Slashdot Mirror
Schneier Analyzes Palladium
bcrowell writes "This month's CryptoGram from Bruce Schneier has an analysis of what little information people have been able to glean (without signing an NDA) about Microsoft's Palladium initiative." We might as well throw in a direct link to Schneier's look at the MPAA License to Hack bill as well.
"None of this is new or controversial, so why are copyright holders even talking about this? This bill would make it legal for the MPAA, the RIAA, and its ilk to break into computer systems they suspect (with no standard of evidence) are guilty of copyright infringement. It will allow them to perform denial-of-service attacks against peer-to-peer networks, release viruses that disable systems and software, and violate everyone's privacy. People they choose to target would be deemed guilty until proven otherwise. In short, this bill would set up the entertainment industry as a Gestapo-like enforcement agency with no oversight. "
Isn't this just becoming the general trend in America? I wonder how many victims of the MPAA will be arabic looking?
The latest Crypto-Gram has some things to day about Pd, or Palladium as the full name goes. It is interesting, but it doesn't say anything about somthing that sprang to my mind - the possibility of a virtual machine that runs as a Pd device, on top of a non-Pd device, completely breaking the security. This would be hard to do I expect, but not impossible. Those who have written VmWare and similar programs probably have it in them to reverse engineer the protocols used and re-produce them in software, for the sake of argument call it VmPd.
It goes like this:
VmPd runs on a PC, VmPd contains all keys required to access all areas of itself. VmPd is trusted, because it is a trusted PC (which is the point of this whole mess) to do what it is expected to do. For the sake of argument assume we have downloaded The Little Mermaid under license from Disney, and we are only allowed to play it once. We turn off VmPd, and all we have is an encrypted jumble on our hard disk where we set up the partition to host it. We also have the keys to read it though, and simply decrypt the move and show it to our hypothetical little children as many times as we like.
This works because, as I understand it, Pd only allows you to access material with certain rights, depending on what access partition it is under. If Disney set up an access partition for downloading movies, this will be done in a way that trusts your Pd machine.
Assuming that Disney only give you a key when you pay for one, that key will always work unless they can chance how the movie is encrypted. It is conceivable that they would have a player that on-the-fly re-encrypts the movie with a new public key as you view it, every time you view it, and they only give you the new private key when you pay for it. But the transmission of the key is encrypted, trusted because you have a Pd device, so you just intercept the key on its way into VmPd, don't play the movie, and decrypt it yourself and watch as many times as you like.
I am probably missing something, but it makes for interesting thinking.
There is more info at the EFF here. And donate some money while you're at it. That's more likely to help than a slashdot whine.
Today's MacHall
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
This sums it up pretty nicely, I think.
With all this non-resalable equipment and media, has anyone done an environmental impact study in terms of waste disposal, when your computer and/or it's current OS load and the CDROMs it came on can no longer be donated to the local orphanage?
We're already having problems with monitors and computers (it costs to throw a monitor away where I live, unless you take it to the dumpster at 3AM), with most printed circuit board finding their way to heavily contaminating the countryside during cheap-labor disassembly after shipping to Asia.
-- Terry
Viewed from the 10,000ft level, it sounds like a common Hollywood plot (Pd in parens):
It's the year 2050 (2004) and the government (MS) is telling everybody how they will live (compute). Trust is guaranteed by the government (MS) and violators will be punished (digitally locked out). The people (programmers), though outwardly happy (productive), harbor deep lingering desires for freedom (open source).
Then, along comes a rough-shaven, rogue hero (hacker), played by Stallone or Schwarzenegger (Torvalds). The aforementioned hero (hacker) then liberates the people (programmers) from the tyranny of the government (MS). The people (programmers) are overjoyed, their lives have returned to normal.
So - if it ever played out like this, I'm sure someone in Hollywood already has the rights to the script. Will they own us?
Alan.
"TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed." "You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system."
A lot of background information can also be found from Ross' page about Economics and Security.
You should ask yourself the question "if a computer can run code in a protected environment, whose code would you be willing to let into the computer?" Once it's there, it is protected - even from you.
Problem is, my computer holds information far more important than my TiVo. They can have my TiVo space, but I'll be damned if they touch my computer.
Bruce Writes:
"It's hard to sort out the antitrust implications of Pd. Lots of people have written about it. Will Microsoft jigger Pd to prevent Linux from running? They don't dare."
