Slashdot Mirror
Schneier Analyzes Palladium
bcrowell writes "This month's CryptoGram from Bruce Schneier has an analysis of what little information people have been able to glean (without signing an NDA) about Microsoft's Palladium initiative." We might as well throw in a direct link to Schneier's look at the MPAA License to Hack bill as well.
I admire the guy and all, but it seems pretty foolhardy to do ana analysis based on rampant speculation, FUD, and vapor. Wait til you can see the real thing - this doesn't help anybody.
He has issues with arming airline pilots as well.
Best Slashdot Co
"None of this is new or controversial, so why are copyright holders even talking about this? This bill would make it legal for the MPAA, the RIAA, and its ilk to break into computer systems they suspect (with no standard of evidence) are guilty of copyright infringement. It will allow them to perform denial-of-service attacks against peer-to-peer networks, release viruses that disable systems and software, and violate everyone's privacy. People they choose to target would be deemed guilty until proven otherwise. In short, this bill would set up the entertainment industry as a Gestapo-like enforcement agency with no oversight. "
Isn't this just becoming the general trend in America? I wonder how many victims of the MPAA will be arabic looking?
The latest Crypto-Gram has some things to day about Pd, or Palladium as the full name goes. It is interesting, but it doesn't say anything about somthing that sprang to my mind - the possibility of a virtual machine that runs as a Pd device, on top of a non-Pd device, completely breaking the security. This would be hard to do I expect, but not impossible. Those who have written VmWare and similar programs probably have it in them to reverse engineer the protocols used and re-produce them in software, for the sake of argument call it VmPd.
It goes like this:
VmPd runs on a PC, VmPd contains all keys required to access all areas of itself. VmPd is trusted, because it is a trusted PC (which is the point of this whole mess) to do what it is expected to do. For the sake of argument assume we have downloaded The Little Mermaid under license from Disney, and we are only allowed to play it once. We turn off VmPd, and all we have is an encrypted jumble on our hard disk where we set up the partition to host it. We also have the keys to read it though, and simply decrypt the move and show it to our hypothetical little children as many times as we like.
This works because, as I understand it, Pd only allows you to access material with certain rights, depending on what access partition it is under. If Disney set up an access partition for downloading movies, this will be done in a way that trusts your Pd machine.
Assuming that Disney only give you a key when you pay for one, that key will always work unless they can chance how the movie is encrypted. It is conceivable that they would have a player that on-the-fly re-encrypts the movie with a new public key as you view it, every time you view it, and they only give you the new private key when you pay for it. But the transmission of the key is encrypted, trusted because you have a Pd device, so you just intercept the key on its way into VmPd, don't play the movie, and decrypt it yourself and watch as many times as you like.
I am probably missing something, but it makes for interesting thinking.
"There's nothing in Pd that prevents someone else (MPAA, Disney, Microsoft, your boss) from setting up a partition on your computer and putting stuff there that you can't get at."
Isn't that a lot like the Tivo "feature" that reserves a set amount of space on the drive for automatically downloaded "content" that can't be removed?
The future isn't what it used to be.
There is more info at the EFF here. And donate some money while you're at it. That's more likely to help than a slashdot whine.
If everybody can install Windows XP successfully in first time, who wants to buy M$'s next upgrade version?
You can't but admit it's the most intelligent method to earn money in the world, and that's the M$'s "patent".
Today's MacHall
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
This sums it up pretty nicely, I think.
With all this non-resalable equipment and media, has anyone done an environmental impact study in terms of waste disposal, when your computer and/or it's current OS load and the CDROMs it came on can no longer be donated to the local orphanage?
We're already having problems with monitors and computers (it costs to throw a monitor away where I live, unless you take it to the dumpster at 3AM), with most printed circuit board finding their way to heavily contaminating the countryside during cheap-labor disassembly after shipping to Asia.
-- Terry
Viewed from the 10,000ft level, it sounds like a common Hollywood plot (Pd in parens):
It's the year 2050 (2004) and the government (MS) is telling everybody how they will live (compute). Trust is guaranteed by the government (MS) and violators will be punished (digitally locked out). The people (programmers), though outwardly happy (productive), harbor deep lingering desires for freedom (open source).
Then, along comes a rough-shaven, rogue hero (hacker), played by Stallone or Schwarzenegger (Torvalds). The aforementioned hero (hacker) then liberates the people (programmers) from the tyranny of the government (MS). The people (programmers) are overjoyed, their lives have returned to normal.
So - if it ever played out like this, I'm sure someone in Hollywood already has the rights to the script. Will they own us?
Alan.
Damn microsoft forever damaging the good name of the 46th element.
"TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed." "You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system."
A lot of background information can also be found from Ross' page about Economics and Security.
You should ask yourself the question "if a computer can run code in a protected environment, whose code would you be willing to let into the computer?" Once it's there, it is protected - even from you.
