Slashdot Mirror
The Power of Palladium
phriedom writes "Salon has coverage of Palladium which gives first page coverage to the idea that Palladium is designed to kill open source software. My favorite part though is on page two, where the Microsoft apologist says that ones view of Palladium 'depends on what you believe Microsoft's long-term aims are. If you believe it's to stimulate commerce and stimulate security, it's a step in the right direction ...and if you're perhaps given to suspicions that Microsoft always makes decisions with the aim of frustrating competitors of the Windows empire rather than for the good of consumers, you might have a different view of the same architecture.'" Wired also has a story claiming under-the-hood exposure to Palladium, although it doesn't seem to have much information that hasn't come out already.
Update by J : Steven Levy's Palladium story, which we linked to in an
earlier article,
has allegedly been
pulled from MSNBC's website.
Anyone know if there's a simple explanation of this?
Remember, Salon is biased towards Microsoft because they own Slate, and Slate is their competition. Now, they're also bitter out being on their death bed, while Slate gets to continue on bankrolled by MS.
Or something like that anyway...
Salon has coverage of Palladium which gives first page coverage to the idea that Palladium is designed to kill open source software.
That's weird. Salon is usually so objective and unbiased.
[/sarcasm]
--saint
Hardly pays to post this article. I think we all know what the slashdot readers' viewpoint is.
"perhaps given to suspicions that Microsoft always makes decisions with the aim of frustrating competitors of the Windows empire rather than for the good of consumers"
Yes, I believe that was the verdict.
How could one possibly have any other viewpoint on this matter? Microsoft has a proven track record of acting in this very fashion when it comes to competitors.
"I'm just here to regulate funkiness."
I found it ironic that as I was reading this article and trying to ignore the big advert on the right side of the page that I realized that the advert that I was ignoring was a microsoft add touting 1 degree of separation.
(B) + (D) + (B) + (D) = (K) + (&)
It is 3Q 2030.
You're arguing with your wife again. It seems she's missed her spending quota again this quarter. A proud patriot, you have no problem spending 85% and sometimes 90% of your income on consumer goods, yet she can't manage to spend even close to the 75% required by law. It's that foreign mentality, you suppose--that's what happens when you are educated overseas and without the benefit of a corporate sponsor. You have to remind her that if the Internal Consumer's Service (ICS) catches her, she'll be doing time in Philip Morris(TM) Prison like her uncle.
Oh well, hopefully a night at the town's AOL-Time-Warner-Clear-Channel-Blockbuster(TM) Authorized Media Distribution Center will smooth things over with her. That reminds you--you need to have your eye- and ear-implants inspected for this quarter again, otherwise you won't even be allowed in tonight.
You haven't attended church services for a while. Although your wife is a devout follower of God's Customers(TM) and shops in the Church Store at LEAST five tiems a quarter, you're not yet convinced that converting from Consumers For Jesus(TM) was that sound an investment.
Your son Rick has just graduated from the local McDonalds(TM) High School. You want him to go to Pepsi(TM) University like his sister, but he wants to go to Coke(TM) College. Not that it matters--the permits you get at either school are the same. Although he really wanted to attend Stanford(TM), his corporate sponsors rejected that proposal, based on what it might do to his credit rating.
Your youngest daughter just graduated Pepsi(TM) U. It was expensive, but she is all set now, having received a Creative Thought Permit and a Entrepreneurship License. On top of that she's accepted a job at Fortune 10 corporation. Of course almost everyone works for a Fortune 10 nowadays, there being only thirty-some corporations left. It's too bad she had to sign all those NDA's though--you'd really like to be allowed to know where she would be living and how to get in touch with her. Ahh well, it's the price you pay for our corporate security.
Your older daughter, after twenty quarters of employment, was finally permitted to tell you that she is working in middle-management at AT&T. Of course, every job in the United Corporations of America is middle-management. The cheaper--skilled--labor is all outsourced to Those Other Countries, whatever they are called. In ten more quarters, assuming her credit rating remains good and she has attained Shareholder status, she'll be allowed to talk face-to-face (no encrypted channel) with us again!
Apparently, her five year old daughter has been grounded again, this time for racking up a $6000 fine--singing "Happy Birthday(TM)" at a party without a Media Distribution License. She really needs to be taught a lesson--that as a patriotic Consumer of the UCA, she needs to respect the rights of Shareholders and property owners. What a dangerous thoughts she has! She thinks she should be allowed to say whatever she pleases, no matter what it does to someone else's portfolio! No one can get it through to her that terrorist ideas like that will land her in one of those "special" schools--and she'd be subjected to a lower quarterly limit on all her credit cards.
Fax from your wife--she'll be late tonight. Corporate HQ has re-instated fourteen-hour work days until the end of this quarter. It's too bad she's not allowed to quit her job--you could get her a pretty sweet management position any time in your department at Microsoft.
This document is hereby released to the public domain. You may (and are encouraged to) reproduce, republish, read, modify, and/or archive it without limitation.
They say it will be secure, but they said the same about Windows XP, Windows 2000, Outlook (after each patch they issue), and everything else, not just Microsoft. It just takes time before a security flaw is found, nothing is every truly *secure*.
My other sig is an import.
in 16 days... all of them saying the same thing...
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Read this story from Zdnet: News: Microsoft: Palladium not just for Windows
first page coverage to the idea that Palladium is designed to kill open source software.
So, lemmie get this straight. MS sees Linux/Open Source Software as a competitor. MS competes with said competitor in order to win more capital.
What's the problem here? This is basic economics 101. You can't complain about it. Remember that Open Source software is very adaptive. There will always be a way for both MS and Open Source to talk to one another. MS will always try to stop open source, cause they see it as a viable competitor. Open Source will survive, regarless. There's no point in whining, nor is there a point to bash MS. Its legal, and its common business sense.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Anytime you focus that much control through one agency, you're asking for trouble. Funneling it through a for-profit company is double the risk.
The Mongrel Dogs Who Teach
http://cryptome.org/ms-drm-os2.htm
rather interesting
this is the most important sig ever! In your face 446154!
For all its faults, Microsoft is not known for kicking its customers in the teeth.
Is there some other Microsoft out there? The one we all know and love is well known for kicking its customers in the teeth.
This guy obviously has not done any research into Microsoft's history.
# fuser -v
#
Apparently Microsoft met with the EFF to discuss Palladium. Mr. Schoen wrote up his notes from the meeting.
His notes are more technical in nature and he doesn't make much in the way idle speculation, so they tend to disagree with much of the reporting that's shown up on slashdot.
It should be very clear that Microsoft is very much interested in using experienced gained making a closed system with licensed developers (the X box)and approved software and moving that to the business and consumer desktop OS.
This is the ultimate in hubris. They are in the penalty phase of a federal decision that seeks to punish them for doing the exact same thing with their restrictive licensing. Now they want to have even more restrictive licensing enforced by software and hardware that makes certain nothing unauthorized by them runs on windows.
Or Maybe they are just shooting the moon on this one, so their other business practices look nice in comparison. Either way this stinks.
When was the last time MSFT ever wanted to stimulate commerce, except in the purchase of its own products and products that allow people to purchase its own products?
When Intel came out with the uniquely identifiable number in the Pentium III, of course customers didn't care, right? When I do have to run windows, and need to install drivers, things that aren't signed are generally the things that I need to use! Why in the world would I want any sort of chip that could possibly restrict this sort of thing. This could even be expanded to be "you can't run this code on your machine unless redmond has signed it"
It will be ILLEGAL for Open Source to talk with Palladium
unless M$ gives their approval, what do you think the DMCA is for?
Well, from the sounds of it. This is a perfect attack on the open source movement.
:-)
While absolutely anyone will be able to program code for the Palladium system. Since anyone can have a licence. (I believe Microsoft would let this get by). Only the open source people wouldn't be able to handle the new licence everytime. Thus Microsoft maintains control in two ways.
1. The only main threat to MS's OS monopoly right now is Linux (and maybe a tad bit of Apple, which they own a seat on the board for.) This isn't a huge threat, but if it takes off, Windows loses it's viability. Then MS is screwed. With Palladium, only MS OSes(and MS supported OSes) will be able to handle the Palladium hardware, and the only competition that could potentially cause problems is blocked because it's unreal for it to be signed every single time.
