Analyzing Palladium

apeir0 writes "The Register has a story which proposes an ulterior motive to Microsoft's new Palladium: a GPL-killer. 'It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.' Is this a valid point or just paranoia?" Ross Anderson has been writing about this recently; we covered his paper a few days ago, and he's now got a Palladium FAQ up. Another submitter sent in this interview with the Microsoft manager in charge of Palladium. The Washington Post has a column. Update: 06/27 22:43 GMT by T : Bob Cringely also has a column on Palladium up, in which he says that several of his fears have been realized by it.

Ignore them.

[IQ]

Our business runs Linux. We have depricated M$ and their products. We are fast. Our expenses went down hugely. Our services are reliable. We buy the best commodity components and build all our own machines. Life is good.

Re:Ignore them.

[warpSpeed]

Congradulations!

However I can't ignore this. It does worry me since most of my clients only know MS. It is very difficult to get your avarage joe user to break the MS habit, and some clients believe the FUD being spewed/parroted by media.

We can't ignore it, MS have a monopoly and they are going to leverage to its fullest extent until it is (if ever) taken away.

I cheer on your use of linux, but we are a minority, a well informed minority, but a minority non the less.

Re:Ignore them.

[FreeUser]

However I can't ignore this. It does worry me since most of my clients only know MS. It is very difficult to get your avarage joe user to break the MS habit, and some clients believe the FUD being spewed/parroted by media.

The parent post to which you replied should never have been marked Troll, and I will enjoy ripping the moderator responsible a new one on meta.

That having been said, I disagree with his suggestion that ignoring this problem is the answer, but not for the reasons you say (or at least, not entirely for those reasons). This must be fought tooth and nail, as we are being attacked from two sides:

1) Microsoft, trying to leverage their monopoly to impose further, very detrimental, restrictions on the freedom of customers to deploy the correct technologies for their solutions under the guise of DRM.

2) The entertainment industry, that is trying to legislate the very same restrictive technologies and require them in all digital hardware.

We would be absolute fools to ignore this.

Having said that, fewer and fewer people care about Microsoft's proprietary protocols. Even offices that deploy Microsoft on the desktop are, in my experience, deploying open protocols in place of Microsoft's wherever possible to avoid the sort of nonsensical moving target and deliberate breakage MS service packs often result in.

The result, interstingly enough, has been a quiet movement on the part of several businesses away from Microsoft not just on the server side, but also on the desktop ... and in every case, it has been a very successful move.

This is why Microsoft is scared, this is why Microsoft is trying to impliment coercive technologies that will remove the last vestiges of customer choice, and this is why their unholy alliance with Hollywood will likely succeed in creating a Revelations-esque dystopia if we sit on our hind ends and do nothing to prevent it.

Unfortunately we as Americans are so thoroughly conditioned to not become actavists about any cause, no matter how much we care about it, that it is very possible we will do nothing about it in time.

BTW - As another person who works at a company that has completely depircated Microsoft products and deployed GNU/Linux widely throughout our enterprise I can echo the original poster's comments (that were so unjustly marked as a Troll): Life as a non-Microsoft shop is damn good.

Re:Ignore them.

[bons]

"and some clients believe the FUD being spewed/parroted by media"

Which FUD are we talking about? This entire series by been a collection of FUD on both sides. In case you missed it Slashdot is also doling out large quantities of:
FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.
UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation.
DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?

As a community, we've not only grown a huge distrust for Microsoft, we've grown a love for their methods. Not only do we happily wage wars with FUD, we seem (as I look through the moderated up comments), apparently advocate licenses that prevent Palladium from working with "open hardware" (sorry, but that doesn't sound open to me, it sounds as exclusionary as Microsoft's standard tactics).

It's about time we returned to our core beliefs, before we lose them entirely and become what we claim to despise.

Re:Ignore them.

[Zeinfeld]

Which FUD are we talking about? This entire series by been a collection of FUD on both sides.

Which is amply demonstrated by the fact that this is the second time the story has been posted this week.

The Register article shows only that the reporter has no clue as to what Palladium is and what it can and cannot do.

No DRM solution is 100% secure, the issue is not eliminating piracy, it is raising the barrier sufficiently so that the content owners are confident enough to release material and for the level of piracy to be low enough that people can all make a buck.

Attempting to rig a DRM solution so that people could only run MSFT O/S would be (1) illegal and (2) very stupid since people would have a legitimate reason for bypassing the alledged DRM measures to run Linux.

If you run Linux you are not going to have a Palladium certified O/S and many content providers are not going to sell stuff to you. But that is exactly the current situation. Palldium is only going to mean that Windows users can get content that the owners will not release without strong(ish) DRM.

Re:Ignore them.

[FreeUser]

we're not all Americans dip shit..

No, dumb fuck, we're not.

But those of us who are affected by the attempt to legislate DRM rights (as noted in my post) are.

The point remains, even if it is over your head.

Re:Ignore them.

[NoMoreNicksLeft]

Haha. Not a month ago, I was modded flamebait and troll for suggesting that Micro$oft(and other tech companies) were only against DRM until they could discover a way to profit from it. A little quicker than I thought, but hey. I did say it would take 6 months, not 2 years.

I hope you guys are keeping score, each time you call me an idiot and clueless, it comes back to bite you in the ass.

And for those that don't live in the US, do you really think it matters? They aren't going to bother with the expense of making non-DRM hardware for countries without such laws. You're as screwed as we are.

Re:Ignore them.

[JWW]

The funny part about this is that if Hollywood and Microsoft get what they want, they will be the ones whining in a couple of years that they aren't making enough money.

This is a disabling technology and DRM management laws would be disabling laws. Take a look at prohibition to see what would happen. Most people will begin using computers illegally, black market devices and software will be developed, economic calamaty will eventually ensue due to the brakes being put on free commerce in many arenas, including Hollywood and Microsoft.

It will be one hell of an ecnonmic downturn. I alos predict that all the financial pundits will not key on DRM laws being the cause, but they will be.

Re:Ignore them.

[tbannist]

Attempting to rig a DRM solution so that people could only run MSFT O/S would be (1) illegal and (2) very stupid since people would have a legitimate reason for bypassing the alledged DRM measures to run Linux.

1. That hasn't stopped MSFT from doing it before.
2. That won't stop criminal prosecution of anyone caught circumventing the DRM measures.

One of the things that you semm to have missed is that pointing out the possible abuses of the DRM technology is a first step in preventing those abuses.

Re:Ignore them.

[RollingThunder]

Sigh. Posting to undo a screwed up mod. I didn't select troll, damnit.

Re:Ignore them.

[stoothman]

As they say, it is not paranoia when they really are out to get you.

>FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.

Micro$oft has proven over and over again that they can not be trusted with sensitive data. Go to google and do a search on Microsoft and privacy. You are returned with a list of 1000's of articles about their poor performance in this area.

>UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation.

Given what the chief Micro$oft researcher said in his interview, it sounds less like speculation and more like well reasoned logical deductions as to what the company will do with this technology.

>DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?

Given their track record, I can hardly see where expressing doubt about this company and its intentions is unwarranted. This is after all an acknowledged monopoly, which has been found to have abused its power by a court of law. It is a company that has shown nothing but open hostility toward OSS and more specifically, GPL'd software. Further it has gone out of its way to invade users privacy in ways very few other companies have even dreamed about, like the media player that phones home. The list of abuses goes on and on and on.

So in the final analysis your condemnation of all of this as our own FUD attack against Micro$oft is completely unfounded. It is not FUD to call Micro$oft exactly what it is, an avarice monopoly with less business ethics than a bowl full of pond scum.

Re:Ignore them.

[Perdo]

Microsoft says the GPL is viral communism that will destroy the fabric of our capitalist society.

Linux zealots say that Microsoft abuses their Monopoly power.

The difference between their Fud and Ours?

Microsoft has been convicted in a court of law for abuse of monopoly power.

The framers of GPL have not been convicted of being communists, which in any case is not a crime.

Don't like the "viral" nature of the GPL? Write your own damn code!

Re:Ignore them.

[killthiskid]

Good sacrifice. We're all proud of you.

Re:Ignore them.

[JebusIsLord]

No, if all chip manufacturers support it, then we will have no choice! This is so bad...

Re:Ignore them.

[shd99004]

"I cheer on your use of linux, but we are a minority, a well informed minority, but a minority non the less."

This is why democracy in its current form does not work well. Just because the majority thinks something is right, doesn't mean it is. A democracy as it looks like in most western countries is not a guarantee for freedom, where the government are authorized every 3rd or 4th year to rule the country, and where the governments have far too much power and where the lobby groups have far too much influence on the government...

Freedom is not a consequence of democracy, and democracy is not necessarily leading to freedom. I am primarily reffering to this senator Fritz that wants to make TCPA mandatory in all electronics. This means that alternatives will be outlawed, and everyone must use this. To give anyone this much power over others should be criminal.

Re:Ignore them.

[DunbarTheInept]

All those fears and doubts you list are things that MS already has a track record of doing in the past. It is more uncertain to say they won't do them again than it is to say they will continue the same pattern.

Re:Ignore them.

[NoMoreNicksLeft]

Yeh, China will lead an effective boycott. Haha.

Score -1: Troll

Until we fully know what Palladium encompasses, why are we jumping to these hasty conclusions? This is no better than when people believed that Windows XP would deny you the ability to play your mp3s, or play them at a much lower quality, because they weren't 'certified'.

Re:Score -1: Troll

[Aanallein]

Until we fully know what Palladium encompasses, why are we jumping to these hasty conclusions?

Because we might be just a bit too late if we only start when this has become reality. The mere possibility that we could one day wake up to see that something like this has happened is too chilling to ignore.
Sure, chances are 99% of our conclusions and fears are way out there, but that does in no way remove the need for awareness of those fears to exist. If we wouldn't cry out each time something like this was proposed, we'd be giving a completely wrong signal, all but telling the industry that they can get away with doing such things...

Between a valid point and paranoia

[truthsearch]

He makes quite a valid run through his logic. It's not impossible, so I wouldn't call it simple paranoia. However I still don't think MS finds the GPL or Linux that much of a threat to its entire business. They're putting way too much effort into Palladium if it were only to make the GPL useless. It's really all about control, as a lot of people said in previous /. articles. It's somewhat about money, but at this point it's about growing an empire and making it even stronger.

Re:Between a valid point and paranoia

[ILikeRed]

But considering Microsoft, this could be an attack on many things, it's just a great bonus that they can use it as an attack on the GPL.

Check out this Yahoo! story for another angle. I imagine Bill is think "check and mate"....

Re:Between a valid point and paranoia

[forgoil]

And don't forget that they have to sell this to someone, and those someone seems eager to buy (not necessarily the end consumers). It is not about "killing the GPL", it is about seeing a need and filling it.

What scares me is not that M$ makes this piece of software, but that they had a reason not to dismiss it as something that wouldn't ever give revenue. It could just as well have been Sun or IBM doing this.

Re:Between a valid point and paranoia

[mark-t]

This, I think, is a good point. The GPL had been around for how many years before Microsoft started its anti-GPL campaign? I remember working with GPL'd stuff back in 1989, a few years before the name Linux had even first been mentioned. Microsoft was already well-entrenched at this time, and I was playing with GPL'd software in DOS in thos days, why didn't they see it as a threat then? It wasn't until Linux actually entered the fray of being a serious operating system that MS sat up and took notice. Yep. I think it's more about Linux than the GPL -- the GPL just happens to stand in their way of being able to control Linux, so they attack it that way.

Re:Between a valid point and paranoia

[dpbsmith]

"It's really all about control." Yes, which is WHY Microsoft finds the GPL such a threat--because the GPL is all about PREVENTING control.

Re:Between a valid point and paranoia

[_Sprocket_]

I remember working with GPL'd stuff back in 1989, a few years before the name Linux had even first been mentioned... why didn't [Microsoft] see it as a threat then?

...

It wasn't until Linux actually entered the fray of being a serious operating system that MS sat up and took notice. Yep. I think it's more about Linux than the GPL -- the GPL just happens to stand in their way of being able to control Linux, so they attack it that way.

Its kind of like noting that the Internet was in (somewhat) widespread use well before 1996, so why didn't Microsoft pay attention if this Internet thing is such a big deal. It wasn't until the graphical web browser showed up that Microsoft paid attention. Therefore, its not the Internet - its the Web.

In some people's minds the two ARE the same thing. And while they really are seperate entities, one depends greatly on the other for its success. And once the Internet with its more user-friendly flashy graphical Web front-end hit the scene... businesses, even those who had spent years running competing technology / practices, were forced to adopt it.

Linux and the GPL share many of the same traits. To the uninformed, the GPL and Linux are the same thing (if both aren't simply labled 'freeware'). The GPL license and GNU project layed the foundation for Linux. Linux drove the popularity of the GPL. At first GPL/Linux went unnoticed by the IT industry. And then it sprung forward, caught momentum, and is now an issue most IT Industry players must tackle - including Microsoft.

The GPL and Linux provide a whole range of threats to Microsoft. Competing software. Competing standards. Demand for open standards. Loss of control over implementation of those standards. Loss of control over publically available code, to include technology and code developed at Universities and through the US Government. Competative advantages to competing businesses able to adopt a business model that can make use of this code base. It doesn't matter if its specifically Linux or the GPL - its all full of nasty potential for Microsoft.

Microsoft's strategy is pretty simple. Linux presents a unique threat - it can't be bought, out-marketed, or simply smothered. Linux is grassroots and now a part of a wide number of corporate strategies. Its an IT industry hydra and the time-tested strategy of lopping off a head won't work. So Microsoft has decided to go for the heart; the GPL. Which would be a nice and neat thing to do - poison the GPL and ALL the issues of Linux and the GPL begin to fade.

Re:Between a valid point and paranoia

[DunbarTheInept]

They didn't have to make internet exploiter any good in order to get it on most desktops around the world. IE proliferated FIRST, and started becoming usable SECOND. A change to the network layer underneath could be propigated using the same exact technique - make it mandatory to have it installed if you want any recent updates or new versions of Windows.

Lots of problems ahead for MS

[tony_gardner]

Look, lets not get our knickers in a knot. It may happen, but it's never going to be the only,
or even a high-level verification method. Obviously not, it's embedded in hardware.

