Slashdot Mirror
MS Palladium Patent
Concerned Citizen writes "cryptome has Microsoft's patent for Palladium. Including such gems as: 2. The computerized method of claim 1, wherein protecting the rights-managed data comprises:
refusing to load the untrusted program into memory. 14. The computerized method of claim 1, further comprising:
restricting a user to a subset of available functions for manipulating the rights-managed data.
And I'm sure we'll all be coerced to agree to Palliadium during a future security patch agreement."
The only reason why I'm using windows is because MS office is still superior and there is no substitute for Director, Dreamweaver or QuarkXPress on Linux.
So if palladium does become reality I'll have to swap over to Mac.
But wait: doesn't M$ 0wn apple? (25% stock?) Does anyone know about DRM plans on mac?
Your hardware will refuse to load linux if you dont patch it either.
Lots of people here don't seem to get it. If Palladium is to work, it must be incorporated in all CPUs, including those running MacOS, linux, BSD or FrobOS. Can't imagine how big business and the State could slip that through so it becomes illegal to use a "pirating operating system"? Think again...
Be very afraid.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
"DRM will not make it on to desktop PC's. Try telling a user that the
new computer they are thinking of purchasing has less features than
their current one."
It might just be possible that Microsoft, Intel and AMD have already thought of that. It might just be that they will market it as a new feature. Indeed, in the original NYTimes Steven Levy piece it was interesting to see Gates saying (words to the effect of) "we started thinking about this technology in connection with music and video, but then we realised we could position it as a general purpose security feature." Apart from killing one of the last remaining sectors where ISVs still make money writing for the Windows environment (a/v, security, personal firewalls and so forth), you can bet that they'll be trumpeting Palladium as the pay-off from the much hyped "trustworthy computing" hype. Come to think of it, that abuse of the word "trust" - a term with a specific meaning in info-sec, crypto and other areas - as a marketing term is classic Microsoft double-speak. Or do I mean newspeak? "Palladium is watching YOU!"
Oh, and what's in it for Microsoft? Control. The same thing they've always been about. It's the same reason the MPAA are attempting to suppress deCSS: nothing to do with copy protection, everything to do with control of the distribution channel.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Actually, take a look at this article. Microsoft is attempting to sneak in as much control of your computer as possible.
http://www.codewolf.com - Just good stuff to waste time
If Palladium is to work, it must be incorporated in all CPUs
Nope.
Unfortunately Microsoft has a plausible route to getting Palladium out there. "Palladium Enhanced" computers will be able to do everything non-Palladium computers can do, plus they will be able to view DRM movies, DRM music, and whatever else. The content industries will jump on board. The only reason not to get a computer with Palladium in it would be extra cost, but Microsoft could subsidize that cost down to zero if they want.
Microsoft programs will start including extra options that only work if Palladium is present. Once Palladium is on a certain percentage of computers Microsoft can start requiring Palladium for basic functionality. They could even start requiring Palladium for all patches and installs. It's "for your own protection", Palladium will ensure the patch is legitimate and not a virus/trojan. They just won't offer bug fixes / security patches for non-Palladium. Once Palladium is in a certain percentage of computers they can start making people suffer if they don't have it.
Cracking the system is going to require cracking the hardware. It's not going to be easy, but someone WILL do it before Palladium hits that critical percentage of desktops.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
So Palladium won't load an untrusted program into memory... How would it accomplish that? In order to determine whether a program was properly signed, one would need to get its checksum. In order to do that, you would have no choice but to load it into memory of some form. I suppose you could bypass the RAM, DMA it through a dedicated calculator... But that would be inefficient; you'd need to scan it once, and then load it for execution. And you'd need to do it every time you ran the code, or someone could have compromised the data on the system's drive by editing it on a non-Palladium system.
And what's the big deal about having "non-trusted" code loaded into RAM anyway? Actually, it's very easy to put one's own binary code into the system's memory; load it as raw data. An OOB-type exploit can pass control to that nearly as easily as it can execute a program that's been loaded but not yet determined to be trustworthy.
