Slashdot Mirror
Analyzing Palladium
apeir0 writes "The Register has a story which proposes an ulterior motive to Microsoft's new Palladium: a GPL-killer. 'It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.' Is this a valid point or just paranoia?" Ross Anderson has been writing about this recently; we covered his paper a few days ago, and he's now got a Palladium FAQ up. Another submitter sent in this interview with the Microsoft manager in charge of Palladium. The Washington Post has a column. Update: 06/27 22:43 GMT by T : Bob Cringely also has a column on Palladium up, in which he says that several of his fears have been realized by it.
Until we fully know what Palladium encompasses, why are we jumping to these hasty conclusions? This is no better than when people believed that Windows XP would deny you the ability to play your mp3s, or play them at a much lower quality, because they weren't 'certified'.
He makes quite a valid run through his logic. It's not impossible, so I wouldn't call it simple paranoia. However I still don't think MS finds the GPL or Linux that much of a threat to its entire business. They're putting way too much effort into Palladium if it were only to make the GPL useless. It's really all about control, as a lot of people said in previous /. articles. It's somewhat about money, but at this point it's about growing an empire and making it even stronger.
Developers: We can use your help.
Look, lets not get our knickers in a knot. It may happen, but it's never going to be the only,
or even a high-level verification method. Obviously not, it's embedded in hardware.
I would think that an identification code embedded in hardware is going to be cracked, and in short order. What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique
identifier? And that he can't change that identifier without a new MOBO? Or that Microsoft is giving away his credit card number to anyone who can spoof his identity?
It's a common failing of software manufacurers to think that new hardware can solve problems that software cannot (CF pretty much every dongle ever made) Just let MS run with the ball until they realise that the same thing can be done in software at a fraction of the cost.
In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.
Apparently the US government does not think it's silly. Nor did the judge in the case who ruled against them.
Can I bum a sig?
Whilst Microsoft does not produce the most robust software in the world, they have repeatedly proven that they are masters of strategy and marketing. Getting into games consoles, PVRs and just about every other major electronic device that you use is just a prerequisit to being able to make this successful. Palladium is something to be feared.
between this and biometric security methods. Very strong security. When the single layer is cracked, there is no backup mechanism, and resecuring and reverification of user are almost impossible.
Although, I guess if I had to choose between getting a new MOBO and new eyeball I'd pick the MOBO. Maybe this is Microsoft's attempt to be least-worst.
Palladium, Microsoft's future?
.NET framework. Microsoft's new byte-code compilers (look's like Java might just have missed the boat). With a trusted compiler creating trusted byte-code running on a trusted computer. It now becomes possible to create different levels of certificates for different levels of access to computer hardware and personal data. In this way Microsoft will have completed their "finial software solution".
.NET byte-code this will not be a problem.
:)
Palladium if it ever actually comes to pass is probably the biggest and most profitable enterprise Microsoft could ever possibly have imagined. Why? Secure software running on a secure platform. But what steps do you take to make this idea a reality?
A trusted hardware base. All hardware must meet certain operational standards that are set out by a central organization. For hardware to be "compatible" it must live up to the minimum of these standards. Similar to government regulated health and safety standards on all current hardware, but in this case software regulated. While this might not appear in Palladium version 1.00 it will definitely feature in its future, as all the big media companies want hardware copy protection.
All software needs to be certified by the above central organization. It wouldn't be out of the question for Microsoft to create an "external sub-company" to administer this side of the business and not seem like it's trying to be a monopoly. This new company would deal with Sun, Linux, Oracle, etc, in the same way it would deal with Microsoft. Why this might happen I'll explain later.
How will this software be certified? If a software company just uses any old computer language to create a binary, what will get certified the source code or the binary? This is an important question, how do you check that the software that's certified has no backdoors? As backdoors are the single biggest problem within a closed "secure" system.