I would think that an identification code embedded in hardware is going to be cracked, and in short order. What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique
identifier? And that he can't change that identifier without a new MOBO? Or that Microsoft is giving away his credit card number to anyone who can spoof his identity?

It's a common failing of software manufacurers to think that new hardware can solve problems that software cannot (CF pretty much every dongle ever made) Just let MS run with the ball until they realise that the same thing can be done in software at a fraction of the cost.

In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.

Re:Lots of problems ahead for MS

[Tripman]

It will go the same way as DVD players.

All the manufacturers will be nodding their heads at MS while producing security free boards in the background. The market always follows what people want, and many consumers won't want to be tracked and stamped by MS.

Re:Lots of problems ahead for MS

[WolfWithoutAClause]

I would think that an identification code embedded in hardware is going to be cracked, and in short order. What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique identifier? And that he can't change that identifier without a new MOBO? Or that Microsoft is giving away his credit card number to anyone who can spoof his identity?

I'm not so sure. The identification code is embedded in the hardware, and there would be no way to read it. At best you can give it data and use it to encrypt/decrypt stuff for you. The only way this stuff can be attacked is if something can spoof this, and pretend to be the Windows OS. But the hardware in the BIOS and the motherboard are going to be doing their absolute best to stop that happening- the BIOS/hardware can run certificate checks on the program that is asking for the encryption and authenticate it that way.

The problem is that in doing this you are moving many of the traditional OS functions down into the BIOS/hardware, this will make it very complex to do right, but modern semiconductors can probably do this. It doesn't necessarily benefit Microsoft though- there's going to be plenty of forces in the world, particularly Europe that will preclude that, although domestically in America it may be different.

Re:Lots of problems ahead for MS

[rhost89]

I would think that an identification code embedded in hardware is going to be cracked, and in short order.

Hardware is enormusly dificult to crack, look at the ASIC on DBS cards for example, reverse engineering software is one thing, anyone with a afternoon and a hex editor can do that. Getting a electron microscope out and figuring out how the circuits work on a eeprom substrate is an entirely different matter.

What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique identifier?

How about this, what happens to Charlie consumer when he wants to upgrade his system and move all of his software from one to another, you guessed it, he cant, its tied to the first machine for good, fork up another say $2000+ dollers to upgrade all of your software.

Just let MS run with the ball

Isnt that what got us into this mess in the first place?

In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.

Isnt that how it should be? Vote with your $$$ just dont buy one and it will die a horible horible death, more importantly inform as many people as you can about it.

Re:Lots of problems ahead for MS

[tony_gardner]

Sure, I agree that this makes it harder to break _all_ identifiers, but the point of the system is that you don't have to break all of them, just one, and then you have free reign through every system which trusts that person. It's like credit card fraud: fairly rare in actual fact, but devastating when it does happen, with the difference in this system, that replacing your MOBO is considerably more inconvenient than replacing your credit card

Re:Lots of problems ahead for MS

[WolfWithoutAClause]

Breaking one persons account can be handled the same way they deal with credit card theft, they just publish a list of identities that are known to have been broken. No big drama.

Re:Lots of problems ahead for MS

[vandan]

The only problem I see with this argument is the legal aspect. All governments want more spying powers. This is especially true of the American government and their war on everything which is not in their economic interest. The organisations lobying for DRM have a lot of money, and the inclination to use it to get their way; the RIAA & MPAA, Disney, Microsoft - these are the people making laws. Do you think that the government sees any merit in allowing teenagers to download and rip music instead of paying for it like the western economy requires? And do you think that anyone in government understands the technical merits or failings of a hardware-enforced, legally required DRM? Or that they care? In their eyes, there is only one way forward. Computers are not for entertainment - they are for making a few people a lot of money. The internet is there to connect those computers for the same purpose.
DRM is coming, and if people don't like it, they will have to move fast because with AMD and Intel promising support, there isn't much stopping DRM legislation - apart from some teenagers and some commie-hippy protestor types.
So get ready to wear the mark of the beast...

Re:Lots of problems ahead for MS

[tony_gardner]

No big drama except for the person who's account is compromised. You now have the expense of replacing your MOBO, and I'm not thinking that MS is footing the bill for that as the bank does with your credit card. In addition it's not like you get a credit card bill for every program your CPU ran, or was run by other CPUs on your sayso, or every website accessed, do detecting a break in security yould be more difficult than with a credit card. Potentially you may never know, or months may pass before youre sure you have to fork out another (Insert price here) for new hardware. In addittion you'll have to buy all new software, since your old stuff will think it's been pirated and shut down after calling the MS police.

Re:Lots of problems ahead for MS

[Rogerborg]

• I would think that an identification code embedded in hardware is going to be cracked, and in short order.

Sure. Remind me, where do I download the software hack for Xbox?

Sorry, you're just plain wrong on this one. Trying to impose security on an insecure OS with a dongle is wildly optimistic. But tying the hardware and the OS together is - demonstrably - not. Modding an Xbox requires a hardware hack, and Microsoft aren't idiots; they'll learn from the Xbox vulnerabilities and make sure that Palladium is harder to crack, or they'll have got their para-legal team hopped up and ready to take down any mod suppliers the instant they appear (note that one Xbox mod chip supplier went under today).

I'm not saying it'll be impossible, but I am predicting that it'll be damn hard and will require more than just a soldering iron and a cavalier disregard for your warranty, the EULA and the DMCA.

As regarding it dying in antitrust... well, we've seen how fast the DoJ moves on these issues. As for returning computers, what's your basis for believing that by 2006 you'll be able to buy a generic naked system without a Microsoft OS installed? And if we're talking about individual components, what will the market be for people who want to install a non-Microsoft OS but who won't realise that a stock consumer Intel/AMD chip won't talk to it? 2%? 1%?

This is a big deal. It's the Son of SSSCA, dressed up in pro-consumer clothes. It's not mandatory, just de facto (i.e. zero difference in practical terms). The response to any legal challenge will be that if you really want to run a non-Microsoft OS, you can pay extra for "server" or "pro" versions of CPU's (and whatever other components have jumped on the bandwagon). Fine, but how long before the anti-piracy argument gets leveraged to push through either a consentual or compulsory scheme to license access to non-Palladium parts? Six months? Less?

We can argue this until the cows come home, but let's agree to compromise. If you're right, you can say "told you so". If I'm right, I can say... well, whatever Bill allows me to say. Fair enough?

Re:Lots of problems ahead for MS

[tony_gardner]

Practically speaking, is there a lot of differences between a crack and reverse engineering the hardware? If someone writes a key generator and patches it into the OS, it still does the same job. Still, good point about having to move the software.

I wonder if this could be the straw which breaks the camels back, and finally gets some legislation in place to regulate the rights of software licencees. For example, I would think that getting a free (or for the cost of the media), replacement of all programs, when my HDD dies would not be an unreasonable thing to have written into law. I'm sure there must be plenty of others.

Re:Lots of problems ahead for MS

[Johnny+Mnemonic]

Remind me, where do I download the software hack for Xbox?

The X Box Hacker Site, of course. Really, I don't follow X Box hacking closely enough to know how far this has progressed, but it seems to me that a mod chip has been developed--in 9 months since the X Box was released, and it's DRM was touted as 'unbreakable'. Give it another 9 months for more development.

In fairness, though, the link to the FAQ indicated that while external-to-the-processor DRM management solutions were feasible to break, the embedded-in-the-processor DRM solutions expected in rev 2 and later of Palladium would be not hackable by individuals, or even groups of individuals.

And as for your other point: This is a big deal. It's the Son of SSSCA--yes it is. This is a big deal--the death of Linux, and the end of Apple, unless Motorola gets on board, and quick. You may be able to run those OSes, but you will have ZERO interoperability with 95% of the market. Two things that I think might save us: public outcry against this like Intel's previous attempt to allow external reading of the processor's serial number. Also, since this plan really requires ubiquity of the OS, the absence of a monopoly OS will hamper or kill it. The Anti-Trust penalty may help here, or may not.

Re:Lots of problems ahead for MS

[doorbot.com]

Breaking one persons account can be handled the same way they deal with credit card theft, they just publish a list of identities that are known to have been broken. No big drama.

Except for the particular consumer involved.

Re:Lots of problems ahead for MS

[WolfWithoutAClause]

But the probability of identity theft if they've implemented the system correctly and the users use it properly should be very nearly zero. Whether I trust Microsoft to implement a high trust system like this, is unclear. [Ok, it's not unclear- I don't ;-) ]

Re:Lots of problems ahead for MS

[Rogerborg]

• • where do I download the software hack for Xbox?
  it seems to me that a mod chip has been developed--in 9 months since the X Box was released

That's rather my point. The Xbox mod requires custom hardware, a soldering iron and a combination of technical skill and self confidence possessed by perhaps 1% of the population (remember, Slashdot is a very special audience). No system is "unbreakable", but it can be made so hard to break (technically and legally) that there's little practical difference. And they've got three years to improve on the Xbox system.

Where trust comes from

[PMuse]

Call me crazy, but I think M$ just said that opening (some of) its source was the way to achieve trust.

Juarez: ... As a side note, we will publish the source code on that Trusted Operating Root. We will make sure that people have the opportunity to really go deep on that and kick the tires and know that what we're doing in there is what we say we are doing.

Re:Where trust comes from

[Jucius+Maximus]

"In short, this gives MS the right to run any binary they want on your system as root, invisible and unknowable to you or anyone else."

I told you so.

Re:Where trust comes from

[Alsee]

The sourse they publish will be useless.

First of all, what they publish will be the interface to the hardware. The important stuff will still be hidden down in the hardware, or up in the application.

Secondly the code will only work if it is signed my Microsoft. If you change a single bit the hardware will flag it as "untrusted" and lobotimize itself, as the MS-DRM-OS patent puts it, it will "renounce the trusted identity". Altered code will not work.

MPAA/RIAA will jump onboard and start offering locked content. Sales of the system will be diven by movies/audio only useable on "Palladium enabled" computers.

The system will be cracked, but it will require a student in a college lab scanning the data off of the hardware, or maybe someone in his garage hacking a new circuit into the motherboard. It will be the biggest hack-target in history. It wont last long.

-

No big shocker here.

[NetRanger]

I can see this kind of technology being abused to the 1,000th degree. Imagine software that would automatically use your previous usage data to force you to buy individual features that you use the most, the next time your annual subscription fee comes around? Or deleting all your home movies because they didn't carry a copyright tag, and thus could be illegal? Or finding the cops at your door because little Timmy downloaded his favorite song on MP3 or Ogg?

It seems that we, the mass public, are expected to give up the idea than when we buy something, it's ours. Now that even seems to include our hardware, not just our software.

Devices hostile to 3rd party peripherals

[AgTiger]

From the article:

> For example, some mobile phone vendors use challenge-response
> authentication to check that the phone battery is a genuine part
> rather than a clone - in which case, the phone will refuse to recharge
> it, and may even drain it as quickly as possible. Some
> printers authenticate their toner cartridges electronically;
> if you use a cheap substitute, the printer silently downgrades
> from 1200 dpi to 300 dpi.

I wonder if there's a list of printers and/or phones that perform in such a manner. I'm not sure if the law would deem such behavior as "anti-competitive", but I as a customer certainly find it so, as well as offensive.

Re:Devices hostile to 3rd party peripherals

[RobertAG]

I think that would depend on the engineering that went into the battery or the cartridge. You can always add some "features" to the consumable and take a patent out on it. You then license the consumable to different manufacturers.

In cases where the manufacturer holds a virtual monopoly over a widely used device, it would be expected that the consumer get a choice in buying spare parts. This was done to General Motors in the 1960's. At that time, GM held a HUGE market share, yet refused to allow anyone to manufacture spare auto parts (they owned or controlled all of their suppliers). That monopoly was broken up.

Re:Devices hostile to 3rd party peripherals

[FlynnMP3]

All kinds of various manufacturers are being more and more hostile to 3rd party products. No longer are consumer goods made for the good of the consumer. Mega advertising and money grubbing companies scramble for larger and larger slices of the economic pie. While at the same time those companies try and lock down their respective business models. It's a viscious cycle. It's capatalism run amuck.

My thought is one of these companies will over step the bounds and get sued. Oh wait..Microsoft already did and they are buying their freedom. God I feel good about America right now.

Re:Devices hostile to 3rd party peripherals

[Blue23]

I've got an Ericsson T21 mobile phone (or is it T28, I don't have it on me), and it has "optimized charging" for Ericsson batteries, and charges them much quicker then non-Ericsson batteries. Needless to say, this has turned me off from further Ericsson purchases.

=Blue(23)

MS is Silly

[YanceyAI]

The notion of hard-wired authentication rings alarms for conspiracists who sense a plot by which Microsoft might exert even more control over what kind of software could run on future computers. The Redmond behemoth dismisses such talk as silly.

Apparently the US government does not think it's silly. Nor did the judge in the case who ruled against them.

Re:MS is Silly

[jafuser]

"No one will necessarily, by design, have to call up Microsoft or the government to get authorization," Juarez said.

Yeah, because Microsoft has never required that before...

Is it just me, or did anyone else find it ironic that this guy's name is Juarez? (assuming a latin-american pronunciation)

Masters at work

[rant-mode-on]

Whilst Microsoft does not produce the most robust software in the world, they have repeatedly proven that they are masters of strategy and marketing. Getting into games consoles, PVRs and just about every other major electronic device that you use is just a prerequisit to being able to make this successful. Palladium is something to be feared.

No, it still won't work.

[Noryungi]

I can add at least one more reason this darn Palladium thingie won't work (for the previous reasons I mentioned, see the previous discussion on Palladium):

• Economics & the rule of profit.

Think about it for a second: a lot of people, though not the [MP|RI]AA, are going to be royally pissed off about this.

Therefore, they will be tempted to do something about it. So, we'll see one of these solutions:

• Clever hacks, designed to completely fool the Palladium/DRM solution into thinking some software/hardware combination is legit and acceptable. This is highly possible, given the fact that no secuity is foolproof, and the abysmal track record of Microsoftin security and stability.
• The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs. For instance: small computers, based on accepted -- and fairly open -- industry standards such as IDE, PCI, USB and ARM processors.
• The fact that somebody, somewhere is bound to remark that this whole Palladium thingie hurt sales, profits and image. When enough PC builders realize their mistakes, they'll backtrack faster than you can say "GNU/Linux kernel" back to non-DRM, non-Palladium (non-MS?) machines.
• All of the above!!

