Analyzing Palladium

apeir0 writes "The Register has a story which proposes an ulterior motive to Microsoft's new Palladium: a GPL-killer. 'It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.' Is this a valid point or just paranoia?" Ross Anderson has been writing about this recently; we covered his paper a few days ago, and he's now got a Palladium FAQ up. Another submitter sent in this interview with the Microsoft manager in charge of Palladium. The Washington Post has a column. Update: 06/27 22:43 GMT by T : Bob Cringely also has a column on Palladium up, in which he says that several of his fears have been realized by it.

Between a valid point and paranoia

[truthsearch]

He makes quite a valid run through his logic. It's not impossible, so I wouldn't call it simple paranoia. However I still don't think MS finds the GPL or Linux that much of a threat to its entire business. They're putting way too much effort into Palladium if it were only to make the GPL useless. It's really all about control, as a lot of people said in previous /. articles. It's somewhat about money, but at this point it's about growing an empire and making it even stronger.

Lots of problems ahead for MS

[tony_gardner]

Look, lets not get our knickers in a knot. It may happen, but it's never going to be the only,
or even a high-level verification method. Obviously not, it's embedded in hardware.

I would think that an identification code embedded in hardware is going to be cracked, and in short order. What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique
identifier? And that he can't change that identifier without a new MOBO? Or that Microsoft is giving away his credit card number to anyone who can spoof his identity?

It's a common failing of software manufacurers to think that new hardware can solve problems that software cannot (CF pretty much every dongle ever made) Just let MS run with the ball until they realise that the same thing can be done in software at a fraction of the cost.

In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.

Re:Lots of problems ahead for MS

[WolfWithoutAClause]

Breaking one persons account can be handled the same way they deal with credit card theft, they just publish a list of identities that are known to have been broken. No big drama.

Re:Lots of problems ahead for MS

[vandan]

The only problem I see with this argument is the legal aspect. All governments want more spying powers. This is especially true of the American government and their war on everything which is not in their economic interest. The organisations lobying for DRM have a lot of money, and the inclination to use it to get their way; the RIAA & MPAA, Disney, Microsoft - these are the people making laws. Do you think that the government sees any merit in allowing teenagers to download and rip music instead of paying for it like the western economy requires? And do you think that anyone in government understands the technical merits or failings of a hardware-enforced, legally required DRM? Or that they care? In their eyes, there is only one way forward. Computers are not for entertainment - they are for making a few people a lot of money. The internet is there to connect those computers for the same purpose.
DRM is coming, and if people don't like it, they will have to move fast because with AMD and Intel promising support, there isn't much stopping DRM legislation - apart from some teenagers and some commie-hippy protestor types.
So get ready to wear the mark of the beast...

Re:Lots of problems ahead for MS

[Rogerborg]

• I would think that an identification code embedded in hardware is going to be cracked, and in short order.

Sure. Remind me, where do I download the software hack for Xbox?

Sorry, you're just plain wrong on this one. Trying to impose security on an insecure OS with a dongle is wildly optimistic. But tying the hardware and the OS together is - demonstrably - not. Modding an Xbox requires a hardware hack, and Microsoft aren't idiots; they'll learn from the Xbox vulnerabilities and make sure that Palladium is harder to crack, or they'll have got their para-legal team hopped up and ready to take down any mod suppliers the instant they appear (note that one Xbox mod chip supplier went under today).

I'm not saying it'll be impossible, but I am predicting that it'll be damn hard and will require more than just a soldering iron and a cavalier disregard for your warranty, the EULA and the DMCA.

As regarding it dying in antitrust... well, we've seen how fast the DoJ moves on these issues. As for returning computers, what's your basis for believing that by 2006 you'll be able to buy a generic naked system without a Microsoft OS installed? And if we're talking about individual components, what will the market be for people who want to install a non-Microsoft OS but who won't realise that a stock consumer Intel/AMD chip won't talk to it? 2%? 1%?