Here is what I think Microsoft is making a play for:
The answer is a trusted programming language a.k.a
Microsoft is predominantly still a software-based company. While the IBM PC compatible hardware is Microsoft strong hold it's not the only hardware option. To a large extent Microsoft has won the desktop market. The only way they will lose it is if there's a change in the Client/Server (Desktop/Internet) relationship. Microsoft saw with Java how this relationship could change and Windows could become no more then a footstool for Java applications. If Java had become the programming language of choice for creating Desktop/Internet applications Windows would have become a very easily removed part of the equation. Enter all the dreams of the Net-PCs, a slimed down computer running cheap to free operating systems with a Java run-time on-top. Here's the twist. Microsoft liked the idea and with its power in the desktop arena knew it could succeed where Sun failed. Microsoft Windows might not be the flagship of Microsoft for much longer, as Palladium could become the software platform of the future. Two reason why I think this: 1) They could create a more "open" version of Windows knowing this would help them in their antitrust cases. But really knowing that all software by default will have to run under Palladium anyways. 2) Palladium will be run on all trusted hardware footprints (PC, Apple, etc). But Microsoft will use its power over the desktop market to implement Palladium through Windows. Once it has been accept as the standard that Microsoft believes it will be, demand from users of other hardware platforms to support Palladium will create the need for all client operating systems / hardware to support an implementation and because its all based on
With this move Windows steps back becoming primarily a desktop only environment running Palladium for all import tasks. Windows users will still be able to play all their games and fun applications, which might not be trusted but Internet access and important data can only be accessed through Palladium. Windows would sandbox trusted and untrusted software apart. So at an operating system kernel level trusted and untrusted software runs differently. Plus with Microsoft changing its file system from FAT/NTFS to a Database system untrusted software wouldn't be able to get access to this partition, both at hardware and software levels.
Now the "external sub-company" suggested above would be used as follows: This company would be "external" from Microsoft, and Microsoft would sell its MS-Palladium investment to said new company, which just happens to have Bill Gates as its CEO and many other big shots involved. This new company (which for ease of reference will be called "New$oft") will be now responsible for managing all the NS-Palladium implementation with all hardware / software companies. This implementation will required backroom access to all operating systems source code, to double check that there are no loopholes in the security of an implementation. Companies like Sun and Apple to an extent will have to allow Newsoft access to their primary intellectual property. Newsoft will check that the operating system cannot do any damage to the secure Palladium.NET network. As for Linux, Newsoft will create its own GPL distribution and modified Kernel, which it obviously has control over. This is all perfectly legal as Newsoft gives away all the source code for NS-Linux free. But when purchasing NS-Linux a license fee is paid for the NS-Palladium subsystem. All Linux updates will have to come through Newsoft before becoming part of NS-Linux. This will hi-jack Linux and removing control of the Kernel from Mr. T to Newsoft. Linux will still be as popular as ever but the distribution of choice will be Newsoft's because of market compatible pressures.
Now to the finial piece of the puzzle. Palladium will control access to different data and software features through certificates. Companies creating software that will run on Palladium.Net will have to get certified for developing different types of software. Meaning, not only will the source code be certified the companies that create the code will also have to be certified if they want their application have access to certain user data. This way only trusted companies will be allowed on the trusted Palladium.Net network. But the only way to create the byte-code is by using the Microsoft's Studio.Net tools. The byte-code that is created will have to adhere to standards that can easily be parsed for backdoors or loopholes. This way the certification of the binary process becomes a simple automated matter of checking the company's certificate permissions against what the binary byte-code is programmed to do. If the binary byte-code operates within the limits of the company's certificate we have a trusted program. This could even be applied to things like Palladium-Word macros, Palladium-emails to stop spam, the list of possibility is endless.
So to recap. All computer hardware is updated to have a Palladium microchip. The operating system has been updated to run Palladium's run-time byte-code. All software and software companies have been certified by Newsoft to be trusted. Linux is just another pawn in Newsoft's game of secure chess. Call this farfetched if you wish, but in Bill Gates wallet beside the picture of his children is a copy of this plan which he looks at daily, and smiles
I'm with Apple, and as far as I know they fully respect my privacy. Hell, they even make it easy to share my MP3 stuff and software, thanks iPod!,br.Besides, Apple is commited with the OpenSource movement and it even use GPL'd software as EMACS in MacOSX. Apple hardware may cost more, even more if you live in a 3rd World piece of country like me (I'm from Brazil), but at least you can keep your freedom and privacy!
