Slashdot Mirror
Gates and Lasser on Palladium
A rather funny juxtaposition this morning - Bill Gates or someone with his signature stamp sent a spam-gram to pretty much everyone who receives any sort of Microsoft email: Bill only mentions Digital Rights Management in one throw-away sentence. And like most other spam, he promises it's a one-time mailing. On the other hand, Jon Lasser of Think Unix fame takes a harsher look at Microsoft's vision of a world where your computer is trusted against you.
The problem with everyone's understanding of TCPA/Palladium is that there won't be a single authority (flying Black Helicopters over your PC at night). Big companies like IBM (and especially the government) may use it for document control, but that's about it. What Palladium will do for the world is:
- End the untrusted binary problem. Viruses will be blacklisted by a remote server - no more email viruses, ever
- End the trojan horse/worm problem
These are important features that Joe sixpack the home user really wants. Nobody likes getting a virus and losing all the information on their Hard Drive.By jaundicing themselves against the IEEE's implementation of this important standard, the Linux movement is just putting itself behind the curve in computer security.
If Palladium succeeds, and Linux doesn't follow, then Linux machines will be the only computers that can get viruses. How ironic would that be?
No, not of MS, but of Slashdot.
When someone mentions they gave up Linux for Windows (don't feel like searching for the link, but it was a story last week), everyone on slashdot supported MS, and ran against Linux.
But, a few stories later, we find ourselves reaming MS.
Now MS tries to address subjects YOU WANT THEM TO ADDRESS, and the linux community is in an uproar.
I'd like to suggest what someone suggested in the "give up linux" article.
We need to STOP railing MS, and start boosting Linux. I don't want Linux to be successful if the success is based on dirty marketing against MS.
What's worse is this wasn't even submitted to slashdot, its an editor attempting to push MS into a story so we can all moan about it.
I think it'd be in Linux's best interest if Slashdot didn't write anything negative about MS, just tech updates or whatever. It'd be a lot more mature than the dung-flinging that goes on here.
This hypocracy is just as bad as putting restrictions on users and preaching online rights...
BTW - I'm expecting a being modded down, especially editor moderation (how do you make a broken moderation system, worse? Absolute power, of course!), I'm just venting some steam (and losing some karma).
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
- There are already solutions that eliminate weak links such as passwords and fake email. At Microsoft we're combining passwords with "smart cards" to authenticate users. We're also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information or malicious code that falsely appears to be from trusted senders. And we are making fundamental changes in the way we develop software, in our operational and business practices, and in our customer support efforts to make the computing experiences we provide more trustworthy.
Now this is progress. From actions like these in the computer software industry we can see that they are gradually moving away from the 'hacker' mentality (as in 'hack it together and hope it works') to a more formal design process. Like, software engineering might actually live up to its title!And the closer computing gets to more comfortable real-life metaphors, such as using human-orientated media such as eyeballs and fingers, the more comfortable people will generally find the technology.
Aye man. Innit.
A nice, and a propos story by RMS, called The Right to Read, can be found here. Definitely worth the read.
Fuck it
I think the community's response to DRM is wrong. I don't think that the analysis of it is wrong -- it's a very negative technology. But I think the response is a little off.
If MS wants to put the interests of the large media companies ahead of the interests of its own customers, the people who actually buy the computers and the software, why not let them take it to the market? Let's let the market decide what it thinks of that. Let's give them enough rope to hang themselves.
The thing that we have to worry about is some sort of legal framework that requires all computers to respect some DRM system.
MS is way ahead on the desktop, and their systems have gotten a lot better than they used to be. The only way they're going to get dislodged from that position is by making a really catastrophic mistake.
This could be that mistake!
I think there's a lesson in the current stock market scandals. The big companies can buy legislators. They've shown that they can derail effective regulation of accounting rules. They can set things up so that a crooked CFO who bilks people out of billions and sends the markets into a spiral that wipes out the savings of millions of people gets a lighter punishment than a punk who robs a liquor store.
But in the end, there's nothing they can do against the force of the market itself. They got cocky -- they thought they could get away with anything. It turns out that they can't.
Neither can the DRM boys.
Who here do you think wanted MicroSoft to address DRM in the operating system? I'd guess almost nobody.
Who here do you think wanted MicroSoft to address the 'problem' of users having complete control over their own machines? Again, nobody.
I see no change in attitude here at all. The Slashdot crowd has always disliked DRM and giving Bill the keys to your computer--and that's exactly why there is so much anger at Palladium.
And while I agree with you that we'd be better off boosting Linux than trashing MicroSoft all the time, you still have to point out significant dangers when you see them.
Ok this might be completley ludicrious but here it goes.
I would like to see Microsoft and Intel team up and go one way, while AMD and everyone else go the other.
Then Microsoft can lock down everyones PC like apple and do whatever they want to. The rest of us will then be able to enjoy our open systems.
Crazy idea? You decide.
I think one of the interesting things about the rise of Microsoft and the IBM clone PC in general is that it proved that an open, extensible system is going to win out. It doesn't matter how good your closed system is, it just won't win out (witness: Mac vs DOS).
And here we are, it's 2002, and Microsoft, the company that most benefited from having the PC architecture open, is now seeking to close it. For "security". As more restrictions are added, fewer interesting things will happen on the system, and people will start to look elsewhere to get what they want and need.
It's sad that Microsoft has forgotten what got them where they are in the first place. Look for Apple to do even better once Palladium hits.
