Coursey on Palladium

lrose writes "Check out this story over at ZDNet -- Microsoft is developing a secure operating system to be combined with hardware doing public key cryptography. The DRM aspect reminds me of something I read about an imaginary day in the not-too-distant future, where you can no longer install Linux on your own box because you don't have the necessary rights." Coursey's column is quite interesting, bringing a lot more of the backstory behind Palladium into public view. While geeks have been following and worrying about the TCPA, Microsoft has been working to spin the story with assorted columnists and journalists, so that when it broke it would be in the context that Steven Levy bought into hook, line and sinker: a scheme to protect you rather than one to prevent you from using your computer in unapproved ways.

...and Cringeley

[Otter]

Not worth a story of its own, but Robert Cringeley brags in this week's column that Palladium is the Microsoft attempt to replace TCP/IP that he was predicting a year ago.

life on the net in 2004

[Jucius+Maximus]

"The DRM aspect reminds me of something I read about an imaginary day in the not-too-distant future, where you can no longer install Linux on your own box because you don't have the necessary rights."

That would be this article linked to from slashdot some weeks ago. It is beginning to sound like the voice of prophecy.

Nice on-line FAQ for TCPA/Palladium

[Jabroni54]

Snipped from an e-mail at work.....

TCPA / Palladium Frequently Asked Questions

Version 0.1 26 June 2002
Ross Anderson

1. What are TCPA and Palladium?

TCPA stands for the Trusted Computing Platform Alliance (TCPA), an initiative led by Intel. Their website is here. Their stated goal is `a new computing platform for the next century that will provide for improved trust in the PC platform.' Palladium appears to be a Microsoft version which will be rolled out in future versions of Windows, will build on TCPA hardware, and will add some extra features. The Palladium announcement appears to have been provoked by a paper I presented on the security issues relating to open source and free software at a conference on Open Source Software Economics in Toulouse on the 20th June. This paper criticised TCPA as anticompetitive. This has been amply confirmed by new revelations over the past few days.

For the rest:

TCPA/Palladium FAQ

Re:Interesting

[CptNoSkill]

Unless you're a hardcore gamer, what would you need an 8GHz system with 2gb ram and 1tb hard drive for anyway?

Ever heard of Doom III? Or maybe, "the next big thing" Microsoft Longhorn? Or interactive pr0n?

Fair use laws anyone?

[PierceLabs]

Last time I checked you couldn't circumvent fair use. By building a device that prevents fair use, this Trusted Computing group is creating a device that by its very nature defies the very statutes that the Supreme Court has said are legal!

Specifically there are limits to Copyrights in the following scenarios:

LIMITATIONS ON THE EXCLUSIVE RIGHTS
The copyright owner's exclusive rights are subject to a number of exceptions and limitations that give others the right to make limited use of a copyrighted work. Major exceptions and limitations are outlined in this section.

Ideas
Copyright protects only against the unauthorized taking of a protected work's "expression." It does not extend to the work's ideas, procedures, processes, systems, methods of operation, concepts, principles, or discoveries.

Facts
A work's facts are not protected by copyright, even if the author spent large amounts of time, effort, and money discovering those facts. Copyright protects originality, not effort or "sweat of the brow."

Independent Creation
A copyright owner has no recourse against another person who, working independently, creates an exact duplicate of the copyrighted work. The independent creation of a similar work or even an exact duplicate does not violate any of the copyright owner's exclusive rights.

Fair Use
The "fair use" of a copyrighted work, including use for purposes such as criticism, comment, news reporting, teaching, scholarship, or research, is not an infringement of copyright. Copyright owners are, by law, deemed to consent to fair use of their works by others.

The Copyright Act does not define fair use. Instead, whether a use is fair use is determined by balancing these factors:

* The purpose and character of the use.
* The nature of the copyrighted work.
* The amount and substantiality of the portion used in relation to the copyrighted work as a whole.
* The effect of the use on the potential market for, or value of, the copyrighted work.

But nothing in this specification speaks of how you will still be able to maintain your fair use rights. If they build it, people should proactively sue them because its a rights violation for it to exist at all.

In other news today...

[Noryungi]

I still think it won't work.

Two more reasons:

• The EU still has a pending monopoly investigation on MS
• Some EU institutions may not appreciate Palladium. For instance: would you trust Microsoft with the security of your armed forces if you were, say, the Swedish (neutral country) governement?

You have to remember that this is the same company that used the ominous variable "NSA_KEY" in some of its security software... ;)

Not that I believe the NSA was responsible of this particular blunder... =)

Another reason to go to Apple and OS X

[burgburgburg]

I didn't see Apple or Motorola listed at all in the list of "partners" involved at trying to foist this plan on the world.

Seems another reason to switch

Microsoft Patent

[Target+Drone]

Here's a link to the patent mentioned in the article. For those that just want the jist of it here's the abstract.

