Slashdot Mirror
RMS Urges Opposition to "Trusted Computing"
Andy Tai writes "In this Newsforge article, Richard Stallman analyzes the "Trusted Computing" initiative and Microsoft's Palladium, points out that such initiatives are really means to ensure your computer can be trusted by Microsoft and Hollywood (you can't do things they don't want), and urges computer users to organize, to support the Public Knowledge and the Digital Speech projects and to use their consumer power to block "Trusted Computing" in its tracks."
I'm absolutely flabbergasted that RMS would oppose this. Flabbergasted. :P
autopr0n is like, down and stuff.
Ya, just like I 'trust' the banks with my money, and I 'trust' the .... ^H^H^H^H^H^H^H^H^H
Wait a minute? I do... and so far it seems to work... BLOODY HELL! How am I supposed to make a point of how Microsoft's intentions are evil (which they clearly are), when I can't find a good example where trusted 'fill in the blank' doesn't work... Anyone???
---
Programming is like sex... Make one mistake and support it the rest of your life.
He just wants it to be known as GNU/Palladium.
I personally think RMS is a kook and an extremist.. Like most "spirtual" leaders are. BUT and this is a big BUT, thanks to people like him and L Lessig our world is being attended to...
I consider myself more of a business person and see the world in shades of grey. Sure that is great for earning an income, the problem though is that my shade of grey might change from a more white grey to a more black grey. And that switch is an erosion of power that I only realize when it is too late... At that point my black grey is a white grey for most people because they have "gotten" used to it.
So hats off Mr RMS...
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
...RMS made quite a fool of himself at MIT's recent Palladium discussion. Highlights include taking the podium uninvited, having Ron Rivest (the "R" in RSA) tell him to please stay on-topic, and delivering his stock rant under the guise that it was topical.
RMS is a dork. A principled dork, but a dork nonetheless.
How am I supposed to make a point of how Microsoft's intentions are evil (which they clearly are), when I can't find a good example where trusted 'fill in the blank' doesn't work.
Well, start with Paypal, which a lot of people trusted as a bank but then got screwed when Paypal froze their funds. Google for Paypal frozen accounts and you'll find tons of horror stories.
Then move on to the online storage of credit card data, and think back to when CDNow got hacked and all their consumers' credit cards were tossed around to the public.
I'm sure you'll get hundreds of examples here, but come on, you really don't have to think too hard.
What's your damage, Heather?
former student, returned to his Alma Mater and gave a talk on some of the
technical aspects of Microsoft's Palladium project. Brian began the talk with
a quick overview of the goals of the project. He stated that Palladium's
goal was to 'Protect Software from Software'. He went on to enumerate some
of the nightmare scenarios that keep the Palladium team up at night, such as
a virus/trojan that launches something worse than a Denial Of Service (DOS)
attack.
These included:
After this brief introduction, Brian went on to describe a hardware based
software security system that would provide 'Fingertip to eyeball security.'
This system would consist of a hardware Security Support Component (SSC)
chip, a special security kernel called the 'Nexus' and user level security
applications called 'Agents'. Palladium would also require alterations to
the MMU for the curtailing of memory and USB for secure input/output.
Brian admitted that Palladium would offer no protection against DOS
attacks and that Palladium would necessarily include a universal serial
identifier (this
would be provided by the RSA key burned into the SSC chip). He also promised
that Palladium would run unmodified legacy applications and drivers.
Problems surfaced during the end of the talk when Brian began taking
questions. Richard Stallman correctly pointed out that Palladium was being
presented as a way of improving the security of personal computers. Indeed,
according to Brian, this was the focus of Microsoft's Palladium project, but
no where in his talk did he present any solution to the crucial nightmare
scenarios that are supposedly keeping the Palladium team up at night.
Indeed, as was pointed out by Stallman and others, if Palladium would run
unmodified legacy applications, then how could Palladium thwart the legacy
virus/trojans without upgrading Palladium enabled Outlook/IE/IIS?
The truth is Brian was being disingenuous when he described the nightmare
scenarios that motivate the Palladium team. In all honesty, there are only
two nightmare scenarios that are relevant to the Palladium project:
internet
has ushered in the end of there ever ballooning bottom line
holders
to effectively eliminate the fair use rights of the public
With Palladium, Microsoft plans to solve the former by introducing the latter.
To get to the heart of the matter, we have to ask _why_?
Brian says Microsoft is concerned that large copyright holders will refrain
from publishing works in formats compatible with the Windows PC. My theory?
Microsoft sees an opportunity to bolster there own
bottom line. Palladium is meant to do for DRM what
for web services.
By providing the infrastructure, Microsoft hopes the content companies will
write applications and release content only for Palladium enabled systems.
Joe Consumer who wants to listen to the next Brittany Spears album on his
computer will be forced to upgrade to the next release of Windows/DRM. Of
course, it doesn't hurt that Palladium could provide quite a few wrench's to
throw at Microsoft's open source competitors.
Nightmare scenarios indeed!
And what of Microsoft? Remember, I don't use their operating system at home - and to reiterate, I've never paid them for anything, so why should I bow to their dictates, especially since I don't use their product?
I thought that was how the free market was supposed to work, but I guess the market ain't so free now.
This sig no verb.
i generly find rms's writing a bit, uhhhh, well, you know. But he always has something interesting to say. This article is dead on. Unfortunately, he's preaching to the converted.
"A language that doesn't affect the way you think about programming, is not worth knowing" - Alan Perlis
YourMissionForToday: and try new pink grey!
See how funny my post was compared to yours? And you know why? Because I use drugs. That's all you need to do. That's the key!
Liberate your mind in two clicks or less.
Okay, so you have a piece of hardware with a proprietary operating system. So far so good. But now with trusted computing, that system won't load any component that is not signed by a trusted party. It's not about you trusting what you run, but about Microsoft choosing who gets the privilege of writing software for the platform. If Microsoft doesn't like you, for whatever reason, they can just refuse the signature that is needed for your software to load. This is basically where it is headed; it's the one sure way to use your monopoly to crush the competition, in particular open source. Even if some open source developers get Microsoft to approve their program, that signature will be applied to a particular binary release. The users cannot roll their own binary from the sources, because that won't carry the signature of a ``trusted'' certificate. So basically the operating system vendor regains control as the gatekeeper who determines what will run on your machine. What's worse, if the hardware vendors follow suit, then a certificate will be required by an operating system to boot on the hardware. If you are lucky enough to get a signed version of your favorite free kernel, good luck rebuilding it. The developers may be forbidden from giving you the certificate, if they get to d the signing themselves. That key is copyrighted bits, right? Letting everyone have it would be against the DMCA.