Finally, I think the US .gov could go along with this hare-brained scheme, but do you think the EU will? And what about most third-world countries who, even as we speak, are flocking to open-source solutions in droves?

Again: I believe M$ is just testing the waters here. It's probably either a marketing test balloon or vaporware, designed to please the US government in these post-9/11 times.

Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.

YMMV, IANAL, Standard::Disclaimer and so on and so forth.

Re:No, it still won't work.

[proj_2501]

In this case, I would hope that XESS makes a PCI version of their nice little FPGA boards in which to put this GNU hardware.

Re:No, it still won't work.

[sphealey]

The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs.

That might have worked in the 1970s or even 80s, when chipmaking systems had "reasonable" prices (say in the 50 million USD range), there were many companies making chips, and there was competition among microprocessors.

Today, chipmaking systems cost in the billions of USD. No one is going to start a garage shop to fabricate these things - they will have to come from established (read: large) manufacturers. Large companies are very susceptible to government pressure: "no DRM instructions in your new CPU? I guess we will have to cancel that big secret contract with the NSA, and also sic the SEC on your financial statements."

Similarly on the CPU side: Intel and AMD are really the only games in town now. Any new systems would have to "play ball" with one of those two. And again, as large organizations (in Intel's case with large US Government contracts) they will fall into line if pushed.

sPh

Re:No, it still won't work.

[Rogerborg]

• # Clever hacks, designed to completely fool the Palladium/DRM solution into thinking some software/hardware combination is legit and acceptable. This is highly possible,

Palladium is based on the patented Xbox method. The hack for that requires an expensive mod chip, a soldering iron, and a willingness to break your warranty and (arguably) the law in the form of the DMCA. That's pretty darn good security in practical terms, and it'll be better by 2006. This isn't some afterthought dongle, this is Palladium hardware that will only talk to the Palladium OS, and vice versa.

• # The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs

Bzzzt, wrong. Not enough market, and this won't open a niche, because Intel and AMD will sell expensive "server" versions that will run non-Palladium OS's (then expect to see sales licensed to "crack down on piracy"). But surely (I suspect you'll say) people will realise that it's better to support a cheaper and technically superior solution over a bloated expensive incumbent. Uh, right. Nobody every got sacked for buying IBM, goes the adage. Remind me, how is Transmeta doing these days? Still burning up the venture capital, right? OK, we can go to PPC, but that sinks one of the great strengths of Linux/BSD, that you can install it side by side with Redmond on your Intel/AMD system and see if you like it.

• I think the US .gov could go along with this hare-brained scheme, but do you think the EU will?

Er, yes. Or rather, I think that EU politicians will let it in, and then the EU courts will have to deal with it after the fact. You know, the way it always works. Third word? What's the interest in the third world? It's to increase the potential market. OK, but companies know that it's more expensive to recruit than to retain. It's way more efficient to lock in your high value customers than to spend money to try and persuade low value customers to join in. And once you're infected by Palladium, they've got you. You're never getting out. They don't have to win everywhere at once with this, they just need to start the ball rolling.

• Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.

Spurious assertion. First off, by 2006 Microsoft plan to have everyone - corporate and residential - on software-as-a-service plans, with automatic updates. And they'll simply stop offering anything other than Palladium. Then look at it from the point of view of risks and penalties. What's the cost of not signing up? It's guaranteed exclusion from the Palladium network. Initially, that means Microsoft, which means (depending how they want to play it) patches, fixes, MSN, MSDN, Microsoft Messenger, Hotmail, Passport, you name it. Then if just one of your big customers or partners switches, you have to switch, or lose them. I agree that it'll be hard for Microsoft to get the ball rolling on this, but when it starts, my god will it pick up momentum.

Maybe I'm being Chicken Little. Maybe you're being Pollyana. But the costs of me being right are a heck of a lot higher than the cost of you being right. I say we scream about this, and we scream about it now, before it has a chance to gather momentum.

Re:No, it still won't work.

[Noryungi]

Sorry, I have to disagree here: RISC chips could be the perfect answer to that problem.

One of the most successful chipmaker of all time is ARM. The first version of the ARM chip (a 16-bit RISC chip) was created by just two people, with no money, no help and no support from the main company (Acorn, at the time). If I remember well, these two people did not even have a lot of experience in chip design.

The great-grandchildren of this chip can now be found in millions of devices all over the world. iPaq, Nokia, HP, you name it: they all use it (even Palm, in its latest models).

Even when ARM1 came out, it was touted as more powerful than anything Intel had to offer at the time. It was also easier and cheaper to produce and consumed less power than all other CPU models.

And there are ARM clones out there, including one on Open Cores.org. Not that I think that desiging an ARM clone is necessarily good, just that that designing a cheap RISC CPU can be done.

So, designing a complete "GNU Hardware" system is possible, and it could even be a way of ditching the mess which is the PC architecture.

Think about it:

• No Palladium, no DRM, no Micro$oft. Ever.
• A new, open architecture, open CPU core, based on open standards and free for everyone to take, copy and reproduce.
• Your choice of operating system: Linux, NetBSD, OpenBSD, you name it. Plus, a huge amount of quality software that will stay free for ever, thanks to the GPL.
• Can't produce it in the US? Ask European firms! No luck? Try Taiwan, or China, or Korea or whatever.

Let's face it: some people (including me) would pay good money for a "no-Palladium" system. Especialy if I have no choice!

Operating Systems such as Linux are a commodity -- but a commodity that break M$ monopoly. I think it's time for the hardware itself to become a "free speech" comodity as well. And Palladium could push the Open Source community to do just that...

Re:No, it still won't work.

[pmz]

There are huge companies who dispise Microsoft and have their own fabrication plants. Texas Instruments is a long-time partner with Sun Microsystems, for example. IBM has mixed feelings about Microsoft and has their own factories. Taiwan is home to many chip makers, and they are considering open source software more and more. Many of these companies currently build whole computer systems without even a hint of Microsoft software of x86 hardware (I'm using such a computer right now, and it's wonderfully useful).

World-wide, Microsoft's plans will probably be an up-hill battle the entire way.

Re:No, it still won't work.

[Alsee]

Palladium can only work if every company joins the conspiracy.

You are underestimating the enemy. They have a workable plan for getting this crap into home computers. Initially you will lose nothing by including Palladium in a system. It may cost a few dollars, but M$ could subsidize that down to zero price difference if they like. That's how they'll get initial market penetration - no reason NOT to include Palladium.

It is going to be pushed as extra functionality. The new movies and music will only be useable on Palladium enhanced computers. Maybe even some new games. All the old stuff will still work (although they will disable all Palladium features as long as they are running).

After they have a certain marketshare they start shifting from "extra functionality" to "required functionality". Early Microsoft programs will have tempting options that "take advantage of extra palladium features", later Microsoft programs will require palladium for basic functionality.

Sorry, all patches now require Palladium support "for your own protection". Any patch needs to be done securely, right? You wouldn't want anyone to be able to sneak a virus in through the patch process, would you?

Clever hacks

Yes, but before any software hacks are possible someone is going to have to hack the hardware. It will happen, but it's going to be more invloved than usual. Not many hackers have the hardware to scan the circut layout on a chip. The good news is that there will be plenty of time for this before Pallaium hits a critical mass where they can make it a requirement.

-

Re:No, it still won't work.

[rseuhs]

Take that case and try to tell common user why this is bad and you'll understand difficulty of the job.

"No more mp3s, warez, moviez" - Easy to understand, easy to be against.

Microsoft will have a lot harder time telling the common user why this is a GOOD thing. And no, not all the money in Microsoft's basement invested in marketing will convince people.

Re:No, it still won't work.

[rseuhs]

Then if just one of your big customers or partners switches, you have to switch, or lose them.

Yes, and the one big partner/customer who does switch, will lose *ALL* their partners/supplyers, not only one.

You just perfectly illustrated why Palladium won't work.

Anyone notice the inherent similarities

[tony_gardner]

between this and biometric security methods. Very strong security. When the single layer is cracked, there is no backup mechanism, and resecuring and reverification of user are almost impossible.

Although, I guess if I had to choose between getting a new MOBO and new eyeball I'd pick the MOBO. Maybe this is Microsoft's attempt to be least-worst.

Palladium, Microsoft�s future?

[JonathanTWilson]

Palladium, Microsoft's future?

Palladium if it ever actually comes to pass is probably the biggest and most profitable enterprise Microsoft could ever possibly have imagined. Why? Secure software running on a secure platform. But what steps do you take to make this idea a reality?

A trusted hardware base. All hardware must meet certain operational standards that are set out by a central organization. For hardware to be "compatible" it must live up to the minimum of these standards. Similar to government regulated health and safety standards on all current hardware, but in this case software regulated. While this might not appear in Palladium version 1.00 it will definitely feature in its future, as all the big media companies want hardware copy protection.

All software needs to be certified by the above central organization. It wouldn't be out of the question for Microsoft to create an "external sub-company" to administer this side of the business and not seem like it's trying to be a monopoly. This new company would deal with Sun, Linux, Oracle, etc, in the same way it would deal with Microsoft. Why this might happen I'll explain later.

How will this software be certified? If a software company just uses any old computer language to create a binary, what will get certified the source code or the binary? This is an important question, how do you check that the software that's certified has no backdoors? As backdoors are the single biggest problem within a closed "secure" system.

Here is what I think Microsoft is making a play for:

The answer is a trusted programming language a.k.a .NET framework. Microsoft's new byte-code compilers (look's like Java might just have missed the boat). With a trusted compiler creating trusted byte-code running on a trusted computer. It now becomes possible to create different levels of certificates for different levels of access to computer hardware and personal data. In this way Microsoft will have completed their "finial software solution".

Microsoft is predominantly still a software-based company. While the IBM PC compatible hardware is Microsoft strong hold it's not the only hardware option. To a large extent Microsoft has won the desktop market. The only way they will lose it is if there's a change in the Client/Server (Desktop/Internet) relationship. Microsoft saw with Java how this relationship could change and Windows could become no more then a footstool for Java applications. If Java had become the programming language of choice for creating Desktop/Internet applications Windows would have become a very easily removed part of the equation. Enter all the dreams of the Net-PCs, a slimed down computer running cheap to free operating systems with a Java run-time on-top. Here's the twist. Microsoft liked the idea and with its power in the desktop arena knew it could succeed where Sun failed. Microsoft Windows might not be the flagship of Microsoft for much longer, as Palladium could become the software platform of the future. Two reason why I think this: 1) They could create a more "open" version of Windows knowing this would help them in their antitrust cases. But really knowing that all software by default will have to run under Palladium anyways. 2) Palladium will be run on all trusted hardware footprints (PC, Apple, etc). But Microsoft will use its power over the desktop market to implement Palladium through Windows. Once it has been accept as the standard that Microsoft believes it will be, demand from users of other hardware platforms to support Palladium will create the need for all client operating systems / hardware to support an implementation and because its all based on .NET byte-code this will not be a problem.

With this move Windows steps back becoming primarily a desktop only environment running Palladium for all import tasks. Windows users will still be able to play all their games and fun applications, which might not be trusted but Internet access and important data can only be accessed through Palladium. Windows would sandbox trusted and untrusted software apart. So at an operating system kernel level trusted and untrusted software runs differently. Plus with Microsoft changing its file system from FAT/NTFS to a Database system untrusted software wouldn't be able to get access to this partition, both at hardware and software levels.

Now the "external sub-company" suggested above would be used as follows: This company would be "external" from Microsoft, and Microsoft would sell its MS-Palladium investment to said new company, which just happens to have Bill Gates as its CEO and many other big shots involved. This new company (which for ease of reference will be called "New$oft") will be now responsible for managing all the NS-Palladium implementation with all hardware / software companies. This implementation will required backroom access to all operating systems source code, to double check that there are no loopholes in the security of an implementation. Companies like Sun and Apple to an extent will have to allow Newsoft access to their primary intellectual property. Newsoft will check that the operating system cannot do any damage to the secure Palladium.NET network. As for Linux, Newsoft will create its own GPL distribution and modified Kernel, which it obviously has control over. This is all perfectly legal as Newsoft gives away all the source code for NS-Linux free. But when purchasing NS-Linux a license fee is paid for the NS-Palladium subsystem. All Linux updates will have to come through Newsoft before becoming part of NS-Linux. This will hi-jack Linux and removing control of the Kernel from Mr. T to Newsoft. Linux will still be as popular as ever but the distribution of choice will be Newsoft's because of market compatible pressures.

Now to the finial piece of the puzzle. Palladium will control access to different data and software features through certificates. Companies creating software that will run on Palladium.Net will have to get certified for developing different types of software. Meaning, not only will the source code be certified the companies that create the code will also have to be certified if they want their application have access to certain user data. This way only trusted companies will be allowed on the trusted Palladium.Net network. But the only way to create the byte-code is by using the Microsoft's Studio.Net tools. The byte-code that is created will have to adhere to standards that can easily be parsed for backdoors or loopholes. This way the certification of the binary process becomes a simple automated matter of checking the company's certificate permissions against what the binary byte-code is programmed to do. If the binary byte-code operates within the limits of the company's certificate we have a trusted program. This could even be applied to things like Palladium-Word macros, Palladium-emails to stop spam, the list of possibility is endless.

So to recap. All computer hardware is updated to have a Palladium microchip. The operating system has been updated to run Palladium's run-time byte-code. All software and software companies have been certified by Newsoft to be trusted. Linux is just another pawn in Newsoft's game of secure chess. Call this farfetched if you wish, but in Bill Gates wallet beside the picture of his children is a copy of this plan which he looks at daily, and smiles :)

a million times: no.

[denttford]

"Palladium is all about deciding what's trustworthy. It not only lets your computer know that you're you..."

I refuse to have my computer settle any existential problems before I do.

Especially when running software sold by the pasty white guy with a red light on his head.

If if changes the Unix/Linux security model, fine

[duffbeer703]

The whole concept of having a "root" super-user who can so anything and everything erases whatever security models we erect.

If this Palladium project encourages general-purpose Unix to move towards a more trusted model with ACLs and other features, then it is a good thing for all of us.