Bruce Writes:
"It's hard to sort out the antitrust implications of Pd. Lots of people have written about it. Will Microsoft jigger Pd to prevent Linux from running? They don't dare."
I dont have the same impression of Microsoft that Bruce seems to have. If i go trough what they have done in the past there is nothing they wouldnt do to get more control. They will almost certainly have a licence tailored to make it hard for Open Source/Linux to implement it without breaking GPL.
Considering that GPL is a bigger threat to them than linux itself i assume they will take a shot at it. GPL is the one thing stopping them from stomping all over Open Source wreaking hawoc like in Simpson. They much prefer the BSD licence where they can "borrow" code since the despite their extremely big cashpile cant get people who knows how to code.
HTTP/1.1 400
After reading the article, I can't imagine that a home user would ever make a point of purchasing a system on the order described. Hardware-level tampering resistance is a good thing for Department of Defense computers, say, but does the average home user, surfing the web and storing recipes, really have to worry about someone leeching that information from residual information that could (maybe) be gleaned from the CPU itself?
Dear lord! Perish the thought.
I can't even imagine most companies having to deploy something on this order to safeguard their data. Hell, I'm not even sure the military needs it.
For reference, the Department of Defense has a series of guides and guidelines for locking systems down to ensure security. These are called STIGs and are created by DISA (Defense Internal Security Agency) and the NSA (National Security Agency). When the guides are applied the machines are as secure as can be made.
Part of the guidelines cover physical security; i.e., if someone can reach your hardware physically without being cleared for it, you fail that part of the check. As such, I can't imagine how Palladium would not be redundant to things we already have in place.
For good security, you can use smartcards with a PKI certificate, anyway. Don't let someone sign on without one, don't let them access data without one, have an active and interested central monitoring and issuing authority and practice good physical security. Save the money you'd spend on Palladium equipment.
Can someone please explain why the desired level of security can't be obtained by only software? What exactly are the situations which require a security chip as opposed to software? I'm not speaking of physically breaking into the computer, but someone at the keyboard or over a network.
Developers: We can use your help.
We're already well down that road. It is very easy to see a day when the general computing device we all know and love will be illegal because it makes it way too easy to copy digital data. Nevermind that what made the general computing device popular is that it manipulates digital data so easily.
We all know what the industry wants. THe industry wants a pay per view world where every consumer pays every time he views industry owned content and the industry is protected from competition because they control the technology that allows content to be created. It isn't about fairness. It isn't about content authors getting paid. It's about greed, plain and simple.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Palladium, Pd46, Heat of vaporization 357.0 kJ/mol. I quess kJ/mol means, KiloJournalists / Microsoft's Obfuscated Literature?
I couldn't NOWHERE find one - the most - important thing - WHO&WHY is gonna buy Pd-PC? I couldn't think out any reason to buy such a crippled (and expensive probably also) computer except forcing it by very restrictive law.
I thought I closed that i tag there. That's what I get for posting to slashdot before I've had my coffee. Bruce said the stuff in the first paragraph there. The second two are my comments.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
They just might do that.
I'm sure others will mention this, but I thought this quote was worth highlighting.
Microsoft really doesn't care about what you think; they care about what the RIAA and the MPAA think.
Anyhoo, I thought this was a good, well ballanced article. He's much more realistic than most about what may happen, both on the paranoid and the hopeful angles.
Science may someday discover what faith has always known.
Bob Cringely wrote a column on the same topic about a month ago. He called Palladium a Rosetta Stone for malicious hackers. Sounds like a blast.
That's just what I want, another Microsoft initiative aimed at security. They've done such a good job at it so far that now I'm a whisper away from getting my account canceled by my ISP -- all because some Outlook/Outlook Express user somewhere has Klez and our e-mail address.
as all chemistry students will learn:
Palladium (Pd) + MP[3/G/EG] (MP*) => Fire.
$cat
My understanding of the way this system works is that the authour of a piece of media will be able to revoke ppls rights to use it remotely. What needs to happen is for someone to hack some major source of media, and wipe out everyones media. Once this happens, people will refuse to buy the hardware. If you could wipe out a few multinationals and a few important government departments, that would help bring us all together, "consumers" and government alike.
-1 Uncomfortable Truth
Strange thing is, what most people don't realize is that they don't own the software that runs on their computer. Microsoft does (or at least the EULA claims they do). Our computers are not our own, and have not been our own, for a long time now. The sad fact is that while we may physically own the hardware, a part essential for the hardware functioning - namely, the OS - is owned by Microsoft.
Now, you could counter by saying that people could run Linux, however, this isn't really an option for the average computer owner. Most computers built today have hardware that isn't fully compatible with Linux (Winmodems, etc...). So, the while the user has physical possession of his computer, all of his data is effectively owned by Microsoft, because without Microsoft's blessing, the average PC is useless.