Victor Hogemann - hogemann@mac.com
And how do you patch hardware when you find, 6 months in, that there is a flaw? This is a giant step backward in technology, designed to make people go out an buy yet more useless crap for their computers.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
I work for an SI company. A large one. With a huge degree of MS-related work. The MS reps tell *us* that they can commit MS resources (i.e. spend MS money) to help us win projects IF Linux or Apache are involved.
We're talking about people's time at many thousands of dollars per day. However much we need. They won't do it for almost any other project... So I'd say yes, they see it as a threat.
The Fritz chip will prevent any non-[MS|RIAA|MPAA]-approved software from accessing a protected document. And in the Palladium/Fritz scheme, to get [MS|RIAA|MPAA] approval the application will not be allowed to have a useful "save" option.
Of course, maybe all you need is a single "buggy" but approved application to get around all this.
Another way would be to digitize the video or audio coming out of your PC, but after the MPAA makes owning or building unrestricted A/D converters illegal this won't be an option. (Except to those of us who know how to build A/D converters out of stone knives and bearskins and live in the underground economy).
This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart.
Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC? It may not have the strength it used to, but it still has a tremendous amount of control over oil pricing. I hope you're right on this one, but it's not a given.
Karma: Professionally Doomed (mostly affected by inability to keep opinions to self)
the rest of the world won't follow, so there will always be a steady supply of 'open' hardware (which will probably be cheaper, too). After which the American industry will scream bloody murder because of the unfair competitive advantage of foreign corporations using all this open stuff.
This will not result in the removal of the crippled products, it will result in tariffs on the imports. The open hardware may be available, but it will be available only via the black market.
Karma: Professionally Doomed (mostly affected by inability to keep opinions to self)
So even if they put a TCPA-compliant Linux on that hardware, because that hardware mix is not approved then they won't be able to use TCPA-restricted services. They won't be able to communicate with TCPA-locked clients and suppliers.
Even if they buy TCPA-compliant boxes with TCPA-crippled Linux, they will have to run only TCPA-approved applications. A TCPA-approved application can not trust data from a non-approved application (or else the app is at risk of being damaged/subverted by the data -- a buffer overflow or other attack can make an app do unapproved things). So they can't have TCPA apps read the output from custom programs, and can't create services for clients which involve their own unapproved software.
Today, chipmaking systems cost in the billions of USD. No one is going to start a garage shop to fabricate these things - they will have to come from established (read: large) manufacturers. Large companies are very susceptible to government pressure: "no DRM instructions in your new CPU? I guess we will have to cancel that big secret contract with the NSA, and also sic the SEC on your financial statements."
Similarly on the CPU side: Intel and AMD are really the only games in town now. Any new systems would have to "play ball" with one of those two. And again, as large organizations (in Intel's case with large US Government contracts) they will fall into line if pushed.
sPh
Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC?
Absolutely right.
Then, lets not forget cartels like the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), who have successfully lobbied for and purchased legislation to enshrine their oligarchy into US law.
These are the very people who are pushing for this sort of nonsense, and a software monopoly as a result would be fine with them (indeed, perhaps even preferable to a free market, since it is only one point of pressure/influence they would require).
We are absolutely kidding ourselves if we do not think this is a serious threat to Free Software, the GPL, and our very freedom as human beings.
The Future of Human Evolution: Autonomy
"I think the market is silently going to take care of this. Would you rather buy an intentionally crippled product, or an 'open' competing product? "
They're going to let you switch it off. However, if you switch it off, you wont be able to generate or use "trusted" content, and if 80% of people do not accept your "untrusted" content (with a little help from some cunningly-worded MS error messages), you're up shit creek (to use a common engineering term).
