Slashdot Mirror
New Chips Keep Tight Rein on Consumers
banannaslug writes "NYTimes (subscription, etc.)
talks about Microsofts Palladium. The article addresses how applications of controlling technology affect competition as well as the consumer, can be used to extend monopolies to new markets and has
very serious implications for what happens to user driven innovation. We'd have the people's operating system, the people's web browser and the people's media player, and 'computers' would be as useful to innovation as a bicycle to a fish.
This is the kind of behavior you expect in a mature industry that tries to add
'law' to preserve failing market models dependent on a lack of competition. Next thing you know they'll want to force customers to upgrade periodically." Point it out to your boss.
Considering that our government tends to treat the entire population of the U.S., collectively, like a bunch of rowdy sixth-graders who can't be trusted to so much as tie their own shoes, does it come as any great surprise that the people behind this insanity (the entertainment industry, and probably Senator 'Disney' Hollings somewhere in the background) are taking pretty much the same view?
Micro$platt is, in essence, accusing us all of being thieves and media pirates in advance, and they're using that position to justify Palladium. All I can hope is that it'll die the same horrible death as DIVX did.
One thing I will say: If this goes through at full bore, it'll probably be a huge shot in the arm for the used-computer industry. Perhaps those who have pre-Palladium PCs, and non-PC systems (Suns, MicroVAXen, etc.), shouldn't be so quick to get rid of them.
Keep the peace(es).
Bruce Lane, KC7GR,
Blue Feather Technologies
DRM, authorized application and OS... Isn't it the thing Senator Disney Holling has been trying to put as a law ?
...)
This is something that both Microsoft, in his fight against OpenSource and RIAA/MPAA in their fight to restrict rights of consumers want...
But there are two ways it can be implemented : mandatory or optionnal.
Mandatory means that if the OS don't authenticate, it's access to some of the hardware would be limited. That could prevent OS like linux to run.
Optionnal means that it would be possible for the OS to authenticate with the chip and then, to get access to some cryptographic system that can be used when dealing with DRM-specific content but otherwise don't interfer with the OS.
With many (and more coming) big companies and governments betting on Linux, we can hope that it'd be optionnal... Allowing it to be mandatory would be suicidal for all those relying on Linux (like Disney, IBM, HP,
Future will tell us... But Palladium is a dangerous bet for Microsoft as, in the beginning, there will be both Palladium-enabled and Palladium-free systems available... and with more and more people switching from Microsoft to Linux, these Palladium machines could remain unsold and Palladium could sign the end of Microsoft in OS market...
MS can just make it a precondition to using the designed for MS Windows XP or whatever the next version is.
If the only way to get MS signed drivers for your hardware is to implement Palladium, they will likely do it.
but how much would Palladium affect developers (non-commercial, home-brewed programs)? I mean, under this system, only "digitally signed software" would be allowed to run. How would someone go about certifying their own program?, because if someone could do this, it defeats the whole purpose of Pallidum. So maybe VB Pallidum edition would certify your own code, but in the meanwhile would also certify the code of virus writers too. How about if someone writes a program in (C/C++/Perl/etc) on a (*nix/mac/sun/etc) and try to run it on a Windows Pallidum system?
$cat
IT has been itching to seize control over the desktop ever since those rouge PCs yanked control from the terminal/mainframe days. This OS will help that greatly. Say goodbye to Personal in PC.
The home user will most likely reject it. We think about gramps with a computer, who doesn't care, but in almost all family situations, there's a younger and computer literate geek who is called whenever there is a computer problem. Most of them love Microsoft now (look at the flame wars here for examples). Removing Personal from PC at home just ain't going to fly. People will reject it and if future hardware enforces it, the hardware market will take a huge negative hit for years while people hold on to legacy computers until they all die out. For advanced gaming, we'll just buy consoles. For our home box tinkering needs, we'll hold on to our trusty current boxes...
Comment removed based on user account deletion
The important thing to understand about Palladium is that it doesn't improve security for the end user. I can control what software runs on my machine right now, and I can refuse to run incoming code that isn't signed by a trusted party. Pallidum's sole purpose is to give IP owners control my computer, because as long as I have control over my computer then digital rights management is a paper tiger.
If there is hardware that refuses to run without the right signature, then there is no way for me to install anything that bypasses digital rights management. The fact that Linux will certainly not have the right signature is just a happy byproduct of the fact that I can't develop or install certain kinds of software.
This kind of technology makes me shudder.
Computers have yet to penetrate really deeply into the average consumers home.
This type of User doesn't generally create anything really complicated with their computers, they'll hardly even notice the difference between Palladium PCs and Unrestricted Computers.
As long as they have Web, E-mail, Word-processor, something to do Invite cards to parties and work with Digital cameras etc. they'll be perfectly happy.
