's there. People aren't retarded, but often ignorant.
That is why I worry.
There is no way this could last forever. That would be retarded -- even congress has to learn about technology sometime. But what I can forsee in a possible future is a world where the companies have put their other foot in the door of our computers (and wallets). And it'll take a fight to get them out if they get that far.
To be honest, I'm scared. Fear, uncertainty and doubt are being spread because we (or at least some of us) believe in it. FUD from companies is typically BS with no thought behind it. This FUD is genuine fear, IMO.
~Dalcius
Rome wasn't burnt in a day.
Imagine a world where this sort of DRM is common (i.e. the world MS and Hollywood would like to have). Now, the TCPA system, according to the Palladium FAQ, allows to change the rights after the fact per "remote control". The DRM control happens in some computer of the copyright holder (or maybe of a company doing DRM management as a service for copyright holders who cannot afford to have their own DRM server). It's likely that there will be just a few computers controlling most of the software.
Now imagine a "cyber-terrorist" gets control over such a DRM controlling computer. Now he gains not only control over that single computer, but over every computer running software controlled by that server. Imagine f.ex. someone cracks the MS DRM server (it's almost certain MS will have one), and then just withdraws the right to start any MS software (including Windows) from everyone but their own organization (maybe even from MS themselves). They will literally shut down almost everything. Or imagine someone cracks the DRM server of the OS for the Internet backbone servers (well, MS of course dreams both to be the same, but I can't imagine that anytime soon), and then withdraws the rights of those servers. Is there a more effective way to destroy the internet?
I think there should be laws in all countries that computers for critical infrastructure may not run on computers/under operating systems which are TCPA enabled. Because TCPA adds extra vulnerabily to the system.
Let's all get real and attack the basis of this problem. The companies, consortiums, and associations who support this technology have money, power and knowledge and are trying to eliminate fundamental threats to their sources of power and money. The recording industry, movie industry, publisher's all have a vested interest in prohibitting open exchange of information. They have to have the underlying framework of the Digital Universe changed in order to maintain their control over authors, musicians, actors, editors, directors, etc. And Microsoft and Intel are willing to do it, because their goals align. Microsoft and Intel are more than willing to incorporate those types of controls into they're software: a. Microsoft will be able to sell and license security implementations in software, and b. Intel will be able to do the same. Money and power stay where they are. Currently the Open Source movement is the solution to viruses and security threats, due to the open and rapid examination of bugs, holes in software. However, Microsoft and it appears Intel would like to do a better job by "certifying" "safe" software binaries/executables which will then be allowed to run. Again, I would prefer to trust the "Open Source" community, rather than a certifying organization. It becomes a single point of failure that becomes very painful to circumvent in the event of corruption. While this "corruption" is possible/probable in any Open Source endeavor also, there is always (with the GPL/LGPL, at least) the ability of the "governed masses" to reclaim the code base and march off in a different direction. Not so with the Fritz chips/Palladium/Certifying Organizations... What about the artists? How can we find a way to support the artists without paying the huge markups on the goods delivered which subsidize archaic, behemoth Distribution/Marketing organizations which are frankly obsolete and not adapting to the times. (In fact, they appear to be attempting to adapt the world to them, instead!) How do we serve the artist? We need to figure that out. Obviously, with musicians the support comes from live events or from television/webcast maybe even pay-per-view. They are forced to be fresh and new, and ever evolving, but still they will get the money more directly without as much of a middle man. Actor's I find more difficult to determine the method of reimbursement. Live performances in this day and time are less common. Author's same thing, very difficult to earn from the written content. If it's instantly copyable... But I'm sure that we can find ways to rework our laws and police ourselves without resorting to big brother government/corporate babysitting... Just some thoughts... Mangr3n
As long as there's information carriers (people) involved, data will always be free.
How many MS employees will know MSs private key? How many of them will leak it? Can it be obtained through reverse engineering? (Answer: YES)
If MS has worked out a regime to change their private key if it becomes public, what is the mechanism through which the key is changed? This info and the new key WILL be leaked/reverse engineered.
Remember: Information is FREE.
It was just two days ago I said:
And now what do I see?
Damn, I hate being right about this stuff.
Nope, no sig
Take heart my gangley Gnu gobblin cohorts, all is not lost yet! Long ago in the days of mysticism and lore the gods of Economics and Love set down the laws of Economics and Love. Try as they might with their merciless bands of code wielding deperados a whooping and a hollering through town they cannot defeat the laws od Economics and Love. You see my chummy chum chummers not even within the Gates of Redmond lies enough power to overcome these laws. They may be strong now by coercing the likes of the Kingdom of Intel and the AMD Empire into their fold but their power even now begins to wane. The infighting between these two great houses is fierce and the outcome far too unpredictable. Competing standards there are, differences in vision they have.
Hence Microsoft begins along the path of commoditization. They can profit from their allies' struggle. All that is required from them is to design software that removes leverage from under their allies' armies! Given the dark empire's grasp of the market of souls this is an easy task. They can make their software run on both of their allies' competing hardware. No matter who wins out in the end, if indeed anyone does, the dark empire still stands even more powerful than before. They can effectively commoditize all computer hardware.
Their masters in the land of Redmond see oppertunity here besides the obvious. They seek new allies who are stronger because they pay people to produce while consolidating their power by controlling distribution of the produced work. Since Microsoft can effectively commoditize the hardware of their allies they can force software vendors to use their branded environments in order to be assured they will work on Intel and AMD hardware. Microsoft adds magic talismans to software requiring the use of their evvvvil DRM technology from their new Media Mogul Lord allies and BLAMO the world is under their control.
I did say fear not did I not? Strength comes from within so fear not! While the dark empire collects taxes from its vanquished foes of the OEM Republic they conspire against their dark oppressors. The law of Demand which is an entire volume of the law of Economics comes into play. Demand drives the OEM Republic, they don't make money off their competitor's sales like their evil massssters do. Therefore it is in their best interest to serve the masses to which they cater. If the masses reject control by Microsoft and the Media Mogul Lords there will be a revolt in the populace. Microsoft will cease to be in demand.
