Slashdot Mirror
Questions for a Lecture on Microsoft's Palladium?
An anonymous reader asks: "Microsoft is going to be giving a lecture on Palladium
for my Computer and Network Security class at MIT this Thursday. We're told that it's going to be the most technically detailed lecture publically given to date, and that we should be armed with questions as a result. Any suggestions from the Slashdot crowd? What technical details have you been dying to know about Palladium?" It would be interesting to hear back from someone who is planning on attending this. For those who wish they were, but can't for one reason or another, what would you have asked by proxy?
Are there any plans to have this webcasted via audio or video, or at the vary least transcripted for our analytical pleasure?
MIT's page makes no mention of any intention to do this, and seeing how it will apparently be the "most technically detailed lecture publically given to date," I think that the public would benefit greatly from such a service.
Maybe it isn't as technical as you want the questions to be, but I'm interested in the answer:
Can open source software and Palladium coexist?
Have you been stalked by Seth today?
The question i would most like to see them confronted by (though i most likely know the answer) is: Microsoft has been called a monopoly in the PC market, it maintains control over more than 95% of the desktop market. Since the only operating system that can even compare to windows (desktop wise) on the PC is linux. If palladium is integrated won't this mean death for linux and Microsofts complete domination over the desktop market? They will most likely try to sugar cote thier answer, or say that linux should go closed source (HA!) however it will boil down to "Yes".
History will be kind to me, for I intend to write it - Sir Winston Churchill
I'm curious who Microsoft expects to be the target customer base for this software, do they expect home users, or businesses. Will this be used in general across an office, or possibly only for machines that require high security (e.g. servers with remote access)? It seems that the average home user wouldn't want to be troubled with some of the new security features, and since technologies of questionable legality (mp3, divx, etc.) are becoming popular in the main-stream now, many people would actually be opposed to some of the new security measures. So, since Microsoft has typically targetted an average home user with their products, do they expect to win over the home user market for this new product, or do they simply plan on a small user-base that requires a more substantial amount of security at first, then try to make the system more wide-spread among consumers later?
This is what I want to know. How does MS plan to get people to buy into this? How are computer manufacturers going to react when they have fewer, more expensive options for building their computers. And what would make the average consumer see in it? How many people are really that worried about people reading their documents that they'd be willing to give up things like copying CD's, burning mixes, etc...
Will Microsoft assume liability for when Palladium breaks, or are they going to hide behind some shrink-wrap/click-through agreement that says that they (Microsoft) can't be held liable for anything?
From what I have gathered, NO code can run on palladium enabled hardware that is not signed by Microsoft. I am concerned not just about Linux, but about all open source and individual development in general.
Will code I write be able to be run on different Windows machines, or will I be restricted to my local environment barring a signature from Microsoft? From what I have read so far it is the latter and that is frankly terrifying.
You talk about Palladium being trusted and secure computing. Are there any provisions for backdoors so any content generated by the "secure" technologies can be monitored? If so, how secure will these backdoors be from malicious hackers?
Find a job you like and you will never work a day in your life.
What options are likely to exist for people that do not wish to use Palladium?
Why should one buy a more expensive Palladium compatible computer if they can buy a cheaper non-Palladium one?
Why would a company restrict the content they provide and thrus limiting their consumers with a tecnology that will divide the world and conquer nothing?
Cheers...
The great technology boom of the 80's and 90's - and the wealth that was created as a result - happened because ownership of Personal Computers became widespread. Microsoft and Intel were two of the key players that triggered that explosion. One of the most important reasons people brought PCs was because they could write or run any software on them. They were open systems controlled by the user - not a corporation. Unlike the mainframes and minicomputers that preceeded PCs you could run the software you wanted and you didn't have to seek permission from yourIT staff.
Does Microsoft really believe its best course is to enforce a return to the bad old days of corporate control of computing through Palladium and other DRM mechanisms? Doesn't this route open up the way for a competitor to give people what they really want - control over their systems? Isn't this the beginning of the end for Microsoft?
Sailing over the event horizon
Or conversely, "Why does Microsoft believe that Palladium will earn a positive cash flow for the company, satisfy return on investment, etc, in the long run?
Essentially, "what's in it for YOU?" This could reveal some interesting information about their long term strategy and core motives.