Palladium is just ActiveX revisited. Security is confusing because it covers two entirely different problems: 1) protecting the machine from rogue users, 2) protecting the machine from rogue software.
The second point bifurcates into two opposing camps: 1) most rogue software comes from unemployed college dropouts, 2) most rogue software comes from Fortune 500 companies.
Palladium is the approach of keeping the foxes away from the chickens by building a coop for the foxes.
IE for the Mac is also superior to IE for Windows. It even has alpha-channel support for PNG files, which IE for Windows lacks. Do these teams never communicate?
End of lesson. You may press the button.
Have you checked the latest specs for DVI. Here is a link to a site where a DVI output does not even work with a DVI monitor. The signal is encrypted all the way to the monitor and even sometimes the handshaking doesn't work.
e s/top6.htm
http://www.riva3d.com/dvi.html
I fuund this gem regarding DVI
With capabilities for copy protection, bidirectional communication, and selective refresh, DVI is projected to have a minimum life of 10 years.
at http://www.intel.com/update/archive/issue22/stori
Somehow I see new content being released only to "trusted" hardware that are quite hack and copy resistant. Even the link to the monitor and speakers will be encrypted. A copy played back will lack the proper response to a random challange and the playback device will not unencrypt and play a recorded copy on untrusted hardware because it will not handshake.
The truth shall set you free!
I agree that geeks have a certain influence over the people in their lives when it comes to matters like this, but let's compare MS's marketing budget to Circuit City's marketing budget for a moment. And when we're done there, let's compare Windows's market share to Apple's market share to Linux's market share.
.Net. 18 months after they announced it, most COMPUTER PEOPLE I know can't explain what the hell it is, myself included. I met a programmer that came close though :) The point is that .Net has been this word that MS floats around, but the definition keeps changing. Even Jim Alchins said that they don't have it fleshed out really well inside the company yet. That hasn't stopped MS from running comercials advertising .Net yet though. And whatever it is, I'm sure it will be pretty successful because MS will just keep massaging the definition and marketing until it sounds palatable to the masses.
Talking down Microsoft's initiatives is a LOT easier said than done. Seriously, if you'd like another good example, look at
Paladium could be the exact same situation.
Chris
Perhaps it won't happen. Perhaps the idea is just yet another diabolical plan for world domination that popped into William H. Gates III's twisted imagination. But we must not be complacent unless we want to live in a world where Free Software is a crime.
We need to think about Palladium like we think about asteroids colliding with earth. The risk is small (maybe even tiny) but the possible consequences are catastrophic. Our actions should be made accordingly.
Of course Palladium won't mean the end of the world. But it will mean that Microsoft will finally become completely entrenched into global civilisation, a scourge which will be impossible to remove. It will make it only a matter of degrees for Free Software to be outlawed. And it will tether our technological society to outdated ideas from the 19th century.
At a time like this nothing is more dangerous than complacency.
since the 26th of June Slashdot has had five stories concerning palladium:
/ 16 41205&mode=thread&tid=109
2 27 &mode=thread&tid=109
7 21 8&mode=thread&tid=109
/ 13 14229&mode=thread&tid=109
http://yro.slashdot.org/article.pl?sid=02/06/23
http://slashdot.org/article.pl?sid=02/06/27/125
http://slashdot.org/article.pl?sid=02/07/02/161
http://yro.slashdot.org/article.pl?sid=02/07/04
and now this one... shouldnt the paranoia level be turned down a notch till we have something a little more concrete?
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
OK, I just have to bite when the thread is d&d related...
It all depends on your point of view. Microsoft view themselves as lawful good, free OS zealots as lawful evil, and napster-happy consumers as chaotic evil.
For the free OS point of view swap evil for good and vice versa.
The whole AD&D alignment system doesn't hold up in the real world; the chaotic, neutral, lawful bit is fair enough, but as for good, evil and neutral you need to have an objective, externalized viewpoint to say what is good or what is evil.
This is basically the same "Is there such a thing as objective good and objective evil ?" question you might get on a philosophy exam.
My own opinion is "no", but most people fall into the "yes" category, either because they belive in some deity, are totally stupid or c) both of the above.