The OEM Republic being driven by the demand of Microsoft will abandon all things DRM and tell the Media Mogul Lords to stick things in dark places. They will because their coffers will be emboldened by their customers money. Rallying to the call of the smaller OEMs larger neutral nations will become involved in the battle. Nations by the name of IBM and hPaq will enter the forray alongside competitors like Dell and Gateway. Rallying the troops will be Apple ripping and mixing and burning flinging CD-Rs left and right into the eyes of Media Minions. Backing the OEM Republics will be the Norwegian nations of Nokia and Ericsson. Cell phones are driven by as much consumer demand as PCs and if they can't market a MP3/OGG/DVD/TV/CB cell phone lightsaber their customers will move on.
Fighting the small battles will be the Linux fanboys with their boxen and the FreeBSDites with their kernels that never quit. Aiding the OEM Republics in their battles by providing them with a Microsoft alternative they don't have to develope with their own cash. It will be a good day to compile.The Law of Economics will see the warriors of light through the day. DRM will die because the masses want their MP3/OGG/DVD/TV cell phone lightsabers and want to continue to burn CDs so they don't have to buy them because they are cheap. Fritz Hollings will stub his toe and Jack Valenti will shrink even more. Compile friends compile!
Take heart my geek pals, Microsoft must bow to demand and the cheapassness of human nature must never be discounted. Palladium will fall and then geek love will commence.
I'm a loner Dottie, a Rebel.
The government should have broken MS up into 3 or more pieces: system stuff, apps, services.
I don't see anything wrong with a company developing a system like this. The problem is that MS's monopoly allows them to appoint themselves as the "authority" for the PKI system.
If MS operated as separate companies, there would have to be an open interface between the system and the PKI authority.
Various market segments would then have the freedom to select their own gatekeepers. For example online music sales could rely on one signer (RIAA?), financial stuff could use a different signer. Military stuff would use yet another. Linux folks might elect to require a Linus sig for kernel modules.
That's "while", not "whilst". Quit (incorrectly) using impressive-sounding words to make your argument sound more impressive.
Palladium, as a transitional metal can be very unstable. Palladium 109 (Isotope) has a half life of only 13.5 hours, which should be exactly the amount of time it would take to render any Microsoft attempts in DRM useless.
I hope Microsoft succeeds and elimites this Open source communism.
Here needs to be a new law to put any open source free geek to jail.
I have to admit that I only skimmed the article (when it was on /. yesterday), but it seemed to my that this has very little to do with the GPL specificly. It's just another attempt by M$ to take over your computer, which would of course make it harder to use products they don't like.
From what I've seem, I disagree with the statement that "MS is taking dramatic steps to make it GPL-hostile." It isn't designed to kill the GPL, just to kill certain kinds of freedom.
One way of eliminating the Linux "threat" is to change the PC as we know it, in a manner that locks it away. Very clever.
As a rule everything MS does it does to grow and expand it's monopoly. Therefore this is also to do the same. You can't trust MS.
About a year ago I saw a TV report about the development of the tobacco industry in the 50's/60's including the consequences of smoking and methods to fight cancer.
;-)
;-)
Now the astonishing parallel:
MS considers the GPL to be cancer-like (Steve Ballmer mentioned that, AFAIK).
(keep in mind: according to MS: GPL == cancer)
That report I saw showed that the tobacco industry tried several substances which were mixed with the tobacco to lower the possibility of cancer. Now guess which one showed first acceptable results: yes, Palladium.
So: Palladium was quite useable to lower the appearance of cancer.
Maybe they saw this report too?
What they probably forgot: Palladium was expensive and hard to produce, so they stopped it because it was unrentable.
Really astonishing
greetings,
Cryptorchid
We must fight against this bullshit now, completely, or in ten years you'll be able to do exactly Jack and Shit if it's not in accordance with the DRM system. That is, legally. Then we get into turning normal behavior (repairing my system from the DRM damage) becoming a federal offense (circumvention of copy protection device).
Look, it's not paranoia if they really are out to get you. And the level of control that Microsoft is going for now, seems to show they have their users firmly in the crosshairs.
Please, tell me this won't have all that much of an effect, that it won't really matter in the long run.. then pull the other one.
"Avast! Prepare for the rodgering!" THWACK! "Arrr.. me nards.."
One more thing. Let's say Palladium becomes a reality. Now, remember the whole loophole-menu deal with early Apex DVD players? Imagine if that made it into the design. Microsoft would be suing the mobo maker faster than you can say "intellectual property infringement". So why should a mobo maker willingly put themselves in a position where if one rogue engineer puts a loophole in the system, they can be sued to death?
Not when they find that upgrading to the next version of Windoze means that they can't download ripped MP3s and movies any more, the office Linux servers can't talk to MS products, etc. At that point, people will get tired of Microsoft and friends real quick. Look at it this way: WinXP has been out for months, but how many people have actually upgraded to it apart from those buying new PCs? How many have upgraded to Office XP? Not a lot. The name "Microsoft" on the box is no longer sufficient to guarantee sales, and that is, after all, why they're worried.
Let's face it, at the end of the day, money talks. These places have lots of it, but they're nothing if the population casts them out. If the Microsofts, RIAAs and MPAAs of this world try to make everything enforceable via the DMCA, EUCD, and so on, then someone will simply come along and seize the gap in the market for sensibly-priced, decent quality alternatives. If Intel screw up, AMD are right around the corner. If only one record company sets up a reasonably priced on-line music shop where you can download MP3s, who's going to be getting all the custom? Hollywood already manage to blow a fortune on movies with great special effects but less entertainment value than a decent independent film.