I dont have the same impression of Microsoft that Bruce seems to have. If i go trough what they have done in the past there is nothing they wouldnt do to get more control. They will almost certainly have a licence tailored to make it hard for Open Source/Linux to implement it without breaking GPL.
Considering that GPL is a bigger threat to them than linux itself i assume they will take a shot at it. GPL is the one thing stopping them from stomping all over Open Source wreaking hawoc like in Simpson. They much prefer the BSD licence where they can "borrow" code since the despite their extremely big cashpile cant get people who knows how to code.
HTTP/1.1 400
After reading the article, I can't imagine that a home user would ever make a point of purchasing a system on the order described. Hardware-level tampering resistance is a good thing for Department of Defense computers, say, but does the average home user, surfing the web and storing recipes, really have to worry about someone leeching that information from residual information that could (maybe) be gleaned from the CPU itself?
Dear lord! Perish the thought.
I can't even imagine most companies having to deploy something on this order to safeguard their data. Hell, I'm not even sure the military needs it.
For reference, the Department of Defense has a series of guides and guidelines for locking systems down to ensure security. These are called STIGs and are created by DISA (Defense Internal Security Agency) and the NSA (National Security Agency). When the guides are applied the machines are as secure as can be made.
Part of the guidelines cover physical security; i.e., if someone can reach your hardware physically without being cleared for it, you fail that part of the check. As such, I can't imagine how Palladium would not be redundant to things we already have in place.
For good security, you can use smartcards with a PKI certificate, anyway. Don't let someone sign on without one, don't let them access data without one, have an active and interested central monitoring and issuing authority and practice good physical security. Save the money you'd spend on Palladium equipment.
Unfortunately by the time we get to see 'the real thing' it may already be mandated by law and be far too late to do anything about it. When dealing with something like this you really can't have too much lead time.
We're already well down that road. It is very easy to see a day when the general computing device we all know and love will be illegal because it makes it way too easy to copy digital data. Nevermind that what made the general computing device popular is that it manipulates digital data so easily.
We all know what the industry wants. THe industry wants a pay per view world where every consumer pays every time he views industry owned content and the industry is protected from competition because they control the technology that allows content to be created. It isn't about fairness. It isn't about content authors getting paid. It's about greed, plain and simple.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Palladium, Pd46, Heat of vaporization 357.0 kJ/mol. I quess kJ/mol means, KiloJournalists / Microsoft's Obfuscated Literature?
Bob Cringely wrote a column on the same topic about a month ago. He called Palladium a Rosetta Stone for malicious hackers. Sounds like a blast.
That's just what I want, another Microsoft initiative aimed at security. They've done such a good job at it so far that now I'm a whisper away from getting my account canceled by my ISP -- all because some Outlook/Outlook Express user somewhere has Klez and our e-mail address.
as all chemistry students will learn:
Palladium (Pd) + MP[3/G/EG] (MP*) => Fire.
$cat
Strange thing is, what most people don't realize is that they don't own the software that runs on their computer. Microsoft does (or at least the EULA claims they do). Our computers are not our own, and have not been our own, for a long time now. The sad fact is that while we may physically own the hardware, a part essential for the hardware functioning - namely, the OS - is owned by Microsoft.
Now, you could counter by saying that people could run Linux, however, this isn't really an option for the average computer owner. Most computers built today have hardware that isn't fully compatible with Linux (Winmodems, etc...). So, the while the user has physical possession of his computer, all of his data is effectively owned by Microsoft, because without Microsoft's blessing, the average PC is useless.
So the next time you hear of someone wanting to buy a new PC, you might want to remind them that unless they are willing to install Linux, they aren't really buying anything. It's more like a lease from Microsoft.
The society for a thought-free internet welcomes you.
Comment removed based on user account deletion
Whether MS actually needs the content companies at this point is debatable. If it came to that, Gates could buy a couple
But if MS wants content available on their platform, why not open that platform up to let the consumers of content make sure they can access their favorites on Windows? There are a lot of people who use MS products by choice (not me, but there are such people) who would build their own open source solutions if MS would give them the slightest encouragement.
Or maybe not. What the hell do I know?
This brought two ideas to mind...
Ok, time for work...
Curmudgeon Gamer: Not happy
To quote : "3. Like everything else Microsoft produces, Pd will have security holes large enough to drive a truck through. Lots of them. And the ones that are in hardware will be much harder to fix. Be sure to separate the Microsoft PR hype about the promise of Pd from the actual reality of Pd 1.0."