A digital rights management operating system protects rights-managed data, such as downloaded content, from access by untrusted programs while the data is loaded into memory or on a page file as a result of the execution of a trusted application that accesses the memory. To protect the rights-managed data resident in memory, the digital rights management operating system refuses to load an untrusted program into memory while the trusted application is executing or removes the data from memory before loading the untrusted program. If the untrusted program executes at the operating system level, such as a debugger, the digital rights management operating system renounces a trusted identity created for it by the computer processor when the computer was booted. To protect the rights-managed data on the page file, the digital rights management operating system prohibits raw access to the page file, or erases the data from the page file before allowing such access. Alternatively, the digital rights management operating system can encrypt the rights-managed data prior to writing it to the page file. The digital rights management operating system also limits the functions the user can perform on the rights-managed data and the trusted application, and can provide a trusted clock used in place of the standard computer clock.

Re:What about Sony?

>The difference here is that Sony != Microsoft, and therefore doesn't get as much bad press here.

And Sony's box doesn't use Digitally Signed executables.

Rather, they just check the disc for authenticity through a corrupted TOC and such.

There's a big difference between the two, and that's why hacks for the PS/2 were available immediately, starting with serial number 1 (the first 1000 PS2s came with some utility disc that, if swapped with a burnt copy of a game at the right time, would allow you to play the CDR).

Godwin's Law is a JOKE

[FreeUser]

Interesting idea, but according to Goodwin's Law, the first party in a discussion to mention "Hitler" or "Nazi" has lost the discussion.

Godwins Law is a joke.

Seriously, it was a tounge in cheek joke about USENET flames of its day. It was never considered by its creator to be an actual, accurate commentary on internet speech, much less some deeply wise insight into the human psyche, and certainly not as a new "rule" of debate.

In other words, Godwins Law was never intended to be used as relative newcomers to the net have come to use it today: to make the most potent lessons of modern history offlimits to any discussion that might benefit from contemplating those lessons, not least of which is a discussion of technology that is designed to excersize draconian prior restraint on how and perhaps even when people can use their own property, within their own home, by a large, convicted monopolist.

NAZIWARE is the most appropriate term I've heard for Palladium/DRM since this entire debate began a few months ago. We should not dismiss it because of some misguided references to a tired old joke being bandied about as though they were some kind of deep Internet Wisdom.

Re:Installation vs. Usage - Mac 10 Windows 7, Linu

[Dalcius]

To comment on this:

-You do not need Windows tech support to view an AVI. I think that was his point.

Misc. comments:
-However, you cannot complain that Linux is "too hard" because of some of it's 'fixes'. If Windows breaks, TOUGH -- what can you do but reinstall? If Linux breaks, at least you can fix it. Just because you can fix it and that fix is difficult doesn't make it any harder than Windows -- it's just an option you never had. Note -- I'm not suggesting the parent was meaning to say otherwise, I'm adding this because people often seem to not understand it.

-There is a learning curve on Linux, just the same as Windows. I'm not suggesting that users should be forced into using the shell, but that some people blindly assume because a Windows -> Linux transition isn't 100% painless, Linux is too hard. Again, not suggesting that the parent meant otherwise.

Trolling at its best.

[Steveftoth]

First of all, this technology COULD be used to take over TCP/IP since all code has to be signed by MS. Probably not the IP part, since all the routers need to be able to understand that and MS hasn't decided to make a line of routers (yet). But definatatly the TCP part since the routers don't determine things like sequence numbers or the checksum algorithm.
Don't forget that they can now force download and install of any software they want thanks to their new eula in Media Player.
Secondly, any virus that travels via script will still be able to inflitrate your system. That's how scripts work, you click on them, and then they run in the 'signed' interpreter. You're saying that all .cmd, .bat files have to be signed with microsoft tools. Thus leaving all users who don't pay for the MS signing tools unable to use their own computers.
I'd say that anyone who is slightly tech-savvy is capable of writing a bat file.
Don't forget about Office viruses either, a document can't be signed either, and if they are then it will be have to be eazy.

Re:Installation vs. Usage - Mac 10 Windows 7, Linu

[Khazunga]

Your oppinion reflects Linux as it was two years ago. Please do try and take both SuSE and Mandrake for a run. You'll see their TCP/IP dialogs don't mostly suck, and SuSE's admin interface is just plain excellent. Installation couldn't be easier (SuSE 8 default installs with three mouse clicks)

You use Debian, and I respect the choice. Its an excellent distribution, very easy to maintain *if* you're a techie. I've used SuSE on my desktop, and switched to Gentoo. I think its better *for me*. Debian and gentoo are both excelent. Neither one is advisable for my parents.

However, I have them using SuSE 7.3, with KDE 3. Again, not my choice of desktop or OS, but excellent for them. The machine never breaks as it used to with Windows, and they can do their work (mainly word processing, spreadsheets and digital image downloading). Linux is reaching readyness for the desktop. And it can only get better.