They will not understand the nerdy minorities issues, and certainly won't raise a fuss as we're carted off screaming by the authorities when we're all branded unmutual or something.
It'll only be the next generation (or the next after that) who realise that their capacity to innovate and progress humanity has been curtailed.
From my Autobiography - "Lifestyles of the Sad and Desperate"...
Comment removed based on user account deletion
Kind of like any economic graph measuring the elasticity of a product's price. You need to find the sweet spot between achieving your ultimate end goals and what the customer will tolerate before moving to a competitor.
So even if you love Microsoft, your best bet is to publically rally against this thing. When Microsoft sees the public backlash, they will come back with a slightly gentler version.
But make no mistake about it, eventually, it will happen, and they have the market dominance, funds, and patience, to eventually ram it through the market... My very first boss told me that the best way to affect change in a company is to make small baby steps instead of one big giant step. People won't notice it if you change a little at a time. But if you do it a bit at a time, you'll catch them sleeping and by the time they realize the cumulative effect of all the mini changes, it will be too late.
While there is a case to be argued about the use of company resources for personal benefit, I believe you are failing to consider all the factors leading to the PC revolution in the workplace.
Those old, slow, overpaid and overstaffed IT departments that were shot down in the eighties died because, once computers became cheap and powerful enough, the mere mortals in accounting and marketing wouldn't have their work controlled by a bunch of nerds. I find it hard to believe these guys will be willing to give the control back to a centralized entity.
Even the supposed benefits of control won't be enough when Jane from marketing and Will from sales go over the CIO head and tell the CEO that those same nerds are again hurting the company profits with their new policies and controls. And that, by the way, the new product launch will be postponed because the nerds couldn't deliver the new server in time for the website launch.
Microsoft Tackles Cyber-Security.
Notice the highlighed quote: Ooh, a bold new step for Microsoft, a bold new step for mankind! Now read his actual statement, included in the same article: Now can anyone claim that the press isn't trying to spin this?
How long can it be until Palladium is r00ted? A buffer overflow in a signed app, a backdoor, a big wooden horse, whatever. Relax.
- Boss has us convert his laptop from Win98 to dual-boot Linux as well. He tries to
use Linux whenever he can, falling back to Windows only when he must. That's becoming
less-and-less.
- Company that does our Manufacturing Resource Planning software gets regular inquiries
from us asking about the status of the Linux client software. (It's in-process, btw.)
- New initiative for production-line modernization will be, client-side, all Java- and
web-based, running on currently moth-balled X-terminals. Needless to say, the server-side
will not be running on Windows servers. (Don't have any of those anyway.)
- Recently showed the boss an "Urgent" letter from MS, delivered via UPS 3-day "priority
something-or-other" mail. Therein was a grave missive about how if we didn't upgrade to
Microsoft's new upgrade trap^H^H^H^Hplan RIGHT NOW, it'd costs us tons o' money
later. He suggested I frame it for future fun & merriment.
What triggered all this on the part of an IT director who had previously standardized the company on Win* PCs and (mostly) MS office solutions? A couple of things. Most recently and most importantly: XP and the "you don't buy it, you rent it, from now-on." Then, I suspect, was the realization that TCO was just getting way, way out-of-hand. Seems that nearly daily there is some kind of problem, no matter how small, with one or the other of the client PCs running Windows somewhere in the company. Yet the Linux and Solaris boxen just keep running, day-in and day-out, 24 hours a day, 365 days a year, with nary a hiccup. That thing with MS Media Player didn't impress him much, either, I think.So, you see, my boss already knows. He already understands. And apparently we're already planning to get out from under the Microsoft[r] Thumb[tm].
I'm writing this posting on a WinXP machine. Before I had Win95, I used 98, then 2000 and now XP. With nearly every upgrade or patch our freedom as users has been decreased ever so slightly. As it is a gradual process, no one will really notice (no, ./ geeks don't account for a substantial amount of Win users) and it is really hard to draw the line. When is enough enough? The big pro in MS products is their usability. As long as the UI stays ahead of the rest users WILL accept the gradual decay of their freedom without so much noticing it.
Maybe I can't speak for the majority of Slashdot users out there, but with every Windows version I owned I thought: 'This is going to be my last Windows version. I'll make the switch after that. This new crap has crossed the line.' And EVERY time I went back and bought the new crap because I could get my apps running easier, because I could play my favorite games, or simply because the UI allowed me to be more productive.
As long as MS leads the industry they WILL shove this stuff down our throats and we WILL swallow it. I can imagine EXACTLY what this future will look like. The bad thing is that the public will see nothing bad in it. And if someone objects just label him as a terrorist...
