Slashdot Mirror
Questions for a Lecture on Microsoft's Palladium?
An anonymous reader asks: "Microsoft is going to be giving a lecture on Palladium
for my Computer and Network Security class at MIT this Thursday. We're told that it's going to be the most technically detailed lecture publically given to date, and that we should be armed with questions as a result. Any suggestions from the Slashdot crowd? What technical details have you been dying to know about Palladium?" It would be interesting to hear back from someone who is planning on attending this. For those who wish they were, but can't for one reason or another, what would you have asked by proxy?
No matter what your first question is, if it's from Slashdot, your second question will be:
Why won't you answer my first question?
Why did you choose to build your new processor out of Palladium.
Silicon, with aluminium or copper, is the more traditional choice.
...that you'll adopt Palladium if Steve runs and jumps around like an idiot for an hour. Then after he's done, tell them you were just kidding. He could use the exercise.
More of a basic business question, but didn't anyone learn from Intel's ill-fated processor serial number "feature" in the Pentium III, or the Div-X movie fiasco? Why would consumers want this at all, and why will they choose it over other alternatives?
Read this for some good info.
The biggest question in my mind on Palladium is how it's supposed to help users. Why we're supposed to use it, instead of just keeping on using our old Palladium-free computers.
TANSTAAFI: There Ain't No Such Thing As A Free iPod.
We don't need palladium for viruses...this just seems like a system for pervasive DRM. Why do we need this?
And how does "trust" have anything to do with Palladium. Palladium is a system of control, not of trust.
Are there any plans to have this webcasted via audio or video, or at the vary least transcripted for our analytical pleasure?
MIT's page makes no mention of any intention to do this, and seeing how it will apparently be the "most technically detailed lecture publically given to date," I think that the public would benefit greatly from such a service.
Maybe it isn't as technical as you want the questions to be, but I'm interested in the answer:
Can open source software and Palladium coexist?
Have you been stalked by Seth today?
I'm curious who Microsoft expects to be the target customer base for this software, do they expect home users, or businesses. Will this be used in general across an office, or possibly only for machines that require high security (e.g. servers with remote access)? It seems that the average home user wouldn't want to be troubled with some of the new security features, and since technologies of questionable legality (mp3, divx, etc.) are becoming popular in the main-stream now, many people would actually be opposed to some of the new security measures. So, since Microsoft has typically targetted an average home user with their products, do they expect to win over the home user market for this new product, or do they simply plan on a small user-base that requires a more substantial amount of security at first, then try to make the system more wide-spread among consumers later?
What will Palladium do to those of us who release independent content? (As in, independent of major corporations.)
The only way I can see it possible to effectively implement DRM is to require computers to not play any digital content that does not have a valid encrypted signature, as provided by the various media companies, and/or Microsoft and Intel.
My main concern, is that independent producers/composers/moviemakers will be locked out of distributing digital content, because the companies involved in Palladium, and other DRM schemes, can choose to withhold issuing these encrypted signatures to them, therefore rendering their content unplayable on Palladium-enabled systems.
I feel, as a copyright owner, and musician, that this infringes upon my rights to distribute my work signature-free, for anyone to be able to play. I do not want a special tag on my releases telling people this is official. I would just like to see my stuff "out there". Therefore, this infringes upon my right to the "pursuit of happiness", as ordained by the constitution.
Anyone else have thoughts?
-----
"You spilled my egg... I needed that egg."
This is what I want to know. How does MS plan to get people to buy into this? How are computer manufacturers going to react when they have fewer, more expensive options for building their computers. And what would make the average consumer see in it? How many people are really that worried about people reading their documents that they'd be willing to give up things like copying CD's, burning mixes, etc...
Will Microsoft assume liability for when Palladium breaks, or are they going to hide behind some shrink-wrap/click-through agreement that says that they (Microsoft) can't be held liable for anything?
From what I have gathered, NO code can run on palladium enabled hardware that is not signed by Microsoft. I am concerned not just about Linux, but about all open source and individual development in general.
Will code I write be able to be run on different Windows machines, or will I be restricted to my local environment barring a signature from Microsoft? From what I have read so far it is the latter and that is frankly terrifying.
Are they releasing details on when they plan on invading Poland? Just so i can be sure to leave The Continent before then.
I refuse to have a sig... dammit!