The carrot will be Hollywood DRM content, and the stick will be in creating the perception that MP3s, Oggs and Linux are in some way "untrusted".
Once more unto the breach, dear friends, once more, Or close the wall up with our American dead!
I don't see what any of this has to do with people trusting the internet for transactions. How can I trust my transactions any more than I can trust it now with an SSL based system? Ok, so under Palladium I would know that my Netscape binary has been reviewed and was trusted. But I pretty much believe that already. That's not the reason people don't trust internet transactions.
One thing I find interesting about this proposal is that it requires some level of code review before release of any software. All source would need to be submitted to a third party to ensure that the code can be trusted. That sounds like quite a mess to me.
Devon
"and some clients believe the FUD being spewed/parroted by media"
Which FUD are we talking about? This entire series by been a collection of FUD on both sides. In case you missed it Slashdot is also doling out large quantities of:
FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.
UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation.
DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?
As a community, we've not only grown a huge distrust for Microsoft, we've grown a love for their methods. Not only do we happily wage wars with FUD, we seem (as I look through the moderated up comments), apparently advocate licenses that prevent Palladium from working with "open hardware" (sorry, but that doesn't sound open to me, it sounds as exclusionary as Microsoft's standard tactics).
It's about time we returned to our core beliefs, before we lose them entirely and become what we claim to despise.
No Zen is good zen
Which is amply demonstrated by the fact that this is the second time the story has been posted this week.
The Register article shows only that the reporter has no clue as to what Palladium is and what it can and cannot do.
No DRM solution is 100% secure, the issue is not eliminating piracy, it is raising the barrier sufficiently so that the content owners are confident enough to release material and for the level of piracy to be low enough that people can all make a buck.
Attempting to rig a DRM solution so that people could only run MSFT O/S would be (1) illegal and (2) very stupid since people would have a legitimate reason for bypassing the alledged DRM measures to run Linux.
If you run Linux you are not going to have a Palladium certified O/S and many content providers are not going to sell stuff to you. But that is exactly the current situation. Palldium is only going to mean that Windows users can get content that the owners will not release without strong(ish) DRM.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Someone pointed out that they doubt the GPL is Microsoft's primary target -- that if that were the case Palladium is simply overkill. This is a good observation and I wanted to add to it. While Palladium potentially has very negative consequences for not only Open Source / Free Software but all software in general, Microsoft wins on several fronts with this approach. You might remember that Microsoft openly opposed the so-called Holling's Bill that would mandate this kind of technology. Why? Because while it would have similar results (actually the bills proposed would be more broad) the power would be in the hands of the lawmakers and more importantly in the hands of the copyright holders -- the movie and record industry. By pushing their own solution, rather than a legal one, Microsoft maintains control of the technology. To the legislators, they seem like the "good" guys (despite the monopoly convitions [how long before we finally punish these criminals?!]) and Microsoft will also get the backing of "Hollywood." It's about gaining the upper hand. They know that there are forces out there that want this kind of technology, however, it's in Microsoft's best interest to be the "innovators" and have everyone fall in line under their proposal. I think this is the real motivation -- it further secures their position as the dominant market leader. No one will want Microsoft to go away if they hold the keys to your security -- all your information, your applications, everything is in their hands. So not only does Microsoft become indispensable, but they also get to screw over the competition (which includes GPLed applications as the article points out). While security and "trustworthy" computing are nice ideas, Microsoft is the LAST company I want to hand over this kind of control to.
Who said Freedom was Fair?
we're not all Americans dip shit..
No, dumb fuck, we're not.
But those of us who are affected by the attempt to legislate DRM rights (as noted in my post) are.
The point remains, even if it is over your head.
The Future of Human Evolution: Autonomy
I find it amazing how folk can start a sentence 'I don't know anything about this' and then go on to pontificate. Examples of this behavior include practically every Senator's reaction to the pledge of allegiance rulling (I haven't read the rulling but I'll make a dumb-ass statement to protect my base) and 50% of the posts on Slashdot by Linux people on WNT.