This is a big deal. It's the Son of SSSCA, dressed up in pro-consumer clothes. It's not mandatory, just de facto (i.e. zero difference in practical terms). The response to any legal challenge will be that if you really want to run a non-Microsoft OS, you can pay extra for "server" or "pro" versions of CPU's (and whatever other components have jumped on the bandwagon). Fine, but how long before the anti-piracy argument gets leveraged to push through either a consentual or compulsory scheme to license access to non-Palladium parts? Six months? Less?

We can argue this until the cows come home, but let's agree to compromise. If you're right, you can say "told you so". If I'm right, I can say... well, whatever Bill allows me to say. Fair enough?

MS is Silly

[YanceyAI]

The notion of hard-wired authentication rings alarms for conspiracists who sense a plot by which Microsoft might exert even more control over what kind of software could run on future computers. The Redmond behemoth dismisses such talk as silly.

Apparently the US government does not think it's silly. Nor did the judge in the case who ruled against them.

Masters at work

[rant-mode-on]

Whilst Microsoft does not produce the most robust software in the world, they have repeatedly proven that they are masters of strategy and marketing. Getting into games consoles, PVRs and just about every other major electronic device that you use is just a prerequisit to being able to make this successful. Palladium is something to be feared.

Anyone notice the inherent similarities

[tony_gardner]

between this and biometric security methods. Very strong security. When the single layer is cracked, there is no backup mechanism, and resecuring and reverification of user are almost impossible.

Although, I guess if I had to choose between getting a new MOBO and new eyeball I'd pick the MOBO. Maybe this is Microsoft's attempt to be least-worst.

Palladium, Microsoft�s future?

[JonathanTWilson]

Palladium, Microsoft's future?

Palladium if it ever actually comes to pass is probably the biggest and most profitable enterprise Microsoft could ever possibly have imagined. Why? Secure software running on a secure platform. But what steps do you take to make this idea a reality?

A trusted hardware base. All hardware must meet certain operational standards that are set out by a central organization. For hardware to be "compatible" it must live up to the minimum of these standards. Similar to government regulated health and safety standards on all current hardware, but in this case software regulated. While this might not appear in Palladium version 1.00 it will definitely feature in its future, as all the big media companies want hardware copy protection.

All software needs to be certified by the above central organization. It wouldn't be out of the question for Microsoft to create an "external sub-company" to administer this side of the business and not seem like it's trying to be a monopoly. This new company would deal with Sun, Linux, Oracle, etc, in the same way it would deal with Microsoft. Why this might happen I'll explain later.

How will this software be certified? If a software company just uses any old computer language to create a binary, what will get certified the source code or the binary? This is an important question, how do you check that the software that's certified has no backdoors? As backdoors are the single biggest problem within a closed "secure" system.

Here is what I think Microsoft is making a play for:

The answer is a trusted programming language a.k.a .NET framework. Microsoft's new byte-code compilers (look's like Java might just have missed the boat). With a trusted compiler creating trusted byte-code running on a trusted computer. It now becomes possible to create different levels of certificates for different levels of access to computer hardware and personal data. In this way Microsoft will have completed their "finial software solution".

Microsoft is predominantly still a software-based company. While the IBM PC compatible hardware is Microsoft strong hold it's not the only hardware option. To a large extent Microsoft has won the desktop market. The only way they will lose it is if there's a change in the Client/Server (Desktop/Internet) relationship. Microsoft saw with Java how this relationship could change and Windows could become no more then a footstool for Java applications. If Java had become the programming language of choice for creating Desktop/Internet applications Windows would have become a very easily removed part of the equation. Enter all the dreams of the Net-PCs, a slimed down computer running cheap to free operating systems with a Java run-time on-top. Here's the twist. Microsoft liked the idea and with its power in the desktop arena knew it could succeed where Sun failed. Microsoft Windows might not be the flagship of Microsoft for much longer, as Palladium could become the software platform of the future. Two reason why I think this: 1) They could create a more "open" version of Windows knowing this would help them in their antitrust cases. But really knowing that all software by default will have to run under Palladium anyways. 2) Palladium will be run on all trusted hardware footprints (PC, Apple, etc). But Microsoft will use its power over the desktop market to implement Palladium through Windows. Once it has been accept as the standard that Microsoft believes it will be, demand from users of other hardware platforms to support Palladium will create the need for all client operating systems / hardware to support an implementation and because its all based on .NET byte-code this will not be a problem.