Trolls and humor aside, I would like to know how they are expecting to fix problems with Palladium should they arise. The only way they can fix X-Box "security" problems right now is to release X-Box 1.1, and if they have to re-release computers to fix security problems, how would they do it? and who gets the bill? (maybe I shouldn't ask that last question...) And what is to stop people from mod-chipping computers? At any rate, I believe like many of my fellow /.'ers that X-Box is a Palladium Preview... or Rhodium (the element before Pd, get it?)
Hmmm.. On that note, maybe Palladium is a preview to Microsoft Silver?
I'm the Devil the Windows users warned you about.
You talk about Palladium being trusted and secure computing. Are there any provisions for backdoors so any content generated by the "secure" technologies can be monitored? If so, how secure will these backdoors be from malicious hackers?
Find a job you like and you will never work a day in your life.
What options are likely to exist for people that do not wish to use Palladium?
Once Palladium has gained market acceptance, will the borg-gear be a requirement, or more of a 'perk' for loyal customers and trusted partners?
microsoftword.mp3 - it doesn't care that they're not words...
Ask questions that will make the lecturer either reveal how evil it is, or make his evasions obvious. Possibilities:
1. If you turn it off - as MS claims they're going to allow - will the system then appear to apps, content & the network as "a Palladium PC with Palladium turned off" or as a non-Palladium PC? (Hint: it's the former.)
2. Will I still be able to flash my BIOS? *All* of it? replace it completely? (Assuming TCPA hardware, they're lying if they say 'yes'.)
3. Why would I want to buy this, if I'm not interested in Hollywood movies but do want complete control over my computer?
Why should one buy a more expensive Palladium compatible computer if they can buy a cheaper non-Palladium one?
Why would a company restrict the content they provide and thrus limiting their consumers with a tecnology that will divide the world and conquer nothing?
Cheers...
A. After it is released what is the ETA of the hack that will work around Palladium?
B. How many months will it be before MS comes out with a patch for the above mentioned hack?
Question: Do any non-industry customers (ie. consumers) actually WANT Palladium or any other DRM technology? As a "feature" that would restrict a user's ability to use and/or manipulate data in certain formats, doesn't this represent a step backwards from the enormous utility of personal computing?
Editorial - I can see people moving in droves back to high-quality analog video and audio editing as a result of DRM technology being forced upon consumers. The whole point of a fast digital computer is to rapidly and conveniently manipulate digital data regardless of the format on a single machine, so any restrictions on doing so is a step back towards single-use analog or simple digital circuits.
Don't they SEE what they're doing in the big picture? The day a personal computer won't compute what you want it to compute is the day you switch to something that will, plain and simple. They're playing with nothing less than the death of the general purpose processor.
I hate to point out the obvious, but being that slashdot is an open forum, Microsoft (and their lawyers) will surely be watching for the most interesting questions, and preparing appropriately non-controversial answers for them. Ergo, anything you ask here is likely to get a marketing non-answer, rather than a real answer....
:-)
Just something to keep in mind
---- I made the Kessel Run in under 11 parsecs.
Since Brian LaMacchia was an MIT doctoral student of Hal Abelson who is the prof concerned, chances of that happening are nil. I presume he is giving the talk as he is also speaking at another event on Friday.
Brian designed much of the security architecture for dotNET which is pretty much state of the art for network application security. He also started the MIT PGP key server. Whatever Microsoft's past reputation might be, Brian is not responsible. Don't confuse the security abilities of the folk who write IIS or Outlook with the abilities of security specialists. As a group there are very very few organizations where anyone listens to us. Netscape had a really bad problem with security until they hired Taher and the brothers Weinstein and they only got listened to there because Netscape got burned baddly in several fiascoes in succession - like SSL 1.0 being broken before Marc sat down at the end of his presentation, the random number bug which they had been warned on repeatedly, etc. etc.
Don't fool yourself, all computer software companies have security problems that need to be addressed. I don't think the open-source scheme to get security consulting for free is going to be a good long term solution.
The point that slashdot people miss on Palladium is that for years the common rebuttal to a lot of security solutions has been 'you can't do that without trusted hardware'. So the fact that MSFT is pumping money into developing a trusted platform is a significant step forward.
OK folk may not like trusted hardware being available to the RIAA, but they are not the only people who can benefit. It is kinda like the same situation we had with key recovery and Clipper. Freeh was right, there are commercial uses for key escrow, it is kinda a problem if you have an encrypted disk and there is no copy of the key anywhere. Problem was that Freeh's illegitimate demands killed the legitimate market. Don't let the RIAA do that with Palladium.
