Slashdot Mirror
The Power of Palladium
phriedom writes "Salon has coverage of Palladium which gives first page coverage to the idea that Palladium is designed to kill open source software. My favorite part though is on page two, where the Microsoft apologist says that ones view of Palladium 'depends on what you believe Microsoft's long-term aims are. If you believe it's to stimulate commerce and stimulate security, it's a step in the right direction ...and if you're perhaps given to suspicions that Microsoft always makes decisions with the aim of frustrating competitors of the Windows empire rather than for the good of consumers, you might have a different view of the same architecture.'" Wired also has a story claiming under-the-hood exposure to Palladium, although it doesn't seem to have much information that hasn't come out already.
Update by J : Steven Levy's Palladium story, which we linked to in an
earlier article,
has allegedly been
pulled from MSNBC's website.
Anyone know if there's a simple explanation of this?
"perhaps given to suspicions that Microsoft always makes decisions with the aim of frustrating competitors of the Windows empire rather than for the good of consumers"
Yes, I believe that was the verdict.
It is 3Q 2030.
You're arguing with your wife again. It seems she's missed her spending quota again this quarter. A proud patriot, you have no problem spending 85% and sometimes 90% of your income on consumer goods, yet she can't manage to spend even close to the 75% required by law. It's that foreign mentality, you suppose--that's what happens when you are educated overseas and without the benefit of a corporate sponsor. You have to remind her that if the Internal Consumer's Service (ICS) catches her, she'll be doing time in Philip Morris(TM) Prison like her uncle.
Oh well, hopefully a night at the town's AOL-Time-Warner-Clear-Channel-Blockbuster(TM) Authorized Media Distribution Center will smooth things over with her. That reminds you--you need to have your eye- and ear-implants inspected for this quarter again, otherwise you won't even be allowed in tonight.
You haven't attended church services for a while. Although your wife is a devout follower of God's Customers(TM) and shops in the Church Store at LEAST five tiems a quarter, you're not yet convinced that converting from Consumers For Jesus(TM) was that sound an investment.
Your son Rick has just graduated from the local McDonalds(TM) High School. You want him to go to Pepsi(TM) University like his sister, but he wants to go to Coke(TM) College. Not that it matters--the permits you get at either school are the same. Although he really wanted to attend Stanford(TM), his corporate sponsors rejected that proposal, based on what it might do to his credit rating.
Your youngest daughter just graduated Pepsi(TM) U. It was expensive, but she is all set now, having received a Creative Thought Permit and a Entrepreneurship License. On top of that she's accepted a job at Fortune 10 corporation. Of course almost everyone works for a Fortune 10 nowadays, there being only thirty-some corporations left. It's too bad she had to sign all those NDA's though--you'd really like to be allowed to know where she would be living and how to get in touch with her. Ahh well, it's the price you pay for our corporate security.
Your older daughter, after twenty quarters of employment, was finally permitted to tell you that she is working in middle-management at AT&T. Of course, every job in the United Corporations of America is middle-management. The cheaper--skilled--labor is all outsourced to Those Other Countries, whatever they are called. In ten more quarters, assuming her credit rating remains good and she has attained Shareholder status, she'll be allowed to talk face-to-face (no encrypted channel) with us again!
Apparently, her five year old daughter has been grounded again, this time for racking up a $6000 fine--singing "Happy Birthday(TM)" at a party without a Media Distribution License. She really needs to be taught a lesson--that as a patriotic Consumer of the UCA, she needs to respect the rights of Shareholders and property owners. What a dangerous thoughts she has! She thinks she should be allowed to say whatever she pleases, no matter what it does to someone else's portfolio! No one can get it through to her that terrorist ideas like that will land her in one of those "special" schools--and she'd be subjected to a lower quarterly limit on all her credit cards.
Fax from your wife--she'll be late tonight. Corporate HQ has re-instated fourteen-hour work days until the end of this quarter. It's too bad she's not allowed to quit her job--you could get her a pretty sweet management position any time in your department at Microsoft.
This document is hereby released to the public domain. You may (and are encouraged to) reproduce, republish, read, modify, and/or archive it without limitation.
in 16 days... all of them saying the same thing...