Under WNT you can set the O/S up with very strong file access permissions. It is not unusual to configure a WNT machine so that administrators don't have access to user's files and if you read the manual you can set the system up so that nobody has system privillege, administrators who can mod user accounts cannot modify the system log etc.
With W2K and later you can turn on the encrypting file system. By default the administrator still has the ability to recover files via the recovery root. But you can export that to a floppy disk and put it in a safe. You can also integrate more powerful Key Recovery systems from third party vendors that enforce dual control over recovery.
UNIX was not designed to be a secure O/S. The security it does support is a subset of the security mechanisms of MULTICS. The design observation made at the time being that the machines of the day (early PDPs) could not support a complex security model.
It is unfortunate that so many people mistake age for security. By the time VM-UNIX was developed the VAX 11/750 VMUNIX was developed on was capable of supporting a sophisticated security model as VMS proved. But like so many UNIX design features what had originally been a shortcut had been elevated to the status of dogma.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Overall, the Palladium FAQ is interesting, but I think Mr. Anderson is overlooking a major point when he talks about how the TCPA will affect the GPL: what, exactly, constitutes the source code for a binary which has been cryptographically signed?
The GPL is a bit vague on what exactly constitutes the "source code" for a work: it is defined as "the preferred form of the work for making modifications to it". For a program which won't function fully without being signed, a strong case could be made that the "preferred form" for modifying the work is the source code plus the key used to sign the binary; after all, if the "source code" doesn't include enough information to reproduce the binary actually distributed, it's not useful for modifying the work. The GPL also specifies that for an executable program the source includes "the scripts used to control compilation and installation of the executable", which for a signed executable would include the script to sign the binary.
Thus, the danger to the GPL might not be that it will lead to GPL programs that you can't actually modify, but instead be that it will be impossible to get a GPLed program certified. Even if it is certified, it will be illegal to redistribute the resulting binaries without the key, which of course won't be available. If the person or company that produces the program is the sole copyright holder, they can of course distribute it anyways, but it won't be redistributable.
So I'd say that TCPA, Palladium, and other DRM schemes do pose a threat to the GPL, but not for the reason Ross Anderson claims.
Human/Ranger/Zangband
Given that Microsoft and x86 have a strong hold on the computer market, it's fine that Palladium is going to run on that combination, but what about Sun, SGI, and Apple?
.edu's have a thick and manly investment with Sun -- for example half of umich's engineering workstations are ultra 10's or better, and I'm sure the same is true at many other schools. Professors and techy students aren't going to be happy about losing Sun as a usable platform because it's not palladium-compliant or whatever.
It doesn't look like Apple is getting brought into this at all -- I've heard no mention of either them or Motorola (they make Apple's CPU's right? or am I wrong?) being involved in the whole debate -- and a lot of people use macs.
Furthermore, a lot of
Maybe macs and Suns will become more popular because of this Palladium thing because you can still pirate software and not let MS root your box.
What do you think?
-S
Attempting to rig a DRM solution so that people could only run MSFT O/S would be (1) illegal and (2) very stupid since people would have a legitimate reason for bypassing the alledged DRM measures to run Linux.
One of the things that you semm to have missed is that pointing out the possible abuses of the DRM technology is a first step in preventing those abuses.
Fanatically anti-fanatical
You make a great point -- you're right, we should watch what we do and say.
B this is just the initial stage of "freaking out." I, for one, never thought that anything short of an *obviously* oppresive gov't law could stop open source or the GPL.
But now that is changing. I'm worried. Here's why:
If the TCPA's ideas becomes law, and old applications are made incompatible, or more likely, obsoleted by new ones, people will be required to upgrade to new hardware/software to get much of anything done, as I see it. Upgrading is a source of revenue for corporations (e.g. MS), I think it's safe to say they would try for this if they could.
If this becomes standard and exclusive, there isn't a whole lot the OS community can do, especially if it is illegal, IMO.