So the next time you hear of someone wanting to buy a new PC, you might want to remind them that unless they are willing to install Linux, they aren't really buying anything. It's more like a lease from Microsoft.
The society for a thought-free internet welcomes you.
Comment removed based on user account deletion
Amazingly enough, this one is able to analyze most of the knowledgebase around "Palladium" and boil it down to the more interesting core issues. I would've appreciated a little more insight along the lines of what such a strategy as Palladium does to the role of the PC however. Generally speaking, PCs are multipurpose machines, which are *fully* programmable, and do pretty much whatever you tell them to. They manipulate data in any way *you* the *user* see fit. What Microsoft is attempting with "Palladium" is going to place restrictions about what a PC can do, and leave these restrictions up to the content producers. I won't comment on the stance of the content producer, but I will mention that this is a departure from what has been a central tenet of the computer: "it's yours". The trend seems to be shying away from "it's yours" to "you didn't buy it, you paid us to ALLOW you to use it - in a way we deem appropriate". Of course, "we" being the content producers. Microsoft really doesn't care what we dow with our music and movies - they just don't want the MPAA/RIAA/Legislators breathing down their neck.
------- "From bored to fanboy in 3.8 asian girls" ----------
This brought two ideas to mind...
Ok, time for work...
Curmudgeon Gamer: Not happy
Please, please, please someone tell me what it is going to take for us geeks to rise up and make people aware of what's goin on in the world in regards to technology? After reading this article, what joe-schmoe in his right mind would actually support something like this?
How do we wake the layman up and get them to smack these god damned senators supporting these initiatives with a cluebie stick???
-US Citizen
Pally-Dumb is just M$FT's attempt at makeing a secure enviroment for their vulnerable kludgeware OS to live in since they are too stupid to make a secure OS that can stand on its own...
and an attempt at extending the life of thier monopoly on computer desktops, which is like a dieing man fighting for another breath before he dies...
die mickysoft just crawl in to your grave and die...
No one will ever even imagine a beowulf cluster of these Palladium PCs!! Damn!
The new Federally employeed security personnel will be started at 27k per year moving upwards to 50k per year.
Let's do some math...
27,000 per year divided by 52 weeks equals 519.23 per week
519.23 per week divided by 40 hours equals $12.98 (roughly $13 an hour)
Let's look at the upper end of the spectrum...
50,000 per year divided by 52 equals 961.54 per week.
961.54 per week divided by 40 hours equals $24 per hour.
Of course, they will be hourly employees and I imagine that most will be working closer to 50 hours on average. So, they will be payed somewhere between 32k and 58k per year.
By the way, I do agree with Bruce regarding the arming of pilots being a wrong thing.
Also, if you want to know the caliber of people that are being hired to perform this security task. Go and take the 6 hour plus test that they make you take as the first screening session. Getting hired to do that job takes more than a few months at this time. I have a family member who was recently hired and it took quite a while.
-.-
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
I can see it now, you will have to buy Mod chips for your PC on the grey market, to get around the hardware "security" just to install Linux..
The Good Life
To quote : "3. Like everything else Microsoft produces, Pd will have security holes large enough to drive a truck through. Lots of them. And the ones that are in hardware will be much harder to fix. Be sure to separate the Microsoft PR hype about the promise of Pd from the actual reality of Pd 1.0."
Sure, Microsoft has to date produced lots of software with security holes "large enough to drive a truck through". However bear in mind that the holes have usually been a consequence of the overriding principle of wanting to keep things user-friendly at all costs. Their past history doesnt imply anything about how secure they can make their stuff. Certainly, Microsoft hires a lot of smart people and I'm sure that if they were given the mandate to design and implement a secure infrastructure, they could do it - something that Bruce seems to think is impossible.
There is no such thing as luck. Luck is nothing but an absence of bad luck.
What is also interesting to note about this article is the hints it gives as to Microsoft's future plans for software security. The idea of having independant secured partitions within a computer is not new of course, but it's nice to note that MS is doing *something* about their rather poor security history. Oh GOD, please pray that they don't integrate Outlook Express with the *secure OS* portion of Palladium
------- "From bored to fanboy in 3.8 asian girls" ----------
i have been using Linux for such a long time, that windoze is as foreign to me as Linux is to your avarage AOL/WIndoze user...
what is a virus???
what is a popup advert???
what is spam???
Quite frankly, I'm a little tired of the reactionary way in which any perceived infringement on electronic freedom is automatically associated with the MPAA. For the record, the RIAA works closely with Berman, and the bill is more or less theirs. Jack Valenti has publically distanced himself from the bill, and it's not something the MPAA had a hand in.
;) in their fight to stem this tide.
There's a lot of misdirected initiatives out there, but please credit the MPAA with knowing what's right and what's not.