2. If MS decides to spread their wings some more. They will have the ability to put loopholes into Palladium to make it harder for competitors to code. They have done this before with Windows, making changes that purposely are damaging to competitor software (I know, I have had to program around those changes.) I wouldn't be surprised if they used this to accomplish the same thing.
No matter what though, it does show an evil injenuity that I haven't seen from MS since the days of OS/2, and even all the way back to MS/DOS. I guess OS is having the effect of forcing these companies to compete. Since people have realized the software they pay for is as good as software people give away for free.
~ kjrose
an interesting, detailed perspective on Palladium from someone who worked inside MS on some related stuff. TCPA and Palladium: Sony Inside
-- -- -- --
"The U.S. Constitution - not perfect, but its better than what we have now"
A cryptographic sign, then, would essentially work like a Good Housekeeping seal of approval, and you could decide whether to trust the code based on what you think of the signer. In theory, an organization like the hacker/cracker publication 2600 could sign code, Biddle says, as could open-source companies and free software advocates or whoever else people trust.
I authorized RMS/OSS/FSF to be the only software to run on my new Palladium system, and now it won't boot.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
If this does happen then the victims will be us the consumer. I just hope that they can't actually sell this crap to people. But I'm too much the pessimist. MS will sell this to people and they will take it. Just like everything else that MS has done.
I think it is important to note that the person described as a "Microsoft Apoligist" is Farber, who testified against Microsoft in the antitrust trial...
Little Brother, watching the watchers
Microsoft and most other companies have been trying to do this (and many similar things) for decades, and will continue to do them. Sure MS has the money to do this, but there are limits which even Microsoft cannot surpass. Linux is BIG on the server segment, will Intel and AMD lose their stand in this segment (which tends to be more lucrative than desktop procesors) only to please Microsoft? Not likely. Even if they do, other companies will jump in to fill the void (Transmeta, VIA). I don't approve of it nor will I support it, but I don't think this is the beggining of an "1984"-like world. Just take a look at how long the Win XP authorization scheme remained uncracked
please excuse my apathy
Fee-C's (Fee-based Computers)
Copyrights, Patents, Trademarks: temporary loans from the Public Domain, not real property ("intellectual" or otherwise)
First of all, I don't trust Microsoft at all.
Given that, I've read all of these articles floating around and in principle I have no problem with a system of authorized applications.
However, the one thing I haven't seen is any indication that I myself will be able to authorize programs on my own computer. In my opinion, this would allow geeks to play with their own programming, download open source projects, etc. while still enjoying the knowledge that unless a program has been authorized by a signature authority or by themselves, it's not going to get a toehold in their machine.
If I'm beholden to the authorities to approve what I want to use, then I'm never upgrading. If however I'm allowed to authorize anything I might write or download then I don't have an objection to the principle.
The devil is always in the details, however.
The initiative, called Palladium, after the mythological statue that defended ancient Athens against invaders, sits on a set of technologies that have long been in use
Not to nitpick, but I AM tired of it... the Palladium was a small statue of Athena in the city of Troy, not Athens - it was stolen by the Greeks very near to the end of the Trojan War. It was the basis for the whole Trojan Horse bit. The explanation the Trojans received when they found the horse was that the theft of the Palladium by Odysseus had so infuriated Athena that the Greeks had left the horse to appease her wrath. The idea was then implanted in the Trojans' heads that the Greeks very much did NOT want the horse dragged into Troy, for then Athena would favour the Trojans and might kill all the Greeks on the way home. (Which, ironically, she and Poseidon largely did anyway.) The Palladium is generally held to have been taken by Aeneas on his flight from Troy to Italy, or maybe by Diomedes to Sparta, but never Athens.
Why is this subject any different than, say, encrypted e-mail? To me it seems to follow the same sort of model.
I know people who will only read e-mails that have a valid digital signature. Everything else they toss. Are they "constrained"? Well, yes. But that's their choice. They enjoy the security of knowing that the e-mail they read is actually from the person who sent it.
Why would a hardware-based system be any different? You download a program, it has no signature, you say "I don't care, install it anyway" and that's it. Or, you download a program and it says "this signature comes from Joe Pirate" and you choose not to install it. Or you choose to install it anyway.
I may be missing some key piece of information here, but I'm just not seeing why this is such a big deal when the same exact situation exists already with encrypted e-mail.
"always"?
I don't think so. Read it again.
I read the following:
And thought to myself ... "say what? That's not what Palladium is about ... shouldn't they be saying something about DRM, content control, etc.?" I kept reading and found even more instances where the article seems to incorrectly portray to the (uninformed) reader what Palladium is about ... e.g. Palladium will make computers "safer" for the user. I understand that later in the article, other points might be raised, but a casual observer, reading the first few paragraphs wouldn't get any of that ... as a matter of fact, after reading the first few paragraphs, I myself felt that the article was already getting overly technical for the casual user.
This certainly isn't an article that expresses the dangers of Palladium to the casual public.
Well, currently, I do already practice a limited form of code signing. When I, on my Gentoo system, type:
.tar.gz from a CTAN mirror - the MD5's never worked!) Does this protect against a dedicated hacker? No. But, in the recent BitchX scandal, it was noted that the MD5 digest in gentoo was for the tarball without the backdoor. I know that many distributers and packagers (RedHat springs to mind most readily) utilize GPG/PGP signatures on disc images and packages, which further derails crackers, as the public keys are kept by a central authority. FreeBSD uses a checksum, like gentoo, as well.
# emerge mozilla
part of the process is for portage to fetch a copy of the source code and compare the MD5 signature against the MD5 signature that I received from a different location (in this case, the portage / rsync mirrors. This actually bit me once, when I submitted a package that retrieved a dynamically created
Microsoft is not alone in this initiative - and if the article is right when it says MS will be out of the code signing business completely, this might help the situation. But I really don't see them being all that friendly to non-partnered code-signers.
Are you kidding me? Planned obsolescence? Squeezing consumers dry with each "upgrade"? Bundling an insecure scripting language with almost EVERY product it produces, thus singlehandedly giving the antivirus industry a job? Snuggling closer to content providers every day at the expense of individual users' rights? Further solidifying its monopoly, even after it was supposedly "disciplined" by the DOJ?
Maybe this guy sees something I don't. ;)
PrisonerCX
I think what the author really meant was a car that was governed to the speed limit.
- adam
Just substitute Zdnet with Slashdot.
Why does Microsoft set ZDnets news agenda? Nigel Johnstone
God am I sick of hearing Microsoft PR men set the agenda.
Where's the XBOX sales figures?
Is XBox is selling after the price cut or not? They have some good games out now (not just Halo), the Game Cube is out in Europe with its good games. Time to get the numbers.
Zdnet should start taking the initiative and and find out the sales figures instead of these sheepish stories.
So they plan to put a signature checker into windows installer and push for crypto acceleration as part of standards PC chipsets. Big deal.
I'm about as sceptical of Microsoft as the next slashdotter, but these conspiracy hysterics are getting ridiculous.
I'm all for having crypto acceleration in PC chipsets. That can only mean better security for the individual (until they discover the inevitable NSA backdoor, anyway).
As for Windows refusing to install unsigned software, fat chance. If they really do that, we can expect a lot more users and former Windows software developers in the Linux/BSD camp very shortly.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
Just about everyone who commented on Palladium feared the possibility of being compelled to use the system because someday it will be the only platform that will play content.
What kind of stupid culture do we live in where a majority of the people are worried about being forced into doing something just because a majority of the people are doing it?
Science may someday discover what faith has always known.
It will be ILLEGAL for Open Source to talk with Palladium
unless M$ gives their approval, what do you think the DMCA is for?
Who are they going to charge with breaking the DMCA? All the hotshot OpenSource developers, like Alan Cox for example, live and work abroad and refuse to enter the US.
This space left intentionally blank.
That's funny, my car has a speed limiter at 137mph.
Most fast German cars are limited to 155mph.