What the hell are you talking about?! I wrote the parent as soon as I came back from the talk. These are my own thoughts on the talk, nothing more. Why don't you try thinking before you speak!
Although RMS does arouse some passions within the slashdot community, in this, I believe, he is right.
There is, in English Common Law history, a subject area, called the Enclosures Acts, where vast quantities of land were removed from common use, and awarded to landowners in what was a thinly veiled land grab.
It had justification, of course. Private Ownership was deemed more efficient by those that grabbed the land. Far be it for the government to disagree. The whole idea of common weal ( as in commonwealth) was called The Tragedy of The Commons.It would appear that history is attempting to repeat itself. If computing can be controlled by a trusted source - Who will that trusted source be?
This age old problem, can be solved in a number of ways - a dictatorship, or, a democracy, or...
Not quite trusting my fellow man, I think I would rather do my own choosing. But then, I use GPL'd software. A lot. And your choice will be?
This is progress?
-
Boot-Level Programmer-San Jose
I figured TCPA was just some buzzword I could pick up out of a book if I got the job. I do that all the time. But no: The blurb about "changing the way people see, hear and play" just didn't register.I hope they do call me though. I'll give them a piece of my mind, followed by the URL of my DeCSS mirror.
Now I ask you this: if they're verifying the "system integrity" of a linux box with the TCPA, are they complying with the GPL?
Request your free CD of my piano music.
Man, I can see DRM and Palladium getting closer every day.
Stallman's examples this time are rather simplistic. His concerns about "DRM", aside from the "I want to be able to shock myself" degree of control he wants for PCs, aren't all they're chalked up to be. Calling it "trecharous computing" makes him sound like a kook, not a serious voice.
To wit:
"Your boss's e-mails will be written in disappearing ink!"
"You won't be able to send incrimiating documents to the press!"
Any corporate system that causes the main focus of communication to automatically expire with no way to retrieve it is a poor business model, not an aspect of trusted computing. Investigative and Corporate preferences aside (after Enron, do you REALLY think that it'd be hard for Congress to slap a "records requirement" on corporations?), someone should be able to mark their e-mails as "archived." And you can always just print out the document...
And, if some company is too paranoid to keep any e-mails and advanced enough to be truly paperless, there's still a digital camera and the on-screen display. Or the simple expediency of calling the cops...
As for the rest--if MS wants Word to be Word-only, more power to them. It'd keep some large usability problems from arising, and quickly tone down word e-mail.
Postscript 2 really irks me. I'm no programmer, but even I can imagine a system where "untrusted" code & docs are run in a "sandbox," where they can't do any real harm and the user can still use them. Given six months of speed increase, the user probably won't even notice the difference between "game on new system's emulated layer" and "game on old system raw."
*sigh*
former student, returned to his Alma Mater and gave a talk on some of the
technical aspects of Microsoft's Palladium project. Brian began the talk with
a quick overview of the goals of the project. He stated that Palladium's
goal was to 'Protect Software from Software'. He went on to enumerate some
of the nightmare scenarios that keep the Palladium team up at night, such as
a virus/trojan that launches something worse than a Denial Of Service (DOS)
attack.
These included:
After this brief introduction, Brian went on to describe a hardware based
software security system that would provide 'Fingertip to eyeball security.'
This system would consist of a hardware Security Support Component (SSC)
chip, a special security kernel called the 'Nexus' and user level security
applications called 'Agents'. Palladium would also require alterations to
the MMU for the curtailing of memory and USB for secure input/output.
Brian admitted that Palladium would offer no protection against DOS
attacks and that Palladium would necessarily include a universal serial
identifier (this
would be provided by the RSA key burned into the SSC chip). He also promised
that Palladium would run unmodified legacy applications and drivers.
Problems surfaced during the end of the talk when Brian began taking
questions. Richard Stallman correctly pointed out that Palladium was being
presented as a way of improving the security of personal computers. Indeed,
according to Brian, this was the focus of Microsoft's Palladium project, but
no where in his talk did he present any solution to the crucial nightmare
scenarios that are supposedly keeping the Palladium team up at night.
Indeed, as was pointed out by Stallman and others, if Palladium would run
unmodified legacy applications, then how could Palladium thwart the legacy
virus/trojans without upgrading Palladium enabled Outlook/IE/IIS?
The truth is Brian was being disingenuous when he described the nightmare
scenarios that motivate the Palladium team. In all honesty, there are only
two nightmare scenarios that are relevant to the Palladium project:
The nightmare scenario of the large copyright holders who fear the
internet
has ushered in the end of there ever ballooning bottom line
The nightmare scenario that Palladium will allow the large copyright
holders
to effectively eliminate the fair use rights of the public
With Palladium, Microsoft plans to solve the former by introducing the latter.
To get to the heart of the matter, we have to ask _why_?
Brian says Microsoft is concerned that large copyright holders will refrain
from publishing works in formats compatible with the Windows PC. My theory?
Microsoft sees an opportunity to bolster there own
bottom line. Palladium is meant to do for DRM what
for web services.
By providing the infrastructure, Microsoft hopes the content companies will
write applications and release content only for Palladium enabled systems.
Joe Consumer who wants to listen to the next Brittany Spears album on his
computer will be forced to upgrade to the next release of Windows/DRM. Of
course, it doesn't hurt that Palladium could provide quite a few wrench's to
throw at Microsoft's open source competitors.
Nightmare scenarios indeed!
The only problem I have with this site is with the positioning of that laptop.
Why should it be ugly? It's all a dream! It's only a dream!
FACt: everything is politics.
You're more than welcomed to just code in your own little world, do all your work in your own little world, etc. But politics is still involved, whether you choose to ignore it or not, and it still affects you.
RMS realizes this and thus considers politics as integral in any software project.
Palladium is all about politics. Its about the polics of the BSA, the RIAA, and the MPAA conrolling what you do through MS, which will undoubtedly make unholy alliances to please these parties and profit. Palladium is about MS trying to make the GNU/Linux OS an impractical choice for users, as no hardware would run it. MS may say this about technical matters -- i.e., security, virus-prevention, etc etc -- and it is in part; but there is also politics running through the fibers of this idea. Politics is ubiquitous in this Palladium project.
As is predictable, everyone's been more than willing to jump on the "bash RMS" bandwagon. It actually reminds me of the Michael Jordan situation in the NBA. Here's a guy who's done alot for the NBA, alot for his team, and alot for basketball in general, and people are constantly criticizing him for making personal decisions which he had the right to make (i.e., to come out of retirement). Similar thing with RMS.