To properly frame the viewpoints of MS vs free OSs you need to replace good and evil with commercial and free.
So MS is Chaotic Commercial, free OS zealots are Lawful Free. Show me a company that is Lawful Commercial and I'll show you a company that covers its tracks well...
graspee
First, this guy thinks a lot of himself: FUD Notice the bold FUD. Oh my, that sounds horrible. We could have a market finally for digital releases, one where I get my media, and the seller gets his money. Sounds fair. Keeps me from making 10 copies of this new movie and giving them to my friends. And thus more speculation and FUD. OK, so now the open-source movement is AGAINST encryption/privacy? Does this mean PGP is bad now too? This sounds like technology I always assume US military intelligence organizations already use. I don't want a whistle-blower leaking confidential battlefield plans (we've seen it happen a lot in the last year). As for corporations, if a whistle-blower can't print, email, fax, save to disk some document, they'll find some other way to blow the whistle. This is a stupid argument as for why Palladium as a whole is bad. I'm sure the FBI would love it if the Mafia started using DRM certs on their data. It'd be much easier to ask a judge for the rights to sieze and open documents certified by this certificate, then say to ad-hoc monitor possibly private data in an attempt to get to Mafia data.
Note, it will never happen. Criminal elements will stay away from technology like DRM and pallidum. Elmer FUD would be proud. I went and pulled the membership on the EUROSMART list, and I see a lot of overlap with TPCA. I guess they don't hate it that much. First, that's not censorship, that's search (and possibly seizure) and it's pure FUD to presume the government will push a button and search you hard-drives and then drag you down to the police station, for your dirty little picture. However, even if they did... this picture would have to be signed somehow, and under DRM protection. Not sure why a child pr0n peddler would take the time to DRM his pictures. And if you want to view that sick stuff, turn off the DRM system before you do it. Yes, it does have an off switch. While off, you can't use the apps in DRM mode, meaning you can't open DRM certified media. Oh my god. It's at this point I have to stop reading this horrible FUD..er FAQ. Disable DRM, and the DRM enabled functionality in DRM enabled apps will cease to work, the apps will continue to work. Sure, you can't open your ULTRA-7 security level report, that the NSA sent to you, but theres good reason for that. Turn back on the trust management, and then open that report. And what's with saying it's like switching from Windows to Linux? First, what the fook is wrong with linux bitch? and second, that makes no sense!
I honestly went to this FAQ to try and see both sides of the Palladium debate. But this FAQ is a borderline paranoia conspiracy rant. It hurts the anti-palladium side more than helps. Stick to the facts, dissect it like a Vulcan would. Show me logical arguments, and keep your emotion and fear out of it.
-malakai
-Malakai
A Dragon Lives in my Garage
Unfortunately, it looks like the cheapest Code Signing Certificate that one can get from a CA (one that M$ will trust, anyway) is $200 from Thawte. Verisign is $400.
How difficult would it be to set up a free CA for Open Source Software, or software released under other licenes, such as X or BSD?
IMHO, code signing in itself is not such a bad idea. What is bad is who you have to pay money to in order to get "trusted" status. A Free CA would allow free software to remain free and gain "trusted" privileges.
First: If you've been kidnapped and locked in some basement in chains for the past 6 weeks, ignore my ranting and please accept my apologies. If not, read on...
AMD and Intel have both signed on to palladium. It is a done deal. The motherboard makers have no choice, they will be starved of the latest fastest CPUs, if they refuse to cooperate. Possibly even starved of the older slower CPUs... AMD and Intel will simply refuse to manufacture them (there is precedence, AMD clobbered the 486's that embedded systems engineers liked so much). The chipset manufacturers will either clone the DRM features, or be left out.
There is no escaping this. Laugh all you like, point at Circuit City's DivX if it makes you feel better. I could explain that too, if you cared to know. And when the marketing weight of 1 billion cluelesss idiots buying the computer the Dell dude tells them to crushes you, I'll be laughing at you. Admittedly, only a split second before I'm squished like a bug. *shrug* OS choices? What choice? Linux kicks ass, no argument here. But it simply won't run. "Yet more proof linux is insecure, it won't run with palladium!". We're all sooooo fucked. Does anyone have some lube? This is going to be a big one, and I'm afraid my virgin ass just won't be able to take the punishment...