Seems people don't complain too much. Or they chip the car so it can go faster.
Oh yeah, also the guy who says "it depends on how you feel about Microsoft" was not an apologist, if you read the whole article...
- reid
I read it. It's silly. They're implying they will allow non-microsoft operating systems to use their palladium stuff.
But they clearly couldn't allow open source operating systems. So who does that leave? There are no other x86 operating systems to speak of except the open source ones, unless Palm for some reason decides to do a BeOS revival. Maybe MS will release a doctored version of freebsd with all the crucial kernel bits closed-source just to prove look, we're leteting competitors in? And what would be the point of offering Palladium tech licensing to other operating systems, when you couldn't run Palladium software anyway (because the Palladium software is win32??)
*Could* they allow open-source operating systems? How could Palladium chip manage to function when the operating system has been altered specifically to allow you to run things without consulting the Palladium chip? Does the Palladium chip refuse to let the machine boot unless the operating system itself has been signed? How does it read the disk to see if the operating system is signed without letting the operating system partially boot first? Please explain.
Yeah, yeah, DMCA, whatever. There's a limit to what the DMCA can do before it gets hauled into court and struck down. The general public can't understand all this gunk about linux and kernel drivers, but they WILL understand "This law makes it illegal to distribute this 40k file containing a long set of instructions in english, because this other program can convert that set of instructions into a patch for windows that will let you back up files for Palladium-enabled programs in windows." Very few people actually need or want to run DeCSS. If palladium succeeds, lots of people will want to circumvent it.
Is anything above wrong? There ARE reasons to circumvent palladium, right? I think MS's greatest triumph in any case is when they can make it so everyone is talking about their new technology but no one is sure what it is, and that's the case now. Is it or is it not true that Palladium would allow you to create an application that WOULD NOT run unless Palladium were enabled and in control of the operating system? Is it or is it not true that Palladium would create hard disk sectors and third-party peripherals that couldn't be accessed unless Palladium were enabled and in control of the operating system? These news articles are all so vague. Enlighten me.
If Palladium requires a hardware component on the motherboard, and AMD/Intel/whomever document the interace to that control, then it would be simple to write a boot-time routine which would turn it on by default - or, enable it to be toggled at any time during operation.
Yes? No? Anyone? Ferris?
Mjm
XKCD:Xeric Knowledge Comically Dispen
I am still waiting for Cairo.
If they can't get an object oriented filesystem to work, what makes you think this will work?
The Levy piece has moved to the Newsweek Pay Archives.
Try this link
"Together, the nub and coprocessor are designed to encrypt data in such a way that no other combination of nub and coprocessor would be able to decrypt it. Change a single bit of code or move the data to another computer, and it is unreadable."
Apparently they're not considering the idea that a computer might (gasp!) fail, or that someone might actually (horrors!( want to migrate their data to another computer!
Besides the already discussed issues, I have to wonder about any system that locks your information into one, and only one system.
The big problem with DRM is the dichotomy between trust and freedom.... if we're going to have signed code and signed media, there's going to have to be some barrier to getting signed. This signing, however, reduces the freedom to release code or media... in effect, restricting ALL expression, not just expression of copyrighted works or viruses.
And if history is any indication, what will the signatory barrier be? Just a "reasonable" fee...
The trust/freedom dichotomy is the biggie. If there were a way to resolve that -- perhaps the "2600 can sign things" idea mentioned -- letting DRM come is not a big deal.
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
I admit, I don't run Windows, or IE, I run GNU/Linux and primarily use Mozilla as a browser. I have never been tricked into running "malicious" code. I have never had a virus. I have never had data stolen from me (This presumably has nothing to do with the OS I use, and everything todo with the fact that I try not to be a moron and give my info to any one who asks).
:)
Why do we need all these digital signatures and systems for allowing code to run? I don't have any problems manually figuring out what I think is worthwhile on my system, it all takes place in my head and doesnt require any fancy Linux commands or anything.
I certainly don't have any "spyware" running on my system. Can you MS Windows users tell me, is the world that much different for you? What is it about windows that would make you need all this crap I am doing fine without?
Of course I've only seen one or two unrequested pop-up windows on the web and that was quite a while ago, I hear they are a problem for IE users as well
I see this as just another attempt to take a hot-button issue, dress it in some fancy clothes, and use it as a way to lock anyone who owns a PC into buying Microsoft's "new" OS and office suite. It may be capitalism, as others have claimed, but that doesn't make it a good thing for the consumer.
Then again, it's Microsoft, so the Vaporware Scale must be employed. I'll believe it when I see something other than hype.
...When code will have to be signed in order to run on a processor at all? This seems to be the end of this path, restricting processing to "trusted" applications, all in the name of intellectual property rights. Linux? Ha. Only Windows is allowed on our hardware, because other operating systems are havens for software and media pirates.
Once code verification has been inserted into the CPU, arranging it so code HAS to be signed in order to be parsed. What happens when laws are passed requiring all CPUs faster than X gigaflops to have mandatory code verification?
BlaBladium...
How do they want to explain Joe Sixpack he can't rip his CD collection and is not allowed to download mp3's?
We create problems.
We offer solutions.
We are the illuminati.
"Until we see it, until we actually look at the code, until we go through the whole process and see how the whole system will work, we won't know what it's like," Farber says. "If they do it all right, it might work -- but it can be misused."
This guy is forgetting who he is dealing with apparently.
Jaysyn
There is a war going on for your mind.
I can just see it now:
Anonymous luser clicks on 'Kournikova.JPG.exe' sees window pop up "This program is digitally signed by V3rIsiGn", says "Hey, I've heard of Verisign" Clicks OK and sends 10,000 email messages to their friends who also happen to be idiots. This'll be great!
So, a whole crapload of sites claim that Microsoft is really out to take over the world based on maybe five sentences worth of actual information provided weeks ago, but since there is no more information, they figure they can rake in the banner clicks by appealing the slashcrowd.
In case anyone hasn't seen the movie... I believe 'Consumers for Jesus' is a hat tip to the brilliant dark sci-fi movie Brazil. Funny how things are playing out that way too isn't it. It seems most new laws are about protecting the interest of greedy companies... not individuals. It's not a far fetched next step at all that it'll be a crime not to spend $$$ minimum quota... because spending supports capitism and keeping your money to yourself is just unpatriotic (you terrorist you)
Blender And Linux Fan
The title of the article says, "Can we trust Microsoft's Palladium?"
This question can be answered merely by shortening the title: "Can we trust Microsoft?"
Perens says that "what is new here is that the customer's PC is getting hardware with the specific purpose of constraining the customer. Never before has a customer received a speed governor on his car -- and this is worse than a speed governor. It's like saying, 'You may never drive into this part of town.'"
Not to nitpick, but my car has a rev limiter that keeps it from going over 115mph (yes, I've tried this).
Jaysyn
There is a war going on for your mind.
A little bit. If it IS true that YOU will be the ultimate decider on who you trust, presumably you could run stuff that was SIGNED by YOURSELF, eh? So 'make install' just signs the code with your root key. That was SOOO HARD!!!
If it IS true that YOU will be the arbiter, of course.
n/t
What Palladium will not succeed at is kill off the competition. If Intel were foolish enough to make code signing mandatory, there is plenty of non-Intel hardware that won't have these mechanisms built in, and there will continue to be because without such hardware, out world would come to screeching halt.
And what Palladium won't be either is a magic bullet for security problems. Those are still human problems, and they still need to be fixed one at a time.
What Palladium isn't either is novel. These ideas have been kicking around for a long time and nobody has been foolish enough to implement them. Microsoft is continuing their habit for taking old, discarded ideas and shoving them into Windows; Windows is quickly becoming the dustbin of history for discarded ideas in computer science.
The idea of Palladium is obviously to design a low level trustworthiness that can be used somehow, or in many ways somehow. To get something useful you need to start defining the problem to solve, and then specify your way down to what's in the chip and the OS. If all that specification were public now, I might believe in Palladium. We can think of a million ways that the software USING this new capability can be compromised. The designers have to start by figuring out, and tell us about, the secure usages first. Microsoft, the author of an operating system (Win 2000) in which you HAVE to have massive user privileges or you won't even know that most software installs are failing due to lack of privilege, is going to give us a trusty capability with enough degrees of variation to be useful? As if!