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Read this story from Zdnet: News: Microsoft: Palladium not just for Windows
Anytime you focus that much control through one agency, you're asking for trouble. Funneling it through a for-profit company is double the risk.
The Mongrel Dogs Who Teach
For all its faults, Microsoft is not known for kicking its customers in the teeth.
Is there some other Microsoft out there? The one we all know and love is well known for kicking its customers in the teeth.
This guy obviously has not done any research into Microsoft's history.
Apparently Microsoft met with the EFF to discuss Palladium. Mr. Schoen wrote up his notes from the meeting.
His notes are more technical in nature and he doesn't make much in the way idle speculation, so they tend to disagree with much of the reporting that's shown up on slashdot.
It should be very clear that Microsoft is very much interested in using experienced gained making a closed system with licensed developers (the X box)and approved software and moving that to the business and consumer desktop OS.
This is the ultimate in hubris. They are in the penalty phase of a federal decision that seeks to punish them for doing the exact same thing with their restrictive licensing. Now they want to have even more restrictive licensing enforced by software and hardware that makes certain nothing unauthorized by them runs on windows.
Or Maybe they are just shooting the moon on this one, so their other business practices look nice in comparison. Either way this stinks.
When was the last time MSFT ever wanted to stimulate commerce, except in the purchase of its own products and products that allow people to purchase its own products?
When Intel came out with the uniquely identifiable number in the Pentium III, of course customers didn't care, right? When I do have to run windows, and need to install drivers, things that aren't signed are generally the things that I need to use! Why in the world would I want any sort of chip that could possibly restrict this sort of thing. This could even be expanded to be "you can't run this code on your machine unless redmond has signed it"
Well, from the sounds of it. This is a perfect attack on the open source movement.
:-)
While absolutely anyone will be able to program code for the Palladium system. Since anyone can have a licence. (I believe Microsoft would let this get by). Only the open source people wouldn't be able to handle the new licence everytime. Thus Microsoft maintains control in two ways.
1. The only main threat to MS's OS monopoly right now is Linux (and maybe a tad bit of Apple, which they own a seat on the board for.) This isn't a huge threat, but if it takes off, Windows loses it's viability. Then MS is screwed. With Palladium, only MS OSes(and MS supported OSes) will be able to handle the Palladium hardware, and the only competition that could potentially cause problems is blocked because it's unreal for it to be signed every single time.
2. If MS decides to spread their wings some more. They will have the ability to put loopholes into Palladium to make it harder for competitors to code. They have done this before with Windows, making changes that purposely are damaging to competitor software (I know, I have had to program around those changes.) I wouldn't be surprised if they used this to accomplish the same thing.
No matter what though, it does show an evil injenuity that I haven't seen from MS since the days of OS/2, and even all the way back to MS/DOS. I guess OS is having the effect of forcing these companies to compete. Since people have realized the software they pay for is as good as software people give away for free.
~ kjrose
Just like Ford authorizing or forbidding use of the specific replacement tires for their vehicles, except this would be like Ford turning off your car if you have not used authorized tires.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
an interesting, detailed perspective on Palladium from someone who worked inside MS on some related stuff. TCPA and Palladium: Sony Inside
-- -- -- --
"The U.S. Constitution - not perfect, but its better than what we have now"
I think it is important to note that the person described as a "Microsoft Apoligist" is Farber, who testified against Microsoft in the antitrust trial...
Little Brother, watching the watchers
Oh, wait. They were. So perhaps it's not unreasonable to be suspicious of their motives.
The Mongrel Dogs Who Teach
Microsoft and most other companies have been trying to do this (and many similar things) for decades, and will continue to do them. Sure MS has the money to do this, but there are limits which even Microsoft cannot surpass. Linux is BIG on the server segment, will Intel and AMD lose their stand in this segment (which tends to be more lucrative than desktop procesors) only to please Microsoft? Not likely. Even if they do, other companies will jump in to fill the void (Transmeta, VIA). I don't approve of it nor will I support it, but I don't think this is the beggining of an "1984"-like world. Just take a look at how long the Win XP authorization scheme remained uncracked
please excuse my apathy
Fee-C's (Fee-based Computers)
Copyrights, Patents, Trademarks: temporary loans from the Public Domain, not real property ("intellectual" or otherwise)
First of all, I don't trust Microsoft at all.