Sure, Microsoft has to date produced lots of software with security holes "large enough to drive a truck through". However bear in mind that the holes have usually been a consequence of the overriding principle of wanting to keep things user-friendly at all costs. Their past history doesnt imply anything about how secure they can make their stuff. Certainly, Microsoft hires a lot of smart people and I'm sure that if they were given the mandate to design and implement a secure infrastructure, they could do it - something that Bruce seems to think is impossible.
There is no such thing as luck. Luck is nothing but an absence of bad luck.
Quite frankly, I'm a little tired of the reactionary way in which any perceived infringement on electronic freedom is automatically associated with the MPAA. For the record, the RIAA works closely with Berman, and the bill is more or less theirs. Jack Valenti has publically distanced himself from the bill, and it's not something the MPAA had a hand in.
;) in their fight to stem this tide.
There's a lot of misdirected initiatives out there, but please credit the MPAA with knowing what's right and what's not.
In layman's terms: Stealing our member companies product: wrong. "Hacking" (I'd prefer "cracking," or simply "script-kiddying," as a DoS attack is not hacking in the traditional sense) a consumer's computer: wrong. Sending Cease and Desist letters and, when those fail, working with the ISPs not to terminate acounts (examples of the MPAA's letters can be found at chillingeffect.org and you'll note they do not include language asking for account termination), but rather to remove the infringing material, IMHO, right.
I'm an author and a filmmaker, I've worked with the MPAA, I've seen my work pirated, I've heard studio heads freak out about the fact that their product is available on the Internet three weeks before theatrical release. (Anyone who hangs out in IRC knows this to happen.) I see that the problem is real. I also see the MPAA being very defensive, but most certainly not offensive (think strategy, not personal opinion
No circuit boards would be dumped in Asia. They would remain embedded in ever growing stacks of redundant consumer electronics devices in American living rooms.
One side effect: sales of outlet strips, surge protectors, A/V cables and video selector switches will skyrocket. Buy Belkin stock today to get in on the ground floor.
What does the bill say about foriegn piracy? will the RIAA be attacking systems that are outside of the USA? If American soldiers came over to another country and killed/kidnapped someone there would be hell to pay (ignoring Afganistan lol). Like wise, if the SAS went to America and did the same, there would also be hell to pay.
"To me, it's another example of the insane lengths the entertainment companies are willing to go to preserve their business models. They're willing to destroy your privacy, have general-purpose computers declared illegal, and exercise special vigilante police powers that no one else has...just to make sure that no one watches "The Little Mermaid" without paying for it. They're trying to invent a new crime: interference with a business model."
Thats got to be the best way i've heard it put so-far.
This comment does not represent the views or opinions of the user.
Yeah. The problem is that the keys you'ld have to get to build VMpd aren't the software keys, they're the hardware keys. The software keys are what you'ld need to break into a partition on an unmodded palladium box.
This is essentially how an XBox works; having learned (now, finally) from the modchip fiasco, the plan for Palladium calls for embedding the key *inside* the CPU. It might be possible to steal this and then emulate pdCPU in software, but getting that key out will be tricky and no doubt illegal.
(Which means VMWare will never run palladium apps, btw...)
The home user bought Office 2000 because of the helpful little paperclip. He will buy this.
Being defeatist about it doesn't do squat. I bring these kinds of articles to work. I leave them in the lunch room. I don't have to proselytise any more than that; everyone knows it's me leaving them, and they ask me. I tell them what's going on and what they can do about it, including the downsides ("You will have to learn more about your computer. You will have to do some research before you buy new hardware. You won't have as many commercial applications available, and that includes games.").
I keep a supply of Live-CD distros in my desk and I give them away. Microsoft has lost several Joe Sixpack level customers from this activity. I will help people do the switch, while making it clear to them that I'm not an expert or a professional, just a guy willing to help; I will always make a full backup if they have a burner (except for XP), and I will always recommend a dual-boot at least to start with, and I will always promise to do my best to restore their system (no guarantees) if they decide to go back to all-Windows. So far no one has taken me up on that last one.
I have flown multiple times in my time in the military, once clear over the Atlantic over to Germany, and I have NEVER seen a pilot with a weapon, let alone ever had any sort of weapon along for the ride.
Of course, these were all peace time, but you are incorrect in saying that pilots carry weapons in the military. While it may occure, I believe it is the exception, not the rule.