1. Write an application that runs unsigned applications. Sign that app, never sign anything else again.
2. OK, let's say you have to sign every process. That means you have to sign every version of a DLL. MSFT won't just be alienating OSS developers if that happens.
3. Under this regime, security is only as good as the CA. Sure, some CA's will charge a lot of money because they are "reputable", but how hard/expensive is it to run a certificate server anyway? From what I've heard, not very. It's just that nobody does that now because there isn't a need. Something like this would just cause orgs like the EFF, GNU, perhaps others to run free CAs, or even CAs the are dummies designed to fool the OS into believing the software is signed. Then the orgs and MSFT can sue eachother for a few years, and by the time the case is settled it'll be a 1 inch blurb in the business section and a few lawyers will have new Lexus automobiles. Nothing new here.
I don't know about you guys, but I never even bother reading those little pop-ups that come from signed code, even when it has an error, and I have never been compromised by such code. Why? Because trusting code you get from ibm.com is safe, and trusting code you get from deadalienhacker.org isn't. In other words, security is verified by the reputation, integrity, and character of the authors. My... what a novel concept. :)
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Its funny. It says this should appease Hollywood but wouldn't that only mean a part of Hollywood. The part that is worried about losing revenue over pirated material. The other part of Hollywood may be extremely pissed. Who am I talking about, I mean the ones that MAKE the movies. The ones who are switching to open software and open operating systems because they can change it to suit their needs. When filming something that requires Major special effects it often times requires a bit of custom code. Guess if they all move to Linux then they will be ok :)
Sometimes that Bill/Borg picture just says it all
To make a pun demonstrates the highest understanding of a language
can be found in a story here (//www.kuro5hin.org/story/2002/7/9/17842/90350) in which Peter Biddle is a MS manager involved with helping to develop technology to keep control over content on DVD and other devices. This seems to be the same Peter Biddle quoted in the Salon article here and introduced in this way: "According to Peter Biddle, a Microsoft product manager, Palladium is nothing more than an elegant solution to the vexing problem of keeping people secure on the Internet..."
Why would an employee who specialized in content protection for Sony/Time-Warner etc. suddenly be interested in keeping "people secure on the Internet"? It seems far more likely to me that he'd be much more interested in DRM and control.
Why wouldn't we trust Microsoft? The better question is "Why would we trust Microsoft?". MS is a convicted monopolist (the only thing left is to determine the penalty) and a convicted copyright thief. MS has had a pattern of never inventing or creating anything but instead either buying or stealing it. MS has never before acted in the public good but only for the good of MS. Why would it change now? The answer is, I'm afraid, "It wouldn't.
No one ever had to evacuate a city because the solar panels broke!
'-r' is kinda taken for 'revoke read' in the I-can't-remember-the-numbers mode. Dumbass.
Comment removed based on user account deletion
Anyone know if there's a simple explanation of this?
Yeah. You can't trust corporate media.
Of course, now that I've said that, all the MSNBC apologists are going to come out of the woodwork saying that MSNBC is one of the most vocal anti-Microsoft media venues out there.
Truth be told, there are contradictory stances that creep up, with some of the stories showing that sort of anti-MS criticism, and other stories that are blatantly pro-MS or anti-anti-MS.
If patterns hold up, MSNBC will eventually buckle under MS's will, as is what usually happens when a corporation takes control of the media, while usually trying to maintain the guise of impartiality. (Truth be told, I was convinced this happened a long time ago when they published an editorial that talked about how MS wasn't really a monopoly precisely the day before the findings of fact ruled otherwise. Subsequent critical articles seem to say otherwise.)
Until then, you've got a sort of weird schizophrenic thing going on with MSNBC that certainly is both confusing and fascinating. Perhaps they've gone all Sun Tzu and decided upon a formless approach to news, and that would certainly make them unique in a day when media bends over backwards to make its biases known to its corporate masters.
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
maybe apple would port os X to the x86 platform and give us an os alternative. or we could all just buy macs. wouldnt be so bad.
"Can we trust Microsoft's Palladium?"
NO.
After reading the notes from the EFF's meeting with Microsoft there is a lingering question...
Will this kill open source on the desktop?
My thoughts:
Microsoft says it will produce specs so that Linux can use Pd hardware. Will portions of this code have to be closed source, possibly written by another company and purchased? In effect this would hurt Free Software on the desktop by requiring a purchase to use Pd technology.
This would basically make running Linux on the desktop cost similar to windows. The reason I say that is because consumers like buzz words. Once Pd is in the market people like my mom will continue to use Windows.
What would be the point of Free Software if desktop users still have to pay for the features that they "think" they need?
Feel free to tear this apart, and discuss. I just wanted to get my ideas our there.
Greg
Life is like pants... fit in or you don't fit in.
Instead of posting the same vague tid bits about Palladium over and over, and letting the /. conspiricy theorists go hog wild, why don't we wait until we know what we are talking about? Because I can guarantee to you that Palladium isn't the evil system that 90% of the /. users seem to think it is.
"The defense of freedom requires the advance of freedom" - George W Bush
Corportae war or suchlöike ? By poul anderson ?
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
The people who comment on Palladium are an informed minority. The people who would offer us content ONLY if we use a DRM system, are not the majority either.
Don't moderate flamebait as Troll. Know the difference or you will be Meta-moderated.
Internet Explorer was unable to link to the Web page you requested. The page might use standard HTML or CSS.
The idea that Palladium will somehow protect the average user is preposterous! Most harm is done to the average user by virus' written using one of Microsoft's scripting languages that can be executed by doing something as innocent as bringing up a Word document.
Word already has an option that the user can set to not allow macros to run. It is unlikely that Microsoft will break it's products by not allowing a user to run macros.
People will continue to get virus infections, the Microsoft computing would will remain insecure and Microsoft will maintain its monopoly by ensuring that the quality of the user's experience who uses open source software is artificially made to be inferior to the experience of users who pay Microsoft.
Oh, and thank you Intel and AMD for going along with this scheme.
The race isn't always to the swift... but that's the way to bet!
Microsoft argues that Palladium can always be switched off by users who think it's bad news. If Palladium becomes ubiquitous, critics respond, that may not be an option.
"If you turn it off, then you are an island," says Perens. "You can't communicate with others. Everyone will be using this DRM, and you can't view Web pages."
This is a real worry - not that you won't be able to turn it off, or run Linux/*BSD/whatever and ignore it, but if you do that, then all of the content (email, web pages, documents, etc) created by all of the people who have not turned it off will be unreadable by you.
It's like avoiding email - sure it cuts down on your Spam, but it also cuts down on the legitimate messages you get.
And that's where it gets scary. I'm a UNIX administrator, but I keep a Windows system because there aren't as many games out there for Linux. The same thing - you may want ot be a holdout, but if you can't read 90% of the email or view 90% of what you want to see on the web, you may adopt it just because your other option is "almost nothing".
=Blue(23)
LITTLE GIRL: But which cookie will you eat FIRST? C. MONSTER: Me think you have misconception of cookie-eating process.
Ah, another example of somebody pulling something out of his/her butt and tossing it around like a fact.
"The defense of freedom requires the advance of freedom" - George W Bush
Microsoft Palladium is just another reason for not doing a secure OS correctly. Why do a software company need to put restriction in the hardware for privacy and security? BSD is one of the most secure OS and it doesn't use this kind of technique to achieve it. Why don't they (MS) code a secure OS that won't need any hardware restrictions?
I think one of the thing that make Windows insecure is that it's running under Admin rights most of the time. Why don't they forbid administrator to log in and instead ask for admin password before installing new hardware, software that needs admin rights or for changing system files. This way scripts or viruses won't be able to corrupt the system without the admin password. This technique work quite well for many other ( Unix base system ) OS . At some point, MS needs to rewrite the kernel completely to be able to achieve this and with 40 billions dollars I think it's doable. But with the way they used to code I understand why they don't want to start it over.
lol
Trust is good, control is better!