In layman's terms: Stealing our member companies product: wrong. "Hacking" (I'd prefer "cracking," or simply "script-kiddying," as a DoS attack is not hacking in the traditional sense) a consumer's computer: wrong. Sending Cease and Desist letters and, when those fail, working with the ISPs not to terminate acounts (examples of the MPAA's letters can be found at chillingeffect.org and you'll note they do not include language asking for account termination), but rather to remove the infringing material, IMHO, right.
I'm an author and a filmmaker, I've worked with the MPAA, I've seen my work pirated, I've heard studio heads freak out about the fact that their product is available on the Internet three weeks before theatrical release. (Anyone who hangs out in IRC knows this to happen.) I see that the problem is real. I also see the MPAA being very defensive, but most certainly not offensive (think strategy, not personal opinion
No circuit boards would be dumped in Asia. They would remain embedded in ever growing stacks of redundant consumer electronics devices in American living rooms.
One side effect: sales of outlet strips, surge protectors, A/V cables and video selector switches will skyrocket. Buy Belkin stock today to get in on the ground floor.
I wouldn't get too worried over MS actually following through with PD. The fact is that security is so often a trade off for functionality, and that MS has ususally errored on the side of functionality, not security. That's a tough habit to break. If they follow through with a "trusted" system, they are pretty much guaranteed to end up with a system that is not user friendly because it doesn't trust the user. I know this is a simplistic way of looking at the problem, but we've seen plenty of MS research that never left the ground and received plenty of hype.
Someone you trust is one of us.
upsclient.upsclient.1 /ads/managers/batchads.inc line 304
error '80070057'
-
invalid ID number does not appear to be GUID or a
passport ID
-
-
-What the hell is this? The site keeps giving me
internal server errors 500
What does the bill say about foriegn piracy? will the RIAA be attacking systems that are outside of the USA? If American soldiers came over to another country and killed/kidnapped someone there would be hell to pay (ignoring Afganistan lol). Like wise, if the SAS went to America and did the same, there would also be hell to pay.
"To me, it's another example of the insane lengths the entertainment companies are willing to go to preserve their business models. They're willing to destroy your privacy, have general-purpose computers declared illegal, and exercise special vigilante police powers that no one else has...just to make sure that no one watches "The Little Mermaid" without paying for it. They're trying to invent a new crime: interference with a business model."
Thats got to be the best way i've heard it put so-far.
This comment does not represent the views or opinions of the user.
Yes, this was such a danger, that we all remember the stories about problems with armed pilots that happened before the FAA banned the practice in 1987 for political reasons.
Actually, come to think of it, I cant' seem to recall a single one. Can you?
Pilots carrying handguns on their planes used to be routine, and in fact, when carrying US mail, required by the federal government.
When this person speaks of complex systems, he's obviously forgetting one over-riding principle: KISS. Keep it simple, stupid.
When you give pilots guns, do what other federal agencies and the majority of police departments do- each pilot is responsible for their own firearm, and must have it in their possesion at all times. So yes, they carry it through the gates, and security checkpoints. They certainly don't hand them over at any time to the high school dropouts who clean the plane or run the security checkpoints. They would carry the gun on them, on their hips, or maybe some quick draw holster at their controls (only while their seated.) They should be required to take lessons in weapons retention, so that terrorists would have a harder time getting the weapons from them.
Think about it carefully- when terrorists bust through the cockpit doors, they're going to be close, and their going to be nicely framed targets in a little doorway. Assuming the pilots are vaguely aware of whats happening in the cabin behind them, they're going to be prepared to annihlate one or multiple attackers.
Stun guns and other non-lethal methods often don't work well for single attackers, and are useless for multiple attackers.
Picture this scenario: Terrorists, armed with whatever, try to take over the plane. They are highly trained in improvised weapons and hand to hand combat and there are four of them (a la 9-11. Dealing with the single air marshall that mightbe there would be easy- have one guy start everything, and when the Air Marshall jumps up to take care of the first, the others get out of their seats and take care of him. Presumably, this would be alot of commotion, and the pilots would hear it from the flight attendants, through the doors, our through a cabin monitor of some sort.
Now once they have the cabin under control, they go for the cockpit. They bust through the cockpit door (even if it is reinforced, it won't take long) Here's where the scenario splits.
A. The first guy gets hit with a taser the pilots might have (or blocks it completely with a seat cushion shield.)The others then use whatever they have to kill or subdue the pilots, and take control of the plane. The air force sends up an F-15 and drops the airliner like a bad habit, Hopefully over a rural area. All onboard are lost, maybe some on the ground. National treasures are safe.
B. The terrorists bust through the door. The pilots have the plane locked into autopilot so they can deal with the issue at hand. The shoot the first terrorist. The second. The third. Whats left of the fourth after the air marshall, whom the terrorists already killed, dealt with him. Maybe they're such poor shots they accidentally shoot one person on board, maybe two. The plane lands ASAP (this takes at least 15 minutes from cruising altitude.) Innocent Casualties: 1 or 2, tops. Terrorist casualties: 100% & mission failure. The air force saves a $70,000 Air to Air missle for a target drone.