Can someone please explain why the desired level of security can't be obtained by only software?
Because the control mechanism in any von Neumann machine is in the same band as the stuff being controlled (ie, the OS - which enforces the security policy - operates in the same space - the CPU's available memory - as the programs which may, or may not, behave themselves).
Ultimately, the only way to have a secure audit trail for how a computer got to its current state is to have the verifier out of band from the verified. This is why you need the trusted component (the tamper proof verifier which can sign the logs of the host system). Assuming no-one can get to the trusted component private keys (even, or especially, the computer owner), another computer can trust the signature to be an accurate representation of the state of the original machine.
By the way, it's this in-band control mechanism which means that the Internet Protocols have an incredibly hard time defending themselves against DoS attacks - because the ICMP packets travel along the same route as the TCP/UDP packets. If you can interfere with the data stream, you can interfere with the control stream as well. The phone companies found this out ages ago, which is why whistling at 2600Hz doesn't work any more.
--Ng
Amendment IV.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
How is my hard drive and RAM different from my "papers" and "effects"?
Let's say I have 3,000 VHS videocassettes in an home owned by me. Those cassettes contain blatantly illegal copies of The Country Bears, which I intend to sell for profit but haven't, yet. The FBI cannot break into my home at any moment to see whether the videocassettes are there; they have to wait until I sell them carelessly leaving a trail right back to my home. Only then, with a warrant in hand, do they come and confiscate the cassettes probably arresting me, too.
Let's say I find a way to copy one of those videocassettes onto my Palladium-equipped PC but haven't distributed it, yet, even though I intend to. Will there be something about this act that triggers Microsoft's piracy alarms? Even though I haven't technically broken the law, yet, can Microsoft or their hit-men enter my computer without a warrant and delete that movie?
How is entering my computer through a network interface different than entering my home through the front door?
Healthcare article at Kuro5hin
Or have we all just given up commenting about it... Bruce's name is spelled wrong in the headline.
Sheesh...
Whatever happened to JonKatz?
I find it entertaining that after all these years, someone is finally re-implementing Multics...
Yes and no here's my take on it
/.ers who rely on ourselves and open sources of information. Your wallet is only the tip of the iceburg, they want your mind, Pd is The Matrix with nightly reboots.
I disagree with Schneier on several points -
Will Microsoft jigger Pd to prevent Linux from running? They don't dare.
and earlier he says -
Some say that Pd is, in fact, Microsoft's attempt to preempt the TCPA spec.) TCPA is the Trusted Computing Platform Alliance, an organization with just under 200 corporate members
So does he think for a moment that Linux is a "corporate member"? Linux is by it's definition a community, not a corporation and thus cannot "be a member" of the TCPA, of course corporations who sell Linux can be members, but as the corporations involved with Linux are a fraction of what Linux actually is, Linux as a community could be damaged severely if this comes to pass.
Additionally, a new chip is required: a tamper-resistant secure processor.
And who's going to upgrade all those old machines that don't have the chip? And what of all those old machines donated at the end of their corporate or home lives to schools and charities? How much of the data swirling around the data buses is encrypted? Do we need new memory / I/O buses that are deemed "secure"? Are there requirements for sheilding the buses from electromagnetic surveilence? Or are they mandated to be open to some mandated authority? So many questions, and NO answers, if they really have been working on Pd since 1997 and there are no answers to these fundemental questions then I call BS.
Pd provides protection against two broad classes of attacks. Automatic software attacks (viruses, Trojans, network-mounted exploits) are contained because an exploited flaw in one part of the system can't affect the rest of the system.
Or *nix as it's usually called. Given that MS software has been and continues to be highly insecure does anyone really think that they can pull this off? The paragraph continues -
And local software-based attacks (e.g., using debuggers to pry things open) are protected because of the separation between parts of the system.
So how much will I have to pay MS to run a debugger? And will there be any other debuggers allowed to run other than MS ones?
There are security features that tie programs and data to CPU and to user, and encrypt them for privacy.
Does that mean that every user (member of family, freind, co-worker, etc) that uses a machine will require a seperate licence to get a seperate key or is it all encrypted with the owners rather than users key? And how are data and keys moved from machine to machine? What happens if keys (like the Regiistry before hand) become corrupt?
Your computer will have several partitions, each of which will be able to read and write its own data.