Hardware based security is bunk

[EvilTwinSkippy]

So how preciesly are are supposed to know, across a network, that the signals you are recieving come from a chip or come from a piece of software emulating a chip?

And how do you patch hardware when you find, 6 months in, that there is a flaw? This is a giant step backward in technology, designed to make people go out an buy yet more useless crap for their computers.

Re:Hardware based security is bunk

[AcidDan]

This is a giant step backward in technology, designed to make people go out an buy yet more useless crap for their computers.

I remember a motto from years ago by the Pompey Pirates (gotta love the Atari ST):

"Dongles won't beat us!"

-- Dan =)

Re:Hardware based security is bunk

[Wesley+Felter]

...either the devices are going to share a key (total compromise the first time it is cracked) or there will have to be a huge database containing the public keys for all of the devices...

Or during manufacturing each PC maker will sign each device's public key, storing the signature in the device. Then you don't need a giant database.

guess

[jukal]

Something like this takes place,but:

1. The PKI spec and reference implementantion is public.
2. PKI chips are manufactured my multiple 3rd parties.
3. The validation to get your keys will be done by trusted third parties.
4. Nothing changes. In the beginning, things might be easier for those running Windows.

The world is not dumb enough anymore to be fooled by MS, it does not have ultimate control anymore, they are under pressure from many directions in which an OS is used(mobile terminals, embedded devices, consoles, desktop computers, servers) - all of these have multiple serious contenders now with differing interests. No one is strong enough to kill everyone else.

Invisible hand

[Dilbert_]

I think the market is silently going to take care of this. Would you rather buy an intentionally crippled product, or an 'open' competing product? Yeah, they might make those illegal in the US, but the rest of the world won't follow, so there will always be a steady supply of 'open' hardware (which will probably be cheaper, too). After which the American industry will scream bloody murder because of the unfair competitive advantage of foreign corporations using all this open stuff. Then they will buy some senators to overturn this initiative, and all wil be well...

Or so I hope.

Re:Invisible hand

[big.ears]

Would you rather buy an intentionally crippled product, or an 'open' competing product?

Well, when one of them will run my operating system of choice, and the other one won't, it is an easy decision.

Luckily, my operating system of choice runs on the open product. Unluckily, the silent hand is wielded by the 95% of people whose OS of choice will probably only run on the closed hardware.

Re:Invisible hand

[slow_flight]

the rest of the world won't follow, so there will always be a steady supply of 'open' hardware (which will probably be cheaper, too). After which the American industry will scream bloody murder because of the unfair competitive advantage of foreign corporations using all this open stuff.

This will not result in the removal of the crippled products, it will result in tariffs on the imports. The open hardware may be available, but it will be available only via the black market.

Re:Invisible hand

[Dilbert_]

This will not result in the removal of the crippled products, it will result in tariffs on the imports. The open hardware may be available, but it will be available only via the black market.

Which would then lead to counter-tarrifs, and a full scale trade war. Would the US government want to risk that just to please the RIAA and Microsoft? I think the farmers, the steel workers and the car industry would go nuts!

Re:Invisible hand

[Anarchofascist]

"I think the market is silently going to take care of this. Would you rather buy an intentionally crippled product, or an 'open' competing product? "

They're going to let you switch it off. However, if you switch it off, you wont be able to generate or use "trusted" content, and if 80% of people do not accept your "untrusted" content (with a little help from some cunningly-worded MS error messages), you're up shit creek (to use a common engineering term).

The carrot will be Hollywood DRM content, and the stick will be in creating the perception that MP3s, Oggs and Linux are in some way "untrusted".

Re:Invisible hand

[mperrin]

The carrot will be Hollywood DRM content, and the stick will be in creating the perception that MP3s, Oggs and Linux are in some way "untrusted".

Nah. Hollywood's lost already, at least as far as public opinion goes. Sure, they're doing a hell of a lot of lobbying, but that isn't stopping
thirty million teenagers from swapping MP3s. Those thirty million aren't going to want to lose the ability to play their music where and when they want to, on whatever hardware they want to. Anything that moves in that direction is going to be a complete non-starter in the retail commercial world.

The Cartel Problem

[xtal]

Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.

This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart. Initially, people might go for it. When an economic disadvantage is passed on to consumers - designing this, after all, isn't free, and developers who can't or won't pay the fees required to have their code "Certified" will be unable to develop for that market - and consumers of Palladium PC's will be unable to use their wares.

This will result in a incentive for a manufacturer of CPUs or motherboards to produce a non-Palladium product. People will move to those platforms for a variety of reasons, producing an incentive to produce non-palladium products, springing up a non-MS taxed industry. It probably would motivate a lot of busy people like me to start working on GPL products to fight against the mark of the beast. Sooner or later though, a hardware manufacturer will spring up to produce hardware to meet the demand. That's inevitable.

This, frankly, sickens me to think about. I'll become physically ill if Apple announces they're going to soil their OS X and Powerbooks with this platform.

Re:The Cartel Problem

[slow_flight]

This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart.

Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC? It may not have the strength it used to, but it still has a tremendous amount of control over oil pricing. I hope you're right on this one, but it's not a given.

Re:The Cartel Problem

[pmz]

Cartels like the diamond industry?

Learning about the diamond industry pissed me off enough that I will never buy another diamond. Microsoft is no different. If they get their way, where I can not choose how to develop and distribute software, then I will probably find a new career. It'll be hard to find one not dependent on Microsoft software, but I'll try.

Re:The Cartel Problem

[xtal]

No problem with software DRM. Click click off. Doesn't affect me doing work. Hardwre DRM that verifies code is a competely different bag of hammers.

Re:on a more serious note

[justsomebody]

Yes, and as it seems based on the article, Intel is making another mistake (AMD is in MS posession (or influence) already so AMD is forced).

Let's say, in my case Intel will lost 200-300 (all what's possible Intel) PCs yearly. but then again I'm only one. I will just move my bussines to first quality non-DRM platform (and if that's Apple than Apple it will be (god I'm proud I wanted my bussines as platform independant as possible)).

But to state my case more clearly, if there is 1000 resellers as I am, it will be a significant market loss. Anyone remember CPU number?

definitions of Security

[Alien54]

Note that propaganda can be accomplished by redefining terms to your advantadge.

Thus we can get an internal Microsoft definiition of Security:

making the world safe for Microsoft or a means by which competition to Microsoft can be locked out.

yeh, this is cynical. don't know where I would get such an attitude. maybe I should change my brand of coffee.

being able to trace the source on something means responsibility can be assigned.

Probably the features should be availble with the default setting of these features turned off.

I also imagine that such features would be spoofable, somehow.

[shrug]

Re:If if changes the Unix/Linux security model, fi

[duffbeer703]

That is simply wrong.

In Windows you want to read a file whose access is denied to only a limited group of people, even having administrative access doesn't allow that. You must take ownership of the file, and generally admins are not given that privledge.

In the non-trusted Unix world, root can do anything anytime. It has alot to to with network security because any sysadmin or anyone with access to a sysadmin has the ability to usurup the security model and do whatever they wish.

Call me paranoid...

[Elledan]

It almost seems like the big companies are doing everything they can to make Orwell's book "[i]Nineteen Eigthy-Four[/i]" come true. They want to total control over what everyone does with their copy of some software, music or a movie. It'll be only a matter of time before some big company proposes tracking every single individual in a country. Hang on, I seem to recall this already having been proposed in a similar form...

So, what are we going to decide? Will we allow the big companies (the 'Party') to take away all of our freedoms one by one? Today fair-use, tomorrow anonymity?

It sounds to me like this would be the ideal time to use the united force of all people around the world who value their freedom to fight the sickening proposals being made by those who stand above the possible effects of their ideas.

Certainly, this technology might be useful in certain situations, but it should never be used to limit the freedom of the individual.
Are we willing to sacrifice our freedom for the sake of the profits of the 'entertainment' industry? It would hardly surprise me if after a successful introduction of TCPA, the number of sold CDs/movies and the profits made on movies in theatres would rapidly decrease, instead of rise, like they did before the introduction of TCPA (profits made by the entertainment industry has continued to rise in the past few years, despite the doubling of the number of sold illegal CDs and the exponentially growth of P2P software over 2001).

I propose that we, the people, make our final stand here and let utter defeat be the fate of our opponent(s).

And the Antitrust trial is even over yet.

[crovira]

That takes "cojones". Does he think everybody's an idiot?

I hope CKK kicks Gates in the "cojones." :-)

If I were an MS employee

[truthsearch]

If I thought this was a good idea and I worked as head of this project, I would compensate for the points your making. This plan is so large that they must have thought this through. I would get the manufacturing companies on my side, get the hardware and write the software, but only activate a small portion, probably just multimedia DRM. That could be used as the initial focus. If this were pulled off well and accepted, then I'd start to turn on everything else, like only running "authorized code" and such.

So if they want to get this adopted and in use - below the radar if possible - they have to do it very slowly. Get the stuff out there and then launch BigBrother.exe (or actually, bigbro~1.exe).

Re:If I were an MS employee

[tony_gardner]

It's like the security scheme for credit cards though. If one person compromises Palladium on your computer, you need to change all your identifiers. Otherwise you have the problem of identifying falsely authourised code amongst the legitimately authorised code already there. Then you're exactly back to where we are now, running virus scanners and firewalls, except the user has forked out money for a security scheme which doesn't work.

Re:If I were an MS employee

[pmz]

This plan is so large that they must have thought this through.

Fallacy. There is no reason to believe they aren't just blinded by their egos and a huge marketing budget.

Interesting piece of FUD

[bertok]

I've noticed one particularly transparent piece of FUD in the propoganda released by Microsoft: They claim that Palladium will eliminate SPAM. This is totally false, it cannot possibly prevent SPAM any better than existing technological solutions. The press release doesn't give a lot of technical details, but based on the wording and the nature of DRM/Crypto technology, it seems that Palladium can do one of two things:

• Automatically drop incoming mail not cryptographically signed by a user in the address book of the recipient.
• Only allow mail from users in Microsoft's Passport database. Spammers are simply removed from the database, preventing them sending mail to Palladium protected machines.

The first method is similar to what ICQ-like programs do, but ICQ was not designed to facilitate one-off messages from unexpected people. For example, all businesses have to have "open" email addresses, as do a lot of other people, including students and faculty, and so forth.

The second method might seem superior at first glance, but requires perfect security in both the central database and every client machine that stores a digital ID locally. I think that that is going to be most unlikely. We all know that spammers will find it all too easy to create fake IDs, steal the IDs of innocent home users who think a firewall is a sheet of insulation used to stop a fire in a building, and generally make a mockery of Palladium.

How hard is the authorization to hack?

[MongooseCN]

It says Palladium will only run "authorized" applications. How hard is it going to be to hack the authorization code into any Open Source program? Maybe someone can make an authorization library anyone can include in their project.

I'm sure some hacker will figure it out.

disobey the law!

[kipple]

palladium CAN definitively be circumvented. Maybe a mod chip will be required to avoid querying the palladium chip, but it's just hardware. A few days ago I posted a comment here on slashdot, which generated a nice amount of discussion about that.

I understand now that if it's about public key cryptography on the chip it will definitively be a tough job to circumvent it. But it has to be done, no matter if it's illegal under the DMCA.

Some 30 years ago it was illegal for people with skin color different from white to sit in front of a bus. It was the law. Was it right to obey that law?

Mod me down as a troll, mod me down as useless. But I say that it is time to embrace our cyber weapons, our mind, our smartness, and fight out all those absurd laws - by disobeying it. No reason to fight back, definitively not in a court. The best ways to do that are:

• don't buy motherboards with palladium chips on it
• advise your company not to buy any more microsoft products; instead, to donate a tenth of what they would pay microsoft to open source developers to improve GPL-based software.
• boycott Microsoft: don't buy their products, or if they are required, give them away for free. USE COPIES, make them loss revenue on that. Yes it's illegal. But they cannot be stopped legally.
• use your brain to find new, better ways to circumvent their protections: being that an 'activation code' or any authoritative chip itself

I know I do sound trollish, but I do firmly think it's time to fight back against that. A law is supposed to protect the people - not the corporations!

last thought - if Palladium gets introduced in the US, and all vendors apply it, and the DMCA makes it illegal to circumvent it... do you, GNU users in the United States of America, really want those laws to block your creativity and your freedom? Do you know that other countries will probably not introduce anything like the DMCA, nor implement Palladium? Do you really want to be left alone in a world that will improve GNU systems, stuck on stupid law questions?

Now flame me.

The obvious hole

[Shillo]

The entire system, even with Fritz in the CPU, absolutely depends on the single private key: The one required by Fritz to boot the machine. And there is another key, the one used to sign the trusted software.

Frankly, I think it HIGHLY unlikely that one of these keys won't be uncovered, either by an insider or by a large distributted cracking project. And once a key is out, ALL THE MACHINES CAN USE IT TO BYPASS PALLADIUM.

Nuff said.

--

Re:The obvious hole

[jafuser]

Did you read the article? That key will be disabled. Not to mention that they can run arbitrary code on all Pd-compliant machines, allowing them to "fix" the problem remotely on any "infected" machine.

Re:The obvious hole

[jafuser]

Right, but if your only intention is to disable Pd in order to have an "open" system, you should just put together a non-Pd system from the beginning (or disable it). Then you can still install linux or Win2K or whatever, but you won't get access to any software which requires an active, authorized key.

Am I missing something?

[mark-t]

MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.

... and emminently unprogrammable, in the common meaning of the word that it has had since the dawn of computer science. It appears Microsoft has completely forgotten what actually has made computers as powerful as they are. My gut tells me that this too shall pass.

Olympus SmartMedia

[_|()|\|]

I've heard that some Olympus cameras only enable certain features (QuickTime flipbook, maybe?) if the SmartMedia card has an Olympus ID.

Re:Olympus SmartMedia

[GroovBird]

This is true.

I have an Olympus C2000Z with a panorama feature, which can only be accessed if I insert a Smartmedia card from Olympus with this feature enabled.

I recently purchased a new smartmedia card of 128MB from a white brand, and the feature is unavailable with this card. It *may* have to do with vendor lock-in, but it may also be that those Smartmedia cards have a special (read: more expensive) feature of providing more temporary storage or something.