Given that, I've read all of these articles floating around and in principle I have no problem with a system of authorized applications.
However, the one thing I haven't seen is any indication that I myself will be able to authorize programs on my own computer. In my opinion, this would allow geeks to play with their own programming, download open source projects, etc. while still enjoying the knowledge that unless a program has been authorized by a signature authority or by themselves, it's not going to get a toehold in their machine.
If I'm beholden to the authorities to approve what I want to use, then I'm never upgrading. If however I'm allowed to authorize anything I might write or download then I don't have an objection to the principle.
The devil is always in the details, however.
The initiative, called Palladium, after the mythological statue that defended ancient Athens against invaders, sits on a set of technologies that have long been in use
Not to nitpick, but I AM tired of it... the Palladium was a small statue of Athena in the city of Troy, not Athens - it was stolen by the Greeks very near to the end of the Trojan War. It was the basis for the whole Trojan Horse bit. The explanation the Trojans received when they found the horse was that the theft of the Palladium by Odysseus had so infuriated Athena that the Greeks had left the horse to appease her wrath. The idea was then implanted in the Trojans' heads that the Greeks very much did NOT want the horse dragged into Troy, for then Athena would favour the Trojans and might kill all the Greeks on the way home. (Which, ironically, she and Poseidon largely did anyway.) The Palladium is generally held to have been taken by Aeneas on his flight from Troy to Italy, or maybe by Diomedes to Sparta, but never Athens.
Well, currently, I do already practice a limited form of code signing. When I, on my Gentoo system, type:
.tar.gz from a CTAN mirror - the MD5's never worked!) Does this protect against a dedicated hacker? No. But, in the recent BitchX scandal, it was noted that the MD5 digest in gentoo was for the tarball without the backdoor. I know that many distributers and packagers (RedHat springs to mind most readily) utilize GPG/PGP signatures on disc images and packages, which further derails crackers, as the public keys are kept by a central authority. FreeBSD uses a checksum, like gentoo, as well.
# emerge mozilla
part of the process is for portage to fetch a copy of the source code and compare the MD5 signature against the MD5 signature that I received from a different location (in this case, the portage / rsync mirrors. This actually bit me once, when I submitted a package that retrieved a dynamically created
Microsoft is not alone in this initiative - and if the article is right when it says MS will be out of the code signing business completely, this might help the situation. But I really don't see them being all that friendly to non-partnered code-signers.
Are you kidding me? Planned obsolescence? Squeezing consumers dry with each "upgrade"? Bundling an insecure scripting language with almost EVERY product it produces, thus singlehandedly giving the antivirus industry a job? Snuggling closer to content providers every day at the expense of individual users' rights? Further solidifying its monopoly, even after it was supposedly "disciplined" by the DOJ?
Maybe this guy sees something I don't. ;)
PrisonerCX
I read it. It's silly. They're implying they will allow non-microsoft operating systems to use their palladium stuff.
But they clearly couldn't allow open source operating systems. So who does that leave? There are no other x86 operating systems to speak of except the open source ones, unless Palm for some reason decides to do a BeOS revival. Maybe MS will release a doctored version of freebsd with all the crucial kernel bits closed-source just to prove look, we're leteting competitors in? And what would be the point of offering Palladium tech licensing to other operating systems, when you couldn't run Palladium software anyway (because the Palladium software is win32??)
*Could* they allow open-source operating systems? How could Palladium chip manage to function when the operating system has been altered specifically to allow you to run things without consulting the Palladium chip? Does the Palladium chip refuse to let the machine boot unless the operating system itself has been signed? How does it read the disk to see if the operating system is signed without letting the operating system partially boot first? Please explain.