With this move Windows steps back becoming primarily a desktop only environment running Palladium for all import tasks. Windows users will still be able to play all their games and fun applications, which might not be trusted but Internet access and important data can only be accessed through Palladium. Windows would sandbox trusted and untrusted software apart. So at an operating system kernel level trusted and untrusted software runs differently. Plus with Microsoft changing its file system from FAT/NTFS to a Database system untrusted software wouldn't be able to get access to this partition, both at hardware and software levels.

Now the "external sub-company" suggested above would be used as follows: This company would be "external" from Microsoft, and Microsoft would sell its MS-Palladium investment to said new company, which just happens to have Bill Gates as its CEO and many other big shots involved. This new company (which for ease of reference will be called "New$oft") will be now responsible for managing all the NS-Palladium implementation with all hardware / software companies. This implementation will required backroom access to all operating systems source code, to double check that there are no loopholes in the security of an implementation. Companies like Sun and Apple to an extent will have to allow Newsoft access to their primary intellectual property. Newsoft will check that the operating system cannot do any damage to the secure Palladium.NET network. As for Linux, Newsoft will create its own GPL distribution and modified Kernel, which it obviously has control over. This is all perfectly legal as Newsoft gives away all the source code for NS-Linux free. But when purchasing NS-Linux a license fee is paid for the NS-Palladium subsystem. All Linux updates will have to come through Newsoft before becoming part of NS-Linux. This will hi-jack Linux and removing control of the Kernel from Mr. T to Newsoft. Linux will still be as popular as ever but the distribution of choice will be Newsoft's because of market compatible pressures.

Now to the finial piece of the puzzle. Palladium will control access to different data and software features through certificates. Companies creating software that will run on Palladium.Net will have to get certified for developing different types of software. Meaning, not only will the source code be certified the companies that create the code will also have to be certified if they want their application have access to certain user data. This way only trusted companies will be allowed on the trusted Palladium.Net network. But the only way to create the byte-code is by using the Microsoft's Studio.Net tools. The byte-code that is created will have to adhere to standards that can easily be parsed for backdoors or loopholes. This way the certification of the binary process becomes a simple automated matter of checking the company's certificate permissions against what the binary byte-code is programmed to do. If the binary byte-code operates within the limits of the company's certificate we have a trusted program. This could even be applied to things like Palladium-Word macros, Palladium-emails to stop spam, the list of possibility is endless.

So to recap. All computer hardware is updated to have a Palladium microchip. The operating system has been updated to run Palladium's run-time byte-code. All software and software companies have been certified by Newsoft to be trusted. Linux is just another pawn in Newsoft's game of secure chess. Call this farfetched if you wish, but in Bill Gates wallet beside the picture of his children is a copy of this plan which he looks at daily, and smiles :)

Re:Flattening

[tshoppa]

serialize the data to plain ascii. I assume no software can restrict taking stuff out of binary documents, and then sending that flat data to a friend

The Fritz chip will prevent any non-[MS|RIAA|MPAA]-approved software from accessing a protected document. And in the Palladium/Fritz scheme, to get [MS|RIAA|MPAA] approval the application will not be allowed to have a useful "save" option.

Of course, maybe all you need is a single "buggy" but approved application to get around all this.

Another way would be to digitize the video or audio coming out of your PC, but after the MPAA makes owning or building unrestricted A/D converters illegal this won't be an option. (Except to those of us who know how to build A/D converters out of stone knives and bearskins and live in the underground economy).

Re:The Cartel Problem

[slow_flight]

This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart.

Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC? It may not have the strength it used to, but it still has a tremendous amount of control over oil pricing. I hope you're right on this one, but it's not a given.

Re:Invisible hand

[slow_flight]

the rest of the world won't follow, so there will always be a steady supply of 'open' hardware (which will probably be cheaper, too). After which the American industry will scream bloody murder because of the unfair competitive advantage of foreign corporations using all this open stuff.

This will not result in the removal of the crippled products, it will result in tariffs on the imports. The open hardware may be available, but it will be available only via the black market.

Re:No, it still won't work.