And what if a partition becomes corrupted? Do we have some sort of digital reciept if we got something from the Net so that we can get back from the Net what was lost locally? If so who enforces the contractual obligations of the digital seller? What if the seller ceases trading?
There's nothing in Pd that prevents someone else (MPAA, Disney, Microsoft, your boss) from setting up a partition on your computer and putting stuff there that you can't get at.
So the MPAA could just DoS me by using up all my drive space so I don't have any room to put MP3s on my machine?
Microsoft has repeatedly said that they are not going to mandate DRM, or try to control DRM systems, but clearly Pd was designed with DRM in mind.
They also say that they arent an abusive monopoly or that they arent hiding anything by not decaring share optionson their balance sheet.
There seem to be good privacy controls, over and above what I would have expected.
So no dial in to MS then to give up your blood type and sexual preference then??
And Microsoft has claimed that they will make the core code public, so that it can be reviewed and evaluated.
When? 2010? 2050?
It's hard to sort out the antitrust implications of Pd.
Why would they care? Hasnt Bruce been following the current case? Doesnt he realise that MS 0wnz the DoJ?
Will it take standard Internet protocols and replace them with Microsoft-proprietary protocols? I don't think so.
The word Halloween comes to mind...
Will Microsoft enforce its Pd patents as strongly as it can? Almost certainly.
Except in countried where software patents arent recognised
Lots of information about Pd will emanate from Redmond over the next few years, some of it true and some of it not.
Whoa! Some of it "true"?
1. A "trusted" computer does not mean a computer that is trustworthy. The DoD's definition of a trusted system is one that can break your security policy; i.e., a system that you are forced to trust because you have no choice. Pd will have trusted features; the jury is still out as to whether or not they are trustworthy.
Didnt NT have a C5 rating? Hehe...
I doubt that you or I could, and still enjoy the richness of the Internet. Microsoft really doesn't care about what you think; they care about what the RIAA and the MPAA think. Microsoft can't afford to have the media companies not make their content available on Microsoft platforms, and they will do what they can to accommodate them.
Yeah I mean it's not like people are ripping CDs and DVDs all the time and making them available over the Net with downloads in the billions per month or anything.... DOH!
3. Like everything else Microsoft produces, Pd will have security holes large enough to drive a truck through. Lots of them. And the ones that are in hardware will be much harder to fix. Be sure to separate the Microsoft PR hype about the promise of Pd from the actual reality of Pd 1.0.
At last! Pd is right now a big PR exercise with a bit of crappy MS code behind it that probably has hundreds of obvious holes (buffer overflow anyone?)
4. Pay attention to the antitrust angle. I guarantee you that Microsoft believes Pd is a way to extend its market share, not to increase competition.
and -
There's also a lot I don't like, and am scared of. My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet. To the extent that Pd facilitates that reality, it's bad for society. I don't mind companies selling, renting, or licensing things to me, but the loss of the power, reach, and flexibility of the computer is too great a price to pay.
Pd is about the control of information, where/how you get it and how you use it, usually the perview of media companies, governments, religous leaders etc for most people on this planet, as opposed to some of us
Any sufficiently advanced man is indistinguishable from God
It looks like a duck, it quacks like a duck... it must be a duck.
Purchasing software or movies... It looks like a sale, it acts like a sale... it must be a sale.
You are still limited by what copyright law allows. But copyright law allows an awful lot.
Yes, to run a program that you purchase on CD, you copy from the CD to the CD-ROM cache, to the computer RAM, to the computer HD, then run it and copy to the computer HD cache, to the computer RAM, to the CPU L2 cache, to the CPU L1 cache, to the CPU registers.
Guess what... to watch a VCR tape, your VCR does much the same thing. It reads an analog signal off a tape, transmits it through several filters to a wire connecting it to your tv, into the tv and through several filters, to an electron beam gun. Lots of copies for that, and 20 years history that this is all completely legal, no license required.
All the copying required to run a computer program is covered under copyright law and fair use. Copyright law basically says you can do one of two things... you can copy something, or you can distribute it. But you can't do both. I can make as many copies as needed or desired of something in order to use it, and so long as I don't distribute any of those copies to other people, I'm within the law.
(Yes, exact legal opinions don't precisely say that... but they are close enough to work that way in practice. That's why the media companies are trying to buy new laws to prevent this.)
Licenses are not required to legally run software you *buy*. Ditto for movies you buy. You are still limited by copyright law, but in no way do you need a license in order to legally use this product you bought.
This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?