Microsoft denies that Palladium is a Trojan horse that will allow it to slip DRM into computer systems. "Turning Palladium on is not the same as turning DRM on," says Biddle.
No, but if DRM relies on Palladium's encryption hardware, then turning Palladium OFF will sure as hell be the same as turning DRM off.
On a releated note, the encryption is supposed to be public key. Presumably the private key stays embedded in the hardware, and the public key is... where? Provided by the CPU to the OS? Perhaps with a Cert Auth like Verisign? Or with Microsoft? If the encryption algorithm is well known, what's to keep an enterprising young warez d00d from generating a new key pair and emulating the hardware? If I build everything on the box, I control what goes out over the wire, so I can scam signatures off of a valid set of binaries. Just because I *have* valid binares doesn't mean that's what I'm *running*.
If the algo is not well known, forget the whole thing since it'll be cracked in a month anyway.
I am not your blowing wind, I am the lightning.
So, you wanna go fast? For around $10k any squid can get a nice 1200 Kawi and achieve the splat zone with ease.
Holy crap !
The ads on salon are worse than anything I have ever seen before. Obnoxious, distracting. Take over my whole page, not in the beginning, but 45 seconds into reading page 1.
What a pile of crap !
Remember, for the system to be airtight, the user has to have no power to choose. The user is the enemy to be defended against in this scheme. So, your popup policy is irrelevant. Simply put, if ibm.com displeases MS, suddenly all your trust in IBM is irrelevant.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
the tighter you squeeze your fist, the more Stars will slip through your fingers...
(with apologies to George Lucas, I just couldn't resist...)
Comment removed based on user account deletion
Up till now MSNBR has gone out of its way to be tough on MS but this acticle (if it is legit) is by far the easiest one on MS they've done so far. I wonder if now that it is a bigger issue if MSNBC is starting to push MS's agenda, it will be interesting to see their take on it if MS ever really wants good PR.
I stole this Sig
I don't see anything in Palladium that will benefit me that I can't already implement via software. I will not buy a non-general purpose computer for what I use a pc for today and Palladium is certainly not general purpose. Imagine if they actually force the running of signed code to always be enabled. I couldn't even do development on such a machine.
And how will Palladium protect one from Windows crashes?
Because MSNBC is not really in the business of eating the hands that feed it. Being critical of anything that may create a greater lock on the security of the internet could be thought of as "aiding the enemy" at in a time of "war". Lets not forget that. The next few years will be all about locking down the internet, tracking and monitoring. If one company takes charge of the whole thing at the cost of open source so be it. The rich will get richer and the poor will remain so.
If you have'nt noticed the media has been waving the flag and is basically a mouth piece of the administration. Articles critical of the "war", the Bush Administration malfeasance, Saudi connections to 9/11 and Isreal spying in America have all been spiked by the mainstream media.
It is not surprising that MS-nbc would pull an article that made people see both sides of the equation.
Ever notice how the governors are set to the maximum speed rating of the stock tires?
2002 TL : 132 mph
2002 TL-S: 155 mph
Its just so nobody can claim the car was "dangerous" at that speed. After all, your tires were good for it...
I've never seen a car for which programmatic SpeedMax TireSpeed, but that's not to say they don't exist...
"All I do is eat and poop!" -- Bean
Here's the simple explanation for why MSNBC pulled the article:
It's a Newsweek article.
Newsweek charge for archive access.
The article is now over a week old, and has been moved to their archives.
Simple. If you want to get the article, you can still buy it from Newsweek for $2.95, or for a lot more if you want access to their entire library of stuff.
You can still find it if you go to www.newsweek.com , and search the archives for Palladium.
Simon
Coming soon - pyrogyra
I love slashdot. This post has absolutely no truth to it, but because it is anti-microsoft, it gets modded up.
The checksum system you're talking about provides a nice easy way of verifying a package hasn't been corrupted or tampered with. It's certainly beneficial to your system. One could go further and have developers sign that checksum with their GPG key, and one would be doubly sure the package doesn't deviate from the author's intentions.
What's different about Palladium is that the authors can NOT sign the checksum. They can't create a checksum in the first place. Only MICROSOFT can make that checksum, and if your software differs from their vision of what they want running on your machine, then you won't be able to get that checksum. Further, if you don't HAVE the checksum, you will NOT be able to install that software, period. You may not even be able to view it.
I may be missing some key piece of information here, but I'm just not seeing why this is such a big deal when the same exact situation exists already with encrypted e-mail.
Well not really, with palladium I could send you a "I'll rape and kill you, and not in that order!"-mail and make it "read once" so you whould have no evidence to show to the cops. With encrypted and signed mail you pretty much have the opposite because you could not only prove who sent the mail but what the content was.
FRA: STFU GTFO
If past history is any indicator, the "specs" on how palladium works will never be fully disclosed. The linux folks will always be in a state of catchup and they will be doing so with one hand tied behind their backs. Remember, reverse engineering will prolly be illegal if any encryption is used (which is certainly will be).
Pardon my possible naiveté.
But what happens to all these wonderfully secure Palladium machines when the software/hardware encryption scheme that authenticates the digital signatures used by "MS Approved" software is cracked - as it will be - thereby giving a programmer the ability to "signature" the odd drivers or specialized applications they end up needing ?
Will all those that jumped on the bandwagon to buy what were pitched as "secure" machines have wasted their money? I suppose that the hardware's "black box" chipset could be designed to accept encryption upgrades via a service pack - but wouldn't that would just open another hole to be hacked?
It is a given that any encryption protection scheme has a limited life span. Computing power and mathematics just continues to advance too quickly.
mchummer
It looks to me like any OS that would work with Palladium would be infringing on M$'s patent.
Even if it didn't, M$ could still sue claiming it did and force the competition out of exsistance/business under the weight of legal bills.
This would be an easy way for M$ to keep competition under it's control.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Well, let's say Microsoft will be able to control what to run on Intel and AMD computers, but what about let's say SUN? Why are we buying PC's while there are very nice and cheap ($1k) SUN machines. Let's say all people Who Understand what's going on turn to alternative hardware -- SUN boxes, for example. This will automagically make SUN feel much better and will save us from awful DRM schemes and stuff like that. [I suppose that SUN isn't going to go Microsoft way in nearest feature]. Why should we care about dummies who let Microsoft tie them with all kind of shit? They are very happy and not willing to change anything. For people using Open Source software change will be unnoticeble -- just recompile it and it runs on Sparc, thanks to gcc.
My biggest problem with DRM, or more specifically, the assuption of the Palladium designers that any creator of content or information should be able to control exactly how this content/information gets used.
Excuse me, this is NOT how our society functions! If you create content and put it out, say by telling me something or by sending me email, you place trust in me that I won't use that information inappropriately, and you assume the risk that I actually may violate this trust.
OK, sometimes that trust relationship is codified in law (copyright, IP, etc.) and I CAN be punished for violating it, but still, it is up to me not to violate the trust. I have a choice.
With DRM, and specifically with Palladium, this all changes. I am seen as untrustworthy and the creator of the information decides singlehandedly that I cannot view/use the information e.g. for more than a given length of time and not more than N times. Imagine receiving an email that becomes unreadable after 3 days. It is not gone from your hard drive, mind you, just not readable, cluttering your system with mindless, stupid bits. I have no choice in the matter other than refusing to accept the information in the first place or deleting the expired information afterwards. Me cleaning up other people's junk from my own hard drive after they annoyed me by assuming rights that should properly be mine? You must be kidding.
I deeply object to being reduced to a subservient, powerless drone when I receive information. I can think for myself, thank you, and I can choose on my own to do the right thing. I insist on having the right to choose to do the right thing.
What if someone cracks the security on it? There will be millions of people who were trained into thinking "Palladium will protect my data, I don't have to worry about it." Suddenly, they'll have all their data exposed to some script kiddie, because "it's fine to share your entire hard drive on the internet; Palladium means nobody will be able to read it anyway."
Also, what about the extra cost we'll have paid all along for Palladium-enabled hardware? What a waste! Wait for the lawsuits.