Many criticize RMS for what he says or where he says it; i.e., mentioning such things in newsgroups or forums which are "not meant for discussing those issues". But the politics of what he talks about is relevant to kernel developers and coders, even if they're too stupid to realize it. RMS is not an extremist. Or, if he is, extremism in defense of liberty is not a bad thing.
social sciences can never use experience to verify their statemen
I don't think this is a question at all - we have to stand against this latest MS evil plan. Not everyone agrees with everything RMS says (though I do think that GPL style free software is a blessing, I'm not against software that's more restrictive - but there needs to be a choice) but on this issue I don't think there can be too many who think he's wrong.
Afterall wasn't it Microsoft who lied in court? Or just last week about the "switcher"? They can't be trusted, it's that simple - they've shown that time and time again.
As for Hollywood, well again why should my computer put the needs and wishes above my own? So I buy a DVD, why can't I play that everywhere? Why can't I create my own player? Who says I shouldn't be able to buy a DVD while on holiday and be able to watch it when I get home? If I save a little money by buying it overseas isn't that my good fortune? Why should a commodity like a DVD have such wide differences between price and terms in different places?
No there are legitimate reasons why I might want to do things that MS/Hollywood want to stop - I don't see why my computer should help them take away MY FREEDOM?
Personally I think it's time we started something like FSF for hardware (FHF if you will) so that we can escape the clutches of "the evil Empire".
What happens next? The PC refuses to run any OS without a Microsoft signature, and we're blocked from reverse engineering it? This seems to be happening already with the Xbox, is this just a test case for the whole PC?!
Perhaps Red Hat should make a PCs, and allow anyone to copy the design. For no other reason than to protect THEIR business model.
Before we all get too carried away, let's try to remember a few basics ok?
1: Trust is a human phenomenon, not a
machine state.
2: Trust implies motives. Last time I checked,
machines don't have motives. People do.
What are RMS's motives? Microsofts?
Trusted computing's motives are ???
Personally, I think the whole thing stinks of pot, kettle, black on the above mentioned bases. Regardless of all that, I fully intend to look out for myself online using Free Software/OSS to the extent I am able. (currently 100%) I believe I know what's best for me, and don't need much help from M$, RMS, or any "Initiatives".
C|N>K
I really wish RMS would think more about long-term strategy. He spends time ranting about the name you use to refer to your OS, which hurts his credibility when he argues against things that actually are worth arguing against. There's a reason that "The Boy Who Cried Wolf" is a common folktale.
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
While I knew that the CBDTPA contained language that all new products would have to have the proposed restrictions, I don't recall seeing anything about shutting out old, non-CBDTPA, computers. Is this an accurate reading of the proposal, or a stretch meant work us up?
Let that be:
"Oh, Outlook 2000 is trying to write to the registry! [abort] [inspect] [allow]
"Oh, IE is attempting to send 5374 mail messages! [abort] [inspect] [allow] "
Kick the user's head by requiring a certain security clearance for " [allow] ", and an idiot warning to boot.
Yeah, people who are vocal about their ideals are real irritating aren't they.
"Gold still represents the ultimate form of payment in the world." - Alan Greenspan, 1999
Comment removed based on user account deletion
OTOH I hold some opinions of my own. RMS says that trusted computing should be called treacherous computing but his reasons are weak. I fail to see how stopping people from illegally trading media over the web should be considered treacherous, in fact it is commendable.
Instead of leaving the internet as a 'wild west' with no laws, Microsoft and the RIAA (along with some politicians) are benevolently expending time and effort to establish some sort of order. I look forward to the day when I can buy Trusted hardware and engage in Trusted computing. That will finally let me sleep at night, knowing that Hollywood and the RIAA are not being robbed of their hard earned money.
?-|||-----x<*))))><
The law would effectively prevent you from connecting them to the (now DRM-enabled) Internet, because the old computers cannot speak the right protocols.
Liberty in your lifetime
If this were the U.S. Government pulling something like this, we'd have torched the White House by now, and the only real question we'd be debating would be whether Senator Hollings needs five more turns on the spit. But to some extent we are at a loss because it is business rather than government leading this assault on speech and liberty.
The world has started to turn into a scary place. It used to be the government that was most likely to take away people's rights. Nowadays corporations can be just as dangerous; and the massive bulwarks of liberity put up by our founding fathers--the U.S. Constitution and the checks and balances that make up the branches of government--were not intended to protect us from powerful corporations. If we are going to secure liberty for our children, it may take a struggle just as momentus as those struggles that have been fought before. Resting on our laurels is not an option for free men who mean to stay free.
It would be the funniest thing in the world if the first public demonstration of Palladium was a dismal PR failure because somebody hacked in a desktop image of Goatse.
"Ladies and Gentlemen, as you are about to see it looks the same as always when we boot up......Yipes Crimminy! Um. We have a technical glitch here it seems. I think this demo shall continue another day."
Table-ized A.I.
1) The traditional one. This puts the access control of computer resources in the hands of computer owner.
2) The DRM, CP Protection etc: These system wants to take away access control from the owner.
I don't know why the second part is even called "security".
The problem with DRM etc is that once they become more wide spread, someone will provide a method to defeat them. And once defeated, there is no easy way to enable them since the owner doesn't want to enable them! E.g. region code and macrovision disabling in most dvd players. So the only way to implement DRM etc would either be by making it a law and have a very stringent enforcement or don't allow people to buy computers (just allow them to rent only, which will contain license clause that the sytem must be audited, insured at renters expense). Either of the proposition is very expensive.
Let me paraphrase. Since I'm not black, means I have no reason to be against slavery.
I'm not female, so I shouldn't care about pro-choice/life issues.
I think I got it.
This should be RMS's next project. While arguing with Microsoft and Intel, and trying to raise public awareness (impossible, they just don't care) the logical step would be to make a competitive counterpart.
Trusted computing can be good, but who do you trust. IIRC the military's definition of a trusted link is the one who can breach security. E.g. a trusted mail server that handles top secret mail is the one that can send it (by mishap) to the less secret network. (Reassembled from memory collected while reading an article in Linux Format)
The only one I would allow to breach my security (download an infected program, fail to set user rights correctly a.s.o.) is me. I should be the one deciding which programs should be possible to run on my computer. This has made me wonder why I've never heard of a project aiming on making something like this, maybe not swaying Microsoft, but maybe Intel. It shouldn't be hard to implement in the Linux kernel (harder with Windows though) and I would do it if I knew - or had the time to figure out the kernel code.
Look a monkey!
Hey man, i'm toq, maybe you've seen my posts around here? :)
.gov regulations that would stop them from selling a DRM equipped peice of hardware for far less than a non DRM equipped peice of hardware. I would imagine any hardware company not willing to produce MSDRM compliant stuff will be left out in the cold because they won't recieve funding from M$ to develop it.