The crypto-gram article discounts the fears of airliner integrity, so I'll be brief. Suffice it to say, if this airplane can land safely from 24 000 feet, a few bullet holes don't mean shit.
Other concerns:
We can't trust pilots with guns
Most pilots are ex-military that carried guns all the time when flying for the Air Force. Besides, we trust them with a $40 Million dollar aircraft and 100-400 passangers; why not a gun?
Someone innocent might die
Better than losing the entire plane. Even if they try and fail, I sure as hell prefer a fighting chance with a solid advantage.
The pilots should focus on landing the plane, or engaging in manuvers to through the terrorists off balance
How can the pilots land the craft if they're dead? How can they land it if they're doing crazy manuvers? How can an air marshall do his/her job under crazy manuvers. Answer to all: They can't.
Pilots should be armed, end of story. The prospects look reasonably good for this becoming a reality through legislation, though the feds are bound to fuck it up by making it too complex and cumbersome. I think the same legislation also limits liabilities to airlines in case of accidental shootings in a crisis situation.
We've know they're out to kill us, and if they come here to do it, let's send them to Allah without us.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
There's nothing in Pd that prevents someone else (MPAA, Disney, Microsoft, your boss) from setting up a partition on your computer and putting stuff there that you can't get at
now what the hell is this gonna be for? data on MY hard drive that MY computer cannot access? sounds like storage or something to me (spyware?)...
will i see any money for this (i.e. "rent") for the hard drive space that i dont get to use now?
i dont care how much or little this will take up, but i am going to want that space
Gentlemen...BEHOLD!
-Dr. Weird
I had a simila plan to kill off the BSA,
Construct a worm/virus with a load of keygens that goes around changing all the software licences it finds, the BSA wouldn't be able to work out what was licensed and what wasn't.
You could do the same for media, change all the keys, once you've done that everything would be buggered.
thank God the internet isn't a human right.
Look at IIS and tell me that PD will not be as hole-icious as a good swiss cheese. The new Apple stores that are popping up will be selling 25inch iMacs with iTunes6 and 100GB iPods in a few years... and I SERIOUSLY, after so many years of Windoze, I might Switch(TM) real soon. I've been in the game, if your can call it that, since DOS 3.0 (saved allowance to get 3.11 if you can believe that! Little geek I was) and I want out. Soon, after Joe-Home-User looses his Citibank account cash because of some PD bugs and security issues, the general public will want to Switch(TM) too. Either to Mac or *nix, but it WILL happen. So I can't wait for PD to come out. I want a good laugh, and we are all gonna get it.
Yeah. The problem is that the keys you'ld have to get to build VMpd aren't the software keys, they're the hardware keys. The software keys are what you'ld need to break into a partition on an unmodded palladium box.
This is essentially how an XBox works; having learned (now, finally) from the modchip fiasco, the plan for Palladium calls for embedding the key *inside* the CPU. It might be possible to steal this and then emulate pdCPU in software, but getting that key out will be tricky and no doubt illegal.
(Which means VMWare will never run palladium apps, btw...)
To a 5$ an hour security person. "Sorry i forgot my pilot id".
Airline pilots don't "forget" their pilot IDs. That means an instant trip to jail.
Also do not think that an airline pilot is the equivalent to being a glorified bus driver. He is more like the captain of a ship and legally in charge of *EVERYTHING* on board the aircraft. We shouldn't just let the pilots have a gun on board, we should require that they carry and be trained thoroughly. Part of being certified to be an airliner captain should include having to pass a rigorous marksmanship test and be able to demonstrate adequate hand-to-hand physical combat skills to prevent someone from taking his gun away from him.
Refrain from jokes about pilots and alcohol. Those cases in the news lately are the extreme rare execption to the rule and are just overly hyped-up in the media because that's what the media does.... focus on anything they can hype up and blow out of rational proportion because they think their job is to first and foremost create as much sensationalism as they can... fair and balanced news reporting be damned.
The home user bought Office 2000 because of the helpful little paperclip. He will buy this.
Being defeatist about it doesn't do squat. I bring these kinds of articles to work. I leave them in the lunch room. I don't have to proselytise any more than that; everyone knows it's me leaving them, and they ask me. I tell them what's going on and what they can do about it, including the downsides ("You will have to learn more about your computer. You will have to do some research before you buy new hardware. You won't have as many commercial applications available, and that includes games.").
I keep a supply of Live-CD distros in my desk and I give them away. Microsoft has lost several Joe Sixpack level customers from this activity. I will help people do the switch, while making it clear to them that I'm not an expert or a professional, just a guy willing to help; I will always make a full backup if they have a burner (except for XP), and I will always recommend a dual-boot at least to start with, and I will always promise to do my best to restore their system (no guarantees) if they decide to go back to all-Windows. So far no one has taken me up on that last one.
