Slashdot Mirror
Gates and Lasser on Palladium
A rather funny juxtaposition this morning - Bill Gates or someone with his signature stamp sent a spam-gram to pretty much everyone who receives any sort of Microsoft email: Bill only mentions Digital Rights Management in one throw-away sentence. And like most other spam, he promises it's a one-time mailing. On the other hand, Jon Lasser of Think Unix fame takes a harsher look at Microsoft's vision of a world where your computer is trusted against you.
Until of course the remote server is comprimised and suddenly explorer.exe is an untrusted binary and every windows machine in the world shits a brick.
Having seen MacWorld NY and nifty little gizmos like a 20gig iPod that should have media corps coughing up hairballs in a matter of days, what of Palladium and DRM when it comes to Apple?
Now granted the **AA's would just love to have a very tight DRM system, and Palladium underneath it all would be like a market research holy grail(knowing the marketeers behavior), but thats all at this point a Windows thing.
Setting aside OSS for the moment, what about the few other players? Apple primarily, but there are a few others. And what if someone wants to truely innovate a new OS?
This is _way_ too controlling a system. I think the barrier to entry would effectively become a steel bulkhead (for any truely new OS).
And what exactly is Apple's position on all this? Especially since OS X. And sooner or later there will be a fairly usable Darwin for x86. If the hardware begins to limit the software as is predicted, them perhaps MS should just make its own hardware for its new OS's. Open up its abandon-ware for the rest of us and strike out along the path of Apple.
Frankly I think all of this is going to fail. And no system will be secure until we can get rid of the users =P
Does anyone remember the fight over the clipper phones? The clipper system used mandatory private key escrows. The idea was that if you bought a clipper phone, the secret key would exist in a government db somewhere. If they wanted to wiretap you, they'd just have to look your key up and decrypt the signal.
It wasn't a rejection of the clipper ideology that sank the proposal. It was a proof that it would be possible to build counterfeit clipper phones that would interact with the system. The NSA screwed up, they built a system that wasn't strong enough.
It seems to me that palladium would face a similar challenge. How do they differentiate between a rogue board that pretends to be palladium compliant and a real one? Especially in a world with flashable BIOS?
What's to stop people from buying boards that will be palladium switchable? If you want to run Windows, you can set the BIOS one way, if you want to run Linux, you can set the BIOS to disregard it?
Or what's to stop people from making boards that accept any signature without checking it? MSs software would think it was on a palladium compliant system, but you could run whatever you wanted.
Microsoft is truly foolish if they expect to have people switch to Palladium. The majority of their customers were pissed with XP, just having to call Microsoft if they updated their hardware. Now, they expect people to buy new hardware so they can be told what they can't run? Personally, I think Palladium might end up being a new NT, but I seriously doubt it will ever be like Microsoft claims it will.
I've always wondered what will happen to companies that write commercial compilers and/or tutorials for writing programming code (whether it be C++, C, Basic, whatever) if Palladium becomes the standard.
Will the computer enthusiast be able to write (and thus learn) new programming languages? I find it hard to believe that a compiler could digitally sign all code, and thus it would be impossible for the average Joe to write a "Hello World."
I remember writing my first program (a blackjack game, I believe) in 4th grade in Visual Basic. Isn't that how most (if not all) computer professionals got in the business? Will self-discovery and self-learning be possible anymore?
- Recently, business sales of new CPUs have fallen off. Apparently people are running word processors just about as fast as they need to, and so it makes sense to hang onto older, "obsolete" motherboards and "outdated" OSes. This of course threatens the chip makers, since their business model depends on unconstrained growth in demand.
- If Microsoft releases Windows Palladium as advertised, then businesses will feel motivated, if not outright compelled, to buy it, since security is a growing concern. But to run Palladium, you need hardware-level encryption and signing. That means to "upgrade" to Windows Palladium, you need to buy an entire new CPU. At least one more rush of hardware purchases awaits!
- Consider these quotes:
- Giants chip in for Palladium
- Palladium: Safe or Security Flaw?
So I guess the reason that I think "hardware vendors are SO STUPID as to cripple them all in the processor" is that they've already agreed to do just that."...INDUSTRY chip giants Intel and Advanced Micro Devices have confirmed they will support Microsoft's plan to improve PC hardware and software security..."
"...Microsoft's recently announced R&D project, which includes chipmakers Intel and AMD as partners, aims to combine software and hardware extensions to traditional PC architecture..."
The Mongrel Dogs Who Teach
I just attended a private focus group on this subject. All the attendees were Director level IT folk who are constantly hassled by security problems. Some of them came from a management background and some from a technical background. Almost all of them thought this would be a good idea. In fact they thought it was such a good idea that they would be willing to pay $25 to $400 more per server or desktop just for the chance to have this technology.
I think this shows just how far along this idea has gone. None of these people in the room cared a wit about privacy, open source, the ability to compile your own apps, etc. because the vast majority of people don't do even know what they could be missing. All they care about is a golden pill to solve all there security problems.
So we shouldn't all be thinking that somehow this idea will be MS shooting themselves in the foot. That won't happen unless we get the word out.
Peace, or Not?
I mean what is to prevent a buffer overflow vulnerability in the TCP/IP stack implementation from being used? Say it receives the wrong data, the stack overflows and your code is now executing with kernel privileges. From the OS's perspective, no new application has been run, therefore, no check for signatures will ever be attempted.
Granted, the nub may prevent you from reading encrypted data, but you will have access to everything that is not encrypted. And you are in a very good position to use the kernel privileges to attempt attacks on the nub.
Also, presumambly, the TCP/IP stack will be part of the kernel which itself is signed and authenticated by the nub at boot time...
Improve as in 'embrace and extend'? What's wrong with TCP/IP, SMTP, or POP3? The problem was never with the transport protocols. They work perfectly. The real problem was with microsloth's crappy Outlook Express gleefully surrendering a user's mailing lists and blindly running every virus script that came along, no questions asked. The problem was further compounded by their reluctance to fix it, despite getting pounded by one virus after another over the course of several years. Even with the recent Apache and SSH exploits, I'd still trust a linux system over M$ any day.
When all else fails, run.