Re:Olympus SmartMedia

[SkeptiNerd75]

The Olympus cards are special, all right. In price, that is, but not in technology. If you overwrite the header on generic smartmedia with an Olympus header, your camera will enable the panoramic feature. See this page, for example.

Re:Olympus SmartMedia

[e40]

If the smarts are in the card to do panoramic then they did this intentionally to lock out other SmartMedia. If so, there was no reason to implement their system in this way, except to screw competitors.

Re:Olympus SmartMedia

[Ben+Hutchings]

Since that site's over-quota, try Google's cached copy instead.

Re:Flattening

[tshoppa]

serialize the data to plain ascii. I assume no software can restrict taking stuff out of binary documents, and then sending that flat data to a friend

The Fritz chip will prevent any non-[MS|RIAA|MPAA]-approved software from accessing a protected document. And in the Palladium/Fritz scheme, to get [MS|RIAA|MPAA] approval the application will not be allowed to have a useful "save" option.

Of course, maybe all you need is a single "buggy" but approved application to get around all this.

Another way would be to digitize the video or audio coming out of your PC, but after the MPAA makes owning or building unrestricted A/D converters illegal this won't be an option. (Except to those of us who know how to build A/D converters out of stone knives and bearskins and live in the underground economy).

Intel Serial Number Deja vu?

[redelm]

Hasn't this sort of hardware solution cratered dismally just recently? How does Palladium differ from Intel's Pentium!!! serial number debacle?

Why does Bin Gates think his effort will fly when Intel's didn't? People just won't buy his stuff any more than they did Intel's! This is a market economy -- people vote with their dollars [euros,yen,etc].

And we all know what happened to the Trojans

[tibbetts]

I almost spewed up my iced mocha latté when I read the opening paragraph of the article:

In ancient Troy stood the Palladium, a statue of the goddess Athena. Legend has it that the safety of the city depended on that icon's preservation.

Even someone with the most rudimentary liberal arts education knows what happened to Troy and the Trojans, right? No? Well, here are the relevant parts of Homer's Iliad and Vergil's Aeneid boiled down into one paragraph:

The Greeks went to war against the Trojans because one of their kings' wife, Helen, skipped town to hop in the sack with a Trojan prince. The war went on for about ten years or so with no clear victory in sight for either side. Finally, however, the Greek soldier Odysseus (a.k.a. Ulysses) hatched a clever plan--the Greeks would build a huge, wheeled wooden horse and offer it to the Trojans as a sign of surrender. Unbeknownst to the Trojans, however, Odysseus and a crack team of Greek soldiers would be holed up in the horse's body. Lo and behold, the Trojans accepted the horse and opened the gates to let it in. That night, Odysseus and his posse got down and started kicking some serious Trojan ass from inside the city. In fact, the shrine of Pallas Athena (the Palladium in question) was where the Trojan king Priam and his remaining family members took refuge. But it didn't matter; the Greeks came in and slaughtered them.

Three thousand-odd years later, the term "Trojan horse" has taken on a special meaning in tech jargon. Perhaps whichever marketing dweeb at Microsoft came up with the name "Palladium" for a security product should have paid more attention in that world literature class.

(As a side note, with this story in mind, using the brand name "Trojan" for security tool of a different sort is also ironic.)

Re:Palladium, Microsoft?s future?

[WolfWithoutAClause]

Call this farfetched if you wish, but in Bill Gates wallet beside the picture of his children is a copy of this plan which he looks at daily, and smiles :)

That is farfetched. I'm sure he doesn't have pictures of his children there; probably a calculator that calculates his net worth in terms of how many people he can buy with it.

Ignore them and you'll vanish

[SEWilco]

Well, he said that they build their own machines, therefore they won't "buy a new pc". But when TCPA is in all motherboards/processors, all those machines (if the BIOS allows them to boot) will report they are not TCPA-compliant.

So even if they put a TCPA-compliant Linux on that hardware, because that hardware mix is not approved then they won't be able to use TCPA-restricted services. They won't be able to communicate with TCPA-locked clients and suppliers.

Even if they buy TCPA-compliant boxes with TCPA-crippled Linux, they will have to run only TCPA-approved applications. A TCPA-approved application can not trust data from a non-approved application (or else the app is at risk of being damaged/subverted by the data -- a buffer overflow or other attack can make an app do unapproved things). So they can't have TCPA apps read the output from custom programs, and can't create services for clients which involve their own unapproved software.

Absolutely Right

[FreeUser]

Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC?

Absolutely right.

Then, lets not forget cartels like the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), who have successfully lobbied for and purchased legislation to enshrine their oligarchy into US law.

These are the very people who are pushing for this sort of nonsense, and a software monopoly as a result would be fine with them (indeed, perhaps even preferable to a free market, since it is only one point of pressure/influence they would require).

We are absolutely kidding ourselves if we do not think this is a serious threat to Free Software, the GPL, and our very freedom as human beings.

Comment removed

[account_deleted]

Comment removed based on user account deletion

The GPL applies to opening the SOURCE code.

[crovira]

The SOURCE code which shouldn't be in a vulnerable place on the server anyway.

They belong and should reside on development machines and on distribution servers which us MD5 to verify the veradicity of the sacrosanct code. Like they do now!

If M$ minions think that this will give them a lever to oust the Linux community, they'd better look again. If they think somebody will hand them the keys to the kingdom and say sure, you decide who we should trust, when nobody trusts them, they must be listening only to their own lawyers argue at the anti-trust trial.

The http protocols are open source. The whole infrastructure is open-source.

Unix/Linux servers number in the millions and serve over half the web.

There are 25,000,000 Mac OS 6..9.x and X users out there. There are 25,000,000 Unix and Linux boxes out there. As much as M$ might want to try, they can't balkanize the 'Net that way. There is NO posible excuse for suddenly locking out 50 million users.

Nobody's gonna buy it. The class-action lawsuits, the criminal investigations, will begin before we even have a total count of the clients, servers and hosts.

Too many systems would suddenly go missing for it to go unnoticed. You can't sneak this one under the radar and hope the Justice Department won't notice.

This is not something that businesses and politicians can rally around. Specially given the fact that it would be so fuckin' obvious that not even a lawyer could deny it. Well okay. Maybe a lawyer could deny it, they can deny that the earth goes around the sun, but getting a judge to buy that argument would be a real stretch.

That would launch an anti-trust suit by prople with serious weaponry since many the many police and military sites would suddenly become unreachable. And when these people don't trust you, they tend to shoot.

Redmond might not become a smoking crater but it would certainly become a ghost town.

Re:If if changes the Unix/Linux security model, fi

[duffbeer703]

In a standalone environment, there is a super-user for each machine.

In a Domain, you can assign user privledges to whatever level of detail you require.

Is a VIRTUAL MACHINE the answer???

[RobertAG]

Suppose you want to bypass the whole thing by setting up a virtual machine to run your very own user environment? The virtual machine COULD be registered with the "thought police," but the apps it run need not be.

Within a virtual machine, you could run and store whatever file formats you want, and it would be transparent to the host operating system.

You could run one virtual machine or a host of them, depending on your needs or desires.

Stuff that comes to mind immediately is the Java VM and VMWARE. With both or those, the host operating system (and hardware) has NO idea what you're doing. In fact, I used to run Windows 2000 within a VMWARE session (under Linux) because that configuration was more stable than running Windows on the hardware alone.

This amounts to using Paladium precisely for what is was designed to do. The fact that you can run the world's largest trojan horse under it means nothing, for all it would see is a large program.

What Microsoft is forgetting...

[wunderhorn1]

So the name "Palladium" comes from the statue of Pallas, which stood outside and protected the city of Troy in Hellenic times.

But what was the easiest way attackers ever took down Troy?

The trojan horse.

Comment removed

[account_deleted]

Comment removed based on user account deletion

how long..

[Suppafly]

...until you need to buy pc modchips from shaddy overseas vendors just to accomplish the tasks we already take for granted.

Re:Damn Him

[fireproof]

Senator Fritz Hollings IS NOT from North Carolina, but is from South Carolina. (Yes, I know you were quoting from the story -- this is for the benefit of everyone who doesn't read the stories)

We've got our share of problems in NC, but please don't blame somebody else's on us too!

The natural direction

[Aceticon]

Let's develop this even further ...

I look at this problem as a question of stable/unstable systems - think the physical world:

- A ball at the top of a hill is an unstable system - any disturbance will make the ball roll down the hill. To keep the ball on the top of the hill for a long period of time, one needs to frequently provide energy so that the ball stays/goes back to the top of the hill.
- A ball at the bottom of a valey is an stable system - the ball will only get out from the valey in case of a major disturbance. For small disturbances the system is self-correcting - the ball tends to roll back to the bottom of the valey.

So - social systems can also be stable or unstable. An example:
- A bunch of kids left alone in a room with a pile of candy. They are told by a grownup that if they get the candy something bad will happen, and then the grownup leaves. Now, one kid gets the nerve and goes and gets a candy. Nothing happens. Then another one. Still nothing. The another and another and another. This is an unstable social system - the candy won't last long.

Back to our problem (finally). I believe this is an unstable system. My reasoning is as follows:
a) From the side of hardware manufacturers:
- Any hardware DRM implementation will be more costly than a non-DRM implementation. At the very least, more space will be needed in the CPU, which means a bigger die, which means a more expensive CPU (the bigger the die the more likelly it is it has some failures, meaning less working chips per wafer meaning less more money per chip).
- Inicially the majority of the software out there will not require Paladium/DRM. Only new programs might require that.
- Thus (at least in the beginning), machines without Paladium support will be both cheaper and suitable for the biggest majority of software/consumers (thus having a competitive advantage). This makes it very tempting for hardware manufacturers to NOT produce Paladium-compatible machines.

b) From the the side of software producers:
- A Paladium/DRM license costs money. Implementing software which requires Paladium/DRM is thus more expensive than non-Paladium-compliant software.
- Similarly to the hardware side - in the beginning, the majority of machines will not have Paladium support. In order to reach a sizeable portion of the market, the software must thus support non-Paladium-compliant hardware.
- Thus software producers that want to reach the biggest portion of the market will either produce non-Paladium compliant software or software that will work in non-Paladium compliant machines.

Puting it all together:
a) Hardware manufacturers will have a competitive advantage in manufaturing non-Paladium-compliant machines (cheaper and work with almost all software)
b) Software producers will have a competitive advantage in producing software that works with non-Paladium compliant machines (the majority of the market) or even non-Paladium-compliant software (which has the aditional advantage of not requiring a Paladium license).

As i see it, the current situation is a stable situation. A great deal of energy (read money) must be spend in order to change the status-quo. Software developers need to be convinced (as in paid) to do Paladium-only software while hardware manufacturers have to be convinced (again paid) to develop Paladum-compliant machines.
The temptantion for software producers or hardware manufacturers to put out products that do not require Paladium will be huge given that any one that does so will have a competitive advantage (which will translate to more market share) in relation to the ones that remain Paladium-only compliant.
As soon as one company leaves the pack and starts increasing their market share others will have to leave too in order to stay competitive.

The only way to avoid this would be if all consumers would at the same time change all their machines and software to be Paladium-compliant. In a Paladium only world there is no market for non-Paladium machines or software.

Re:The natural direction

[jafuser]

- Inicially the majority of the software out there will not require Paladium/DRM. Only new programs might require that.

1. A new program is released on the net (say Windows Media Player 9). The ??AA companies, now confident of the security of Pd, dump tons of high quality material onto the net, served up by this application.
2. Non-Pd authorized users can see small, low-quality preview clips of this material, but Pd-compliant systems will play all of this free media in complete detail, at highest quality.
3. The software constantly bombards the user to upgrade to a Pd system to get access to tons of free, current full-length media. Users hear from their early-adopter friends that it's "so awesome" and that they got to watch the newest Britney Spears movie right from their home PC, only one month after it came out in the theatre "!!"...
4. The sheep flock in masses to buy Pd-compliant systems so they can all experience the full-length (instead of preview) movies and songs for free.
5. (a year later) The majority now own Pd-compliant systems, all enjoying the wealth of free media being given so generously by the ??AA's. It's like the napster days all over again, except it's so much easier, more reliable, and it's all high quality.
6. The ??AA's pull the plug. All full-length media is shutdown. Now you must pay $3.99 to view any movie, and $2.99 to purchase a song.
7. The addicted masses fork over all of their money to the ??AA's so they can continue to experience what they had become so addicted to.
8. Some people may not give in, but they will be in the minority.
9. Everyone lives happily ever after... err.. well the ??AA executives do anyway..

Re:The natural direction

[CProgrammer98]

That's exactly how Sky suckered a lot of people into satelite TV in the mid 90's. Buy this system, and you get aaaaaaall these channels for free. Just about everything except sports and movies. A couple of years later, they packaged them all into groups and you had to start forking over extra £££s to get the channels you'd been used to. B*stards.

Re:The natural direction

[jafuser]

It's not much different from your everyday streetcorner drug dealer. :)

Re:The natural direction

[Aceticon]

You're assuming that most people (including people outside the US) would be willing to fork $500+ for a new PC whose only added benefict (over their previous system) would be the ability to play clips of a slightly beter quality than the ones you can get for free via P2P networks (and with no guarantee that they could continue to do so in the future).

And we're only talking about audio here - the market penetration of broadband is still below 10% (plus market adoption rates are still very low - maybe 1.5%/year), which rules out video as a killer application.

My whole theory is that as long as there is a big enough number of non-Pd machines out there (let's say 50%) then non-Pd software will be produced and at the same time while there is a big enough number of non-Pd software out there then non-Pd machines will be manufactured and sold - it's a self-sustaining cycle, a stable system.

Another example - think of the time that took to adopt CDs over LPs (they're still selling LPs). This was a situation in which the new technology had visible advantages (lower storage requirements, bigger resitence to damage, faster seek time, authomatic handling) plus the systems that were put out continued to support the old technology (Hi-Fi systems came out with an LP player for a long time after CDs were introduced).

Compare this with the Paladium system - the software does just about the same only it it doesn't work in most machines. The hardware does almost the same (it can additionally run Pd-compliant software) only it's more expensive. Above all, in the PC world one has to consider that contrary to Hi-Fis, PCs are general purpose machines that run all types of applications - meaning that most people have an interest to continue to run many applications that have nothing at all to do with media playing, meaning that Pd machines must still support non-Pd software.