Yeah, yeah, DMCA, whatever. There's a limit to what the DMCA can do before it gets hauled into court and struck down. The general public can't understand all this gunk about linux and kernel drivers, but they WILL understand "This law makes it illegal to distribute this 40k file containing a long set of instructions in english, because this other program can convert that set of instructions into a patch for windows that will let you back up files for Palladium-enabled programs in windows." Very few people actually need or want to run DeCSS. If palladium succeeds, lots of people will want to circumvent it.
Is anything above wrong? There ARE reasons to circumvent palladium, right? I think MS's greatest triumph in any case is when they can make it so everyone is talking about their new technology but no one is sure what it is, and that's the case now. Is it or is it not true that Palladium would allow you to create an application that WOULD NOT run unless Palladium were enabled and in control of the operating system? Is it or is it not true that Palladium would create hard disk sectors and third-party peripherals that couldn't be accessed unless Palladium were enabled and in control of the operating system? These news articles are all so vague. Enlighten me.
The Levy piece has moved to the Newsweek Pay Archives.
Try this link
The big problem with DRM is the dichotomy between trust and freedom.... if we're going to have signed code and signed media, there's going to have to be some barrier to getting signed. This signing, however, reduces the freedom to release code or media... in effect, restricting ALL expression, not just expression of copyrighted works or viruses.
And if history is any indication, what will the signatory barrier be? Just a "reasonable" fee...
The trust/freedom dichotomy is the biggie. If there were a way to resolve that -- perhaps the "2600 can sign things" idea mentioned -- letting DRM come is not a big deal.
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
I admit, I don't run Windows, or IE, I run GNU/Linux and primarily use Mozilla as a browser. I have never been tricked into running "malicious" code. I have never had a virus. I have never had data stolen from me (This presumably has nothing to do with the OS I use, and everything todo with the fact that I try not to be a moron and give my info to any one who asks).
:)
Why do we need all these digital signatures and systems for allowing code to run? I don't have any problems manually figuring out what I think is worthwhile on my system, it all takes place in my head and doesnt require any fancy Linux commands or anything.
I certainly don't have any "spyware" running on my system. Can you MS Windows users tell me, is the world that much different for you? What is it about windows that would make you need all this crap I am doing fine without?
Of course I've only seen one or two unrequested pop-up windows on the web and that was quite a while ago, I hear they are a problem for IE users as well
...When code will have to be signed in order to run on a processor at all? This seems to be the end of this path, restricting processing to "trusted" applications, all in the name of intellectual property rights. Linux? Ha. Only Windows is allowed on our hardware, because other operating systems are havens for software and media pirates.
Once code verification has been inserted into the CPU, arranging it so code HAS to be signed in order to be parsed. What happens when laws are passed requiring all CPUs faster than X gigaflops to have mandatory code verification?
The idea of Palladium is obviously to design a low level trustworthiness that can be used somehow, or in many ways somehow. To get something useful you need to start defining the problem to solve, and then specify your way down to what's in the chip and the OS. If all that specification were public now, I might believe in Palladium. We can think of a million ways that the software USING this new capability can be compromised. The designers have to start by figuring out, and tell us about, the secure usages first. Microsoft, the author of an operating system (Win 2000) in which you HAVE to have massive user privileges or you won't even know that most software installs are failing due to lack of privilege, is going to give us a trusty capability with enough degrees of variation to be useful? As if!
1. Write an application that runs unsigned applications. Sign that app, never sign anything else again.
2. OK, let's say you have to sign every process. That means you have to sign every version of a DLL. MSFT won't just be alienating OSS developers if that happens.
3. Under this regime, security is only as good as the CA. Sure, some CA's will charge a lot of money because they are "reputable", but how hard/expensive is it to run a certificate server anyway? From what I've heard, not very. It's just that nobody does that now because there isn't a need. Something like this would just cause orgs like the EFF, GNU, perhaps others to run free CAs, or even CAs the are dummies designed to fool the OS into believing the software is signed. Then the orgs and MSFT can sue eachother for a few years, and by the time the case is settled it'll be a 1 inch blurb in the business section and a few lawyers will have new Lexus automobiles. Nothing new here.