[sphealey]

The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs.

That might have worked in the 1970s or even 80s, when chipmaking systems had "reasonable" prices (say in the 50 million USD range), there were many companies making chips, and there was competition among microprocessors.

Today, chipmaking systems cost in the billions of USD. No one is going to start a garage shop to fabricate these things - they will have to come from established (read: large) manufacturers. Large companies are very susceptible to government pressure: "no DRM instructions in your new CPU? I guess we will have to cancel that big secret contract with the NSA, and also sic the SEC on your financial statements."

Similarly on the CPU side: Intel and AMD are really the only games in town now. Any new systems would have to "play ball" with one of those two. And again, as large organizations (in Intel's case with large US Government contracts) they will fall into line if pushed.

sPh

Absolutely Right

[FreeUser]

Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC?

Absolutely right.

Then, lets not forget cartels like the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), who have successfully lobbied for and purchased legislation to enshrine their oligarchy into US law.

These are the very people who are pushing for this sort of nonsense, and a software monopoly as a result would be fine with them (indeed, perhaps even preferable to a free market, since it is only one point of pressure/influence they would require).

We are absolutely kidding ourselves if we do not think this is a serious threat to Free Software, the GPL, and our very freedom as human beings.

Re:Invisible hand

[Anarchofascist]

"I think the market is silently going to take care of this. Would you rather buy an intentionally crippled product, or an 'open' competing product? "

They're going to let you switch it off. However, if you switch it off, you wont be able to generate or use "trusted" content, and if 80% of people do not accept your "untrusted" content (with a little help from some cunningly-worded MS error messages), you're up shit creek (to use a common engineering term).

The carrot will be Hollywood DRM content, and the stick will be in creating the perception that MP3s, Oggs and Linux are in some way "untrusted".

Re:Ignore them.

[bons]

"and some clients believe the FUD being spewed/parroted by media"

Which FUD are we talking about? This entire series by been a collection of FUD on both sides. In case you missed it Slashdot is also doling out large quantities of:
FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.
UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation.
DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?

As a community, we've not only grown a huge distrust for Microsoft, we've grown a love for their methods. Not only do we happily wage wars with FUD, we seem (as I look through the moderated up comments), apparently advocate licenses that prevent Palladium from working with "open hardware" (sorry, but that doesn't sound open to me, it sounds as exclusionary as Microsoft's standard tactics).

It's about time we returned to our core beliefs, before we lose them entirely and become what we claim to despise.

Re:Ignore them.

[Zeinfeld]

Which FUD are we talking about? This entire series by been a collection of FUD on both sides.

Which is amply demonstrated by the fact that this is the second time the story has been posted this week.

The Register article shows only that the reporter has no clue as to what Palladium is and what it can and cannot do.

No DRM solution is 100% secure, the issue is not eliminating piracy, it is raising the barrier sufficiently so that the content owners are confident enough to release material and for the level of piracy to be low enough that people can all make a buck.

Attempting to rig a DRM solution so that people could only run MSFT O/S would be (1) illegal and (2) very stupid since people would have a legitimate reason for bypassing the alledged DRM measures to run Linux.

If you run Linux you are not going to have a Palladium certified O/S and many content providers are not going to sell stuff to you. But that is exactly the current situation. Palldium is only going to mean that Windows users can get content that the owners will not release without strong(ish) DRM.

Re:If if changes the Unix/Linux security model, fi

[Zeinfeld]

I really don't know windows very well, but I'm sure there is one account (superadmin??) that can change these privilages. Which is basically root.

I find it amazing how folk can start a sentence 'I don't know anything about this' and then go on to pontificate. Examples of this behavior include practically every Senator's reaction to the pledge of allegiance rulling (I haven't read the rulling but I'll make a dumb-ass statement to protect my base) and 50% of the posts on Slashdot by Linux people on WNT.

Under WNT you can set the O/S up with very strong file access permissions. It is not unusual to configure a WNT machine so that administrators don't have access to user's files and if you read the manual you can set the system up so that nobody has system privillege, administrators who can mod user accounts cannot modify the system log etc.