I don't think they can pull it off

[dcavanaugh]

The whole Palladium concept relies on trust and cooperation between hardware and software vendors. If there is one company that should not be leading a project like this, it's Microsoft. How long will it be before the anti-GPL features of Palladium are redirected against Microsoft's competitors? Are the non-M$ software companies really that stupid? How long before certain hardware manufacturers achieve "most favored" status at the expense of their competitors? Considering how the "M$ trust deficit" helped kill Hailstorm, I wonder how they think something like Palladium will fly.

The only sure winner in this scheme is Microsoft, and for that reason alone, the rest of the industry has to rally against it. If this ever comes to pass, I can think of more than a few software companies that I can short-sell as part of my "Palladium early retirement" plan.

Maybe that's how to kill Palladium. Have some geek-friendly organization develop the "Palladium 500", a list of 500 companies that may be hurt by Palladium, so as to trigger a short-selling festival if this nonsense ever gets off the ground. The mere existance of such a list would serve as a wake up call to those who are in a better position to help with the political and financial issues. Believe me, any CEO whose company is on a list of targeted short-sellers is going to scream loudly. Would you buy stock in a high-tech company if a bunch of geeks was preparing to sell short? The beauty of this plan is that no one has to actually short any of the stocks, the mere existance of a list would do the trick.

better transactions?

[devonbowen]

"A lot of it comes down to the fact that consumer just don't feel secure using the Internet for their critical transactions," Douglas said. "Gates has realized that unless trust can be built into these systems, the ultimate abilities of the Internet are never going to be realized."

I don't see what any of this has to do with people trusting the internet for transactions. How can I trust my transactions any more than I can trust it now with an SSL based system? Ok, so under Palladium I would know that my Netscape binary has been reviewed and was trusted. But I pretty much believe that already. That's not the reason people don't trust internet transactions.

One thing I find interesting about this proposal is that it requires some level of code review before release of any software. All source would need to be submitted to a third party to ensure that the code can be trusted. That sounds like quite a mess to me.

Devon

Palladium, Microsoft�s future. I hope so.

[crovira]

Unique IDs went over real good when Intel tried a few years ago.

As for M$ having wont the desk-top battle. There are 50 million machines opned by people who WANTED to buy them rather that the 250 million machines bought by people who were'nt using them, looking for the >st ROI and st cost.

Linux is gaining %-age in the flat desktop market and that's coming out of M$s %-age.

The web sever market is definitely not IIS.

There's 25,000,000 Mac users out there and they bough their machines because they wanted it.

There's 25,000,000 Linux users out there and they bough their machines because they wanted it.

There's 250,000,000 M$ users out there and the machine was bought by the company they work for because it was cheaper, not easier to use or better.

Palladium (a toxic metal and a mythical calamity ending in the sac or Troy,) is based on trust.

Given the hunk of Swiss cheese that M$ has created and shilled all these years, would YOU trust them?

No, no, no

[Lysander+Luddite]

The Palladium system will not rely on a single security system. It will use a variety of techniques for securing access - hardware and software. This not only increases the security aspect but allows vendors and content creators to choose from a list of what they want to use.

I think MS has learned that their reputation preceeds them in the content creation industry and will do what it takes to gain that trust.

Comment removed

[account_deleted]

Comment removed based on user account deletion

How are Microsoft experts?

[alexhmit01]

They have failed, miserably, in the PVR market. They have failed, miserably, in the game console market... twice (WinCE in the Dreamcast, Xbox). They have failed, miserably, in the personal accounting market (Intuit has repeatedly cleaned their clocks). Their entrance into the handheld market has been anything BUT a runaway success, though they leveraged confusion at Palm to grab a nice chunk of the market.

They have 4 major successes. They took the OS monopoly granted them by IBM (as a result of IBM facing an antitrust suit) and built a successful empire. They leveraged internal knowledge of "Chicago," (Windows 4.0/95) to get Office 95 on release and establish a near monopoly on desktop office suites. They leveraged their OS and finances to establish a near monopoly of Internet web browsers. They also used financial muscle to clip Borland off at the knees and establish a near monopoly in development software.

However, in the cases of their successes, they really leveraged a critical mistake by their competition. Even NT Server's rise was a combination of marketing and boneheaded moves by Novell. Novell has let everyone believe that they are dead, so NT ate a lot of their market. Linux is now a huge portion of the market.

I really don't understand why everyone believes that Microsoft is invincible. Look at how WordPerfect, Netscape, and Novell dropped the ball. Also look at how Apple dropped the ball.

Microsoft is great at release early and release often. They put out near beta code quickly to establish a beachhead. They then keep running at you, hard. Fail to innovate (Netscape and Real) and they will clobber you. Keep running ahead, and you can be the Intuit of the world.

Microsoft has a LOT of failures. MS SQL Server has NOT defeated Oracle and DB2 for the Enterprise "mass" market of databases. MS SQL Server gets most of its success from MS Shops that web deploy apps with VBScript ASPs. Low end web publishing uses MySQL+PHP, while the higher end does Java+JSP+Oracle. Those of us in the technically complex world without the heavy Enterprise backing do either PHP (or Perl) with PostgreSQL in the Unix camp OR ASP with MS SQL in the NT camp.

MSN has never defeated AOL, despite its early predictions (and 7 years of being pushed in MS's monopoly Oses). You're insane if you think that Xbox is competitive with the PS2 or Game Boy Advanced. It has been running even with Nintendo's Gamecube in 1 of the 3 major markets (trounced in two others) while Nintendo hasn't released a major title yet.

UltimateTV was a total flop. There are lots of failures, not just Microsoft Bob.

Get a grip people,
Alex

Re:How are Microsoft experts?

[JamieF]

Microsoft has discontinued its UltimateTV hardware, leaving only the DirectTV/UltimateTV option. It's not doing fine, just ask one of the 400 people cut from the team (leaving ~100). ZDNet has a nice story about this entitled Why UltimateTV was an ultimate failure. Now, this doesn't necessarily mean that ReplayTV/SonicBlue or Tivo are kicking their asses; none of the PVR vendors is too healthy. It's a tough market and they're all struggling. Still, Microsoft is in a compromised position because they are at the same time trying to fight software piracy and be buddies with the DRM crowd, and to make a device which really screws with the entertainment industry's business model.

The Xbox is a different matter. The best argument I've seen any Microsoft zealot put forth so far is that this is 1.0, and the fact that they sold anything at all is a victory. Riiight. True, Microsoft has monopoly profits and can use them to fund failing projects indefinitely until competitors (who actually have to make money off their products) run out of money. Did somebody say Netscape? But Sony *is* making money on the PS2, and Microsoft is losing money on the Xbox. Even so, Microsoft reduced their sales projections for the Xbox, and are now estimating that they will ship 3.5 to 4 million units by the end of June 2002. Meanwhile, first week the PS2 was available, 980,000 units were sold. The first four days the PS2 game Final Fantasy X was on sale, 1.9 million units were sold. By the end of January 2002, over 4 million copies of Final Fantasy X had been sold worldwide. That means that in the same amount of time (~7 months), one PS2 game outsold the Xbox console. Apparently Gord knows what he's talking about when he said (a year ago!) that "This console race was over before it started." Microsoft needs to pull an maneuver like the IIS/IE one they used to kill Netscape: just give away the Xbox with the purchase of Halo. Eventually Sony will run out of money and give up. Riiiight.

As for PocketPC vs. Palm, that's a matter of speculation and only time will tell if Palm will get it together or if they will continue sitting on their asses while MS gets around to producing a useful PDA for less than $400 (remember that the Palm 105 costs $99 so they aren't really direct competitors - Palm makes the cheap simple ones, PocketPC licensees make the high-end fancy ones).

Send the industry a message, a petition

[defile]

All users: business, personal, educational, etc. should sign a petition and affirm that they will adamantly refuse to do business with hardware and software companies that support this latest attempt at a Microsoft market stranglehold.

LET THE INDUSTRY KNOW CLEARLY THAT WE REJECT THIS AND IT WILL COST THEM DEARLY IF THEY SUPPORT IT.

I will be the first: Netgraft Corporation will NOT do business with any developers who produce hardware that supports Palladium, any distributor that sells Palladium-scheme hardware, any software vendor which utilizes Palladium hardware, and any company which does business on the Palladium platform.

If someone starts such a project to collect these names, please contact me.

Will the market put out a competitor....

[SwedishChef]

to Palladium-enabled (cough) devices? What if AMD or Cyrix decided to maintain the status quo and keep on manufacturing x86 chips. Or even migrate the x86 onwards and upwards but in a non-Palladium way?

The downside of this would be that the incompatibility issues between MS and GPL would be magnified. However there are upside issues too. The consumer, when informed that their CDs won't let them make mp3s of the music they just bought would be more likely to move to a GPL solution. The CDs which are incompatible with GPL might become less desirable. EU companies, outside the authority of US legal issues could mine out a larger niche in the market.

In fact, I see a much larger role for EU in open source projects as a result of the short-sighted efforts of US legislation (patents, etc.).

Microsoft's win-win

[jaaron]

Someone pointed out that they doubt the GPL is Microsoft's primary target -- that if that were the case Palladium is simply overkill. This is a good observation and I wanted to add to it. While Palladium potentially has very negative consequences for not only Open Source / Free Software but all software in general, Microsoft wins on several fronts with this approach. You might remember that Microsoft openly opposed the so-called Holling's Bill that would mandate this kind of technology. Why? Because while it would have similar results (actually the bills proposed would be more broad) the power would be in the hands of the lawmakers and more importantly in the hands of the copyright holders -- the movie and record industry. By pushing their own solution, rather than a legal one, Microsoft maintains control of the technology. To the legislators, they seem like the "good" guys (despite the monopoly convitions [how long before we finally punish these criminals?!]) and Microsoft will also get the backing of "Hollywood." It's about gaining the upper hand. They know that there are forces out there that want this kind of technology, however, it's in Microsoft's best interest to be the "innovators" and have everyone fall in line under their proposal. I think this is the real motivation -- it further secures their position as the dominant market leader. No one will want Microsoft to go away if they hold the keys to your security -- all your information, your applications, everything is in their hands. So not only does Microsoft become indispensable, but they also get to screw over the competition (which includes GPLed applications as the article points out). While security and "trustworthy" computing are nice ideas, Microsoft is the LAST company I want to hand over this kind of control to.

It's a market thing, you wouldn't understand.

[N8F8]

Intel put a GUID in every processor to make each computer uniquely identifiable. The market screamed about loss of privacy. They really shouldn't expect the market to react favorably to having GUIDs in everything. It will come down to one company offering a piece of hardware or software with no privacy and a competitor offering privacy. The market will decide who is favors.

Hardware manufacturers aren't stupid. Especially if rights managment is costing them money. Look at what is happening in the DVD Player industry as we speak. Manufacturers are making an end-run around the digital rights tax.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Fundamental flaw in assumptions

[Todd+Knarr]

Palladium and it's supporters seem to make the assumption that users don't trust the net for commerce because they don't trust the identity of the entity they're doing business with, and that giving them trust in that identity will solve the problem. I think that's a wrong assumption. I think people do trust they know who they're dealing with, and they don't trust the entities they're being asked to do business with. For good reasons, apparently, given the penchant for companies to disclaim all responsibility for broken products/services and to sell all manner of information about their customers to everyone else under the sun without concern for the consequences to the people whose information they sold. That can't be solved by just a better way of verifying identity.

As for the verified-software part, that'll last right up until the Executive Vice-President for Sales of the company can't install the latest and greatest screensaver his friend the vendor rep sent him because it's not authorized software. Then IT will be ordered to knock holes in the system for him and the whole thing will become pointless.

Then there's the whole digital-rights part of it, but that's another argument for another forum.

Re:If if changes the Unix/Linux security model, fi

[Zeinfeld]

I really don't know windows very well, but I'm sure there is one account (superadmin??) that can change these privilages. Which is basically root.

I find it amazing how folk can start a sentence 'I don't know anything about this' and then go on to pontificate. Examples of this behavior include practically every Senator's reaction to the pledge of allegiance rulling (I haven't read the rulling but I'll make a dumb-ass statement to protect my base) and 50% of the posts on Slashdot by Linux people on WNT.

Under WNT you can set the O/S up with very strong file access permissions. It is not unusual to configure a WNT machine so that administrators don't have access to user's files and if you read the manual you can set the system up so that nobody has system privillege, administrators who can mod user accounts cannot modify the system log etc.

With W2K and later you can turn on the encrypting file system. By default the administrator still has the ability to recover files via the recovery root. But you can export that to a floppy disk and put it in a safe. You can also integrate more powerful Key Recovery systems from third party vendors that enforce dual control over recovery.

UNIX was not designed to be a secure O/S. The security it does support is a subset of the security mechanisms of MULTICS. The design observation made at the time being that the machines of the day (early PDPs) could not support a complex security model.

It is unfortunate that so many people mistake age for security. By the time VM-UNIX was developed the VAX 11/750 VMUNIX was developed on was capable of supporting a sophisticated security model as VMS proved. But like so many UNIX design features what had originally been a shortcut had been elevated to the status of dogma.

Makes the Apple Mac ad seem prescient...

[crovira]

M$ is shaped in Bill Gates' image.

He's a bully. Because he managed to strong arm the OEMs he a rich and arrogant bully but he has no idea how arrogant and bulling people can be.

If he was smart, he'd start his own church and proclaim itself as God and get it over with.

Definition of "Source Code"

[RML]

Overall, the Palladium FAQ is interesting, but I think Mr. Anderson is overlooking a major point when he talks about how the TCPA will affect the GPL: what, exactly, constitutes the source code for a binary which has been cryptographically signed?

The GPL is a bit vague on what exactly constitutes the "source code" for a work: it is defined as "the preferred form of the work for making modifications to it". For a program which won't function fully without being signed, a strong case could be made that the "preferred form" for modifying the work is the source code plus the key used to sign the binary; after all, if the "source code" doesn't include enough information to reproduce the binary actually distributed, it's not useful for modifying the work. The GPL also specifies that for an executable program the source includes "the scripts used to control compilation and installation of the executable", which for a signed executable would include the script to sign the binary.

Thus, the danger to the GPL might not be that it will lead to GPL programs that you can't actually modify, but instead be that it will be impossible to get a GPLed program certified. Even if it is certified, it will be illegal to redistribute the resulting binaries without the key, which of course won't be available. If the person or company that produces the program is the sole copyright holder, they can of course distribute it anyways, but it won't be redistributable.