DISA does not stand for Defense Internal Security Agency... there is no such animal. DISA is the Defense Information Systems Agency. DISA link
Where did you get your numbers? Although all I have is anecdotal data here, my experience is that most of the present established population of airline pilots is that they *are* ex-military. I'm a private pilot in Texas and I personally know 28 active commercial airliner pilots (captains and 1st officers) as friends and acquaintences. Of those, 23 of them flew various aircraft in the US Air Force, 3 flew aircraft in the US Navy and 2 of them came up thru purely civilian aviation ranks. I am not military and therefore am not pre-disposed to hanging around military folk. I have met all these airliner pilots solely by simply being a member of the general aviation culture.
Please use proper grammar and spelling.
Then, along comes a rough-shaven, rogue hero (hacker), played by Stallone or Schwarzenegger (Torvalds).
You are wrong, bunyip-breath. Torvalds is not capable of growing enough of a beard to be "rough-shaven".
No precipitate?
CEE5210S The signal SIGHUP was received.
Payed vacations...
They do the background checking on you after you take the first test. Then they keep deciding on where they will be having the training sessions. From what I have heard, that has been moved around the country at least three times now.
-.-
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
Amendment IV.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
How is my hard drive and RAM different from my "papers" and "effects"?
Let's say I have 3,000 VHS videocassettes in an home owned by me. Those cassettes contain blatantly illegal copies of The Country Bears, which I intend to sell for profit but haven't, yet. The FBI cannot break into my home at any moment to see whether the videocassettes are there; they have to wait until I sell them carelessly leaving a trail right back to my home. Only then, with a warrant in hand, do they come and confiscate the cassettes probably arresting me, too.
Let's say I find a way to copy one of those videocassettes onto my Palladium-equipped PC but haven't distributed it, yet, even though I intend to. Will there be something about this act that triggers Microsoft's piracy alarms? Even though I haven't technically broken the law, yet, can Microsoft or their hit-men enter my computer without a warrant and delete that movie?
How is entering my computer through a network interface different than entering my home through the front door?
Healthcare article at Kuro5hin
I dont know if you should call it smart or that the person was into serious S/M to work at Microsoft.
"check your brain and concious at the entrance"
Or have we all just given up commenting about it... Bruce's name is spelled wrong in the headline.
Sheesh...
Whatever happened to JonKatz?
Maybe i am missing something. (I am from europe) You don't get a number of vacation days? 22-25 days off (payed) is normal. And my wife is just finishing her 6+10 weeks "childbith" off time. All payed ofcourse.
With all the rampant speculation, FUD and vapor already out there, I think this does a lot of good. It's a much more realistic and mature speculation, and it's much more nutral than most of what is already being said. Granted, he can't clear everything up by telling people the way things are, but a lot of people are already saying a lot of things about Palladium, and it's good to have people saying intelligent things.
Science may someday discover what faith has always known.
What you are missing is that we live in a capitalist country, thank God, and you live in what verges on being a communist state. You may argue the merits of each, but don't confuse the two.
if that is true, then remember 1776 is it too late to surrender to the British???
I hope that everyone does their best to stop the invasion of our rights. There have been enough rights taken away since 9/11, we don't need any more.
"[TCPA / Palladium] provides a computing platform on which you can't tamper with the applications, and where these applications can communicate securely with the vendor."
Does it concern anyone that Microsoft, Oracle, AOL, Disney, etc... would have control over your computer if this standard is implemented (and you use a windows platform)? Does it concern anyone that corporations and governments could delete anything they found objectionable?
Truth is: had the US government realised how big the Internet would become and how free information would flow, they never would have allowed it. With TCPA / Palladium, governments and corporations will kill the freedoms we now enjoy on the web, usenet, ftp, etc.
I find it entertaining that after all these years, someone is finally re-implementing Multics...
"Microsoft can't afford to have the media companies not make their content available on Microsoft platforms, and they will do what they can to accommodate them."
I think it is the other way around. No media company can afford to offend M$. There are lots of media producing companies, and about 5 real OS manufacturers. M$ has the BIG stick in this case not intel or amd or any computer or software manufacturer.
errr....umm...*whooosh* *whoosh* Is this thing on ?
microsoft is your fucking god, now neal you pathetic ape and retards
Nah, that's biology. Chemistry is about burning things.
This is my World Wide Web of Whatever
More and more, big corps are finding was to manipulate and use laws and government to their own ends. The time to react is now, not once Palladium is a 'fait accompli'.
got your AC astroturfing job modded 3. Congratulations. Go ask Bill for a raise.
I'm gonna make a killing selling mod chips for wintel boxes!
Muahahah!