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
You've went to a lot of trouble to make the Fritz chip uncrackable, but Palladium has to be enforced in software. Taking control of the boot loader was a good idea, but what do you do when someone exploits a buffer overrun or a backdoor--or a macro in Word 95--to run arbitrary code, and disable all Palladium features. Isn't all your effort completely useless?
1. Will turning Palladium "off" ALWAYS be an option in the future?
2. What is plan "B" for a TPA (trusted computing architecture) when Palladium hardware security is defeated and anyone can run bogus signed code?
( I secretly want them to answer "Why, that's impossible, no one could ever break Palladium." )
* The Titanic was an UNSINKABLE ship! *
What do you mean "playing with nothing less than the death of the general purpose processor", they're openly -banking- on it. Microsoft has wanted to kill off the idea of the "Personal Computer" ever since they realized being a monopoly and letting other people work with the same hardware, building on their software layer was going to be a losing gamble in the long run.
They want to lock everything down and help the industry along back to the era of computing devices, rather than flexible, expandable, personal computers. This new "Freestyle" media center is just the beginning if you think about it. You can't -buy- a Windows Media Center license, you have to buy the software installed on a Microsoft-approved machine. Unless the software industry as a whole fights back against this push, we'll see the death of PC's within the next 10-15 years and the rise of a more fragmented, more expensive series of black boxes.
Why should Microsoft include DirectX in a PC when they have Xbox? Why allow people to build whitebox machines and risk them installing someone else's OS on it when they can tear the PC apart and make multiple "appliances" that conveniently link together bit by bit in order to become what people want? Snap your internet module into your media module, then connect your IO module and run the whole thing on WindowsCE 2010.
Call me paranoid, but I'm really afraid they'll find a way to make this profitable for the whole industry and completely kill the hobbyist when it comes to the new gear down the road.
My own pointless vanity vintage computing page
1. Will it be possible, as a home user, to create and digitally sign a creative piece of work? Such as, a home movie?
2. What ramifications will this have on digital content created before the introduction of Palladium? Will it still play?
3. Will the information necessary to create a Palladium enabled viewer be available to public? Or will we only be able to use Windows Media Player to play Palladium enabled content? What are the projected licesing costs for a company that wishes to create a viewer that is able to view Palladium enabled content?
4. Will hardware that requires a signature be able to run content that does not have one? (if yes) Will this then mean that any software that pre-dates the hardware must be upgraded? (if no) Then how will this system differentiate between a desired, older, program, and a virus?
Necessity is the mother of invention.
Laziness is the father.
Anyone the content owner selects.
The point is that the content owner has control here. If you don't want to palladium control the video you send to granny then don't lock it, if you do want it protected then lock it.
A more significant question is 'will companies not affiliated with major labels be able to use palladium to control access to their content without discriminatory terms?' In Europe Rupert 'Fox news is not biased right wing crap' Murdoch got control of the independent satellite chanels because he had control over the encryption scheme implemented in the decoders and could discriminate in the charges to use it. The labels could use a similar mechanism to keep out indie labels and band owned labels.
There does have to be a root for hardware though. Microsoft has not yet said how the root will be managed, however since Brian stuck all the SPKI stuff into dotNET he does appear to be into single rooted hierarchites.
Assuming that the harware manufacture will follow the DOCSIS model (which TCPA seem to be doing) there will be a root owned by some manufacturing consortium that any manufacturer can get certified under provided they undertake to meet the trusted criteria.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Comment removed based on user account deletion
"Microsoft is evil, blah blah blah..."
Now that's out of the way, let me remind you that there's a lot of truth to this often repeated statement. Palladium is, in a lot of ways, a cool, if horribly unoriginal technology (the concept of making software dependent on the presence of hardware to run has existed since dongles).
Regardless of how cool, funny, or "weak" it is as many of you claim, Palladium has two purposes. 1) Palladium is meant to make other deep-pocketed interests happy (more money for MS). 2) defeat any and all competition to Microsoft products.
It's very clear: Microsoft has the say-so in what code gets to execute on a Palladium-tainted computer. What code do you think will be allowed to execute?
You will argue: "It will be cracked." "We can stick with old computers." "This will not be accepted by businesses/consumers." But those arguments are either irrelevant or fall flat on their faces.
First of all, I agree. It will be cracked without a doubt. But do 99% of the users out there know how to use such cracks to free themselves? Do any of you crackers out there realize how complex this system is?