So I'd say that TCPA, Palladium, and other DRM schemes do pose a threat to the GPL, but not for the reason Ross Anderson claims.

Where is Apple? Where is Sun?

[sklib]

Given that Microsoft and x86 have a strong hold on the computer market, it's fine that Palladium is going to run on that combination, but what about Sun, SGI, and Apple?

It doesn't look like Apple is getting brought into this at all -- I've heard no mention of either them or Motorola (they make Apple's CPU's right? or am I wrong?) being involved in the whole debate -- and a lot of people use macs.

Furthermore, a lot of .edu's have a thick and manly investment with Sun -- for example half of umich's engineering workstations are ultra 10's or better, and I'm sure the same is true at many other schools. Professors and techy students aren't going to be happy about losing Sun as a usable platform because it's not palladium-compliant or whatever.

Maybe macs and Suns will become more popular because of this Palladium thing because you can still pirate software and not let MS root your box.

What do you think?

Aren't you going a little bit too far.

[JFMulder]

Personnally, I think a lot of Linux advocates are a little too bit full of themselves. I mean, Microsoft isn't going the Palladium route because it want's to crush Linux. It's going that route because it thinks it's a profitable one that will benefit them in the long run. This isn't a direct blow to the GPL and Linux. Hurting Linux and GPL is an aftershock. MS doesn't give a damn about Linux because they're sure that the RIAA, MPAA, or whoever provides the content will feel better trusting Microsoft then some open source project.

Does anyone read the articles?

[Yankovic]

I realize this is slashdot, but does anyone even READ the articles?

It can do all kinds of interesting things. But there's nothing in the system that says, for example, that if you run something in one of these vaults that you've got to have the code signed, or you have to have things authenticated. It's a very basic, open environment and we're not trying to build any elements of it that are going to require verification or the participation of anything other than the ISV and the person who is using the services want to have happen.

Allow me to repeat for emphasis. "... there's nothing in the system that says, for example, that if you run something in one of these vaults that you've got to have the code signed..." You want to run GPLed software? Fine. You want to run your unsecured mp3s? Fine. This seems like only upside to me, so that IF I want to buy a secured mp3 or write a document that can only be read by one person on this computer I can do that. Plus they're publishing the source so if I don't trust them, I can view it myself! SHEEESH.

Outsourcing

[Paul+the+Bold]

Pay attention to the hardware world. There is a move away from the centralized chipmaker (design, test, fabricate in one facility). It is more common to outsource pieces of the design/fabrication process. It's not cheap to have a custom chip fabricated, but it's a lot cheaper than building your own fab. (Yes, there are benefits to having your own fab, but it's a huge risk in your first few years.)

Second of all, Intel and AMD are the only games in the x86 desktop/server town. There is an Apple town, there are towns where Motorola is mayor, and Transmeta has moved in on a few. Don't forget to count the mobile processors. Your list is short by at least half, and I am sure Slashdotters could come up with more.

Re:If if changes the Unix/Linux security model, fi

[Zeinfeld]

On any windows domain there is a user who can change the passwords of other users who have forgotten their passwords.

True, but Windows is designed to allow for other forms of log in (write your own GINA.exe).

The point is that if you use EFS you can set the system up so that the system admins have absolutely no way to read a file - even if they dismount the disk and put it in another machine.

Re:Palladium, Microsoft?s future?

[pmz]

How long will all this last after one disgruntled engineer posts the critical Palladium specs to an anonymous forum (electronic or otherwise). Or, when foriegn intelligence agencies steal Palladium's secrets for their own nation's defense interests. Palladium's weaknesses will leak, it is just a matter of time before it is an expensive useless chip in our then-new computers.

Palladium Counter-Strike

[juliao]

What we need to do is strike back.

Microsoft has the power of marketing and an installed base. We have the power of numbers, of skills, and of a culture of open design.

Intel, Microsoft et al. are proposing a system whereby the processor validates every and all hardware and system software before allowing a system bootstrap. This is all fine. Will this also mean that only a particular release of software (Read: Windows) kernel will load? I don't believe so. If the software is "trusted", by whom is it trusted? By Intel? Surely, they build the processors. And who will they trust? Microsoft? Yes. But they must also trust others, or they may be charged with cartelization. An Intel chip must have a specification open enough to allow trusted parties to build software for it. We must make sure the government forces Intel to allow this. And then we must build a system that Intel will trust. We must start a Palladium-equivalent counter-initiative, and we must start it NOW.

There must exist an open system that will boot in DRM enabled machines, and that will provide reasonable DRM protection while still maintaining what we believe are consumer's rights. Microsoft must not be the only one holding the ball on this.

A DRM-enabled linux/bsd/whatever must exist. Please think about this. I'll come back with more thoughts, but please, if you think this is a good idea, mail me.

Clipper Chip Mark II ?

[stereoroid]

The subject says it all. Is MS really talking about having custom hardware embedded on motherboards, much as the Clipper chip was supposed to do for TVs? I hope/expect that Palladiums enjoys just as much success as Clipper: none whatsoever.

You could view the separation of hardware and software like the separation of church and state - it's not healthy for the two to become too intermingled. Yes, I know about Apple - were we all using Macs, there would probably be no Linux today. I can understand how MS tried to set standards for PC hardware, but to date they've been "minimum" standards that don't impose limits on hardware and manufacturers. They've also been quite co-operative about it. For example, the PC97 spec was helpful to Linux programmers as well, by the way it set minimum hardware standards and clarified some things, IMHO (natch).

Still, haven't we all been here before?

Thinking it through

[truthsearch]

The interview with the project manager states that this started as a pet project of some tech employees. They were working out what was possible, supposedly on their personal time. Then they raised it as a project idea and it was approved by management. Since it didn't come down from management, I'm more inclined to think the technical implications were well thought through. Once management got wind of it and realized the possibilities more ego went into it. Since this project was actually started 4 or 5 years ago I'm inclined to believe they thought it through. There's no guarantee, but when it comes to the methods of pushing out features they're pretty smart.

A couple from the article

[ocie]

Stops viruses and worms. Palladium won't run unauthorized programs, so viruses can't trash protected parts of your system.

Cans spam. Eventually, commercial pitches for recycled printer cartridges and barnyard porn can be stopped before they hit your inbox-while unsolicited mail that you might want to see can arrive if it has credentials that meet your standards.

Those who would give up an open computing environment in order to be free from Spam and Viruses deserve neither. Besides, Microsoft has never been able to accomplish these with software measures, what makes them think hardware measures will do the trick. Or maybe they just won't allow any non MS software to run. How long before someone cracks it, or users complain that they can't run XYZ.

Or you could create Word documents that could be read only in the next week.

Now how does this differ from the current system. Seriously, I have long term issues with the word format being a write-only black hole of information. 100 years from now, ascii documents should be easily read, but will the same be true for word documents?

one bug away from total failure

[Splork]

all such security systems are by definition only a single bug away from total failure. don't be so worried.

Reason for FUD

[Dalcius]

You make a great point -- you're right, we should watch what we do and say.

B this is just the initial stage of "freaking out." I, for one, never thought that anything short of an *obviously* oppresive gov't law could stop open source or the GPL.

But now that is changing. I'm worried. Here's why:

If the TCPA's ideas becomes law, and old applications are made incompatible, or more likely, obsoleted by new ones, people will be required to upgrade to new hardware/software to get much of anything done, as I see it. Upgrading is a source of revenue for corporations (e.g. MS), I think it's safe to say they would try for this if they could.

If this becomes standard and exclusive, there isn't a whole lot the OS community can do, especially if it is illegal, IMO.

The only thing to stop this is a huge outcry from the tech community and/or the education of government officials. Past that, the Joe Publics will have to become angry. And considering the Joe Publics I know, that isn't likely unless the idea of their computer being run remotely is spread around.

I think Joe Public can handle not stealing music. He might be used to it, but after all, by common definition, he is stealing it.

I think Joe Public won't mind the "extra security" if he thinks it's there. People aren't retarded, but often ignorant.

That is why I worry.

There is no way this could last forever. That would be retarded -- even congress has to learn about technology sometime. But what I can forsee in a possible future is a world where the companies have put their other foot in the door of our computers (and wallets). And it'll take a fight to get them out if they get that far.

To be honest, I'm scared. Fear, uncertainty and doubt are being spread because we (or at least some of us) believe in it. FUD from companies is typically BS with no thought behind it. This FUD is genuine fear, IMO.

Fear not chum

[Graymalkin]

Take heart my gangley Gnu gobblin cohorts, all is not lost yet! Long ago in the days of mysticism and lore the gods of Economics and Love set down the laws of Economics and Love. Try as they might with their merciless bands of code wielding deperados a whooping and a hollering through town they cannot defeat the laws od Economics and Love. You see my chummy chum chummers not even within the Gates of Redmond lies enough power to overcome these laws. They may be strong now by coercing the likes of the Kingdom of Intel and the AMD Empire into their fold but their power even now begins to wane. The infighting between these two great houses is fierce and the outcome far too unpredictable. Competing standards there are, differences in vision they have.

Hence Microsoft begins along the path of commoditization. They can profit from their allies' struggle. All that is required from them is to design software that removes leverage from under their allies' armies! Given the dark empire's grasp of the market of souls this is an easy task. They can make their software run on both of their allies' competing hardware. No matter who wins out in the end, if indeed anyone does, the dark empire still stands even more powerful than before. They can effectively commoditize all computer hardware.

Their masters in the land of Redmond see oppertunity here besides the obvious. They seek new allies who are stronger because they pay people to produce while consolidating their power by controlling distribution of the produced work. Since Microsoft can effectively commoditize the hardware of their allies they can force software vendors to use their branded environments in order to be assured they will work on Intel and AMD hardware. Microsoft adds magic talismans to software requiring the use of their evvvvil DRM technology from their new Media Mogul Lord allies and BLAMO the world is under their control.

I did say fear not did I not? Strength comes from within so fear not! While the dark empire collects taxes from its vanquished foes of the OEM Republic they conspire against their dark oppressors. The law of Demand which is an entire volume of the law of Economics comes into play. Demand drives the OEM Republic, they don't make money off their competitor's sales like their evil massssters do. Therefore it is in their best interest to serve the masses to which they cater. If the masses reject control by Microsoft and the Media Mogul Lords there will be a revolt in the populace. Microsoft will cease to be in demand.

The OEM Republic being driven by the demand of Microsoft will abandon all things DRM and tell the Media Mogul Lords to stick things in dark places. They will because their coffers will be emboldened by their customers money. Rallying to the call of the smaller OEMs larger neutral nations will become involved in the battle. Nations by the name of IBM and hPaq will enter the forray alongside competitors like Dell and Gateway. Rallying the troops will be Apple ripping and mixing and burning flinging CD-Rs left and right into the eyes of Media Minions. Backing the OEM Republics will be the Norwegian nations of Nokia and Ericsson. Cell phones are driven by as much consumer demand as PCs and if they can't market a MP3/OGG/DVD/TV/CB cell phone lightsaber their customers will move on.

Fighting the small battles will be the Linux fanboys with their boxen and the FreeBSDites with their kernels that never quit. Aiding the OEM Republics in their battles by providing them with a Microsoft alternative they don't have to develope with their own cash. It will be a good day to compile.The Law of Economics will see the warriors of light through the day. DRM will die because the masses want their MP3/OGG/DVD/TV cell phone lightsabers and want to continue to burn CDs so they don't have to buy them because they are cheap. Fritz Hollings will stub his toe and Jack Valenti will shrink even more. Compile friends compile!

Take heart my geek pals, Microsoft must bow to demand and the cheapassness of human nature must never be discounted. Palladium will fall and then geek love will commence.

Not neccesarily

[gruntvald]

One way of eliminating the Linux "threat" is to change the PC as we know it, in a manner that locks it away. Very clever.

S'OK, they'll ignore us, and pay for it

[Anonymous+Brave+Guy]

It is very difficult to get your avarage joe user to break the MS habit,

Not when they find that upgrading to the next version of Windoze means that they can't download ripped MP3s and movies any more, the office Linux servers can't talk to MS products, etc. At that point, people will get tired of Microsoft and friends real quick. Look at it this way: WinXP has been out for months, but how many people have actually upgraded to it apart from those buying new PCs? How many have upgraded to Office XP? Not a lot. The name "Microsoft" on the box is no longer sufficient to guarantee sales, and that is, after all, why they're worried.

Let's face it, at the end of the day, money talks. These places have lots of it, but they're nothing if the population casts them out. If the Microsofts, RIAAs and MPAAs of this world try to make everything enforceable via the DMCA, EUCD, and so on, then someone will simply come along and seize the gap in the market for sensibly-priced, decent quality alternatives. If Intel screw up, AMD are right around the corner. If only one record company sets up a reasonably priced on-line music shop where you can download MP3s, who's going to be getting all the custom? Hollywood already manage to blow a fortune on movies with great special effects but less entertainment value than a decent independent film.

This whole situation is disconcerting, and it might even fly for a few months if they're lucky. But it's just not going to beat simple free market economics in the long run. No monopoly -- not even Microsoft or Hollywood -- is worth anything in the face of a world of pissed off customers prepared to take their business somewhere -- anywhere -- else.

Oh okay, chicken little.

[drinkypoo]

Oh no, the sky is falling! Waaah waah wah. Read the goddamn msnbc article:

Microsoft is also publishing the system's source code. "We are trying to be transparent in all this," says Allchin.

So uh, since the source will be open, there's nothing stopping you from reimplementing Palladium (for purposes of compatibility) under a GPL license. Also, you may be able to even reuse their code, though obviously not under the GPL. And because of the GPL's viral nature (and microsoft will probably use a GPL-similar license for Palladium; why not fight fire with fire?) you will not be able to release updates to the package under the GPL, because if one line of a program is GPL'd, every line must be. If you cannot reconcile licensing conflicts, the only appropriate way to conform to the GPL is to not distribute.

Palladium sounds like nothing more than a glorified public-key encryption/signature system. Why Microsoft asserts that it requires hardware changes is beyond me; It's not like you won't be able to emulate those hardware changes if you are willing to go the extra mile. Hardware can be exploited as well.