With W2K and later you can turn on the encrypting file system. By default the administrator still has the ability to recover files via the recovery root. But you can export that to a floppy disk and put it in a safe. You can also integrate more powerful Key Recovery systems from third party vendors that enforce dual control over recovery.

UNIX was not designed to be a secure O/S. The security it does support is a subset of the security mechanisms of MULTICS. The design observation made at the time being that the machines of the day (early PDPs) could not support a complex security model.

It is unfortunate that so many people mistake age for security. By the time VM-UNIX was developed the VAX 11/750 VMUNIX was developed on was capable of supporting a sophisticated security model as VMS proved. But like so many UNIX design features what had originally been a shortcut had been elevated to the status of dogma.

Reason for FUD

[Dalcius]

You make a great point -- you're right, we should watch what we do and say.

B this is just the initial stage of "freaking out." I, for one, never thought that anything short of an *obviously* oppresive gov't law could stop open source or the GPL.

But now that is changing. I'm worried. Here's why:

If the TCPA's ideas becomes law, and old applications are made incompatible, or more likely, obsoleted by new ones, people will be required to upgrade to new hardware/software to get much of anything done, as I see it. Upgrading is a source of revenue for corporations (e.g. MS), I think it's safe to say they would try for this if they could.

If this becomes standard and exclusive, there isn't a whole lot the OS community can do, especially if it is illegal, IMO.

The only thing to stop this is a huge outcry from the tech community and/or the education of government officials. Past that, the Joe Publics will have to become angry. And considering the Joe Publics I know, that isn't likely unless the idea of their computer being run remotely is spread around.

I think Joe Public can handle not stealing music. He might be used to it, but after all, by common definition, he is stealing it.

I think Joe Public won't mind the "extra security" if he thinks it's there. People aren't retarded, but often ignorant.

That is why I worry.

There is no way this could last forever. That would be retarded -- even congress has to learn about technology sometime. But what I can forsee in a possible future is a world where the companies have put their other foot in the door of our computers (and wallets). And it'll take a fight to get them out if they get that far.

To be honest, I'm scared. Fear, uncertainty and doubt are being spread because we (or at least some of us) believe in it. FUD from companies is typically BS with no thought behind it. This FUD is genuine fear, IMO.

Why should I care? Where's the "killer app"?

[Rick+the+Red]

All of this matters how, exactly? If I can run a non-TCPA approved OS (even Windows XP) on the TCPA motherboard, so what? Isn't that the same as running a non-TCPA approved OS on a non-TCPA motherboard? I don't get it. So I can't use TCPA-restricted services or run TCPA-restricted software. Big whoop. I can't do that now!

TCPA will only matter if it reaches critical mass, but people (and corporations) will have little incentive to upgrade their hardware AND their software just to run Longhorn/Palladium unless they can't do something critical without it. In other words, the TCPA-restricted services and software will have to be required, and how will they ever become required if everyone must first upgrade their hardware AND OS AND applications?

I really doubt M$ can reach critical mass on this one. What's the "killer app" that drives everyone to TCPA/Palladium? Movies? -- Hollywood would have to stop releasing on DVD and switch over 100% to a TCPA-restricted medium first, and frankly at that point I'll just stop buying movies. Remember, society got along just fine from the 1900s to the early 1980s without owning/renting movies, and we got along just fine in the 1980s and most of the 1990s owning/renting them on VHS. I'd miss DVDs, but I won't replace my entertainment system if they stop selling them. Treating me like a thief isn't going to make me rush out and replace my TV, VCR, & DVD player with something that performs exactly the same (and refuses to play my old DVDs!). The RIAA and MPAA both think society can't get along without them, but they may be in for a rude awakening.

eBusiness? So far they haven't been able to entice everyone to pay bills or shop exclusively online, and forcing a complete system upgrade first isn't going to make it more attractive. Why business would rush to embrace this eludes me. My job is making in-house software for Fortune 500 companies, and they hate spending money on things like automated testing tools; they sure aren't going to like having to pay an outside company to certify their in-house software before their own computers will run it. Hell, who certifies the development copies so they can even be tested? Companies are not going to replace all their computers just so they can increase their software development costs.

Nobody's going to go for this -- there's no "killer app."