Second, we cannot stick with old computers. This is evident by the fact that there are hordes of users out there running 1GHz processors with half a gigabyte of RAM for the purposes of checking their email. Plus, software will always get more sophisticated and people will always want higher framerates, and so on. New computers will be purchased.
Last, of course consumers and businesses will buy up Palladium hardware! This is, without a doubt, the most absurd assumption anyone can make! "People don't want another DivX!" "People don't want to give up their rights!" Bullshit. People do not even know what their rights are. Not to forget that marketing spins already exist that are meant to convince people that they are getting something (increased security) when they are having something taken away. (Apologize to the guy who coined that phrase.)
Palladium is very real, and it is a very real threat. It will be adopted if it is allowed to continue. Even if we educate the public, it will press on (after all, users running Windows left and right, despite superior alternatives)? Sadly, I have no suggestions on how to deal with it... but we must certainly not take it as a laughing matter.
Why bother.
What this does mean, however, is hardware fiends going crazy to pick up "old" hardware. It's an OCP paradise, and should help breathe new life into hardware that's been moved to the "obsolete" pile..those of us who know hardware, however, know that even a 486 can be useful. This is immensely true for hardware that's slightly pre-Palladium. It's also a very good way to strip money from the hands of AMD and Intel..the more people boycotting this technology means a larger chance that the manufacturers will rethink this decision.
It's unlikely to work, of course, due to the huge line between a hardware geek and mainstream user.. but I think it could make some kind of dent. Certainly one that could last until someone is able to bypass/crack/trick Palladium.
So, I say let them do whatever. Last I checked, my Athlon XP 1500 ran FreeBSD very smoothly.
Are you really trying to just obsolete all your old software so everyone is forced to upgrade to your latest and greatest OS & computers just to be able to make basic transactions on the internet?
Looking for a computer support specialist for your small business? Check out
I've tried to limit these to technical questions only. Some of these could fall more under the TCPA's stuff rather than M$s Palladium, but might be interesting to hear what they'll try and pull:
What kind of performance hit can users expect to have when using encrpytion/DRM? And can they provide any benchmarks to back up any claims?
How much hardware will have to be "upgraded" to work with Palladium-enabled software?
What is the expected lifespan of Palladium security? I'm talking about this rev, not any "future versions".
Speaking of security, what kinds of encryption are they going to be doing? IIRC, TCPA calls for both symmetric and public key encryption. Key lengths? Uniqueness of keys? Disposablibity of keys? Key storage by third parties for any reason? Proof of any of the above (particularly the last one)?
How can a user ascertain if their system is running in "trusted mode" or not? Is it technically possible for a "trusted mode" to be running without the user's knowledge or consent? And, of course, how would they prove it?
Do users have the ability to determine all that is running on their system in or out of "trusted mode"? Let alone control that?
I believe I read somewhere about Palladium being able to create "vaults". If so (and I just wasn't hallucinating. Again), can multiple "vaults" be created, or even nested? Again, does the user have the ability to easily determine and access all vaults? If not, why not?
Speaking as someone in academia, how will this affect those of us trying and developing software and even hardware (unfortuneately some of the tools I've personally used have required the use of Windows)?
I would ask this:
Will it be possible for new peripheral devices, like disk players for Super Audio CD or DVD-Audio, to use Palladium to make sure that only "authorized" (by the drive manufacturer) software can read the data from the disk drive? I.e. will the drive firmware be able to use Palladium to get an attestation on the secure hash of the running software that is trying to access the drive?
This would end unauthorized ripping of data from these new formats, which would be tremendously valuable to the content companies. It is plausible that these companies would only allow their drives to go into computers if Palladium could provide this assurance. Therefore by providing this capability, Microsoft would make PCs more attractive and useful to consumers, sell more copies of Windows, and make more money.
Microsoft has both the incentive and the technological capability to do it. But they haven't said if they will, and none of their public discussion has touched this issue. Please ask them.
Content.
IMO it's a similar situation to DVD region coding. Consumers never wanted it, but the big studios wouldn't put stuff on DVD unless it was protected, so the electronics companies had to agree to it, and if we wanted to use DVD we had to as well. Which many did. If M$ can make a must-have Palladium app (probably business- rather than consumer-targetted), then you'd be surprised how many go for it.