And besides, Palladium is unlikely to come along until Longhorn. The GNU camp can spend the next two years putting together a superior GPL-licensed free open package that does the same shit, and runs on various operating systems. You have no right to complain about innovation by Microsoft if you are not willing to innovate yourself. Furthermore, you know absolutely nothing about the system, except for these tiny bits of buzz. While the MSNBC article is certainly slanted, the article in the Register is blatant FUD.

In the end, we're just seeing one of the ways the GPL can be a liability; that doesn't mean it's bad, but it is not a panacea. The whole point of open sourcing Palladium in the first place (Assuming they don't change their mind) is for compatibility; Palladium will be much more likely to fly if they can get other people on board, so it's in their interest to have broad compatibility. In the end, Unix may have to end up with a user-space implementation, interfaced to by a GPL kernel module. This would be a more Unix-ish way to do things than implementing it in the kernel, anyway.

Re:Oh okay, chicken little.

[Chris+Johnson]

Their open license is viral and is a permanent legal liability to anyone who agrees to it.

Hush. You're not qualified to understand this.

Re:Oh okay, chicken little.

[drinkypoo]

The GPL is viral and a permanent legal liability to anyone who agrees to it.

Before you whine that I am FUDding myself; once it's GPL, it's always GPL. Once your code touches it, it's always GPL. Hence, it is both legal and encumbering. If you end up using your source in a GPL package, perhaps as the result of some new programmer who doesn't know which source is off-limits, or just general SNAFU... Well, you know the rest.

Oh yes, the GPL is good because it's on the side of sweetness and light! I forgot where I was.

Best of Both Worlds

[rlp]

Fritz wants to put all sorts of DRM stuff into my PC to safeguard the intellectual property of the RIAA / MPAA crowd. The unspoken assumption is that I want to use my PC as a home entertainment system.

Might I suggest a solution that will satisfy all sides. Produce an external device that connects to my PC (perhaps via Firewire, ethernet, etc.). It will contain the appropriate CODEC's, DRM hardware, keys, etc. Consumers could purchase and download encrypted media with their unmodified PC's and then transfer it to the external box. The box would handle all rights management and would have outputs that only connect to special DRM approved displays, speakers, etc. The box could be built to be tamper resistant (special screws, thermite charges, whatever).

Viola - the media giants, get what they want. Consumers can purchase the device and then purchase and download films and music. And I can ignore the whole thing and use my PC as a PC.

True, but there are other factors to consider

[InspectorPraline]

The infamous Halloween Documents (granted, they're from 1998, but the MO hasn't changed a bit - it's just being approached from a different angle) out-and-out prove that MS perceives Linux as a threat - MS honestly sees Linux as a true threat to its stranglehold on market share, and with shifts in corporate IT departments to Linux and other UNIX-based systems in favour of XP or 2k-based systems, MS clearly thinks that Linux is an obstacle to be steamrolled in the process of gaining back lost market share.

With the Macintosh crowd turning firmly toward UNIX-based systems with the release of MacOS X, it's all the more clear that UNIX is beginning to win back all the space it lost through the 90s.

What's more, the application suites in Linux are quickly beginning to rival those developed by MS for its own OS - I've tried OpenOffice 1, and it's just as good as its Microsoft-produced counterpart.

There's just one more hurdle to clear - getting independent software developers to see things the same way. Games make the system, and this is one area where Linux is lacking. Smash-hit store-bought games is one major reason why Windows took off. Linux still doesn't have the wealth of games that Windows has, unfortunately.

Here's my suggestion. Make inroads into the home market - get the average Joe User to see how well Linux performs - and word will spread like wildfire. As long as the only people who proselytise Linux are IT directors, it won't achieve the one thing we all want - the downfall of the Big Redmond Machine.

Linux has made considerable gains in recent years - and this is largely attributable to its consistently top-notch development system and the initiative to develop applications that compete head-on with similar Windows products. But it's not over yet.

As the columnist said, Tuxers, it's time for the gloves to come off.

Identity Theft

[Perdo]

Let's say someone steals my Palladium laptop. They are now me.

I am not me anymore... So I call in to 'cancel' my laptop like I would a credit card?

So I can call in and cancel YOUR laptop?

"Yes, my name is Craig Barrett, and I'd like to cancel my laptop. No, I don't have any of my codes. They were all stolen too."

Ever Notice?

[The+Cat]

How every new Microsoft initiative is the "riskiest ever" and they are all designed "to rework the entire architecture of computing as we know it?"

Why not just build better products?

Tells you who you're dealing with--and what they're doing. Palladium is all about deciding what's trustworthy.

Guess what? Anything written by a company with a market cap of less than $1B will be *un*trustworthy by default.

Protects information. The system uses high-level encryption to "seal" data so that snoops and thieves are thwarted. It also can protect the integrity of documents so that they can't be altered without your knowledge.

Hmmmm... sounds like the UNIX file system, without the encryption, of course.

Stops viruses and worms. Palladium won't run unauthorized programs

Like those of competitors.

Cans spam.

Procmail.

...

How about an OS that doesn't crash every five minutes? How about development platforms where more time is spent on stabilizing the API than coming up with impressive sounding error messages?

Re:Ever Notice?

[Sebastopol]

>> Stops viruses and worms. Palladium won't run
>> unauthorized programs
>
>Like those of competitors.
>

Not entirely true: It will run in a secure mode and a non-secure mode. The non-secure kernel can still run non-secure (insecure?) software.

Of course, once they eventually port all MS apps to secure mode, then why even support the non-secure kernel?

I don't really like the idea of this...

Vendor Lock-In

[rnturn]

...is what this is all about; R. Anderson's got that right. The lie about it making computing more secure for the consumer is merely to lull the public into supporting it. I'm surprised that they haven't dragged out the ``Protect The Children (tm)'' argument to save the innocent from the horrors of the Internet (Pr0n sites, politically-conservative web sites, www.nra.com, Open Source Software, etc.) but I'll bet that's coming.

Imagine the finger pointing that's going to go on when the public finally figures out that TCPA/Palladium isn't all it was cracked up to be. Intel supporters will point to all the other consortium members as being those at fault for the reduced capabilities in the platform. Microsoft supporters will do the same. (``Wasn't us. The hardware people were the ones with the hidden agenda.'') Sounds like they've learned something from the way the public overlooks politicians' getting away with backing away from campaign promises to, say, reform government or to reduce pork barrel spending: ``It wasn't my senator! It was all those other evil politicians!''

Ie:

``If we band together and blame each other, the public'll never catch on to who's really to blame.''

In other words, there's safety in numbers. Heck, if it works for politicians it ought to work for consortiums of corporations, right?

There IS cause for worry here

[arfy]

They are experts at manipulating the perception of the public and lawmakers that their products should be used and that if there is a problem, something other than Microsoft is to blame.

They have been convicted of breaking the laws of their own country and will probably get off lightly even though they show no remorse, are frankly insulting to the judge, and continue their illegal actions.

They can make Big Wins by these tactics. Technological quality has very little to do with how well a product fares in the market these days. How many years have programmers known how to do bounds checking and NOT let buffer overflow errors occur? and what is the most common bug in Microsoft software? (Outlook, anyway)

If they win this round, kiss general purpose computers goodbye forever. It won't be right away, but this strategy is solid and puts the right Big Players in the right places.

Re:If if changes the Unix/Linux security model, fi

[Zeinfeld]

As the standard linux kernel can't handle that by default, but its easy to add on.

I tend to be somewhat wary of add on products. The problem is that if you have a product that requires five separate add ons to provide the features you need the chances are very high that they are going to turn out to be incompatible.

So you can use Matt Blaze's code for an encrypting file system but does that work with the extensions to support label based security?

Computers are by definition Turing machines and you can add practically any feature to any computer under any O/S. The question is the extent to which it is supported.

I get somewhat tired of people who don't know much about security and practically nothing of WNT pontificating about security architectures. The security problems in WNT have nothing to do with the O/S layer. It is the application layer that is shot.

Unfortunately UNIX is only better in certain very limited respects, in particular virus propagation is difficult to get above critical mass if an O/S has a small user base and I suspect that programmers really avoid active code because it is hard to support rather than because it is near impossible to secure. But thats just my opinion, I could be wrong.

Re:Palladium=Anti-trust violation

[arfy]

1. Burden of proof would be on the plantiff, I think

2. Microsoft has lots of lawyers to generate lots of paperwork to bury opposition and waste time

3. During which time they'll continue usual merry ways of embrace/extend/co-opt

4. And even if they lose in court, they can appeal and spin the wheel for a different judge and dump the sentence to nearly nothing or stall until it's all meaningless anyway

Why should I care? Where's the "killer app"?

[Rick+the+Red]

All of this matters how, exactly? If I can run a non-TCPA approved OS (even Windows XP) on the TCPA motherboard, so what? Isn't that the same as running a non-TCPA approved OS on a non-TCPA motherboard? I don't get it. So I can't use TCPA-restricted services or run TCPA-restricted software. Big whoop. I can't do that now!

TCPA will only matter if it reaches critical mass, but people (and corporations) will have little incentive to upgrade their hardware AND their software just to run Longhorn/Palladium unless they can't do something critical without it. In other words, the TCPA-restricted services and software will have to be required, and how will they ever become required if everyone must first upgrade their hardware AND OS AND applications?

I really doubt M$ can reach critical mass on this one. What's the "killer app" that drives everyone to TCPA/Palladium? Movies? -- Hollywood would have to stop releasing on DVD and switch over 100% to a TCPA-restricted medium first, and frankly at that point I'll just stop buying movies. Remember, society got along just fine from the 1900s to the early 1980s without owning/renting movies, and we got along just fine in the 1980s and most of the 1990s owning/renting them on VHS. I'd miss DVDs, but I won't replace my entertainment system if they stop selling them. Treating me like a thief isn't going to make me rush out and replace my TV, VCR, & DVD player with something that performs exactly the same (and refuses to play my old DVDs!). The RIAA and MPAA both think society can't get along without them, but they may be in for a rude awakening.

eBusiness? So far they haven't been able to entice everyone to pay bills or shop exclusively online, and forcing a complete system upgrade first isn't going to make it more attractive. Why business would rush to embrace this eludes me. My job is making in-house software for Fortune 500 companies, and they hate spending money on things like automated testing tools; they sure aren't going to like having to pay an outside company to certify their in-house software before their own computers will run it. Hell, who certifies the development copies so they can even be tested? Companies are not going to replace all their computers just so they can increase their software development costs.

Nobody's going to go for this -- there's no "killer app."

Re:Why should I care? Where's the "killer app"?

[Com2Kid]

TCPA will only matter if it reaches critical mass, but people (and corporations) will have little incentive to upgrade their hardware AND their software just to run Longhorn/Palladium unless they can't do something critical without it.

This is a good theory and all, but remember, companies keep on upgrading their secretaries copy of Windows NT even though NT4 can do everything that they need (type up documents).

Why?

::shrugs:: I have yet to figure this one out, I have so far just gotten to talk to the tech guys who are stuck installing Office{whatever}, and they have no idea why, it is just the latest "policy".

Heck even the local school district is trying to upgrade to WindowsXP, never mind that they where unable to complete their transition to Windows2K due to insufficent hardware (minimum internal district requirement for upgrades was a Pentium class machine, but they where not able to scrounge enough of them up).

They keep on paying for the latest version of Office though (WHHHY???), even just for teaching students typing with. . . .

That, and remember that a lot of PCs are donated, if some company donates a few hundred new tcpa PCs per school to major cities around the US over the course of a few years. . . . ick. Or to public libraries, or any other such place.

Somebody gets used to using Win2004 at school, goes home, what type of PC do you think they are going to want to buy? That is right, Win2004! Microsoft has known this for quite some time, as has Apple, but Apple dropped the ball on donations to schools, heh.

As for me? Fuck it, I'd go to Macs first. Sheez.
(uh, steve jobs ain't in on this too is he?)

Keep the faith :-)

[Anonymous+Brave+Guy]

Competence *cannot* offer a reasonable prized/quality alternative if *it is illegal*!!!

While I see your point, I doubt you'll make it any time soon to the millions of people who habitually download MP3s in breach of copyright at present.

The real point is that, while sound in principle, these laws have been abused, and have consequently lost the public trust. Copyright as a protection for a complex monopoly overcharging customers doesn't work, any more than silly speed limits trying to generate revenue rather than increasing road safety do. These uses of the laws are abusive, and they are therefore widely ignored. It would be impossible to take action against those who break them but are sensible about it, because you'd have to prosecute half of your population, and that ain't gonna happen however much money the campaign groups put into political sponsorship.

Y'see, this is the great thing about democracy. There are always more of you in the majority, so eventually, you'll always win.

Re:If if changes the Unix/Linux security model, fi

[duffbeer703]

"and neither has Windows [been designed as a secure OS] which is why it is the most hack OS of all time."

This is simply untrue -- and password cracking is out of scope for this argument.

Do not confuse bugs in IIS/IE with the core Windows components. Windows NT 4.0 and 2000 can be configured to be just as secure as Trusted Solaris and Trusted AIX.

One of the primary goals when Microsoft developed Windows NT was to allow the stock Windows OS to be secured to the standards required by the DoD and Dep't of Energy for secure computing platforms. To do this, MS borrowed heavily from the DEC Vax model.

If you properly setup groups and so forth in Windows 2000, no user other than the domain user you specify can have a SID to allow access or modification of a file. I have seen this implemented in a state agency which handles medicaid records -- it works.

In a non-Trusted Unix operating environment, there is absolutely no guarantee of data security or integrity for the data on the computer. Anyone with access to the root user or root group can trivially read, write or delete any file on the system. If you can obtain physical access to the machine, pulling the plug and booting with a CD allows you unfettered access to everything on the machine.

Trusted Solaris and AIX implement ACLs which allow strict role-based levels of privlege that are superior to NT or VMS, but few organizations outside of the Federal government use Trusted OS's.

If MS really cared.....

[sallen]

If MS really was concerned, the first thing they would do is expend their resources to get IPV6 implemented around the world. That provides a basis for better authentication, identification, and then work on implementing solutions going forward. Obviously though, they won't. I agree it sounds more like the one thing MS does exceedingly well... marketing. (Of course the other reason MS wouldn't do it is that they don't own and can't 'buy' IPV6.)