For example storing your credit card # on a PC makes no sense, people still do it. They can do it a heck of a lot more safely if there is a trusted platform which will only allow trusted wallet applications access to that key.
Another example, for years we have wanted to have PCs that simply refuse to boot except to repair mode if the O/S has been tampered with. That way a trojan or virus can't lurk for years. Tripwire tries to do something like this but it really is a substitute for secure H/W
The Palladium folk know that any hardware scheme is vulnerable to hardware attacks. That does not make such schemes unworkable however. Despite the fact that smartcards are vulnerable to electron microscope attacks they do raise the bar significantly.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
I see alot of questions here that refrence things from the open source movement. I would use more ambiguous words in their place because as soon as the folks from MS realize that your into open souce they're going to give you the run-around. IE, don't say open source projects, say personal software projects. in place of Ogg Vorbis, say alternitive audio codecs.
There was a MS representative at the career fair here at UVA and as soon as I mentioned the word linux, the conversation pretty much ended.
my other penis is a vagina
1. Will turning Palladium "off" ALWAYS be an option in the future?
2. What is plan "B" for a TPA (trusted computing architecture) when Palladium hardware security is defeated and anyone can run bogus signed code?
( I secretly want them to answer "Why, that's impossible, no one could ever break Palladium." )
* The Titanic was an UNSINKABLE ship! *
Maybe because we can't grammatical sentences?
"Hardly used" will not fetch you a better price for your brain.
1. Will it be possible, as a home user, to create and digitally sign a creative piece of work? Such as, a home movie?
2. What ramifications will this have on digital content created before the introduction of Palladium? Will it still play?
3. Will the information necessary to create a Palladium enabled viewer be available to public? Or will we only be able to use Windows Media Player to play Palladium enabled content? What are the projected licesing costs for a company that wishes to create a viewer that is able to view Palladium enabled content?
4. Will hardware that requires a signature be able to run content that does not have one? (if yes) Will this then mean that any software that pre-dates the hardware must be upgraded? (if no) Then how will this system differentiate between a desired, older, program, and a virus?
Necessity is the mother of invention.
Laziness is the father.
Comment removed based on user account deletion
does it comes with a tube of lubricant or at least a frozen dinner ?
/ONLY playing devil's advocate; DON'T get on my case as this is not how I really feel/
Their answer will be:
"Providing adequate protection for digital content helps ensure that the quality of that content is protected, and maintaining the rights of the content producer will help maintain the quality of their work, which helps us all."
Again, I don't agree with this nor do I think it is a compelling reason, but if I were a Microsoft Market-bot-3000, that would be my standard output.
El Karma: excelente(principalmente la suma de moderación hecha a los comentarios de los usuarios)
"Microsoft is evil, blah blah blah..."
Now that's out of the way, let me remind you that there's a lot of truth to this often repeated statement. Palladium is, in a lot of ways, a cool, if horribly unoriginal technology (the concept of making software dependent on the presence of hardware to run has existed since dongles).
Regardless of how cool, funny, or "weak" it is as many of you claim, Palladium has two purposes. 1) Palladium is meant to make other deep-pocketed interests happy (more money for MS). 2) defeat any and all competition to Microsoft products.
It's very clear: Microsoft has the say-so in what code gets to execute on a Palladium-tainted computer. What code do you think will be allowed to execute?
You will argue: "It will be cracked." "We can stick with old computers." "This will not be accepted by businesses/consumers." But those arguments are either irrelevant or fall flat on their faces.
First of all, I agree. It will be cracked without a doubt. But do 99% of the users out there know how to use such cracks to free themselves? Do any of you crackers out there realize how complex this system is?
Second, we cannot stick with old computers. This is evident by the fact that there are hordes of users out there running 1GHz processors with half a gigabyte of RAM for the purposes of checking their email. Plus, software will always get more sophisticated and people will always want higher framerates, and so on. New computers will be purchased.
Last, of course consumers and businesses will buy up Palladium hardware! This is, without a doubt, the most absurd assumption anyone can make! "People don't want another DivX!" "People don't want to give up their rights!" Bullshit. People do not even know what their rights are. Not to forget that marketing spins already exist that are meant to convince people that they are getting something (increased security) when they are having something taken away. (Apologize to the guy who coined that phrase.)