Anyways I just wanted to give my opinion on why this is bad. MS has over $40billion in cash reserves. This is enough money to subsidize anything they want to, which is a really scary thought. So right now MS is subsidizing DRM development through a network of smaller projects like the Xbox, funding cheerleaders to go to hollywood (RARA RA M$ OWNIN YOUR PC IS GREAT!!) and getting chip makers to make the actual chips to go into the final product.
When it comes time for a "final product" no doubt that will be subsidized too. Unfortunately there are no
Furthermore, when a first time computer buyer goes to buy a pc, will they buy the fully pre built "Compatible with hollywood!" PC or will they pay the extra money to have a non DRM pc built.
Customer "You mean its not compatible with hollywood?"
For us tech hounds, we know we'll end up having to support this shit somewhere down the line. Personally, I don't want to touch it with a 10 foot pole. I can see my CEO now...
CEO, "I tried to access this insider trading site (porn) on my sleek sony vaio (it looks cool)and it said I wasn't Hollywood compatible? Bob from accounting said hollywood compatible computers are cheaper than non holywood compatible ones."
See that's the basic, sometimes flawed logic of the pc illiterate public.
And that's where I see all this going. I see MS and NBC and AOL getting together for one HUGE fucking ORGY to screw us. I see future media being created that REQUIRES you to have this hardware to listen to it. Yet the PC illiterate do not even stop to think "Tape recorder next to the radio" DRM is flawed from the beginning in that sense, so really this is just MS's 3rd reich (1st riech killed os2, 2nd killed beos, 3rd is goin after linux)
Anyways, good luck to you Mr. Stallman, i'll be here in the trenches trying to prevent MS from going onto my friends and families computers. Not many people can sit back and see the whole picture but you can, and should be commended for that.
"The project began about four years ago as an epiphany among a small group of Microsoft employees who were working to solve the problem of content protection for online movies."
"The end result is a system with security similar to a closed-architecture system but with the flexibility of the open Windows platform."
And to stir up the pot a bit.
As Lessig has written in 'Code' and RMS writes here, government and commerce feel that imposing control structures on users is a good thing. The government likes it because control enhances their regulatory power. Commerce needs control so their 'property' will be defensible from piracy, etc.
RMS should really be taken seriously - web services is the next step for commerce that the government will attempt to promote. Web Services will enhance our PKI, allowing for identification, and it will also add controlling code to many devices and systems. Not only developers but the average citizen should be lobbying hard for open networks and open systems. If we don't, the Internet will become the perfect control structure to regulate our lives.
smd4985
Thus the only course of action I can take is to not accept the contract if it is offerred.
However, I will be happy to discuss with them that I cannot consider taking the job because I feel that what they would want me to do is morally reprehensible.
I try to abide by what I feel is right. But I have worked for companies whose principles I objected to, because that's what I had to do to survive. I did the best job I could while I had the jobs, but did my best to move on to other work as soon as possible.
But there are some things I just won't do.
Request your free CD of my piano music.
How does he eat? Open source food (aka foraging)?
Silly comments aside, there are two things that must be balanced, the rights of the copyright holder/content producer and the rights of the consumer.
If the copyright holder/content producer is not protected then the incentive to produce and innovate is greatly reduced. Bills need to be paid, families fed, etc. Those things happen when the commodity (content) is paid for. (e.g. how does RMS eat? He must expect to get paid for some things and I'm sure he wouldn't appreciate it if I collected his assorted writings and published them without recompense to him)
On the other hand, the consumer has certain rights granted when the content is acquired. People must be vigilant to ensure those rights aren't abridged.
RMS needs to moderate himself and find a workable solution in the middle. He smacked of Chicken Little when he started on the treacherous computing and MS Word thing. First they get you with the file format, then next thing you know, "You might be unable to read [your writing] yourself." Yes, there's a good business model for word processor sales - a write only word processor.
That's just one example where his extremism will turn people off. This isn't about black vs white - everyone needs to win here. He certainly sees himself on the moral high ground but what is really needed is a solution for the masses. If he isn't working towards that solution then he is part of the problem, and he'll soon be regarded like that guy found on every college campus, the one standing on some steps somewhere ranting or preaching or something.
All this yammering about how "we can't do this"
because "we don't have the source code" that.
We tell the media companies they should adapt or die. Well, we should adapt to. We aren't going to get the source code. So get working on techniques to manage and modify object code. It's ugly and it's hard, sure.
Let's go further than the tired old "free as in speech" versus "free as in beer" argument. Let's start living in the present, playing the hand we've been dealt.
It surprises me that one never sees binary patches from the user community. Back in the day, we worked with object code. Today, a program will have orders of magnitude more object code to work with, and it will have been created by compilers which do unbelievably crazy things to the code, but, at least we have it.
So please, somebody make the software analysis breakthrough that renders source code obsolete. Yes, it's a big job. Should be interesting.
-fb Everything not expressly forbidden is now mandatory.
It's easy to do so when YOU aren't that bright. He might not be a Jeffersonian speaker (well maybe George Jeffersonian) but he has done more to further OSS than you that's for damn sure. You're lucky he's even around after the shit you constantly heap on the guy.
So he's not eloquent: you can't diminish what he's done.
Stop being such a snot and shut the fsck up. Cut RMS some slack. At least he contributes something of substance where it counts. You? Well it's real easy to be enlightened when you're sitting on YOUR ass on a mountaintop somewhere and all you can contribute are some comments that you hope get modded up.
I got a shitload o karma to burn baby so mod me down and flame as high as possible you unappreciative shits.
</TANTRUM>
Please, please do not use the words "secure application" when what you really mean is "approved application".
What I suspect you really mean is "an application that is doing only what the user intends that application to do". However, that is not necessarily the same as "approved application". (Since software vendors can stick all sorts of cruft and spyware into their "approved" applications) Some Palladium supporters would like everyone to assume that they are the same, and the use of "secure application" supports this confusion.
"Secure application" presumably means, among other things, "an application that is not vulnerable to attempts to make it misbehave". This is also not what "approved application" means.
I wonder - if an approved application contained a buffer overflow or other vulnerability, would it be possible to write a trojan that would operate entirely through that vulnerability as though it were a trusted application? (e.g. a trusted server could be exploited remotely and then the trojan code loaded into memory, running as a thread of the trusted server process) Tricky perhaps, but I've not heard anything that makes me think that Palladium will avoid that scenario.
Its not bad at all and much better then Micorosoft's patented closed alternative. The good news is that IBM supports this and they want linux to run on it. It is more strict but its more like ssl or pki in which any trusted body can sign an application. These vendors are more sympthatic to Linux.