I don't know about you guys, but I never even bother reading those little pop-ups that come from signed code, even when it has an error, and I have never been compromised by such code. Why? Because trusting code you get from ibm.com is safe, and trusting code you get from deadalienhacker.org isn't. In other words, security is verified by the reputation, integrity, and character of the authors. My... what a novel concept. :)
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Its funny. It says this should appease Hollywood but wouldn't that only mean a part of Hollywood. The part that is worried about losing revenue over pirated material. The other part of Hollywood may be extremely pissed. Who am I talking about, I mean the ones that MAKE the movies. The ones who are switching to open software and open operating systems because they can change it to suit their needs. When filming something that requires Major special effects it often times requires a bit of custom code. Guess if they all move to Linux then they will be ok :)
can be found in a story here (//www.kuro5hin.org/story/2002/7/9/17842/90350) in which Peter Biddle is a MS manager involved with helping to develop technology to keep control over content on DVD and other devices. This seems to be the same Peter Biddle quoted in the Salon article here and introduced in this way: "According to Peter Biddle, a Microsoft product manager, Palladium is nothing more than an elegant solution to the vexing problem of keeping people secure on the Internet..."
Why would an employee who specialized in content protection for Sony/Time-Warner etc. suddenly be interested in keeping "people secure on the Internet"? It seems far more likely to me that he'd be much more interested in DRM and control.
Why wouldn't we trust Microsoft? The better question is "Why would we trust Microsoft?". MS is a convicted monopolist (the only thing left is to determine the penalty) and a convicted copyright thief. MS has had a pattern of never inventing or creating anything but instead either buying or stealing it. MS has never before acted in the public good but only for the good of MS. Why would it change now? The answer is, I'm afraid, "It wouldn't.
No one ever had to evacuate a city because the solar panels broke!
Microsoft argues that Palladium can always be switched off by users who think it's bad news. If Palladium becomes ubiquitous, critics respond, that may not be an option.
"If you turn it off, then you are an island," says Perens. "You can't communicate with others. Everyone will be using this DRM, and you can't view Web pages."
This is a real worry - not that you won't be able to turn it off, or run Linux/*BSD/whatever and ignore it, but if you do that, then all of the content (email, web pages, documents, etc) created by all of the people who have not turned it off will be unreadable by you.
It's like avoiding email - sure it cuts down on your Spam, but it also cuts down on the legitimate messages you get.
And that's where it gets scary. I'm a UNIX administrator, but I keep a Windows system because there aren't as many games out there for Linux. The same thing - you may want ot be a holdout, but if you can't read 90% of the email or view 90% of what you want to see on the web, you may adopt it just because your other option is "almost nothing".
=Blue(23)
LITTLE GIRL: But which cookie will you eat FIRST? C. MONSTER: Me think you have misconception of cookie-eating process.
Here's the simple explanation for why MSNBC pulled the article:
It's a Newsweek article.
Newsweek charge for archive access.
The article is now over a week old, and has been moved to their archives.
Simple. If you want to get the article, you can still buy it from Newsweek for $2.95, or for a lot more if you want access to their entire library of stuff.
You can still find it if you go to www.newsweek.com , and search the archives for Palladium.
Simon
Coming soon - pyrogyra
Having been to a number of MS 'Executive Briefings' my impression is that by far the most requested item by large customers has been proper Java support. Right now it is costing companies a huge amount of effort to integrate Excel and Outlook apps with Java-based transactional systems, and going right back to 1998 the story from MS has never been "How can we help solve your problem?", only "How can we dominate this space and exclude competition?"
Ironically, we had MS people on site for over a year to gather 'requirements' and help 'influence strategy'. There's no real question that this was by and large ignored - a small insight into what perhaps has been one of the most dramatic examples of contempt for customers ever exhibited by a major corporation.
I further disagree with Mr. Perens as well. The content is all that will be limited, not the computer. The computer will not be limited in any way. You can boot into untrusted mode and use whatever you want. The content, on the other hand, may require the use of trusted mode. That simple.
Either (A) you have an odd sense of humor, (B) you don't understand Palladium.
Palladium is build on "trust". Not your trust in something, but Microsoft's (and other company's) trust in what the computer/software WILL NOT LET YOU DO.