"I may not have morals, but I have standards."
I am confident we can and will create a truly Trustworthy Computing environment.
Anyone else notice Bills interesting capitalization at the end of the letter? Perhaps we can expect another generic trademark soon?
So, I guess it has finally happened. People don't use the word trustworthy to describe M$, so M$ just created a way for trustworthy to be used with all M$ activities! I guess that is more profitable than actually becoming trustworthy.
-Sean
Palladium is yet another example of Microsoft's flawed software strategy. MS constantly thinks: If there is something wrong, make new products to fix it. Doesn't anyone else think that this is flawed??? Oh yeah...you can't sell stuff like that as much as new "I have better features than my previous version" software.
Palladium is a bandage over the broken user/networking model and the interfaces to them. Instead of stepping back and considering the reasons why most users and processes MUST run as Administrator(locally and network wise), Microsoft wants to promise that yet more software that will sort out the issue for you without thinking. Installing software on a Win2K system can be a bear if permissions have to be setup a certain way. How hard is it going to be to install software on a Palladium system?? Don't think the new Word for Palladium. Think about the legacy software you are still required to use. That should send shivers down any IT Staff's collective spines.
And, at the worst, Palladium fails to fix a giant class of problems. IIS will no doubt in MS's mind be a trusted program to run. However monkeying with "default.ida" isn't something it should be doing. Palladium can protected from "mystery.exe" which is unsigned from running but seems to make no provision for trusted binaries suddenly behaving badly. Default settings, denial of serivce, etc. have nothing to do with signed code.
Beyond this a computer is supposed to get out of the way and let you do your tasks. A "well oiled" Linux machine can do this for tasks. Mac users rave about how its OS goes way into the background when a task is executed. MS through Palladium seeks to get more in the way to protect us from ourselves. Why does Joe Sixpack want a computer that is even more "in your face" than it is now?
As for the future of Linux with Palladium looming on the horizon. I'm not worried. In fact I forsee a great boon in virtual execution environments on Linux and BSD where you can choose to ignore Palladium rules if you the user choose to do so.
I find it amazing that *nix users are getting so caught up in this. I would think they would be smart enough to know that MS can't control the whole computer industry. If users don't like it users won't buy it. If there is a market for components that don't follow palladium specs then someone will fill that market. It's basic economics.
Right now all I hear are some *nix users supporting their arguments with opinion and passing it off as fact.
I am about as sick of the Linux propaganda machine as I am of MS.
The attitude towards accounting fraud is not friendly. The Senate is ticked and the President does not want to look bad on this issue. DAs and judges are similarly going to be out for blood. To prove to Americans that the problem isn't structural but rather with specific individuals the system is going to need scape goats, that is individuals are going to go to jail.
What about internal business software? Will all businesses have to get their own internal software signed by Microsoft for use on their own machines?
What about hobbiest programmers? I don't know about you, but I got into programming at home messing around with compilers and such... Ummm... Are they trying to extend their monopoly to... programming in general?
I think it's possible that Palladium could end up being either the demise of general computing, or the demise of Microsoft's monopoly, as other competitors such as Apple, Linux, *BSD, etc, step up and offer people their COMPUTERS back to them.
I'm not going to worry. If it comes to it, I'll run Linux on PPC hardware or something. If that gets DRM infected as well, I'm sure there will be other choices, possibly from the other side of the pond. And if it's worse, I'm quitting this industry and going into construction or something. Or maybe politics, it'll get easier and easier to run on a platform of offering people their freedom back!
Sticking feathers up your butt does not make you a chicken - Tyler Durden
You said, "I think this shows just how far along this idea has gone. None of these people in the room cared a wit about privacy, open source, the ability to compile your own apps, etc. because the vast majority of people don't do even know what they could be missing. All they care about is a golden pill to solve all there security problems."
Let me start out by saying that I agree with this statement. My basis is the fact that I actively do security administration and teach security classes so I've seen my share of people that are involved in corporate/IT security.
The sad part about this is we got into a situation by people looking for the "golden pill" that will solve all of their problems. I guess its not so much a golden pill to solve security problems, but more that people just don't want to care about it. They think if they sit in the closet with their eyes closed no one will be able to see them. We've recently been finding out (over the past couple of years) that all of those people were drastically wrong. Now that we've realized that the suites realized this, they've now decided to do something about that magic subject of "security". However instead of hiring someone who knows what they're doing, they find people who look at Microsoft saying things like "I know we messed up, but we've spent 100M USD to fix it, please trust us -- with no actual proof (can't read the code can you? not like they'd know what they were reading)". Then these suites eat it up like cops with doughnuts and two years later we'll be back into the exact same situation.
The only golden pill for security is knowledge. I tell all of my students that, and I wish that the word would be passed along. I'm not saying that MS is shooting themself in the foot doing this because no one can read the future, we can only speculate. However I think that companies that blindly follow this scheme will be shooting themselves in the foot.
"Everybody knows the moon's made of cheese," Wallace.
Can anyone explain how having (for example) IIS signed by Microsoft is going to make it any more secure? It's not as though there's some "untrusted" version of IIS going around that the Palladium system will be able to detect and disable, is it?
All signing can do is reassure you that you are indeed running the same binary that Microsoft (or whoever) is offering. It certainly doesn't prove that the binary is competently designed, well tested, or secure against crack attempts.
Palladium is a terrific solution for a nonexistent problem.