Palladium is very real, and it is a very real threat. It will be adopted if it is allowed to continue. Even if we educate the public, it will press on (after all, users running Windows left and right, despite superior alternatives)? Sadly, I have no suggestions on how to deal with it... but we must certainly not take it as a laughing matter.
Why bother.
In fact, stay away from the obvious questions in general. Answers will have been prepared and you will waste your time.
If you want to make them squirm, you need to come up with some direct and highly pointed questions that will be very difficult to avoid answering directly without making it very obvious they are so avoiding it. (You can't prevent avoidance, but you can try to make it obvious that that is what they are doing.)
If I could ask a question, I'd try something like the following:
- What kind of data recovery plans will exist if I buy $1000 dollars worth of digital music that is tied to my processor, only to have my processor get fried in a power surge? Will there be any way to recover my investment, or is it lost? If so, what's to prevent hackers from using that recovery mechanism? If not, how can this be a benefit to customers?
The meta-point: Perfect protection implies no recoverability. Recoverability implies imperfect protection. You can not have it both ways.It's pointed, and it will be very difficult to avoid giving an answer, or making it obvious there isn't one. Either there is a recovery procedure, or the customer is SOL... it's pretty binary. If there is a recovery procedure, hackers might exploit it. (Or do we have to dial home to Master Microsoft first?) If there is no recovery procedure, then how can they honestly claim this is a benefit to the customer?
Me, I'd lay money on a handwaving answer... but it should be obvious, if you do it right.
Does all our base, in fact, belong to you?
I think this should be treated the same as any invitation to submit questions to an interviewee.
MS, in this case.
It's disappointing to see the flamage herein. Yep, Slashdot may be homogenizing, as some have asserted - becoming bland, grey, doubleplusungood sameness in all directions. Personified by Prolific Puking Proselytizing Punks!?!
Yet ---- on the flip side, there are too many superficial questions asked, which by their phrasing or their supposed "subtlety" or "indirection" will somehow be "sprung" upon the erstwhile MS drones standing under the bright lights.
Sigh.
This is a very rare opportunity, if indeed someone will represent "our" interests at this forum (and assuming the chance to speak).
We should be asking all the questions that have come up before, but that have not yet been answered: in Salon by Bruce Perens ('Perens is convinced that Palladium will let Microsoft decide which applications can run on a machine and which are simply too unsafe for public consumption -- such as programs written by open-source hackers. Perens even thinks that's the point of Palladium: "It's designed to kill off open-source development."') and in Dan Gillmor ("Microsoft has launched its Palladium initiative, a hardware-software system designed to make computing more secure from viruses and malevolent hackers. Palladium, unfortunately, could also be used by intellectual-property owners to lock down copyrighted materials in ways that would damage users' rights. Critics have also suggested that Palladium could be used to freeze out open source software -- and they make a compelling case.")
A few example questions:
What is Microsoft's response to Cringely's allegation that data will no longer be "permanently readable" - a characteristic of computing that is taken for granted today?
What is Microsoft's position today on this issue?
Is this DRM part of (or related to) Palladium? In any event, what recourse will users have when (if) their existing software ceases to function as a result of these new "features"?
Search Google, read all the material, find the unanswered questions - and it won't matter that Microsoft sees this slashdot thread. Ask the questions that MS knows about, but has not been able or willing to answer...
Redundancy is good; triple redundancy is twice as good! - Me.
There is no reason you couldn't write an open source browser or office suite and have it run on a palladium system. The reason why there have been murmurs of a possible palladium/OSS conflict only apply to a certain type of program, specifically that which uses palladium/tcpa's "security" features.
;) )
Picture an open source media player. As it stands, xmms could be run on a palladium system and the oss model would work fine. It would play oggs ripped from your own personal cd collection and any company that takes the source, modifies it, and distributes a binary would have to release the source back to the community. No problem.
Now let's say a company takes the xmms source, adds support for drm-infested media, and releases a binary that's been digitally signed by MS, meaning that MS has examined the source and seen that it will not ever expose unencrypted, drm'd data to user access. It still plays oggs (they haven't removed that feature yet), but here's what happens when you try to connect to Disney's server to upload your credit card data and download Mickey Mouse 2010 (subtitile: Yes, we still have the copyright):
1. Disney queries your machine for it's unique ID (yes, all PCs must have them for the system to work).
2. Upon verification that the unique ID is a valid one from the central unique ID database, it asks your system for a signed, timestamped, digitally signed (by the TPM [trusted platform module) message saying that your system is running a drm-compliant OS.