Its the patent that Microsoft has on using drm in an OS is what really bothers me most about palladium. The dmca is also a problem. IF the dmca is ever overturned then linux could use palladium.
http://saveie6.com/
Ok ok. We, the geek community, agrees that Palladium and the "Trusted Computing" initiatives are bad. So what, there are not enough of us to excecise our "consumer power" and stop them. If the geek community really had that much power, Windows would no longer exist and Linux would have a 90% desktop market share.
Obviously, this is not the case. It's because no one in the real world cares or thinks about the geek community. Moreover, searching google for 'palladium' or 'tcpa,' will reveal that they are Microsoft and other copyright holder's initiatives. So what does Joe Consumer do? He visits microsoft.com and learns about all the wonders that Palladium will do for him. If he really does his research, he may stumble across a page like the Digital Speech Project, and promptly decide that the anti-TCPA community consists of a bunch of hacks.
Simply put, the web page is lacking, PR is lacking, and we can not compete with corporations unless we capture the hearts and minds of the normal consumers. Sure, the page may be standards compliant and be light on the server, but it looks bad. It looks like a voulnteer operation. This community needs to make itself look better than the corporations. Consumers expect a certain style, so let's give it to them. That means creating visually appealing web pages, pushing technical material towards the back, and creating a presense that appears credible. And for God's sake, stop asking for donations on the front page of every FSF site.
Here's a reason why Microsoft should not want to implement treacherous computing in the future: while North America, Western Europe and a few Asian countries are pretty well wired, the majority of computer users is not yet connected to the Internet. Those who don't have a PC yet (the enormous market potential), will always get Internet access after they get a computer, not before. Thus, if you start selling software that absolutely requires Internet to run properly, you automatically hand over a huge potential market to your competition.
On a personal note, there's a small group of people (just like me) who choose not to have Internet access at home, and could not care less what software they are using at work.
All MS bashing aside I find it very odd that people, with all their supposed privacy concerns, would even consider a company such as Microsoft or any other software vendor for that matter, trusted enough to hold a lot of personal information.
.net or palladium account?
I understand the appeal of having an account that floats to any terminal that you log into - but having someone else in charge of that makes me nervous.
I mean - think of credit companies on steriods here.
For example - having a bank have some ability to control your money is one thing - but here you would have an account that could have much more information that you "own" but dont have full control over.
In your profile in the next 5 years will be such info as:
bank info
documents, both personal and professional that are kept or written by you
habits file, browsing, shopping, reading, viewing etc.
personal machine preferences
owned/installed programs you use regularly.
plus more
Now I cant understand why I would want to give anyone control over any aspect of this. Banking is a necesity in todays world - but that's as far as it should go. I dont wnat my bank to handle any information other than exactly how much money is in my account and when I access it. I wouldnt trust them with my personal documents etc... so why would I trust MS.
One argument against this could be the handling of hotmail accounts.
If you think MS is responsible enough with all you info then you have never been one of hundreds of thousands of whom who had their hotmail accounts "misplaced" with not so much as a sorry. (cant find a very good article on it - but I remember it when it happened)
What about how hotmail handles information as simple as your email address - and how much spam you get. What levels of access will "affiliates" and "advertising partners" have to all the info in your
There is already a proven track record to show why you would not want this info placed outside your control.
The bank knows that the big, bad SEC will be breathing down its neck in a microsecond if it crosses certain boundaries. Both the banking laws and banking tradition keep its competitive force/greed in check.
The high-tech world hasn't got the equivalent of the SEC. And, of course, it doesn't WANT an SEC looking over its shoulder, although Microsoft's behavior certainly indicates it needs one. :/
Even parts of the high-tech world that overlap on the SEC's territory, like online banking (PayPal, anyone?) or online stockbroking, are often not regulated as the equivalent real-world businesses would be. PayPal, for example, doesn't operate under the same laws and regulations as a bank, although its business is unquestionably banking. That's why I won't use PayPal.
Stopping Microsoft and the RIAA on the "Trusted/Treacherous Computing Initiative" is going to take both a grassroots refusal to use products that have that technology and a significant political effort. Time to call the EFF....
Catherine
The same question that I have in my sig:
How is Microsoft supposed to roll this out? How EXACTLY are they supposed to take over the world such that ONLY signed code can run, and maintain backward compatibility?
No backward compatibility, no sales.
Once again it has to be pointed out: Microsoft is in business to sell operating systems and software, not to take over the world.
Palladium will ALWAYS be able to run unsigned code. There's no other way it can happen.
Sometimes it's best to just let stupid people be stupid.
Most of us had gone there hoping that someone would put Brian on the spot. Even those who are friends would have liked to see how he would cope with a difficult question. Unfortunately RMS did not ask a difficult question, he just went off onto a rant. As a result everyone who followed was making sure that they distanced themselves from RMS.
The way to put someone on the spot in a case like that is not to make the most ridiculous assertion about the other side. Instead you should make the question appear to be as reasonable as possible and design it so that it exposes the unreasonableness of the other person.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Palladium isn't going to rob you of the right to use your PC. Do you really think Intel and AMD would make a processor that only ran one OS? They'd be tying their futures to those of Microsoft.
Palladium will just sit there until you choose to run software that uses it. Not install, but run. That means you have to:
1. Have Palladium hardware.
2. Have a Palladium OS.
3. Have a Palladium application.
The above three will allow you to access Palladium-protected content. Guess what? If you don't want to use something protected, you don't need Palladium!
Now, what happens if your favorite band or software company or whoever decides they're going to use Palladium? Well, you tell them you're not buying anything. All Microsoft is providing is a secure delivery vehicle. If you don't want to do business with those who use DRM, or trusted applications, or any of the other uses for Palladium, then you don't have to. Sure, it means you have to go without the latest version of the software you love, or that new album from that band, or whatever else you might want, but that's the sacrifice you make. If enough likeminded people feel the same way, then Palladium will fail.
Palladium is all about layers of security. If the hardware's secure, a secure OS can load. If the OS is secure, a secure app can load. If the app is secure, a secure file can load.
If the system is secure, content providers will be able to provide media with confidence. In a controlled environment with limited legacy software, unauthorized code such as virii can be halted before damaging or spreading. Truly effective copy protection can be implemented if backwards compatibility is left behind (ah, the age-old quandary.)
In short, it's not going to stop you from running your own OS.
So, vote with your wallet. But don't give in to paranoia.
...Except that the employer is a Japanese entertainment conglomerate with offices in San Jose (the popular guess is Sony), and the target platform is hinted at being a digital media device. So TCPA, at least in this instance, will be used precisely for compulsory licensing and screwing the user.