This whole situation is disconcerting, and it might even fly for a few months if they're lucky. But it's just not going to beat simple free market economics in the long run. No monopoly -- not even Microsoft or Hollywood -- is worth anything in the face of a world of pissed off customers prepared to take their business somewhere -- anywhere -- else.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
...and I tell you this:
It is going to be rather hard to sell this to consumers. It is going to be buggy, so it will be a support nightmare at both ends. No, it's not only because MS can't code, it's because code is buggy - allways. And buggy fascist DRM code is the absolute nightmare.
And the user experience will be enjoyable only to really masochistic sort of types. "You can't do that". "You are not allowed to do that". "That 'll cost you 5 bucks extra [Cancel] [OK]".
I mean...
Also, this sort of things would convince any government agency in the world who has heard the word security that MS is Mordor, and Bill Sauron.
I liked the Yahoo article better that the theregister one, btw.
rmstar
It's not a matter of "if" this will come to pass, but "when." Microsoft and Intel have incredible inertia and mindshare with the masses.
This all has very dire and serious implications.
What are the best ways to combat this? Even if a "few" people switch to Linux, if a majority of people are equipped with this technology they literally won't be able to exchange data with open source systems at all.
Oh no, the sky is falling! Waaah waah wah. Read the goddamn msnbc article:
So uh, since the source will be open, there's nothing stopping you from reimplementing Palladium (for purposes of compatibility) under a GPL license. Also, you may be able to even reuse their code, though obviously not under the GPL. And because of the GPL's viral nature (and microsoft will probably use a GPL-similar license for Palladium; why not fight fire with fire?) you will not be able to release updates to the package under the GPL, because if one line of a program is GPL'd, every line must be. If you cannot reconcile licensing conflicts, the only appropriate way to conform to the GPL is to not distribute.
Palladium sounds like nothing more than a glorified public-key encryption/signature system. Why Microsoft asserts that it requires hardware changes is beyond me; It's not like you won't be able to emulate those hardware changes if you are willing to go the extra mile. Hardware can be exploited as well.
And besides, Palladium is unlikely to come along until Longhorn. The GNU camp can spend the next two years putting together a superior GPL-licensed free open package that does the same shit, and runs on various operating systems. You have no right to complain about innovation by Microsoft if you are not willing to innovate yourself. Furthermore, you know absolutely nothing about the system, except for these tiny bits of buzz. While the MSNBC article is certainly slanted, the article in the Register is blatant FUD.
In the end, we're just seeing one of the ways the GPL can be a liability; that doesn't mean it's bad, but it is not a panacea. The whole point of open sourcing Palladium in the first place (Assuming they don't change their mind) is for compatibility; Palladium will be much more likely to fly if they can get other people on board, so it's in their interest to have broad compatibility. In the end, Unix may have to end up with a user-space implementation, interfaced to by a GPL kernel module. This would be a more Unix-ish way to do things than implementing it in the kernel, anyway.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Just stating the Bloody Obvious(TM)
Fritz wants to put all sorts of DRM stuff into my PC to safeguard the intellectual property of the RIAA / MPAA crowd. The unspoken assumption is that I want to use my PC as a home entertainment system.
Might I suggest a solution that will satisfy all sides. Produce an external device that connects to my PC (perhaps via Firewire, ethernet, etc.). It will contain the appropriate CODEC's, DRM hardware, keys, etc. Consumers could purchase and download encrypted media with their unmodified PC's and then transfer it to the external box. The box would handle all rights management and would have outputs that only connect to special DRM approved displays, speakers, etc. The box could be built to be tamper resistant (special screws, thermite charges, whatever).
Viola - the media giants, get what they want. Consumers can purchase the device and then purchase and download films and music. And I can ignore the whole thing and use my PC as a PC.
[Insert pithy quote here]
I'm a U.S. citizen, but I've often thought that many U.S. industries that seem dominant now may be eclipsed if overseas producers get just one lucky break. I can totally see this happening with chipmakers. Palladium might be just the onerous restriction required for Asian-headquartered chip companies to surpass Intel and AMD. Believe me, I take no joy in that. I wish our business "leaders" didn't have this habit of setting the U.S. up for a fall...but that's life.
The infamous Halloween Documents (granted, they're from 1998, but the MO hasn't changed a bit - it's just being approached from a different angle) out-and-out prove that MS perceives Linux as a threat - MS honestly sees Linux as a true threat to its stranglehold on market share, and with shifts in corporate IT departments to Linux and other UNIX-based systems in favour of XP or 2k-based systems, MS clearly thinks that Linux is an obstacle to be steamrolled in the process of gaining back lost market share.
With the Macintosh crowd turning firmly toward UNIX-based systems with the release of MacOS X, it's all the more clear that UNIX is beginning to win back all the space it lost through the 90s.
What's more, the application suites in Linux are quickly beginning to rival those developed by MS for its own OS - I've tried OpenOffice 1, and it's just as good as its Microsoft-produced counterpart.
There's just one more hurdle to clear - getting independent software developers to see things the same way. Games make the system, and this is one area where Linux is lacking. Smash-hit store-bought games is one major reason why Windows took off. Linux still doesn't have the wealth of games that Windows has, unfortunately.
Here's my suggestion. Make inroads into the home market - get the average Joe User to see how well Linux performs - and word will spread like wildfire. As long as the only people who proselytise Linux are IT directors, it won't achieve the one thing we all want - the downfall of the Big Redmond Machine.
Linux has made considerable gains in recent years - and this is largely attributable to its consistently top-notch development system and the initiative to develop applications that compete head-on with similar Windows products. But it's not over yet.
As the columnist said, Tuxers, it's time for the gloves to come off.
Why can't TCPA interface libraries be created for Linux distributions? Then GPL software can just link to the libraries?
If he was right, was he right because it was going to happen? Or because he planted the idea in people's heads. One of those crazy things about prophecies..