Conclusion: You are simply a flaming retard, incapable of seeing the nearly immediate, and agonizingly obvious. You're standing there, admonishing us all not to panic, even though those that choose to look can see the 500 ft tall tidal wave getting ready to crash. If ever there was a time for panic, it's now.
*LOL* *Sobbing*
"I've heard WinXP removed the cmd/command prompt."
No, they didn't remove the CMD.EXE or COMMAND.COM prompt from Windows XP. But Windows XP has reduced functionality, in many ways, not just in the command line. The command line is a big embarrassment because of its limited capabilities, but at least in Win 95 it worked. With every version since then it has worked less well. (There are two kinds of command prompt, and, according to Microsoft employees, the differences between them are not documented.)
The command line prompt sometimes begins to display short file names. Microsoft employees say that Microsoft has no fix, although someone not connected with Microsoft did make a work-around.
Cutting and pasting into a command line program often puts successive extra spaces before each line. Microsoft employees say that there is no plan to fix this.
The fast paste mode that is in Windows 98 is gone in Windows XP. Microsoft employees say there is no plan to fix this.
When using the command line interface, Windows XP doesn't always update the time. After several hours, the time reported to command line programs can be several hours in error.
People often say that DOS has gone away. But Microsoft still calls the command line interface DOS, and in Windows XP has added new programs for configuring the OS that work only under DOS.
Sometimes when you press a key while using Windows XP, it is seconds until there is any response. Apparently there is something wrong with the CPU scheduler in XP, because there are a lot of complaints about this in the forums and MS people have said that they are working on it. On one particular fresh installation of XP, on an Intel motherboard with either a Matrox G550 or an ATI Radeon video adapter, it requires 18 seconds to display a directory listing of 94 items. This is apparently related to a bug in the video software, not the adapter drivers.
Something is wrong with the Alt-Tab display of running programs under Windows XP. If there are a lot of programs, not all of them are displayed. The order jumps around in a seemingly random way.
Although articles often say negative things about Microsoft, I've never seen an article that fully documents how bad the situation really is. Microsoft's management is so bad that the company has become self-destructive. For example, Windows XP is spyware. Here is a list of ways Windows XP connects to Microsoft's servers:
- Application Layer Gateway Service (Requires server rights.)
- Fax Service
- File Signature Verification
- Generic Host Process for Win32 Services (Requires server rights.)
- Microsoft Application Error Reporting
- Microsoft Baseline Security Analyzer
- Microsoft Direct Play Voice Test
- Microsoft Help and Support Center
- Microsoft Help Center Hosting Server (Wants server rights.)
- Microsoft Management Console
- Microsoft Media Player (tells Microsoft the music you like)
- Microsoft Network Availability Test
- Microsoft Volume Shadow Copy Service
- MS DTC Console program
- Run DLL as an app
- Services and Controller app
- Time Service, sets the time on your computer from Microsoft's computer.
- Microsoft Office keeps a number in each file you create that identifies
your computer. Microsoft has never said why.
- Microsoft mouse software has reduced functionality until you let it connect
to Microsoft computers.
These are just the ones I know. There may be others.So, if you use Windows XP, your computer is dependent on Microsoft computers. That's bad, not only because you lose control over your possession, but because Microsoft produces buggy software and doesn't patch bugs quickly. For example, as of July 7, 2002, there are 18 unpatched security holes in Microsoft Internet Explorer. This is a terrible record for a company that has $40 billion in the bank. Obviously, with that kind of money, Microsoft could fix the bugs if it wanted to fix them. Since the bugs are very public and Microsoft has the money, it seems reasonable to suppose that top management at Microsoft has deliberately decided that the bugs should remain, at least for now.
It seems possible that there is a connection between all the bugs and the U.S. government's friendly treatment of Microsoft's law-breaking. The U.S. government's CIA and FBI and NSA departments spy on the entire world, and unpatched vulnerabilities in Microsoft software help spies.