TCPA devices have their place -- in banks, brokerages, power plants, and other establishements where you don't want random code introduced without a red flag popping up. And its use and proliferation should be confined to precisely those areas. TCPA has no business being in consumer-level devices.
Schwab
Editor, A1-AAA AmeriCaptions
What would be interesting would be a virus or trojan that builds its own layer of "trust".
In order to "trust" an application there has to be some way to ensure another application doesn't disable or modify it. Now imagine a virus exploits a trusted application and is now in the trusted realm. You wouldn't be able to remove it because the MMU is protected at the hardware level. Does this mean that virus scanners must be trusted more than the average stock app or bank app? Or is this the end of automated virus detection.
"Just because they are legal, does not mean they are nice. Or not downright evil."
Yet, Microsoft is the one on everybody's radar. Heh.
Comment removed based on user account deletion
We can no longer afford the luxury of being apolitical. We must stand up for our principles, not only in word, but in deed as well. That means refusing to create the tools by which we, our families, and our friends will be subjugated.
I trust that all persons with even the slightest shred of honor or dignity will stay well away from this invitation to sell out the rest of their community.
Schwab
Editor, A1-AAA AmeriCaptions
CDNow didn't get hacked(unless I missed a news story?), it was CDUniverse...
I'm a customer of both, and I only ever received a letter from CDUniverse describing this, but by the time it happened that card had already expired and been replaced.
A virus/trojan that trades stock thereby disrupting the market
A trojan that activates and places an order on Amazon.com
A virus that publishes sensitive information such as private tax records
All of these problems can be better solved using a secure OS that implements confinement, such as EROS. Confinement, secure boot, and attestation are orthogonal features, but MS is presenting an all-or-nothing choice in Palladium. Any system that truly has users' best interests in mind will offer only features that benefit users (confinement, maybe smart cards) and not features that are primarily useful for oppressing users (attestation).
From what I've read Palladium isn't about Digital Rights Management.
Why is your discussion of Palladium concerned with DRM?
The same lame joke repeated thousands of times is boring! Every time there's a story about Richard Stallman, GNU, FSF or GPL there's always some asshole who writes GNU/whatever and gets modded up as funny. Even if it was funny a long time ago (which I personally think it wasn't) than please try to make your own joke maybe, instead of saying someone else's one, over and over again. Thank you. You will look slightly less stupid in my eyes if you also try to show some respect to people who started the free software revolution. And no, RMS wasn't only bitching like the Slashdot cheerleaders, he actually started writing free text editor, compiler, linker, standard C libraries and other boring but essential stuff without which I could not even work today. Show some minimum respect, if you ever want to be respected by others.
Without the need of Paladium, certainly.
'Duh' as you say, but you miss the point. Microsoft is falsely presenting Paladium as an ends to a security problem whilst really attempting something a lot more vile remincient of things they have already been convicted of doing.
I'm not interested in having Microsoft dictate to me how I can use my computer or attempt to restrict how I view/use my data/media.
The fact that they might succeed in causing PC manufacturers to produce Palladium-only machines is the significant matter here for me.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
"MS doesn't have niether competition nor federal mandates preventing computers from being restricted."
That sentence should be dragged out into the street and shot.
Too bad that Grammar guy isn't here to point out the tragedy of double negatives, improper spelling, confusing wording, and a run-on sentence all in one! It's like looking at a 16-car accident.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Chicken Little only has to be right once.
If I knew the wedgies I gave you back in 6th grade would have resulted in this . . . I might have taken a moments pause.
First they invented the CPU-ID when producing the Pentium, but I didn't care since my BIOS gave me the option to disable it.
Then they put some GUID in MS Word documents, but I didn't care since I used StarOffice/LaTeX/Applix.
Then they would require a personal registration for any XP install, but I have been running Linux/*BSD so I didn't care.
Then they put "DRM" into Media Player 9, but since I ran mplayer and xmms, I didn't care
Then they started putting obscure crypto hardware comtrolled by some vendors' consortium into each and every PC and I could not run my free software, but there was nobody to help me, since my emails and postings were denied by the TCPA platforms to their owners, and nobody could read then anymore...
<disclaimer>Rev. Niemöller was facing worse conditions when writing the original, I know that...</disclaimer>
This is an open letter to all applicant for the position of Linux Boot-Level Programmer:
d00d, Quit being a FUCKING ASS
MY GOD MAN!!! Do you realize what you're doing? DO you? What kind of HONEY BITCH TOOL have you become? Have you no shame? None at all?
Look at you. Look at yourself. Look at what you've BECOME. Your job is writing code to BREAK PEOPLE'S COMPUTERS if they dare to put a CELINE DION CD into their disk drive. Is this what you always wanted? Is this what you went to school for? Is this what we've all -- all of us, every other hacker and programmer and geek and computer person -- is this what we've all helped you to do?
Do you really think that you don't OWE us anything? That you don't owe anybody anything? That what really matters is that you get some of Celine Dion's FILTHY CANADIAN LUCRE? Hell, man, I'll pay you out of my OWN POCKET to quit your job right now. What kind of job is that? What kind of man, or woman, are you?
I know you didn't start off like this. I know that you're like me, that you're like all of us. That you love these things called computers, that your fingers itch when you're away from them, that your whole essence pours out of your fingertips into the keyboard when you make that system DO YOUR MAGIC. It's incredible, it's power, it's a tradition that goes back centuries, and it's flowing through you right now, right this very second.
And you're BETRAYING it. You're standing on the shoulders of giants and SHITTING on them. For something you believe in? For something you're PROUD OF? Or for the dollars of Sony Megacorp and the opportunity that that brings?
Who the HELL are you? What the FUCK has gotten into you? Just in case you didn't notice, this recession is OVER, and there are a JILLION jobs out there for you to take. Jobs that make people's lives easier, jobs that OPEN DOORS onto a new plateau of human awareness that the people we owe our livelihoods to only DREAMED of. Jobs that could make this world a PARADISE instead of the shitty money-grubbing craphole it's been since the dawn of time.
And instead you choose to take a job fucking up people's IMACS. For NO GOOD REASON.
It's really not too late. You can stop RIGHT NOW, you can get up and walk out the door and turn your back on the forces of REACTION and of GREED and of SMALL-MINDED CONSERVATIVE ASSHOLISM that say that the most important thing in the world is keeping some tweaked housewife in South Dakota from sharing a goddamn CELINE DION TRACK with her mom or friend or neighbor. You can stop. You can do it. YOU ARE BETTER THAN THIS.
For the sake of everyone who ever helped you with your homework. For the sake of everyone who answered your plaintive and ignorant plea for help on Usenet or some mailing-list. For the sake of every person everywhere who wrote a driver or an app or a goddamn EXAMPLE PROGRAM to show you how to make these machines sing like angels under your hands. Pay us back. Stop this crap. Stop this humiliating bullshit and stop being a tool of The Man.