Why it's so good it's "double plus good".
We're going to make information free Mr. Anderson, whether you like it, or not.
Unix has encypted file systems too, obviously the encrypted part would lead to cause files to only be readable with by the user, and the private key, even if stored on the same computer is only half the key along with a long password. Though if NT does support this by default, and have a good way of handling it I guess that makes it better in some ways. As the standard linux kernel can't handle that by default, but its easy to add on.
I'm an artist producing psychedelic trance visuals which I distribute freely over the internet. Presumably since they wish to stop pirated copies of movies, all avi's will have to come with a signature that verifies them. So without a signature someone over the internet will not be able to play my avi.
Does this mean the art i produce will need a signature, which presumably I will have to pay for?
So I now need to pay microsoft for the ability to create art?
Surely this breaks the laws which deal with artistic freedom
This might seem self-destructive in that most other companies wouldn't be able to meet this requirement. If this is started early enough, however, we could see companies splitting into two camps:
I design user interfaces for a free network management application,
Let's say someone steals my Palladium laptop. They are now me.
I am not me anymore... So I call in to 'cancel' my laptop like I would a credit card?
So I can call in and cancel YOUR laptop?
"Yes, my name is Craig Barrett, and I'd like to cancel my laptop. No, I don't have any of my codes. They were all stolen too."
If voting were effective, it would be illegal by now.
"Yet some consumer advocates and champions of personal privacy cautiously support Palladium. Nobody questions that more security is needed as computing continues its steady march online.
.sig. Except for this. Disregard the previous sentences.
'It has the potential to put users in more control over their information if it's done right,'
said Ari Swartz, associate director of the D.C.-based nonprofit Center for Democracy and Technology."
-- Washington Post article
I did a quick search for the Center for Democracy and Technology, and came to their website, http://www.cdt.org/. I'm not too sure why, but it seemed as though there was something a little odd about the webpage. Bad "vibes" emanated from it. I tried an Open Secrets search, and came up empty-handed.
A perusal of their website revealed a "Supporters" page.
And such supporters they are!
Disney
Intel
Verizon
World Bank
AOL/Time Warner
MCA/Universal
BSA
And, of course...
Microsoft.
http://www.cdt.org/mission/supporters.shtml
Always check your sources, folks. "Astroturf" (opposite of grassroots) organizations are insidious.
---------
This is my first post on Slashdot. Ever. So I don't have a
Ah.. I'll just make my new box.
I won't need a new box for at least 6 years.
How every new Microsoft initiative is the "riskiest ever" and they are all designed "to rework the entire architecture of computing as we know it?"
Why not just build better products?
Tells you who you're dealing with--and what they're doing. Palladium is all about deciding what's trustworthy.
Guess what? Anything written by a company with a market cap of less than $1B will be *un*trustworthy by default.
Protects information. The system uses high-level encryption to "seal" data so that snoops and thieves are thwarted. It also can protect the integrity of documents so that they can't be altered without your knowledge.
Hmmmm... sounds like the UNIX file system, without the encryption, of course.
Stops viruses and worms. Palladium won't run unauthorized programs
Like those of competitors.
Cans spam.
Procmail.
...
How about an OS that doesn't crash every five minutes? How about development platforms where more time is spent on stabilizing the API than coming up with impressive sounding error messages?
I imagine from MS's security attempts that there will be a fatal flaw from a design standpoint that can't be fixed. I would imagine that odds would be in support of a crypto-key embedded in a chip. Now the problem is, if John Doe buys a Paladium system what stops him from using his neighbours information to register with Microsoft, thus becoming Jane Doe. So, now Jane Doe buys a computer and finds she cant register, now they have to swap the keys around, or tell Jane Doe she isnt her. This kind of thing is going to piss alot of people off which probably means that the crypto in the chip will have NVRAM or something else to reprogram it for a new key. Even if this system is secured with PKI it will probably share a common key built into the hardware, as its going be be expensive to custom fab each chip. Or, on the other hand the operating system will have to know how to determine the key. At which point you start to build a distributed.net client for the purpose of cracking the key. Albeit these systems will probably have to be built outside of the US to avoid DMCA, but thankfully OS's like OpenBSD are built outside of the US so there is a good chance of having the knowledge to defeat these crypto systems outside of the US.
i think MS FUD should from this point on be called MSF
... or is it JUST the bootup stuff that is supposed to be checked? -- and then... what's stopping the kernel/bootloader guys from just changing the code a bit to make it work? i REALLY dont see how they can implement this successfully without unbearably slowing the machine down...
i dont think MS has anymore uncertainty or doubt...
but anyways, on another note...
I dont understand how this thing can work...
how the hell can this 'new technology' see the difference between an 'approved jpeg' from an unapproved one? what does the bios have to do with what pages come up in a web browser? sure as hell cant stream all data thru the bios to check for 'GNU' or 'linux', etc... actually.. i'd like to see them try -- those machines will as slow as 8088's
I wonder how far all the MS subordinate companies will allow themselves to be taken before they take action...
p r m t h s
...is what this is all about; R. Anderson's got that right. The lie about it making computing more secure for the consumer is merely to lull the public into supporting it. I'm surprised that they haven't dragged out the ``Protect The Children (tm)'' argument to save the innocent from the horrors of the Internet (Pr0n sites, politically-conservative web sites, www.nra.com, Open Source Software, etc.) but I'll bet that's coming.
Imagine the finger pointing that's going to go on when the public finally figures out that TCPA/Palladium isn't all it was cracked up to be. Intel supporters will point to all the other consortium members as being those at fault for the reduced capabilities in the platform. Microsoft supporters will do the same. (``Wasn't us. The hardware people were the ones with the hidden agenda.'') Sounds like they've learned something from the way the public overlooks politicians' getting away with backing away from campaign promises to, say, reform government or to reduce pork barrel spending: ``It wasn't my senator! It was all those other evil politicians!''