Go billy go!
Ten days for an entry level job in the us is normal.
It will be a cold day in hell before palladium _actually_ works. This means that it is secure, and functions correctly. I my analysis of palladium is below:
1. palladium is bullcrap
2. palladium is ms's response to the masses' sudden security consciousness. It is a pr campaign designed to quiet the enterprise managers who keep crying about their sorry operating system's security, and give them the warm and fuzzy feeling that papa Microsoft will "make it go away".
3. palladium will consist of a re-furbished login screen with smoke and mirrors to back it up.
Opposing Microsoft is opposing a totalitarian tyrent, that wants absolute control over everything about computers and communication, so in truth Opposing Microsoft is about freedom
Opposing Microsoft is about freedom
Opposing Microsoft is about freedom
Opposing Microsoft is about freedom
Opposing Microsoft is about freedom
The mere need for Pd wouldn't exist if it weren't for the fact that Windows is a single-user operating system hastily and badly written as a pseudo-multiuser OS with inherently poor and hackable security. Microsoft Windows is what would've happened to the original Mac OS if Apple was successful in hacking their old Mac OS (pre-Mac OS X) to work as a multiuser, multithreaded OS, IMHO.
The only thing that made Windows different from the old Mac OS in terms of security is that the Mac OS never reached a critical mass of users. So, as a result, virus makers never bothered to make the volume of viruses or hacks to penetrate the old Mac OS.
Microsoft, IMHO, is trying to simply wrap up their inherent inability to write anything with sufficient security by making a product, and charging users for something they should expect as part of any trustworthy operating system's initial cost of purchase.
Of course, there's no guarantee it will work as advertised--another Microsoft trait.
Vos teneo officium eram periculosus ut vos recipero is.
Is it just me, or am I wrong to be suspicous that any company would have the blatant ego to release something like Palladium, which could have the capabilities of squashing all competition, in light of an antitrust trial?
It looks like the Bush Administration wants the DOJ to give Microsoft a slap on the wrist, however. Even though they've been found guilty of leveraging their Monopoly powers to squash competition.
I'm not going to point to any conspiracy theories, etc., just a gut feeling. Could it be that the Bush Administration secretly wants Microsoft to deploy Palladium?
If Palladium is as bad as people are saying it is, it has the capability of forcing every computer user who wants to use the internet in a meaningful way to use the same exact (or very similar) system as everyone else.
Imagine that MS deploys Palladium, then announces that they are going to "cooperate" with the Office of Homeland Security, allowing them to use the capabilities of Palladium to "fight terrorism."
Working together with Microsoft, the government could suddenly have access to everyone's hard drive. Not only in the United States, either, but on any PC in the world that is running on Palladium hardware. Unplugging your PC from the network won't even be an option if you are required to be connected to use any software.
And of course, anyone who resists upgrading to Palladium after a certain period of time would not only be pictured as being against capitalism by refusing to spend money to upgrade their PCs, but would also be seen as aiding the terrorists by using non-Palladium hardware.
They could also justify a military raid of Southeast Asian countries for producing "terrorist computer hardware," in other words cheap computer hardware that is not Palladium-enabled.
I might be a bit alarmist, but it seems that some of the capabilities of Palladium are very much aligned with the Bush Administrations current track record of curtailing our civil liberties and screwing around with other countries in the name of "fighting terrorism."
Additionally, though I'm still skeptical, I'm becoming more and more convinced of the possibility that the Bush Administration knew about what was going to happen on 9/11 at least a few weeks before hand.
I certainly hope we don't start seeing "Palladium-enabled" purchacing kioscs at our supermarkets and so forth, but it wouldn't surprise me. Revelation 13 is seriously starting to freak me out.
"You spoony bard!" -Tellah
It looks like a duck, it quacks like a duck... it must be a duck.
Purchasing software or movies... It looks like a sale, it acts like a sale... it must be a sale.
You are still limited by what copyright law allows. But copyright law allows an awful lot.
Yes, to run a program that you purchase on CD, you copy from the CD to the CD-ROM cache, to the computer RAM, to the computer HD, then run it and copy to the computer HD cache, to the computer RAM, to the CPU L2 cache, to the CPU L1 cache, to the CPU registers.
Guess what... to watch a VCR tape, your VCR does much the same thing. It reads an analog signal off a tape, transmits it through several filters to a wire connecting it to your tv, into the tv and through several filters, to an electron beam gun. Lots of copies for that, and 20 years history that this is all completely legal, no license required.
All the copying required to run a computer program is covered under copyright law and fair use. Copyright law basically says you can do one of two things... you can copy something, or you can distribute it. But you can't do both. I can make as many copies as needed or desired of something in order to use it, and so long as I don't distribute any of those copies to other people, I'm within the law.
(Yes, exact legal opinions don't precisely say that... but they are close enough to work that way in practice. That's why the media companies are trying to buy new laws to prevent this.)