I can only hope that Apple doesn't join in; right now, it's the only other "mainstream" option out there (i.e. I doubt I could convince my mom that she needs a Sun box). We need to keep a non-Palladium option open, one that regular users won't be afraid of. That's the only way we have any hope of avoiding Palladium (if M$/Intel/AMD keep pushing ahead with it).
How long before an undernet develops, with just open-source non-Palladium software and hardware? It'll be the Internet for the /. crowd.
Hmmm ... the world's biggest shark, which has an insatiable appetite, is swimming in ever diminishing circles around me, 200 enormous razor sharp teeth bared, smiles at me and says "trust me, I won't bite".
Decisions, decisions ...
The way I'm hoping this will fall out:
1) Microsoft implements palladium on i386 archetecture.
2) People hate it.
3) People switch to other platforms, namely Macintosh.
4) Linux users still have Yellow Dog, average users have Mac OS.
Hey, stop laughing.
nub == MCP
What really sucks is there *ARE* speed governors on our cars. Go buy a brand new ford, chevy or dodge and try to drive faster than the speed rating on the factory tires... it's not going happen. Well, unless your clever enough to cut the signal from the vehicle speed sensor in half ;)
peace
Having been to a number of MS 'Executive Briefings' my impression is that by far the most requested item by large customers has been proper Java support. Right now it is costing companies a huge amount of effort to integrate Excel and Outlook apps with Java-based transactional systems, and going right back to 1998 the story from MS has never been "How can we help solve your problem?", only "How can we dominate this space and exclude competition?"
Ironically, we had MS people on site for over a year to gather 'requirements' and help 'influence strategy'. There's no real question that this was by and large ignored - a small insight into what perhaps has been one of the most dramatic examples of contempt for customers ever exhibited by a major corporation.
Precisely what is your problem with Hippies? Do you even know what the term means? You keep littering your posts with that phrase as if to imply that it is an insult. To a large extent, hippies were mostly peaceful activists whose credo was "make love, not war". Amongst other accomplishments, they brought so much public attention to the lunacy of the US's involvement in the war in Viet Nam, that the US government had to capitulate and pull out - about the only thing that Nixon did right.
please stop these childish posts, Mr. Gates, and go wash your mouth out with soap.
Is having their hand in your money pocket really one degree of separation?
Anchorage Daily News does the same thing.
I didn't buy the archived message, but this link should take you to the search results to get to it.
For all its faults, Microsoft is not known for kicking its customers in the teeth.
Absoloutley true. They usually contact that special place between the waist and the knees.
There is something really weird going on here. If you look carefully at all the Microsoft propaganda on Palladium, and at the snow job article that Steven Levy published, you will notice that there are actually no compelling benefits described for users. Palladium does not
solve *any* problems that users have today, in any manner that cannot be solved with software alone that already exists. What is does do is
define mechanisms whereby third parties can
easily restrict what you can do on your own machine.
Honestly, encrypting the video signal from your PC
motherboard to the display provides absolutely no
benefit to the user. How often have you found
criminals or terrorists intercepting the wires behind your PC on your desk? Gosh, it must happen to me at least twice a week. I wish I could
encrypt the video signals so no one could tamper with them. Yeah right. But hey, it will keep
Hollywood from letting you watch movie clips
on your PC. Oh boy, they really are looking out
for my best interests.
It is so totally obvious that the only 'protection" provided by Palladium is
for Hollywood and the BSA. I find it insane that people are arguing the merits of this, when no
compelling user benefits have been offered
by the makers.
In the future, I would in fact like to have a way
to securely store and execute my code on other
people's server hardware, without giving them access to it. However, there is zero evidence that Microsoft will ever actually offer this as a service, and zero evidence that they will allow other people to offer this as a service either. I can think of several ways to
provide this service in reasonably secure ways using existing technology today, however, and without selling my own soul to Microsoft.
People, I am really humored by all of this "let's give Microsoft a fair hearing" crap.
You don't have to speculate on what life with
hardware Palladium is going to be like. Microsoft
has already given a nice taste of how they are
going to play nice with Hollywood, and give you,
the user, the bum's rush.
Last year I got a IBM Thinkpad laptop running Windows 2K. It had in it a DVD player drive.
I was in Japan, so I wanted to play a Japanese
DVD. Yes, it had a non-North-America zone code.
So I put it in the DVD player, and I was told that
I could not play the DVD, because it was not the
right zone.
The driver control planel has an option to change the international zone for the DVD. So I set it to
Asia. A warning dialog comes up and says
(to paraphase) "You have changed the zone on your
DVD player. We will let you do this two more times. After that the DVD player will be disabled, and you cannot re-enable it even
if you re-install the operating system. It will
be slag. Fuck you, you fucking video pirate!"
Well, it didn't use those words precisely, but the effect
was the same. The hardware was telling me that I was a thief and it would self destruct. No appeal,
no mercy, just the word of Microsoft.
If you think Microsoft is going to do things
differently when then own the whole CPU, keyboard, video, and disk drive, you better think again. Wake up, you sheep!
..how they are going to stop "Open-Source" Software from being developed on a platform and not "non-Open-Source" software. Do you think they are going to stop all programs that don't have DRM or are approved or whatever from running? It would stop all software development on the Wintel platform. There has to at least be a way to turn off the DRM to allow people to write programs and beta test at all.
If people accept Microsoft's rhetoric, that
Palladium is about providing "protection", then
we have already lost the battle. It is like
conceding the term "Pro-life" to the opposition in a debate on
abortion.
Palladium should instead always be referred to
in more precise technical terms; it serves to
"restrict" capabilities of the user's hardware.
Always use the word "restrict" and Palladium in
the same sentence. Don't refer to protection, since
protection of the user's interests is only a possible but unlikely application of the technology. The protection is clear for Hollywood, but totally absent for the end user like you and me. The goal is to stop your
PC from being able to process any data
except under the terms of the organization
who encoded it.
The
technology is all engineering ways of restricting the user's
access to their own hardware. Don't forget that,
and you will have a much clearer picture to present
to people who are curious about this technology.
It is worthwhile to note that many individuals who have made great contributions to the computing community (both in hardware and software) had made great strides to that end WHILE they were nobodies. If they had been limited in what they could do before they earned the trust of some corporate entity, probably less than half of what we now take for granted today would even exist. Or do we now think that everything worthwhile has already been discovered? It occurs to me that we've been down a road in the past where a similar idea was prevalent. I doubt it's any more true now than it was then.
This has nothing to do with Microsoft trying to kill open source, it has everything to do with some company placing limits on the human creative spirit when it comes to using a computer as the medium for expression. Paladium discourages independant creative thinking, and for that reason, if no other, it must not be allowed to materialize.
File under 'M' for 'Manic ranting'
Palladium represents a shift away from general purpose computing towards an appliance.
Once you understand that you don't need to read these endless articles, and its more than a restriction one area, its on practically anything that could run arbitary, non-vetted code.
And theres nothing wrong with that, a microwave oven is an appliance with restrictions on its operation.
The real discussion should be on what balance, overlap and key-uses restricted/non-restricted machines will have in the real world. This freedom-or-slavery garbage is getting mighty tiring.
--Matt
I further disagree with Mr. Perens as well. The content is all that will be limited, not the computer. The computer will not be limited in any way. You can boot into untrusted mode and use whatever you want. The content, on the other hand, may require the use of trusted mode. That simple.
Either (A) you have an odd sense of humor, (B) you don't understand Palladium.
Palladium is build on "trust". Not your trust in something, but Microsoft's (and other company's) trust in what the computer/software WILL NOT LET YOU DO.
The first layer of trust is trusting the hardware. The hardware then checks if it can trust the operating system by making sure it is cryptographicly signed. The hardware/operating system then check if they can trust a program by checking that it is also crypographicly signed. Without a valid cryptographic signature the Palladium hardware shuts down and cripples the system.