Ie:
In other words, there's safety in numbers. Heck, if it works for politicians it ought to work for consortiums of corporations, right?
CUR ALLOC 20195.....5804M
They are experts at manipulating the perception of the public and lawmakers that their products should be used and that if there is a problem, something other than Microsoft is to blame.
They have been convicted of breaking the laws of their own country and will probably get off lightly even though they show no remorse, are frankly insulting to the judge, and continue their illegal actions.
They can make Big Wins by these tactics. Technological quality has very little to do with how well a product fares in the market these days. How many years have programmers known how to do bounds checking and NOT let buffer overflow errors occur? and what is the most common bug in Microsoft software? (Outlook, anyway)
If they win this round, kiss general purpose computers goodbye forever. It won't be right away, but this strategy is solid and puts the right Big Players in the right places.
I tend to be somewhat wary of add on products. The problem is that if you have a product that requires five separate add ons to provide the features you need the chances are very high that they are going to turn out to be incompatible.
So you can use Matt Blaze's code for an encrypting file system but does that work with the extensions to support label based security?
Computers are by definition Turing machines and you can add practically any feature to any computer under any O/S. The question is the extent to which it is supported.
I get somewhat tired of people who don't know much about security and practically nothing of WNT pontificating about security architectures. The security problems in WNT have nothing to do with the O/S layer. It is the application layer that is shot.
Unfortunately UNIX is only better in certain very limited respects, in particular virus propagation is difficult to get above critical mass if an O/S has a small user base and I suspect that programmers really avoid active code because it is hard to support rather than because it is near impossible to secure. But thats just my opinion, I could be wrong.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Why not encourage an alternative social model that relies on profit and honor (and greed and paranoia) instead of "security and trust"?
Let anyone sell any content to anyone else (at a low official price, having eliminated multiple layers of profit-taking distribution and manufacturing).
Set up a secure internet service to let the buyer pay easily and directly to the content owner, who would in turn pay half that amount to the person who distributed (file-shared) the content.
An association of content owners would offer a well advertised bounty and immunity to prosecution to anyone who honestly informs on someone for giving away or selling their content without paying. (False reports wouldn't earn the bounty and may cause future reports to be disregarded.)
The vast majority of people will go along with the system and believe they're doing it because they're basically honest and the 50% payment is just icing on the cake and that bounty isn't a threat to them because they're always honest. Self-delusion perhaps, but if it works...
Then we could do away with all this nonsense of encrypting content and crippling content players.
I've heard a few people say that the Mac wouldn't be affected. But, it would work its way into to the Mac, especially if it's required by law to be in all new hardware. Even if not by law, IBM or Motorola still make the PowerPC chip. Perhaps IBM would give into the pressure, and embed it in the chips. Or, since a file created on a PC is encrypted, Palladium compliant de-encryption would be required on the Mac to read the file. Of course, your file created on the Mac, being non-signed and non-encrypted, would be unable to be read by a Palladium PC...etc.
All of this matters how, exactly? If I can run a non-TCPA approved OS (even Windows XP) on the TCPA motherboard, so what? Isn't that the same as running a non-TCPA approved OS on a non-TCPA motherboard? I don't get it. So I can't use TCPA-restricted services or run TCPA-restricted software. Big whoop. I can't do that now!
TCPA will only matter if it reaches critical mass, but people (and corporations) will have little incentive to upgrade their hardware AND their software just to run Longhorn/Palladium unless they can't do something critical without it. In other words, the TCPA-restricted services and software will have to be required, and how will they ever become required if everyone must first upgrade their hardware AND OS AND applications?
I really doubt M$ can reach critical mass on this one. What's the "killer app" that drives everyone to TCPA/Palladium? Movies? -- Hollywood would have to stop releasing on DVD and switch over 100% to a TCPA-restricted medium first, and frankly at that point I'll just stop buying movies. Remember, society got along just fine from the 1900s to the early 1980s without owning/renting movies, and we got along just fine in the 1980s and most of the 1990s owning/renting them on VHS. I'd miss DVDs, but I won't replace my entertainment system if they stop selling them. Treating me like a thief isn't going to make me rush out and replace my TV, VCR, & DVD player with something that performs exactly the same (and refuses to play my old DVDs!). The RIAA and MPAA both think society can't get along without them, but they may be in for a rude awakening.
eBusiness? So far they haven't been able to entice everyone to pay bills or shop exclusively online, and forcing a complete system upgrade first isn't going to make it more attractive. Why business would rush to embrace this eludes me. My job is making in-house software for Fortune 500 companies, and they hate spending money on things like automated testing tools; they sure aren't going to like having to pay an outside company to certify their in-house software before their own computers will run it. Hell, who certifies the development copies so they can even be tested? Companies are not going to replace all their computers just so they can increase their software development costs.
Nobody's going to go for this -- there's no "killer app."
If all this should have a reason, we would be the last to know.
I believe his point is that UNIX has a lot of network security features because of the danger posed by someone gaining root access on the local machine. Not sure if that's a valid deduction but there it is...
As for every thing being setup on Windows with close too root access... only on a machine that isn't set up to be secure, that being the majority or not it really doesn't matter.
You might check out - http://www.nsa.gov/selinux/index.html
I'm not sure if this security model affects how much control the root has...
Wow this sounds more like Tron 2.0 The Fritz in the chip is MCP monitoring all your bits. my thoughts Trust cannot be automated and certified by a third party. End users must set up and use a trust based system otherwise, it is just a huge tool for *them*
The whole article was paranoid FUD.
Nothing about palladium requires the 'entire' OS be certified. It would be the trusted root that would have to be certified, as well as application modules that enable the use of DRM enabled content.
Intel is heavily into linux and you'd have Palladium enabled linux shipping before the actual chips.
No you wouldn't be able to hack palladium specific code without getting it recertified but I'm sure IBM, Redhat, intel would systems in place to do just that.