[UPDATE: This article originally linked to a Knowledge Base item at apple.com covering the wilful breakage of Imacs by Sony engineers. Seems that that article has gone missing. Searches for "Celine Dion" or "copy-protected CD" on the Apple site come up empty, too. I guess maybe the problem went away on its own, hmmm? I THINK NOT. This is bad juju. Anyways, I redirected to an article in UK's Mac user about the deal. -Mr. Bad]
cpeterso
I find it absolutely comical how self centered _some_ Americans are, to the point that they think the TCPA and related AMERICAN technologies (Palladium, etc.) will be the end of free computing in a global sense.
Do they really think asian/european PC hardware manufacturers are going to radically redesign their products to serve the needs of American capitalism?
Not a chance.
The TCPA may be the end of free computing in America (though I doubt it), but the rest of the world will continue on its merry way.
Get over yourselves!
I apologize in advance to all open minded Americans, you know who you are.
"Becoming Amish" really isn't an alternative to the Microsoft monopoly. It is also absurd that you imply that Bill Gates "created" anything in the way of modern micro computing technology. He stole everything from the actual creators that should have been rewarded by the market and then ran those creators out of business.
We are fortunate that Linux is coming along nicely as an alternative GUI based x86 OS since GEM, OS/2 and BeOS died off due the illegal conduct for which Microsoft has infact been convicted of.
REAL capitalists should not be satsified with the communism-in-sheep's clothing that Microsoft represents.
A Pirate and a Puritan look the same on a balance sheet.
Comment removed based on user account deletion
Comment removed based on user account deletion
"Fascism should more appropriately be called corporatism since it is the merger of state and corporate power" -- Benito Mussolini
___
If you think big enough, you'll never have to do it.
"Oh, IE is attempting to send 5374 mail messages!"
(use of IE in this message may not be the best example program, but I'm continuing your example)
Yes, and there's no reason we can't check for that now (no extra tech required, I would have thought something like WINE or (for ultimate paranoia) a pure x86 emulator like Bochs could sandbox things nicely) and that's fine for a pre-"Trusted" version.
However, when you get IE 2010 with "Trusted" Digital Restriction Mechanisms, will you be able to run that in a sandbox? Or will it insist on having verifiable direct hardware access so it can talk to (say) your anti-piracy, screenshots-can-be-disallowed graphics card? (OK, so Windows Media Player 2010 might have been a better example)
I know you're probably just trying to be funny, but let's set one matter straight. You didn't teach me how to design software; you don't pay for my office tools; you don't pay for the roof over my head or the food in my refrigerator. I therefore invite you to share your self-righteous tirade with the "WILL WORK FOR FOOD" guy on the I-25 interchange; or else shove said tirade up your ass, that it might dislodge the obvious backlog of shit you've built up. If you shove with enough force, you might even relocate your head onto its rightful place atop your shoulders.
Yes, programming can be an art; but it is first and foremost a job. When you:
A) Graduate College,
B) Move out of your parents' attic
. . .you will understand that life doesn't always mean working jobs you like - sometimes, it's just about working jobs that pay the rent better than, "Would you like fries with that?"
!#@%*)anks for hanging up the phone, dear.
however, there is something very important that we can do with this article. it is very articulate and one of the finest, clearest articles i've seen on the topic.
most importantly, it is written in english and not geek!
this is a good opportunity to pass this article along to professionals who earn their living with programs like Word and Outlook. Attorneys, Real Estate brokers and Bankers, Mortgage Lenders and Insurance Agents.
tell them how you, the supergenius computer geek feels about palladium and the threat that your friends face from it. they will listen, and they can make a difference that we alone never could.
my .02
gs
"You never want a serious crisis to go to waste." - Rahm Emanuel
You don't care because GNU is not your baby, it's his.
It takes a very great man to see his life's work taken for granted by all without any recognition. In effect Linux has killed the ambition of the GNU project, which was to come up with an alternative Unix system written from scratch.
GNU started with the compiler and the utilities and put the kernel last. This made sense at the time if you wanted a usable system at every point. Linus came along with his kernel and stole the show. Nothing wrong with that but it is true that the community should recognize RMS's contribution. A few do but the majority see him as a crackpot.
He is not. In his place most people would react the same, or worse.
There are about 3 alternatives to Intel CPUs, and a bajiliion alternatives to IBM and HP. It seems to me that without government legislation to force all PCs to have the built-in security dongle, there is no way "treacherous" computing threatens me.
In fact, I can't imagine Intel putting ugly 3rd brake lights on all their cars unless all other manufacturers are forced to do so as well. It would be a marketing fiasco.
Plus, any coersion between Microsoft and Intel to force people to buy Intel CPUs with security dongles would bring up anti-trust issues. They have to have government help to pull this off.
So why isn't Stallman asking for support in lobbying the government? There is where the potential danger lies, IMHO.
If I were Intel, I'd take any NRE money that Microsoft/Hollywood gave me for this stillborn idea, produce some chips for them, and laugh all the way to the bank. This is alot like the DivX DVD fiasco, and without 100% alignment of all the manufacturers, it will play out the same. You won't see the needed alignment without laws.
I don't think anything will prevent the MS/Intel/Government/Hollywood/RIAA conglomerate momentum from marching toward forcing use of DRM based media distribution channels in the future.
/.'ers out there...
...What is real interesting is the new emphasis on Digital Rights Management (DRM), Palladium, etc. The slash dotties, EFF pundits, etc. are rightfully up in arms about it, and I certainly agree in principle with a lot of their concerns.
Instead - all you smart
focus on maintaining and growing the vitality of non-DRM based computing by continuing to develop SW and supporting HW solutions.
So - don't waste energy hand wringing yourselves to death over paladium - get off the tracks before that train runs you over. Instead, get on the *other* tracks, and stay focused on the subject of this post.
Of course, we can't be a bunch ostrich's either. Support for EFF/FSF and any other advocacy group aligned w/non-DRM based computing philosophy is still essential so that there is a level playing field for laying those non-DRM computing tracks (to extend my metaphor above)
Below is part of an email I recently sent to a colleague, where I mused on the future of this DRM/palladium crap...
Here is what I think... What DRM and the architectural changes to the PC architecture in order to support it really portend is just another evolutionary change in home computer application. I think this is the point where the PC 'species' branches into two different sub-species. The traditional general purpose computing platform we are used to today, as characterized by a somewhat open, plug'and'play, 'hackable' architecture. And the new 'Digital Entertainment Computer' (call it a 'DEC' - nice homage to the original DEC computers, eh?). MS is still the king of the software world in traditional PC architecture space, although that position will continue to erode (no matter what MS does). More importantly, MS (along w/Intel) is in a position to define and own the proprietary and completely closed system architecture that will define the OS/HAL/UI for DECs using embedded DRM.