A quote from the article you linked to "The main consideration for Microsoft, said Juarez, will be integrity (of the Palladium software)". The integrity of the software lies completely in controlling what software gets signed. "That is where we will make our stand. We will not sacrifice integrity of the Palladium platform" - that flat out means that Microsoft WILL NOT give up control over what does and does not get signed. At MOST they will assign that control to a carefully constructed puppet organization.
Some code for non-windows systems will be signed - but only when it suits MS to do so. Sure, MS will create formal "fair" rules where "anyone" can get their code signed because they can't afford to be blatant dictators. You'll still have to be a major corporation and agree to play by Microsoft's rules to get your code signed.
The system will be broken in one of the following ways.
(A) the crypographic keys will be leaked/stolen (unlikely)
(B) a bug in the system (MS is known for its bugs, but I think this unlikely also, they will be VERY carefull)
(C) someone tricks MS into signing code with a backdoor/trojan (difficult and the certifacation process to get signed will be quite costly)
or
(D) in my oppinion the most likely place Palladium will be broken is at the first layer of trust - the trust they place in the hardware.
The chips circuitry can be scanned and analized. The hardware can be hacked to change data/code on the fly. The hardware can be simulated in software. These things are not easy, but they can be done. Therefore they WILL be done.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I'm a diabetic and have a blood glucose testing kit. The bottle that holds the actual strips has a sticker that reads "the accuracy of palladium!".
Found that kinda funny.
Must be the heatstroke talking...
You presuppose everyone else in the world does what the americans do.We in Europe are already pretty wary of U$ corps
Scenario - European fabs make Palladium-free chips in-house or ask (a not very u$ friendly) China to make freedom chips for general use at low cost to screw the old enemy.
Freedom-loving americans (both of them) buy European/Chinese computers on black market. Non-u$ comps become 31337 trophies.
Upshot = u$ gives rest of world control of mainstream computer business. IBM/m$ in the 80's - remember?
Let the good times roll! Anyone want to join us in Europe?
Lucius Sour
(hello to my freedom loving friends in america)
So I take it that Palladium represents a work of art that was stolen with a Trojan Horse left behind? How oddly appropriate!
To extend your question about whether the user will have authorization rights:
;)
Will the *user* have the ability to selectively DENY applications from running??
[vision of masses of Slashdotters reprogramming Palladium chips to disallow any non-free software]
~REZ~ #43301. Who'd fake being me anyway?
If this prevents people copying their dvds, mp3s, ebooks etc then it would be the single most motivating factor to make the average person move to Linux. That would be Linux's killer app - freedom, ironically enough
I've experiments to run, there is research to be done on the people who are still alive.
the sooner corporations strangle creativity and freedom the better. We the consumer will perhaps start once again to be creative in our search/use of alternative solutions. necessity is the mother of invention... we should all accept and embrace this straight jacket as soon as possible. Money will move by osmosis to those who can and will break the rules. never underestimate the power of people... idealistic perhaps but if enough rights are confiscated we will rebel...you can lead a horse to water but you cannot make it drink.
Geeks have always been reluctant to take this threat seriously. Even now, as Microsoft builds up steam for this multi-year war, many people are naively proclaiming that "users won't stand for it" or that some technical flaw will topple the whole thing. I can't address all the naive objections I've seen, but to summarize: this is a carefully laid trap. There are no obvious escape holes.
I do want to address the notion that "we", the imagined unified group of computer buyers, will "rebel" against Pd. Pd will not (immediately at least) remove any capabilities from the computer - it will add capabilities, such as the ability to download RIAA music videos. So from the home user's standpoint, it's a net gain. I don't have to explain the MPAA/RIAA's case - you already know how much they'll like it.
The underemphasized fact is that Pd will satisfy a deep craving of corporate users. Corporations yearn to send documents which can't be copied or retained. Bill Gates knows this, and knows that it's more important than all the entertainment applications combined.
History and accountability are enemies of the modern corporation on many levels. A vendor might want to submit a proposal but prevent the proposal from being recycled. A company might want to alter its "mission statement" without leaving any proof that it was once different. Even where there is no particular reason to control the flow of information, corporations will choose to do so if they can.
Now imagine the future. All the techno-illiterate (think HR, management, customers if you're a contractor) use Palladium and send you encrypted documents without even realizing it. They don't even have the ability to send plaintext, because their corporate policy prevents it, even if they knew what you were talking about. Without Pd, you are cut off from the non-geek world.
To those who claim a chicken-and-egg problem (I can't believe you need to be told this, but...) the process will start with Pd systems happily interoperating with "legacy" systems. Once Pd. reaches something like 40% in the business world, the screws are tightened and non-Pd start to feel some pain. They may have to run a special "viewer" app that's resource-intensive and crash-happy. As the Pd. percentage increases, the screws are tightened more. No different from the carefully tuned incompatibilities in Office file formats. Microsoft is good at this.
Comment removed based on user account deletion
I remember the whole IE ActiveX vs Java wars. MS's view was to get signed code. Java's was to build a sandbox, and if you want to break out of that, then you do the certificate thing, and then you have to let individual items through (allow reading local filles for example, but not write). MS has the bulk to say which one you chose, irrespective of technical superiority.
/etc. Limit the damage it can cause. I forgot the Free-NIX projects that support restricted syscalls.
Relying on 'signatures' to protect you is falso hope. Check on www.microsoft.com, search for "ActiveX Security vulnerability" using ALL keywords. You'll get 100 hits back, and the search cuts off at 100, so I don't know how many there are. Yes, the Java security manager had holes (these holes were eventually plugged). But at least there were limits, like a hole in the dike instead of it collapsing. How many IE holes were because certain ActiveX controls were marked "safe for scripting"? So this ActiveX had the run of the system. The controls are signed, but what's stopping a rogue person from obtaining a certificate ad releasing a bad ActiveX control (or a bad app). I remember someone did this, had a certificate and made code that was a proof of concept (I don't remember, I think he wrote soemthign in teh Run key, and you saw a message every time you started up). I also remember when someone pretended to be from Microsoft and obtained a key? Yeah, MS released a patch invalidating the key, how many folks didn't install the patch? Is there code out there with that key? If they can't even hold on to their keys, how can you trust them?
How do you protect against bugs? Outlook wasn't intended to be malicious, but look what happened. MAJOR design flaws in Outlook, and how it's integrated into the system (a great deal of virus damage can be traced to the fact that Explorer by default doens't show extensions, and Outlook picks this up). Neither was sendmail, how many bugs came from that? OK, sendmail's signed now, I can still root you. Is a signed IIS any less vulnerable to Nimda? Is all the KaZaa spyware gonna get kicked off casue of this? Nahh, it's all gonna be signed.
This is where a sandbox mentality is best. Something like the jail and chroot syscalls. Limit the damage that can be done to the system. Have all syscalls be available to be jailed, something like the security manager in Java. Have IIS be jailed to not be able to use connect() to dial out to other servers, jail the ability to make files anywhere other than a log-root, so it can't make startup files in
A big problem with Paladium this it turns people into vertificate validators. How many folks do you know who know how to read a key? It's gonna be either accept all, or accept none, depending on what the default is. And if you accept, you're still making you're system succeptible to bugs and trojan horses.
This just seems, to me anyway, to be Microsoft's way of pushing new software and hardware. I don't see it helping folks much.
They started a discussion on MS and Sony. Read it, it comes from a former Microsoft developer
I just had a major realization today. Or at least I think I did.
Senator Ernest "Fritz" Hollings (D-SC) intensely-disliked-by-Slashdotters bill, the SSSCA/CBDTPA, would require all devices/gizmos to ship with "digital rights management" chips (i.e. the Fritz chip in TCPA). So, then, the SSSCA would be bringing MS Palladium much closer to fruition by making computers and gizmos ship with TCPA! I think that's right, right? holy...
I did an interview with Siva Vaidhyanathan on the SSSCA/CBDTPA, and we talked about how it would really really hurt open source. But it wasn't until today that I realized Palladium, TCPA, and the SSSCA/CBDTPA were intimately connected. Holy fuck! is this stuff tied up together!
Having a plutocratic government is bad enough. This is 1000 times worse. For me anyway. And I suspect it is for you, too.
Green, and not with envy or illness,
-- haaz.