If you want to look at microsofts answer to linux look at 'longhorn' not Palladium.
(I apologise for being AC; this may drive me to create an account so I can be tracked...)
As a professional software developer who uses Open Source and Free software, I'm very troubled by Palladium. I'm even more troubled that its implications seem no less dangerous for closed source and proprietary development.
Perhaps I'm missing something here; you tell me.
The security model as described requires that no certified application can move "secured" information from inside its trusted zone, to outside its trusted zone.
Rather like Java, but a Java where you need to pay to have your program certified before you can run it.
- Only certified programs are allowed to access protected information.
If non-certified programs (say, one written by a "hacker") were allowed to access protected information, they could potentially copy it to outside the trust zone.
- If your motherboard dies, you cannot use a replacement motherboard: Since its Digital ID is different, the disk drive is cryptologically locked out. The information is not recoverable.
- Backup and restore operations cannot be used to circumvent the trust mechanisms. Thus, you cannot recover information from a backup that doesn't belong to you. But if it is the Digital ID on the motherboard that determines this, you can't restore your own data to a different system.
- Cut and paste must only be available between applications that trust each other. Applications distributed by any single vendor (e.g. Microsoft) will likely trust each other. But, copying from a Microsoft Word document into your (say) AOL email window? Probably, Time Warner has the deep pockets to pay for this privilege. Do Red Hat, or Apple?
The Save As, and Send operations in Internet Explorer (for instance) cannot be used to bypass the trust boundary. So, you can only save an encrypted version of a protected page; and you can only send an encrypted version to your friend. Who will need the corresponding "trusted" Internet Explorer to view it.
Similar restrictions would apply to Copy, Paste, Save As, Send, and Export functions in Excel, Access, etc.
The limitations on cut and paste would extend to screen image copying, since a bitmap of the protected text would be subject to abuse by Optical Character Recognition. Or to potentially illegal re-distribution of copyrighted material.
- There is no way to run an application that "looks into" or "spies on" a trusted application. Ergo, it must be impossible to run a certified application under a debugger. Or, to access "protected" information from a not-yet-certified application, under development.
- Certified scripting languages within the trusted zone cannot bypass the trust boundary. Imagine Perl, so emasculated: it cannot write to an un-encrypted file. Or, to STDERR.
Please note, that any application that can read information within the trusted zone, can not write arbitrary output outside the trusted zone. No tool or scripting language can bypass the trust barrier. Since you (a "hacker") could read the data bit-by-bit, and push it out in a series of cleverly formatted, automatically captured error messages, the error messages must stay within the trusted zone.
- As the overhead of certification, time, labor, and cost, is likely to be significant, small players will be forced out of the market.
Do you develop, or even use, the product of minor players? Be worried.
- Much of the software commercially developed is for internal use. Custom data mining and analysis, for instance.
But, if this software is to access "protected" data, the custom/ internal-use-only program must be certified, and trusted by the application which "owns" the data. A hefty tax is thus emposed. For those who can afford it.
Those who cannot afford to play, will not be allowed to play.
- Flash BIOS updates must run in the trusted zone. Should there be a problem with the certification mechanism, updating it might be difficult.
Yes, I'm worried. It looks to me like what they have in mind, is no less than the end of general purpose computing
Buy a macintosh! Apple would never put an evil Fritz chip in their computers, open source software is getting good at reading MS Word files and getting better all the time. Rip, Mix, Burn Baby!!!
60% of the webservers use the OSS webserver apache, if all those users are extra warned about palladium and the effect on apache...
If this ever succed in my lifetime i will not use it. Even if hell freezes over and penguins fly i wont go near it! I will gladly use my linux and AMD 6 Ghz by then, only communicating with fellow open OS users. Heck, it will be like in the old times. Cant imagine it succeed though, have ANY protection trick ever worked? All i have seen is frustraded and angry customers not able to use their hardware and software and thats very bad for buisiness. With the popularity of fileswapping today and the % of online people into warez, how many would volontarily buy a computer that stopped their biggest use of the internet? Especially since it doesnt seem to add any value to the computer at all to the user.
HTTP/1.1 400
While I see your point, I doubt you'll make it any time soon to the millions of people who habitually download MP3s in breach of copyright at present.
The real point is that, while sound in principle, these laws have been abused, and have consequently lost the public trust. Copyright as a protection for a complex monopoly overcharging customers doesn't work, any more than silly speed limits trying to generate revenue rather than increasing road safety do. These uses of the laws are abusive, and they are therefore widely ignored. It would be impossible to take action against those who break them but are sensible about it, because you'd have to prosecute half of your population, and that ain't gonna happen however much money the campaign groups put into political sponsorship.
Y'see, this is the great thing about democracy. There are always more of you in the majority, so eventually, you'll always win.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Some bit of twisted irony, that Palladium's Group Product Manager's name is Juarez ..
...
Juarez? Say it out loud
MS is truly evil with this.
Also interesting to note was their big announcements "We're stopping new development to fix bugs", "We want to be a trusted system", "We will share source" and other 'good' announcements came at a time of relative media hype.
Looking over the history of the trial for the past few years, there were a lot of 'good' news from Redmond when the case was hot, and lots of 'bad' news to counter it when it was not in the spotlight.
I sure hope that the Judge will consider this in her remedy.... "In spite of being found guilty AND being offered a favorable agreement, they continued their predatory, abusive, and illigal behaviour. Their behaviour was carefully formulated to ride on consumer fears and trust, changing marketing to match the winds but remaining focused on their goal: exploit the consumers." :)
Let's just pray she will be harder then judge Jackson. She is so careful that I the ruling shouldn't be overturned. I wonder if she would read /. in considering her solution?
//TODO: Think of witty sig statement
The Reg article makes mention of Palladium obseleting root. However, there are already *nix projects out there that already *have* obseleted root - or at least not made it the end all and be all. For example, LIDS and SELinux for Linux, most of the Trusted variations of various unices.