The first layer of trust is trusting the hardware. The hardware then checks if it can trust the operating system by making sure it is cryptographicly signed. The hardware/operating system then check if they can trust a program by checking that it is also crypographicly signed. Without a valid cryptographic signature the Palladium hardware shuts down and cripples the system.
A quote from the article you linked to "The main consideration for Microsoft, said Juarez, will be integrity (of the Palladium software)". The integrity of the software lies completely in controlling what software gets signed. "That is where we will make our stand. We will not sacrifice integrity of the Palladium platform" - that flat out means that Microsoft WILL NOT give up control over what does and does not get signed. At MOST they will assign that control to a carefully constructed puppet organization.
Some code for non-windows systems will be signed - but only when it suits MS to do so. Sure, MS will create formal "fair" rules where "anyone" can get their code signed because they can't afford to be blatant dictators. You'll still have to be a major corporation and agree to play by Microsoft's rules to get your code signed.
The system will be broken in one of the following ways.
(A) the crypographic keys will be leaked/stolen (unlikely)
(B) a bug in the system (MS is known for its bugs, but I think this unlikely also, they will be VERY carefull)
(C) someone tricks MS into signing code with a backdoor/trojan (difficult and the certifacation process to get signed will be quite costly)
or
(D) in my oppinion the most likely place Palladium will be broken is at the first layer of trust - the trust they place in the hardware.
The chips circuitry can be scanned and analized. The hardware can be hacked to change data/code on the fly. The hardware can be simulated in software. These things are not easy, but they can be done. Therefore they WILL be done.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I remember the whole IE ActiveX vs Java wars. MS's view was to get signed code. Java's was to build a sandbox, and if you want to break out of that, then you do the certificate thing, and then you have to let individual items through (allow reading local filles for example, but not write). MS has the bulk to say which one you chose, irrespective of technical superiority.
/etc. Limit the damage it can cause. I forgot the Free-NIX projects that support restricted syscalls.
Relying on 'signatures' to protect you is falso hope. Check on www.microsoft.com, search for "ActiveX Security vulnerability" using ALL keywords. You'll get 100 hits back, and the search cuts off at 100, so I don't know how many there are. Yes, the Java security manager had holes (these holes were eventually plugged). But at least there were limits, like a hole in the dike instead of it collapsing. How many IE holes were because certain ActiveX controls were marked "safe for scripting"? So this ActiveX had the run of the system. The controls are signed, but what's stopping a rogue person from obtaining a certificate ad releasing a bad ActiveX control (or a bad app). I remember someone did this, had a certificate and made code that was a proof of concept (I don't remember, I think he wrote soemthign in teh Run key, and you saw a message every time you started up). I also remember when someone pretended to be from Microsoft and obtained a key? Yeah, MS released a patch invalidating the key, how many folks didn't install the patch? Is there code out there with that key? If they can't even hold on to their keys, how can you trust them?
How do you protect against bugs? Outlook wasn't intended to be malicious, but look what happened. MAJOR design flaws in Outlook, and how it's integrated into the system (a great deal of virus damage can be traced to the fact that Explorer by default doens't show extensions, and Outlook picks this up). Neither was sendmail, how many bugs came from that? OK, sendmail's signed now, I can still root you. Is a signed IIS any less vulnerable to Nimda? Is all the KaZaa spyware gonna get kicked off casue of this? Nahh, it's all gonna be signed.
This is where a sandbox mentality is best. Something like the jail and chroot syscalls. Limit the damage that can be done to the system. Have all syscalls be available to be jailed, something like the security manager in Java. Have IIS be jailed to not be able to use connect() to dial out to other servers, jail the ability to make files anywhere other than a log-root, so it can't make startup files in
A big problem with Paladium this it turns people into vertificate validators. How many folks do you know who know how to read a key? It's gonna be either accept all, or accept none, depending on what the default is. And if you accept, you're still making you're system succeptible to bugs and trojan horses.
This just seems, to me anyway, to be Microsoft's way of pushing new software and hardware. I don't see it helping folks much.
They started a discussion on MS and Sony. Read it, it comes from a former Microsoft developer