3. If it gets an affirmative answer back, it queries the OS as to whether the app is digitally signed by MS. I'm not familiar with the system that will be used in this case, but I think identd would be an accurate model (i.e. "Is the app connecting from port xxxx on your machine to port yyyy on my machine digitally signed?").
4. If it gets an affirmative answer back, the server will then send content encrypted with the platform's public key (not the "unique ID" key, that one is a single purpose sign-only).
5. xmms, upon receipt of the data, plays it back according to the drm rules.
Now, imagine you want to modify the new xmms sources (that include drm support) to play a new audio format or to add a media manager function (or whatever). You still have free access to the sources, but once you modify and compile them, you get an unsigned binary out of your compiler. It still plays oggs, but when you try to buy a movie from Disney, the OS responds (in step 4 above) with a negative answer.
"No, the binary making that connection is NOT signed."
The result is that Disney will not send data to that app. I'll get the obvious question answered right now:
Q: What if you modify your OS to respond to all step 3-4 "is xyz app signed?" questions with a "yes" answer? Couldn't you break the system that way?
A: No. The authentication process would fail on step #2 above because your recompiled kernel wouldn't be signed so the TPM on your motherboard would refuse to vouch for it.
What does this mean for OSS? Well, not much. Open-source, non-pd/tcpa software won't be affected at all. OSS that does "handle" secure content as one of its main functions would be affected - you wouldn't be able to fork it unless you wanted to pay MS for a digital signature on every release to you want the pd/tcpa portions to keep working. In a nutshell, only the portions of OSS that normally depend on pd/tcpa would be nonfunctional.
So why is palladium/tcpa still a big problem? Well, a couple of reasons, but first, more Q&A.
Q: What if I were to physically crack open my trusted platform module and extract its private encryption and sign-only authentication keys.
A: You would have broken palladium/tcpa security.
Q: What if I were to replace my core root of trust for measurement (CRTM, aka my BIOS) with one that always reports the system is booting in a "secure state" to the TPM?
A: You would have broken palladium/tcpa security.
Q: What if I find a buffer overflow or other bug in a signed application (e.g. windows media player) that allows me to execute arbitrary code as that process?
A: You would have broken palladium/tcpa security.
Q: What if I find a buffer overflow or other bug in the OS or a signed driver that allows me to execute arbitrary code as the OS kernel?
A: You would have broken palladium/tcpa security.
I don't mean to make it sound easy - tcpa is designed to place these activities beyond the means of the average script kiddie. However, they are all very real valid security problems that palladium/tcpa _will never be able to solve_, specifically because of the nature of cryptography, mass-produced hardware, and information itself. I guess you could say that information really does "want to be free".
(Note to grammar nazis: Yes. I'm aware I put the period outside the quotation marks. I did this because I believe it enhances the readability of printed english. Putting the terminating semicolon from a line of C code inside the quotes around a quoted string just doesn't make logical sense. However, any its/it's, there/their/they're, or other stupid mistakes that detract from my ability to communicate clearly are fair game.
So why is it such a bad idea? Because people think it will work. The latest issue of PC World (November [?] 2002) features an ad from IBM touting the advantages of the latest Intel Pentium 4 processor's LaGrand Technology. If I could find it I'd post the page number, but if you look through the issue it's on the left side somewhere in the middle-ish section. It promises freedom from viruses and a more secure operating system. I think it promises completely secure e-commerce as well. The average PC World readers are going to read this and their eyes are going to pop out of their heads. "Really? No more viruses? No more trojans? Secure e-commerce? How wonderful!" When online companies start pushing "secure" online movie rentals (broadband only, some restrictions may apply, void where prohibited, etc...) the ones surviving heart failure will scramble to buy new pcs with this LaGrand Technology (or amd's equivalent). After all, who wouldn't want a virus-free secure PC that does new and exciting things?
Nevermind that the reason 99.999% of the computer-using public have to even think about viruses is because outlook is so incredibly insecure. Nevermind that the only things stopping global availability of secure online shopping are the certificate authorities' greed and US crypto export laws*. Nevermind that online movie rentals will most definitely not take off soon considering how much bandwidth is available to home users even with broadband. (Yes, you may have 2mbit cable, but what's going to happen when a large enough percentage of friday night movie watchers decide to download and cable companies are overselling their last mile _and_ backbone bandwidth at a ratio of 50 to 1?) Nevermind that LaGrande Technology is designed to be the cpu-side hardware support for tcpa/palladium which is already flawed. I'm not saying that IBM won't be able to make good on their promises of perfect security and a virus-free environment (that's a separate debate) - I'm saying that they're pushing a unique PC ID and Digital Restrictions Mechanisms into every home in trying to do it.