So, even if Palladium takes off, I think the ingenuity of various people will allow any *nix OS to run on a Palladium system - it's certainly not impossible.
Under WNT you can set the O/S up with very strong file access permissions. It is not unusual to configure a WNT machine so that administrators don't have access to user's files and if you read the manual you can set the system up so that nobody has system privillege, administrators who can mod user accounts cannot modify the system log etc.
Yeah, but there are ways around that, and they are easy to deal with. Just like in Unix you can copy the section which contains the passwords(the registry BTW). and then run a password cracking tool against it. Eventually you will be able to find their password, then you could log in as them. That is just to get to something without looking guilty. Basically any type of security that you can setup, the admin account can undo. Which account do you think orginially setup those permissions in the first place? It would be pretty stupid if you couldn't reverse, especially if they make a mistake.
UNIX was not designed to be a secure O/S
And neither has Windows which is why it is the most hack OS of all time.
"and neither has Windows [been designed as a secure OS] which is why it is the most hack OS of all time."
This is simply untrue -- and password cracking is out of scope for this argument.
Do not confuse bugs in IIS/IE with the core Windows components. Windows NT 4.0 and 2000 can be configured to be just as secure as Trusted Solaris and Trusted AIX.
One of the primary goals when Microsoft developed Windows NT was to allow the stock Windows OS to be secured to the standards required by the DoD and Dep't of Energy for secure computing platforms. To do this, MS borrowed heavily from the DEC Vax model.
If you properly setup groups and so forth in Windows 2000, no user other than the domain user you specify can have a SID to allow access or modification of a file. I have seen this implemented in a state agency which handles medicaid records -- it works.
In a non-Trusted Unix operating environment, there is absolutely no guarantee of data security or integrity for the data on the computer. Anyone with access to the root user or root group can trivially read, write or delete any file on the system. If you can obtain physical access to the machine, pulling the plug and booting with a CD allows you unfettered access to everything on the machine.
Trusted Solaris and AIX implement ACLs which allow strict role-based levels of privlege that are superior to NT or VMS, but few organizations outside of the Federal government use Trusted OS's.
Conformity is the jailer of freedom and enemy of growth. -JFK
IBM had a sort of challenge-response system where the computer would interrogate the card to see what its type number was. IBM of course controlled the type numbers. BUT... there were two groups, the ones for IBM and the ones for everyone else. The computer allowed cards with the IBM type number abilities that were denied the others!
One major reason MC died in the arse; moral: don't piss off third party suppliers if you're up against an open-architecture rival.
Yep, just remember what happened to the once world-leading British car, motorbike and shipbuilding industries... Too much navel-gazing and short-term-ism and against new and aggressive competitors.
Add the German camera and Swiss watch industries to that; Swatch apart they only exist at the very high end.
You reckon SUN's going to support it? IBM?
These are two companies that (a) design their own CPUs (b) control an awful lot of the back-end servers that Palladium would need to be implemented on to have credibility (c) are big in their own right (d) hate Microsoft's guts.
But there's nothing in the system that says, for example, that if you run something in one of these vaults that you've got to have the code signed, or you have to have things authenticated.
What it does do, though is allow you to know with certainty that some software running outside the valut can't corrupt or interfear with processes inside. If you choose to run unproven software inside your vault, that's your problem, but it won't be able to destroy anything except that one vault. Presumably you would segment different processes and apps into different vaults, thusly making it impossible for things to run amok and hose the whole system.
And where does it say that you can only run MS Windows on this new hardware? Yes, Palladium is a set of MS software services, but the hardware it requires and runs on will be manufactured by other vendors (although the initial design is MS) and, seemingly, open to other software OSes. The "Trusted Operating Root" at the core of this thing is open to public scrutiny and I see no reason why one couldn't write another OS to run on it. Again, Juarez says:
As a side note, we will publish the source code on that Trusted Operating Root. We will make sure that people have the opportunity to really go deep on that and kick the tires and know that what we're doing in there is what we say we are doing.
Seems to me that all Microsoft is trying to do is deliver on their promise of "Trustworthy Computing". No software can ever be truely secure without a secure hardware platform on which to run. I can always hack the BIOS, interject my own bootloader, etc., and there's not a darn thing any OS can do about it. The new hardware underlying Palladium should be accessible to any OS that writes for it, and any can benefit from it. Aside from making software processes secure and contained, it promises invulnerability from hardware snooping too.
Granted, these facilities can be abused within an operating system such as Windows to further restrict things and enforce DRM, etc. But blaming the core for the evil things that may be built with it is like saying all metal should be banned because you can make guns from it. Ludicrous. I simply can't see the hardware booting up and saying "Sorry, this isn't a MS OS, so I can't boot it".
That's simply absurd, and would never fly. I can't believe that Microsoft is that stupid and could convince all the hardware vendors to be that stupid too. So you don't like the software infastructure that MS has built on top of this hardware to restrict your rights? Fine, run another OS just as you can now. This project is about the software architecture, not the hardware. The hardware is simply a necessary part to get the job done right, and since nobody is doing that now, MS has to push it first.
Whether or not they can deliver remains to be seen, but I say kudos to Microsoft for trying to give us truly secure computing environment! Isn't this what we've wanted all along? Isn't this what we've always lambasted Microsoft for -- having unstable, virus prone, hacker prone, poor privacy software? Now they try to change all that and catch heat for that too. You guys are something else!
There is much bullshit being talked in these articles (especially the supposed FAQ), as I said in the earlier story all is based on possible but not confirmed assumptions and this guy has to learn to back his arguments with something. For example
Fritz makes the key available only so long as the environment remains `trustworthy'. For this purpose, `trustworthy' means that the media player application won't make any unauthorised copies of content.