Of course, the DVD protection was broken: player makers turned a blind eye to region mods, or even quietly introduced them themselves; and similar hacks became available for many DVD-RAM drives. Nevertheless, region coding still exerts a good deal of control over the DVD markets, and causes many consumers great inconvenience. And the same will happen with Palladium: if it becomes widespread and desirable, then someone is bound to crack it. But that won't stop it from causing untold pain and misery.
Ceterum censeo subscriptionem esse delendam.
What kind of data recovery plans will exist if I buy $1000 dollars worth of digital music that is tied to my processor, only to have my processor get fried in a power surge? Will there be any way to recover my investment, or is it lost? If so, what's to prevent hackers from using that recovery mechanism? If not, how can this be a benefit to customers?
Microsoft hasn't said how this would work, and it is certainly a good question. But I don't agree with your implication that it is somehow an unsolvable problem or indicates that Palladium must be weak.
The related TCPA scheme did have a proposal for how to deal with this. The idea is that your crypto chip has a key in it that encrypts all this data. You can get it to export this key in a "blob" that can only be decrypted by the manufacturer. (Actually the key is exported in two parts, one in the clear and one in the blob, that have to be XOR'd together to recover the real key.)
If your crypto chip dies, you buy a new computer or motherboard with a new chip. You send the backed-up blob and the new chip identifier to the manufacturer, who decrypts the blob data and re-encrypts it for the new chip, and sends it back to you. You then enter this into the new chip, along with the other half of the key, and presto, your new chip is initialized with the same key that was in the old one. So your new computer can read the data that was locked to the old computer.
This is all done in such a way that neither you nor the manufacturer ever sees the crypto key, so the data is still protected.
Now, this is pretty cumbersome, and maybe Microsoft will come out with something better. If this is really going to be a detailed technical presentation, this would be an excellent question to ask. Just don't assume they can't answer it!
Comment removed based on user account deletion
Except of course it wasn't ill fated at all. When the public outcry came along, the allowed the BIOS makers to put in an option to supress it. And they all did. For a time.
Got some Thinkpads a few months ago and guess what? The option is GONE. They win, we lose.
Expect the same tactics again. In the beginning it will be optional but it won't stay that way long.
Democrat delenda est
Typically you'd rather lose data on an encrypted disk than risk it being compromised. Key recovery and key escrow go directly against this. Replacing mathimatically proven security for a human trust form of security = Bad idea.
You sound an awful lot like Bruce didfive years ago before he got a clue and wrote secrets and lies which is all about why mathematically perfect systems are not what people want. BTW the main objection to Palladium is that it may not work if it is too perfect.
I sell key recovery systems, all my customers disagree. There are very few companies who would like to loose their accounts (other than those run by close supporters of George W Bush). If there were no demand for key recovery I would not sell it.
As for storing a CC number on your computer and only allowing trusted wallet applications to access it. Sure, its rather stupid to store stuff like that on your computer. However you are far more likely to get it stolen from the other end.
Not so, we can encrypt the cc number so that it is never known to the merchant (apart from the last four digits). SET did this years ago, it failled in part because of complexity but also because of the store on the PC issue.
Finally, if you want to prevent a computer from booting if tampered with. It is pretty easy to boot from a write protected floppy. Put whatever verification you want on that.
That is not particularly practical and not particularly secure either. Unless you can put the whole TCB onto a floppy (hint you can't get much of UNIX onto a floppy) then the attacker can compromise other system files and you are toast.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Wouldn't this imply that if the hardware vender died and sold off all of its IP (to help pay off those debts) that if your hardware died, your data would in-effect be gone forever, or you would have to illegally violate DMCA to get to it?
What effect will this have on people who want to run multiple OS's (let's just say for lack of argument, OS/2, or older versions of Windows... BeOS, linux doesn't even NEED to fit the picture here...)? Would this cause problems for re-installs, re-formats, etc. (What effect will this have on the frequency of re-installing?) How will this help the growth of private building of systems, existing hardware, hobbyist usage of BASIC stamp kits, etc.? need i go on? Why should manufacturers of various computer components/accesories follow suit?
This useless space for sale, inquire at front desk.
If there is a player that plays unencrypted content, then it is possible to copy movies. It only needs to be copied once, perhaps by a hacker with hardware modifications, or by pointing a video camera at the screen, and then can be played everywhere.