(* Yes, I'm aware that you can get strong ssl encryption in linux outside the US. Here I'm referring to windows, a product from a commercial entity that has at least a slight interest in pretending they obey US law.)
So that's how it's going to get into homes and businesses. What harm is it going to do once it gets there? Well, just because it's going to be hopelessly inadequate when it comes to serving its intended purpose of stopping online piracy of digital media doesn't mean that it won't restrict fair use rights. Sure, anyone can use a cracked pd/tcpa box to download a film from disney and then distribute it online, but if Joe user can't rip his legally purchased CD and send it to his car stereo because of draconian DRM code, that's a problem. And that's only the copyright/fair use side of the issue. What about security? What happens when a certain OS vendor, with complete confidence in its supremely planned but critically flawed transition element, starts getting lax on security and starts depending on pd/tcpa keep everything together? Even worse security holes than we've seen before due to inattention to important detail and (at least) internal code review.
I hope you see what I'm talking about now. The worst possible outcome is not that palladium/tcpa will progress as planned (which violates the "possible" part). It's that it will approach an uneducated public and fail miserably.
Are you a paying member of the eff yet?
Except of course it wasn't ill fated at all. When the public outcry came along, the allowed the BIOS makers to put in an option to supress it. And they all did. For a time.
Got some Thinkpads a few months ago and guess what? The option is GONE. They win, we lose.
Expect the same tactics again. In the beginning it will be optional but it won't stay that way long.
Democrat delenda est
If I understand correctly, Palladium checks the integrity of a program "down to a single bit" and will not allow the program to run if a single bit is different from what it expects.
What happens if a sector on the hard drive becomes corrupted? Whereas most programs will presently continue to run with a small amount of corruption (at least well enough to retrieve data), under Palladium would it not fail to load entirely? In other words, the most minor data corruptions become catastrophic failures.
Would it be necessary to reinstall the software entirely in order to run it under Palladium?
What effect will this have on people who want to run multiple OS's (let's just say for lack of argument, OS/2, or older versions of Windows... BeOS, linux doesn't even NEED to fit the picture here...)? Would this cause problems for re-installs, re-formats, etc. (What effect will this have on the frequency of re-installing?) How will this help the growth of private building of systems, existing hardware, hobbyist usage of BASIC stamp kits, etc.? need i go on? Why should manufacturers of various computer components/accesories follow suit?
This useless space for sale, inquire at front desk.
Won't Palladium delay the release of critical security patches, leaving computers vulerable to attack?
This question should probably be saved until some of the groundwork for it has been already been covered. Here's the basis for it...
Palladium programs and any Palladium data can only be used on a trusted nub ("nub" basicly means kernal). Any changes to the nub are going to have to be submitted for approval as a new trusted nub. How long will this approval process take?
I think they plan an "independant" body to certify/sign a nub as trusted. If so point out this will massively delay the release of their security fixes.
If Microsoft plans to do their own certification that their nub is trustworthy then point out that they are leveraging their 90+% marketshare to create a monopoly on trusted nubs and all commercial use of Palladium.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
* Only DRM/"Trusted" systems will be able to play content from the Music industry or Hollywood.
* For an operating system to be trusted it needs to be vetted and signed for use with DRM. i.e. it needs to be a "known quantity".
* An OS where the user can modify it at will is not a "known quantity" or signed, and even if it was, as soon as you recompile it you would break the signature. Basically, an OS where you are allowed to modify it, can not be trusted. (Allowing modifications being a large part of the "Freedom" involved in Free Software. You can't have it both ways).
The result being a world where only non-Free operating systems can play the entertainment industry's content, by design.
If you thought playing Windows Media files on Linux was tough now, wait until Palladium.
--
Simon
Say I write something in an interpreted language, Python, Perl, Java, whatever.
The interpreter binary that runs the code is signed, totally officially Palladium-fine.
Then I can write any Python code that does whatever, can't I? You can't sign the ASCII source code.
I conclude that any language interpreter, or any application that has any sort of scripting language (say IE, Outlook, Word) can't have any means of breaking out of DRM in the language or it won't be certified. This is unbelievably crippling.
I believe posters are recognized by their sig. So I made one.