Licenses are not required to legally run software you *buy*. Ditto for movies you buy. You are still limited by copyright law, but in no way do you need a license in order to legally use this product you bought.
This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?
... "A toll on every highway, a troll under every bridge."
heh.
help me i've cloned myself and can't remember which one I am
In fact, the primary job of the pilot is to sit around and not touch anything while the autopilot flies the plane.
In reaction to the discovery, Microsoft marketing announced that it has decided to rename Palladium, which has the phonetically-challenged abbreviation Pd, to Fuukoffium (abbrev. Fu) because, in the words of a spokesman, "the abbreviation F-U seemed to convey so perfectly how people feel about the new OS".
Sigs are bad for your health.
The chip monitors the boot process, checking signatures and taking hashes (kicking butt and taking names?) on all instructions that load, from the BIOS to the OS kernel to the applications. If your VMWare or other emulator code isn't signed, you can't run it without shutting out the chip's crypto functions.
You mean, as in Cowboy Neal? Hmm.. Cowboy 'Kneel'... thats sick.
"The best defense is a good offense, and that's what counterattack is. Passive defense is making yourself harder to hit. Active defense is fighting back. Counterattack is turning the tables and attacking the attacker. It's by far the most effective means of defense, but it's also the most error prone.
In almost all of civilized society, counterattack is not legal. If you catch someone burglarizing your home, it's not legal for you to follow her home and shoot her. If you're being blackmailed by someone, turning around and blackmailing him back is just as illegal as the first crime. I can't think of any exceptions to this. Law enforcement is the sole purview of the police, an organization that has what I have previously described as "a state-sponsored monopoly on violence."
The exception to the above is warfare. In war, the rules about counterattack -- and preemptive attack -- are different. In war, attack and defense are so jumbled up that counterattack is the norm. In war, the difference between an offensive weapon and a defensive weapon is the direction it's pointing. But that's not what we're talking about here."
When you think about it, the MPAA and RIAA asking for the license to hack is, to an extent, a declaration of war on the consumers of America. They want to enslave us with DRM and the like, using the DMCA as their shield to prevent counterattack, and suck every penny out of us, just like any imperialist nation.
Or maybe I'm just crazy. That could be it, too.
"
TCPA is the Trusted Computing Platform Alliance, an organization [...] trying to build a trusted computer.
"
Here, now, I trust my computer. What more do I need?
If any company tries to sell me anything fundamentally different from what I have in front of me currently, they'll fail.
I know I'm not alone.
THL.
Keeping
Do not take this lightly. It can make citizens into subjects of an already exclusive government. It takes the abuse of power into part of your private domain in ways most people are not prepared to understand. Privacy, as a right, is defined by the U.S. Constitution's explicit freedom from "quartering of soldiers." Email this stuff to the people who you forward jokes to. You need them to know how you feel.
Consider Bruce's analysis:
If you consent to allowing companies to install DRM agents on your computer, you are giving up your legal domain of privacy to them. This is not bad if each program is quarantined off from any others, but what is to keep them from conspiring with each other via RPC across "partner" servers from vendor to vendor to offer you "tighter integration." The programs on your computer even with perfect process separation on your Pd equipped computer are no more trustworthy than the websites from each respective vendor. Worse: you still have to trust Microsoft to implement (instead of pretending to implement) those security functions.
--- Nothing clever here: move along now...
I've been pondering on something for a while.. facts: 1) MS has a powerful advertisement faction 2) People are gullible 3) People are lazy 4) People will buy MS if they advertise enough Now.. presume an organization is started (call it Youth (And Not So Youth) Against Anti-Democracy, or something as hilarious).. the organization collects a bit of money ($5 from each of you guys and gals -think about it, you'll be saving $395 for not having to get Longhorn if this works:), and then buys ad space in Forbes, Newsweek, USA Today and at random other good newspapers (ok, I know, but people READ USA Today!), and put in full-page ads in the spirit of: "Ten reasons why you should not buy MS Palladium" And provide ten links to select websites. A) Would this be illegal (answers in IANAL, please:)? B) Could they sue if someone said it was? C) Would either A or B cause the main networks to get curious about it (aside from NBC)?
Marxist evolution is just N generations away!
So what you're saying is that if we put Palladium (Pd) and a multi-processor (MP) system together it will blow-up (or at least light on fire)?
Centralization breaks the internet.
Before MS had this drafted, the NSA and several other companies (currently involved) came up with SELinux http://www.nsa.gov/selinux
and in responce, MS has attempted to "persuade" the NSA into stopping this research or promotion of security enhanced linux http://news.com.com/2100-1001-950083.html
Now who's working for the people again? I'd have to take the NSA's side. IT's all open source (no NDA there) and from what we've looked at so far the code is "A Good Thing" (TM)
Oops! I did it again