If only encryped content can be played, then it does not matter if some hacker makes a copy, it cannot be played on most people's machines. Every single machine would have to be hacked to enable it to play some new player that allowed unencrypted content. The security to IP is enormously greater with such a system, ie hundreds of millions of times more secure, so much greater that the drive to enforce this system will completely squash any morals or promises by a few people at MicroSoft.
But how will parents send grandma their videos of their baby? The answer is they won't, and they will forget the fact that there was once a time when a recording could be removed from one device and put into another. Or more likely they will be able to do it with a live connection through a trusted 1:1 connection from their camera to grandma's desktop.
Nobody will be able to record music, make movies, and possibly even publish text without a license from a media conglomerate.
I believe this is going to happen if these schemes are not stopped now.
Won't Palladium delay the release of critical security patches, leaving computers vulerable to attack?
This question should probably be saved until some of the groundwork for it has been already been covered. Here's the basis for it...
Palladium programs and any Palladium data can only be used on a trusted nub ("nub" basicly means kernal). Any changes to the nub are going to have to be submitted for approval as a new trusted nub. How long will this approval process take?
I think they plan an "independant" body to certify/sign a nub as trusted. If so point out this will massively delay the release of their security fixes.
If Microsoft plans to do their own certification that their nub is trustworthy then point out that they are leveraging their 90+% marketshare to create a monopoly on trusted nubs and all commercial use of Palladium.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
So, when I do this very thing (exporting blob, sending, they reencrypt, reentering the code in a new chip, etc) when my chip has _not_ fried, means I have now two PCs that can both access the same data? So perfect protection is not guaranteed anymore. Right?
Say I have a Palladium-enabled computer and I have bought some digital audio from the Net. How can I do something completely normal with it, like burn it to a CD so I can listen to it in my car?
I believe posters are recognized by their sig. So I made one.
Say I write something in an interpreted language, Python, Perl, Java, whatever.
The interpreter binary that runs the code is signed, totally officially Palladium-fine.
Then I can write any Python code that does whatever, can't I? You can't sign the ASCII source code.
I conclude that any language interpreter, or any application that has any sort of scripting language (say IE, Outlook, Word) can't have any means of breaking out of DRM in the language or it won't be certified. This is unbelievably crippling.
I believe posters are recognized by their sig. So I made one.
Let's say I have a piece of software that would want to operate on Palladium-encrypted data, say a OSS alternative to a (overpriced/bloated/bugridden) commercial application. For some mysterious reason (read: monopoly power) Palladium-encryption of this data has become a de facto standard.
;)
Would I have to submit the source code in for verification? How much would a code validation cost (read: much more than any OSS dev could afford)? Would I have to go through the entire process every time it was updated/bugfixed? Or would there be some notion of being trusted in good faith, probably with a huge legal liability attached (also a OSS dev no-no)?
I fear that the Palladium scheme will lead to a monopolization of the software arena, favoring the big software corporations, and the death of using open standards. "See the [LOTR II/Matrix II] trailer here on our MSHTTP server - the new standard for multimedia content. (Palladium/Windows Longhorn/WMP14 required)"
It's also a perfect solution to Microsofts increasingly big problem justifying OS upgrades. Now its new feature can be "access to all the digital content provided by [new wiz-bang-protection scheme]".
Microsofts biggest concern should probably be their stupid users. I think Windows/DRM formats will piss a lot of people off when they don't understand how to copy/back-up/transfer their files to a new machine or similar. Unfortunately, I don't quite see who'll be there to pick up the competition. Macs will always be there on the sideline, and while Linux is coming along I don't quite see it being the OS to tell MS to KISS
Kjella
Live today, because you never know what tomorrow brings
One thing that everyone doesn't seem to get is that consumers would love Div-X if it was the only way to watch a movie.
The fact that they can just go buy a movie on DVD for less than they can buy a music CD killed Div-X. Div-X didn't kill itself.
If the only thing that MS supports is a palladium computer, and of course the only OS that your office will run is MS, then your office will buy new palladium computers.
You can then chose to run WinXY at home, so you can steal your office applications and be compatible, or you can stay back on clunky old WinXP.
Intel and AMD are both already working on in. You won't be able to bypass it with Linux because of the DMCA. You will have to stock pile old hardware just to run Linux. You won't have a choice to chose non-palladium if MS has its way. The consumers will vote resoundingly for palladium.
Sort of like the free election in Iraq. Of course Saddam will get 100% of the vote, he is the only one on the ticket.