That's all he does not explain how a chip in the machine would know that I'm making an unathorized copy of a file. Can't I just copy it with another program? Please man explain!
Also this is not really a FAQ, just some article formated as questions, example:
12. Scary stuff. But can't you just turn it off?
18. Ugh. What else?
Yeah right I'm sure those are frequently asked questions. Unless FAQ stands for something else this page is bullshit. I'm all against this Palladium thing but I'm not sure why as I have not seen a decent article about it yet.
The TCPA system is designed to protect the system at the hardware level and Palladium is built on top of that. This seems to totally miss the point: most of the recent security problems have occurred because of poor software, not hardware. Even if TCPA guarantees that the hardware layer has not been tampered with, all it takes to compromise the system is a buffer overflow somewhere in the system.
I do not know much about the precise cryptography techniques employed in Palladium, but the following scenario is not wholly unrealistic: Imagine what would happen if a virus infects your box: Would it be able to read all those crypto signatures and certificates off your chips? Will there be databases of such cracked signatures all over the web, similar to those serial key warehouses?
Besides, I don't know when these people will realize that computers are not black boxes like the microprocessor in your washing machine. There are lots of people who play with computers, whether such tinkering is useful or not is immaterial. Sealing hardware within crypto-vaults is being prudish and playing spoil-sport. Mebbe such hardware security is necessary in high-security installations: I am happy with my system the way it is!
Palladium is not (really) about security, but about control.
First, Microsoft can easily sell the supposed benefits (digital rights/intellectual property control) to large corporate entities, and industry trade groups.
Phase one: Laws to require that Digital Rights Management be implemented in all new hardware.
Then, they make sure that everything works better when used with One True Windows servers and Genuine Microsoft software on Genuine Microsoft Windows. (Like they did with Java, "extending" it so that it would work better (only) on Windows.
Phase two: Windows DRM only works with cooperating players. Intel wants to support Linux? Well, we'll just make sure Windows Prefers AMD. Hint? IBM wants to support Linux? Well, they can forget getting Windows drivers for their laptops.
Then, they charge whatever they want, for the privilege of interacting with Genuine Microsoft products.
Phase three: "Reasonable" fees for certification. Any new computer comes with Genuine Windows preinstalled. DRM hardware will not boot old (pirated) copies of Windows, or anything other than a Certified Operating System. (Read: Microsoft Windows)
Microsoft has done this all before. Sometimes they succeed, most often, they fail. They Don't Stop. All the bad publicity -- all the legal action taken against them -- has their behavior changed?
...and you'll be ignored.
..."
From the Ross Anderson FAQ (link above):
"...one feature of TCPA is that the user can always turn it off. But then your TCPA-enabled applications won't work, or won't work as well. It will be like switching from Windows to Linux nowadays; you may have more freedom, but end up having less choice. If the applications that use TCPA / Palladium are more attractive to the majority of people, you may end up simply having to use them - just as many people have to use Microsoft Word because all their friends and colleagues send them documents in Microsoft Word.
Not unlike IE, and how many sites will work properly only with an MS browser.
Wake up and smell the coffee burning. And be prepared to be marginalized.
Say goodbye to computing as we know it.
Cheers- raga
(Not that I find anything to cheer about in Palladium.)
If you distribute a GPL application, you are required to provide source. If the digital signature is an essential part of the application, without which it will not run, you need to provide the "source" of that. The source is, according to GPL "the preferred form for modification". The ONLY form for modification of the signature is the private key that you created the signature with.
.deb, because the signature is not essential to use the distributed app -- it will work anyway, you just have to accept that the signature doesn't match.
This does not apply to, e.g. a signed
If Palladium is a PKI/smartcard on a PC (PDA), who then controls the keys, if I as an user can delete and load keys to the palladium chip I don't see any problem. But if MS or intel control the keys loaded to Palladium it is a whole different thing (by the way, how are they going to bind a key to a machine/user?). Does anybody knows the answer to this?
I don't see an insurance company, Bank, or financial services company that would agree to the idea that secruity to both the hardware and software will be partially managed by an outside force.
These institutions are very conservative, rarely upgrade to the next big thing with any alacrity and are really paranoid about their data. So going up to a bank and saying 'hi, all of your interanlly developed apps will now have to be certified, so you either get to tell us about it, or buy the right to certify your internally developed software' Oh in addtion any off the shelf products used would still have to access the internet to be certified...
Nope just don't see that happening in the financial services...
Similar restrictions would apply to Copy, Paste, Save As, Send, and Export functions in Excel, Access, etc.
But for the patient, there is always an alternative method of Copying and Re-entering that can never be taken away until they outlaw pens and pencils. Any data that can be represented reasonably in a human-readable text form can never be truly secured as long as we retain the skills of reading and writing. In theory (though you'd have to be absolutely nuts to try it) you could write down the entire hex code to a movie file and type it in on an unsecured computer, thus bypassing the protection.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
Given the fact that both germany, france and others are buying into Linux now, with good support from IBM, I see very little chance that this will succeed in Europe or Asia (the latter being the most important since they make our motherboards). Also the heavy investments in Linux from IBM will leave at least one major player out of the conspiracy. Palladium won't work unless M$ can control the server side too, and with all the Apache servers out there and with players like Sun and IBM not buying into this, it will probably die a slow but certain death.
-._''_.-
If MS really was concerned, the first thing they would do is expend their resources to get IPV6 implemented around the world. That provides a basis for better authentication, identification, and then work on implementing solutions going forward. Obviously though, they won't. I agree it sounds more like the one thing MS does exceedingly well... marketing. (Of course the other reason MS wouldn't do it is that they don't own and can't 'buy' IPV6.)
So Microsoft have chosen to name their security technology after a defensive measure which failed and allowed in a Trojan horse. Maybe they're trying to tell us something?
Traducción en Bulma
--
Backup not found: (A)bort, (R)etry, (S)uicide