The only thing to stop this is a huge outcry from the tech community and/or the education of government officials. Past that, the Joe Publics will have to become angry. And considering the Joe Publics I know, that isn't likely unless the idea of their computer being run remotely is spread around.
I think Joe Public can handle not stealing music. He might be used to it, but after all, by common definition, he is stealing it.
I think Joe Public won't mind the "extra security" if he thinks it's there. People aren't retarded, but often ignorant.
That is why I worry.
There is no way this could last forever. That would be retarded -- even congress has to learn about technology sometime. But what I can forsee in a possible future is a world where the companies have put their other foot in the door of our computers (and wallets). And it'll take a fight to get them out if they get that far.
To be honest, I'm scared. Fear, uncertainty and doubt are being spread because we (or at least some of us) believe in it. FUD from companies is typically BS with no thought behind it. This FUD is genuine fear, IMO.
~Dalcius
Rome wasn't burnt in a day.
Sigh. Posting to undo a screwed up mod. I didn't select troll, damnit.
As they say, it is not paranoia when they really are out to get you.
>FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.
Micro$oft has proven over and over again that they can not be trusted with sensitive data. Go to google and do a search on Microsoft and privacy. You are returned with a list of 1000's of articles about their poor performance in this area.
>UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation.
Given what the chief Micro$oft researcher said in his interview, it sounds less like speculation and more like well reasoned logical deductions as to what the company will do with this technology.
>DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?
Given their track record, I can hardly see where expressing doubt about this company and its intentions is unwarranted. This is after all an acknowledged monopoly, which has been found to have abused its power by a court of law. It is a company that has shown nothing but open hostility toward OSS and more specifically, GPL'd software. Further it has gone out of its way to invade users privacy in ways very few other companies have even dreamed about, like the media player that phones home. The list of abuses goes on and on and on.
So in the final analysis your condemnation of all of this as our own FUD attack against Micro$oft is completely unfounded. It is not FUD to call Micro$oft exactly what it is, an avarice monopoly with less business ethics than a bowl full of pond scum.
All of this matters how, exactly? If I can run a non-TCPA approved OS (even Windows XP) on the TCPA motherboard, so what? Isn't that the same as running a non-TCPA approved OS on a non-TCPA motherboard? I don't get it. So I can't use TCPA-restricted services or run TCPA-restricted software. Big whoop. I can't do that now!
TCPA will only matter if it reaches critical mass, but people (and corporations) will have little incentive to upgrade their hardware AND their software just to run Longhorn/Palladium unless they can't do something critical without it. In other words, the TCPA-restricted services and software will have to be required, and how will they ever become required if everyone must first upgrade their hardware AND OS AND applications?
I really doubt M$ can reach critical mass on this one. What's the "killer app" that drives everyone to TCPA/Palladium? Movies? -- Hollywood would have to stop releasing on DVD and switch over 100% to a TCPA-restricted medium first, and frankly at that point I'll just stop buying movies. Remember, society got along just fine from the 1900s to the early 1980s without owning/renting movies, and we got along just fine in the 1980s and most of the 1990s owning/renting them on VHS. I'd miss DVDs, but I won't replace my entertainment system if they stop selling them. Treating me like a thief isn't going to make me rush out and replace my TV, VCR, & DVD player with something that performs exactly the same (and refuses to play my old DVDs!). The RIAA and MPAA both think society can't get along without them, but they may be in for a rude awakening.
eBusiness? So far they haven't been able to entice everyone to pay bills or shop exclusively online, and forcing a complete system upgrade first isn't going to make it more attractive. Why business would rush to embrace this eludes me. My job is making in-house software for Fortune 500 companies, and they hate spending money on things like automated testing tools; they sure aren't going to like having to pay an outside company to certify their in-house software before their own computers will run it. Hell, who certifies the development copies so they can even be tested? Companies are not going to replace all their computers just so they can increase their software development costs.
Nobody's going to go for this -- there's no "killer app."
If all this should have a reason, we would be the last to know.
No, if all chip manufacturers support it, then we will have no choice! This is so bad...
Jeremy