-- haaz.
So if a single bit in a huge program like MS Office becomes corrupted, your system will refuse to run it? It's a little too easy to crash today's bloated programs as it is. Palladium, if it operates this way, would make them much, much more fragile; an otherwise insignificant transcription error, one which would normally cause no problems or perhaps just cripple some tiny functionality, would kill the whole program, or render a file unusable. Customers should love that.
If there is any subsystem which prevents aPalladium from being so draconian (I can't see any way to do that, but then I'm not a Microsoft boffin), then that's a vulnerability to be exploited, and the supposed benefit to consumers is compromised from the start.
The court case was pretty specific: some folks in MS were on a mission to thwart Netscrape. It hardly follows that everybody in MS is *always* out to get you.
In his newest article, Cringely notes that "The Palladium was a famous theater in London and another in Hollywood" and finds that rather appropriate. One, because the apparent source of this drive is Hollywood and other content holders. Secondly, because he finds the idea that Microsoft could be bossed around by an industry that, while impressive, is dwarfed by its own current liquid holdings has a certain sense of... theatre... in itself. But that's an entirely different discussion.
I found the "pulled" article:
6 25 02_levy
http://www.msnbc.com/m/nw/talk/archive.asp?lt=0
Y'know, this really creeps me out. We are constantly bombarded with media telling us that we are inferior people if we don't buy their products, constantly reminded that the superior human being is two dress sizes smaller or has two times the muscle mass we do, and told that if we don't have the most advanced "stuff," we are somehow lesser beings.
I just finished taking a communications course - I needed it for my degree - and we examined the powerful effects that advertising has on us as consumers. While many people believe that they are not really affected by advertising, they are, on a subconscious level. Ask anyone if advertising defines the ideal person for them and most people will say no. But ask them what the definition of "the ideal woman" or "the ideal man" is and most assuredly, they will give you a definition that is right in line with the "standards" manufactured by advertising companies - men should have high muscle mass, broad shoulders, square chins, and generally look like something out of a muscle mag. Women should ideally weigh around 110-120, wear a dress size that is less than 5, the smaller the better, and be rather "curvaceous" in their builds. The "Barbie" look is especially good.
This fictional look into the future that Accord has so eloquently put forth may not be too far off from the truth. Simply read Huxley's Brave New World or Orwell's 1984 to get a good idea of the kind of control he foretells. As advertising and corporate interests intrude more on our lives, there will be only more negative effects.
--
MS is requiring OEMs to phase out dual boot Win2k/WinXP PCs by next year, but preferably sooner. If wiping the WinXP partition then voids the machine's warranty, then this could be seen as more than just strong arming folks into MS License 6.0. It would seem to be like an attempt to prohibit dual boot machines in general. This and Palladium should be able to keep any non-MS OS's off of the market.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
"Palladium" means "statue of Pallas" (a nickname
of Athena). There were quite a few Palladia in the Ancient world. Among these, a golden-ivory statue in the Acropolis of Athens, sculptured by Pheidias. This particular Palladium was among the
7 wonders of the ancient world and presumably it
was protecting Athens.
What's Pubic Key Infrastructure ?
(page 2 on the white paper)
hehe
There'll probably be a switch like that, but why should it be available to non-corporates? Hobbyists are hackers, right? And hackers are bad for national security, right? Why not go back to the glorious pre-microcomputer age, when we had to go through corporate/university trash to find ourselves a freakin' manual!?!
Not my idea of inovation, but I bet M$ would love it that way...
--
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in: we're computer professionals, we cause accidents -- Nathaniel Borenstein
"...The content is all that will be limited, not the computer. The computer will not be limited in any way. You can boot into untrusted mode and use whatever you want. The content, on the other hand, may require the use of trusted mode. That simple."
If pre-Palladium you can download/exchange/manipulate any content you want in any fashion your computer is capable of, and post-Palladium you CANNOT....
VOILA', YOUR computing experience has just been LIMITED.
It is artificial to separate a current category of computing behavior, subject it to technological controls and then say "You haven't really lost anything."
While exchanging some freedom for some security (the essence of the Social Contract) is a common practice it's misleading to claim that the act of putting a "content regulator" on a my computer doesn't alter the the machine's abilities...
BECAUSE ALTERING THE MACHINE'S ABILITIES IS THE ***PURPOSE*** OF THE CONTENT REGULATOR (in this case, the proposed Palladium technologies)
so, as with any tradeoff of freedom or liberty, the question must be what do we GET in exchange for what we GIVE?????
PS, what was it Cringely said about the possible strategic purpose of implementing "raw sockets" in XP, i forget?
Ten quid, she's so easy to blind. And not a word is spoken...
So lets say i want to send you encrypted traffic today. And I want to use gpg. I get your public key and encrypt a message to you and that's it. You are now required to use gpg to get my traffic. Have I limited your computing experience? Perhaps, but it's a trade off for potential upsides. It's not like content creators NEED to use palladium. It's just there if they need it. The fact that palladium exists or not is irrelevant to the decision for a content creator to limit my experience. They can do it using currently available methods (DVD manufacturers, or listen.com do it already).
It's not artificial, as that dilineation has already occurred. There are types of content which are limited and there are those that aren't. Today, limited content "gives" me a broader library from which to choose. If you don't want that broader library, then don't use it. There's really nothing different about palladium, except that the transaction becomes much more transparent to the user.
"...Have I limited your computing experience? Perhaps, but it's a trade off for potential upsides.
...and unless MS decides to use their power as a market maker to force adoption of Palladium (something that would be an unmitigated PR diaster for them), widespread deployment of Palladium will be no greater than its; user transparency, convienence and user PRIVACY protection.
...Windows ISVs will quickly fix that problem without requiring ANY sweeping DRM solutions. Less complex solutions usually win.
...than Palladium will fail with consumers, small biz, education and will have limited success with mid-sized and larger corporations (where it will have to compete with existing and future IP control systems).
AHHH! Nice selection of examples to demonstrate my point. THANKS, that's more like it.
Anything that causes a computer user to change their hardware and/or software and/or usage patterns to accomodate other available features/technologies/data/???? has a cost/benefit ratio associated with it. In your example, it's my deploying gpg, a s/w package i may/may not have already deployed. I already don't open most of the encrypted mail get, unless i know who it's from and WHY. IOW, i need to have a firm REASON to accept the added inconvienence, or else the "Delete" key wins.
However, you note; "...Today, limited content "gives" me a broader library from which to choose. And, of course, that's a non-sequiteur that won't be accurate for the foreseeable future.
Perhaps someday (5-10 years) it MIGHT be true (though i tend to doubt it), but right now the VAST MAJORITY of content from legally published works of art/science/research to the innumerable warez and pr()n HAVE no effective content controls. You can't unring the bell.
To reach that "broader library" of FUTURE content of which you speak, a strong majority of the all the content producers, market segment by market segment, will have to agree to use/maintain/cooperate with each other for the sake of maintaing the credibility of any DRM platform.
I have a useful amount of XPerience with and relationships in music and film production/distribution, and somewhat less with TV, little-to-none with cable. That necessary cooperation is a LONG way off. These folk are tougher competitors than the s/w biz. They won't be changing their competitive habits very quickly (if at all).
Remember, USERS don't need DRM, content producers need DRM...
To the degree that Palladium is designed to render XP's self-imposed "Raw Sockets" security flaws harmless...
With the vaporously mythical TCPA/Palladium it will be the tradeoff of whatever security it might offer (it's hardly unfair to point out that BillCo's HX of security is less than, ahem, stellar), versus whatever restrictions it might offer.
If (as the most neurotically anti-MS watchers fear) Palladium should eventually enable scans of the average machine's filesystem for; MP3s, DVDs, WMAs, JPEGs, et al and forces users to either catalog ALL existing content and use Palladium and or Windows DRM controls via the codecs/players/whatever OR accept either lower quality or greater UI difficulties...
To the degree that Palladium is designed to be a secure, DRM solution for future content, Palladium's future will be dependent much more on content pricing models, MS's street cred and download ease/availability.
Ten quid, she's so easy to blind. And not a word is spoken...