One problem is that it's impossible to ship such an OS with a level of trust that preserves competition. If only MSFT is trusted by default, and a scary message must be acknowledged before trusting other parties, most users will use only MSFT software. If only MSFT and people it trusts are trusted by default, and a scary message must be acknowledge before trusting other parties, MSFT gains a lot of power over what people do use (and trust can be centrally revoked, enabling MSFT to partake of a number of slimy business models). If VeriSign or similar is at the root of default trust at the OS level, and a scary message must be acknowledged before trusting other roots, shareware/freeware authors have to pay a tax to VeriSign to create their applications, thus stifling innovation. If no scary message is printed at all, then the point of the whole system is moot.
Have you tried as an individual to get an Authenticode certificate from VeriSign lately? They won't do it because of half-assed reasoning that includes the two meaningless trump words "national security". If, as you claim, this project is about "hardware enforced trust" then how does a user attempting to insert their own hierarchy of trust distinguish themselves from a virus (or, heaven forbid, a competitor) attempting to insert its own hierarchy of trust?This is about software trusting hardware and software trusting software. The hardware doesn't need to trust anything, and hardware trusting software is a well-researched and well-practiced problem which requires nothing short of potting whole systems in epoxy to foil attackers. Read Microsoft's patents, not Microsoft's propaganda.
This has nothing to do with the problems smart cards solve. Smart cards attest to the identity of the user, and as people are movable it makes perfect sense for these to be movable as well. Palladium's version of trust has nothing to do with a user proving their identity and only with proving a computer's identity. People don't care about a computer's identity. State-sanctioned spies, content vendors, corporations, software and software vendors do. What does a secure real-time clock do for the average user? Nothing. This is not about solving problems for the end-user. Incorrect. If there is a patent on loading and identifying a digital rights management operating system its use is governed by Microsoft's licensure of that patent. If systems will (as feared) fail to allow use of the cryptographic processor or potentially even the entire system unless every stage of the boot trusts the next one by signature, that seriously degrades the user serviceability of open-source OSes. If users can set the secure real-time clock then it's clearly not secure. To top it all off, Microsoft is not known for handing out code under terms that allow modification or redistribution, and I fully expect the Palladium source to be released under the same viral "shared-source" look-but-don't-compete license as the CIFS specification and MSDN. History has shown they open things just enough to get maximum traction in any particular campaign. I suspect that, as they have done historically, they will disclose just enough info to allow them some slimy claims about openness and then aggressively leverage those claims to gently or brutally exclude competition on many levels.This initiative has nothing to do with consumers except to ensure they consume and pay for the privilege.
-jhp
/. -- the Free Republic of technology.
1, The entertainment commerce X-box/Cable/Sat TV box/Subscription Web Browsing appliance box which needs a subscription to use. Even the video link to the monitor and Audio link to the speakers will be bidirectional handshaking encrypted data links. A sniffed copy of the data stream will not play back on another device, or the same device at a later time. It's a pay to play format protected every inch of the way by encryption.
2 General Use computers for word processing, spread sheets, hacking, photography, piracy, CD ripping (you know the obsolete format), low resolution TV recording (Not HDTV digital after 2007) and non-subscription web browsing. This second box will be locked out of the new media formats and trusted commerce standards. New media material will not be released in open formats. Windows, Mac, and Linux fall into this latter catagory. Non protected media content will be barred from the internet at strategic choke points. Media trading in this format will be prosicuted to the fullest extent of the law.
The truth shall set you free!
>> Maybe I can't speak for the majority of Slashdot users out there, but with every Windows version I owned I thought: 'This is going to be my last Windows version. I'll make the switch after that. This new crap has crossed the line.' And EVERY time I went back and bought the new crap because I could get my apps running easier, because I could play my favorite games, or simply because the UI allowed me to be more productive.
Well, THIS Slashdot user works for a Microsoft Solutions Provider and therefore has access/company purchasing/training on all the Microsoft I can stand, even though I usually work the Unix side of the fence for them. And even though I'm an up-to-date MCSE, at home I back-revved all the Windows boxes to Win98SE. Contrary to what you hear from the Church of Bill, Win2K and its variant/mutant children are NOT more stable, fun or rewarding to use and they're a lot more pesky to nail down regarding matters of spyware, privacy control and consumers' rights in general. And although I have in the past helped maintain my (computer non-literate) friends' boxes for free, I have advised all of them that I will not touch any box with WinXP on it and I'd rather not bother with Win2K unless they have some killer app that absolutely demands it. I have convinced many to backrev to Win98 and without exception, they have benn happier after doing so.
The new crap crossed the line a while back, around the time the Media Player patches screwed up every other manufacturer's multimedia applications on the box. Enough already! I've got most of my friends dual-booting to Slackware, and whenever their boxes' damned internal Winmodems are supported some of those boxes are going to not be running Windows much, if at all.