Windows XP, and all current Windows operating systems, have a file called the registry in which configuration information is written. If this one (large, often fragmented) file becomes corrupted, the only way of recovering may be to re-format the hard drive, re-install the operating system, and then re-install and re-configure all the applications. The registry file is a single, very vulnerable, point of failure. Microsoft apparently designed it this way to provide copy protection. Since most entries in the registry are poorly documented or not documented, the registry effectively prevents control by the user.
Note that Microsoft does not support making functional complete backups under Windows XP: Q314828 Microsoft Policy on Disk Duplication of Windows XP Installation. Only those who work with Microsoft software will understand the true meaning of Microsoft's policy. Since almost all programs use the registry operating system file, if you cannot make a functional copy of the operating system you cannot make a functional copy of all your application installations and configurations. There are other software companies that try to fix this, but Microsoft can, of course, break their implementations, as they have often done with other kinds of competitors.
Note that the registry tends to prevent you from moving a hard drive to a computer with a different motherboard. That's another implication of the above Microsoft article. So, if you have a failure, you may not be able to recover unless you have a spare computer with the same motherboard.
Note that Windows XP Professional can support only ten simultaneous incoming network connections. If you want more than that, you must use Windows 2000 server, and pay much, much more. (There is no Windows XP server yet.)
Apparently because the Windows XP GUI comes from Windows 98, Windows XP has the same problem with desktop icons that Windows 98 has. The icons sometimes flicker. Sometimes they move themselves around, particularly after the user switches monitor resolutions. Also, sometimes the taskbar settings un-configure themselves, as they do in Windows 98.
Only technically knowledgeable people know how to avoid signing up for a Microsoft Passport account during initial use of Windows XP. The name Passport gives an indication of Microsoft's thinking. A passport is a document issued by a sovereign nation. Without it, the nation's citizens cannot travel, and, if they leave, won't be allowed back in their own country. In Microsoft's corporate thinking, the company seems to be moving in the direction of believing that they own the user's computer.
Not only has Windows XP definitely gone further in the direction of allowing the user less control over his or her own machine, but with Palladium, Microsoft apparently intends to finish the job: Microsoft will have ultimate control over the user's computer and therefore all his or her data. Even now, under Windows XP, a recent security patch gave Microsoft administrator privileges over user's computers. If users want to patch their system against a bug which would allow an attack over the Internet, they must give Microsoft legal control over their machines. See this article also: Microsoft's Digital Rights Management-- A Little Deeper. You may need to be a lawyer to take apart the crucial sentence. "These security related updates may disable your ability to copy and/or play Secure Content and [my emphasis] use other software on your computer" legally includes this meaning: "These updates may disable your ability to use other software on your computer." Note that the term "security related updates" is meaningless to the user because the updates have no relation to user security. So, the sentence effectively means that Microsoft can control the user's computer without notice and whenever it wants. That kind of sentence is known in psychology as "testing the limits". If there is no strong public complaint about this, expect to see more and stronger language like this.
This Register article shows the direction Microsoft is going: MS Palladium protects IT vendors, not you. Absolute power corrupts absolutely, and Microsoft is well down that road. See this ZDNet article, also: MS: Why we can't trust your 'trustworthy' OS.
Microsoft's self-destructiveness does not mean that the user should be self-destructive. There is no need to apologize for using Microsoft software. The correct solution to abuse is persuading the abuser to stop being abusive. Once I posted to a Slashdot story a link to an article on a web site of mine. By far the majority of visitors from the Slashdot story used Microsoft operating systems. Rather than feel embarrassed because Microsoft is abusive, action needs to be taken to prevent the abuse. If you are against Microsoft abuse, you are not against Microsoft; you are more pro-Microsoft than Bill Gates.
These Microsoft policies mean that any government which wants to be independent of the United States government, and any government which represents itself as controlled by the people, cannot use Microsoft operating systems, or other Microsoft proprietary systems.
Corrections and additions to this comment will be posted at http://hevanet.com/peace/microsoft.htm