The DEC machines will probably be as mysterious as your cable decoder box, much smarter about detecting hacks, with a keyboard and standard PC peripherals attached, so that if you want to, you can stop watching 'Digivision' console (...my term!) and fire up MS Word if you really need to.
In the DRM/DEC world, beyond universal access to basic broadcasting services, I don't care at all how much MS dictates the standards - just like I don't care how television mfgrs and cable companies design their transmission/decoding and viewing devices. After all, you don't have to watch it, you don't have to subscribe, and you don't have to pay for it if you don't want to. The RIAA will finally stop thinking the world is coming to an end. This scenario is still pretty far out - what I'm thinking of here is the ubiquitous family/home entertainment system of the future, where everything gets its feed from a DRM/DEC device.
So - I'm betting on a rosy future for MS, and especially for anyone who gets in front of the wave of technology and enablement services that DRM and DRM media distribution channels will require. I think traditional PC hackers and open architecture advocates have less to fear from MS than they think in this future scenario. My guess is 10 years from now MS will be focused on preserving market share and raking in licensing fees in digital media distribution, subscription, and decoding (the future MS proprietary monopoly, if you will), and less focused on fighting back the open source/free software movement to preserve share in the traditional desk top OS/application market.
Microsoftheads: explain how you can ignore a decade of news articles, court records, and outrageous lies to such a degree that you are incapable of not feeding from the hand of your enemy?
In other words, your logic is "I hate Microsoft so much that I'll believe ANY conspiracy theory no matter how outlandish and illogical, without applying any thought or reasoning."
Sometimes it's best to just let stupid people be stupid.
It's been ages since I heard about RMS doing anything but rant about GNU/Linux. I caught his interview on "The Screen Savers" on tech TV last night, and was very disappointed to see he was so "tired" he couldn't hold a coherent dialogue. I grant the host was doing his best to rattle him, but last time I saw Rick involved in such I dialogue he held his own.
As to Palladium, well of course it's a "bad thing". I sure as hell don't want my systems frelled for the sake of Hollywood or the RIAA -- I use standalone DVD and CD/SACD players for that. Hands off my computers, my software, and my livelihood!
I do not fail; I succeed at finding out what does not work.
I think Palladium is a great idea, and let me tell you why.
One thing it offers is the ability to run a program which has it's own secure connection to the input devices and the screen. I think I'll write a little encryption utility which makes use of these features. By using a screen-based soft-keyboard for passphrase input I can make it impervious to every known keyboard sniffer, hardware or software. I bet I can find a few Mafia bosses who would pay a pretty penny for that! Thanks Microsoft(tm)!!!
Palladium will also let a client download software from the net which a remote server can verify is running untampered. I think I'll write an encrypted communications tool which uses this. Imagine being able to walk into any Internet cafe in the world and securely download an encrypted comm program with no worries about man in the middle attacks or keyboard sniffers! I hear the bin Laden's make good money in the construction business. I bet they'd pay good money for software like this so their "contractors" could check and submit bids online securely and anonymously from anywhere in the world. Thanks again Microsoft(tm)!!!
I bet I can find product opportunities in every market from P2P pirates to child porn collectors. Thanks Microsoft(tm)!
Step three: Profit!!!
Of course, the FBI and CIA are unlikely to let encryption tech that works that well out into the mass market. It's a safe bet that Palladium will either ship with a hidden back door or will include everyones favorite forgotten boogeyman key escrow. Thanks again Microsoft(tm)!
This tactic works for all sorts of politics, some good, some bad. It doesn't mean it's ineffective.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Comment removed based on user account deletion
I almost forgot about this. Tonight's episode of "The Screensavers" had RMS as a guest. But if you've ever watched TechTV, you know they repeat that show numerous times... specifically, 2:00am tonight, 8:00am tomorrow morning, and 12 noon tomorrow (all times eastern US).
Anyway, should be interesting to see RMS on TV. I've never had the pleasure. I forgot to watch it earlier, but I'm going to record it.
"... Kernel developers also want to have him banned from the LKML for constantly spamming it with off-topic political discussions ..."
/. when you have other more interesting things to do.
Just in case you haven't realized it yet, everything in this life that deals with humans and their activities is inherently political.
And if you doubt me, ask yourself why you actually "waste" your time posting to
I hate politics too, but it's just another fact of life that everyone has a motive, many of which are less than honourable, and those that care for what is right always have to fight to keep the world from going to hell.
Oh, and before I forget, RMS has contributed orders of magnitude more to society than most of you snot-nosed punks combined. None of you disrespectful whupper-snappers out there can start anything close to his Free Software movement, or come anywhere close to his productivity and work ethic, to speak less of even touching his character.
Flame away for all I care. Then take a long hike when your done.
No, not in "other" words, but in YOUR words as a devotee of slime.
Yes, in my words -- but also the truth.
Let's review: I post a logical statement stating why Palladium cannot be what the paranoids think it will be. Your response was not to point out any flaws in my logic, but simply to lecture me on their history.
So you tell me how my words don't fit your attitude.
Sometimes it's best to just let stupid people be stupid.
I don't see any reason for TCPA even here. Any such system should be designed to not run anything unexpected, whether it is "signed" or not. And that is easy to enforce by not letting people who might be interested in running unwanted programs from touching the machine.
The trick with TCPA/Palladium is it tries to keep a person who is interested in running such programs and has complete control over the machine, from doing so. This does not sound good to me, and very bad for banks, power plants, and other places that might really need to modify the software on their machine!
The problem is the IT department, which knows the password, can run anything. For business users this is actually good, they like having their IT department able to modify their systems to match their needs. But for Hollywood and MicroSoft it is bad, because that IT department has no disincentive to run software that harms Hollywood's and MicroSoft's business models as long as it does not harm the business the IT department is working for.
Palladum is entirely to force users who do have control over their machines to be unable to do things.
It is trivial to force users of a machine that that user does not have final control over to be unable to do things. This is a long-solved problem and Palladium has nothing to do with it.
Actually he has gone out of his way to ensure that you can do exactly that. In his interview yesterday on "The Screen Savers" he was asked precisely that question ABOUT HIS BOOK OF COLLECTED ESSAYS, and answered unambiguously that "Yes, not only can you photocopy it, but you are welcome to republish it." That's unusual, granted, but it's not all that extreme; his primary purpose in writing is to disseminate his ideas, not to make money, so it would be silly to view the process through the profit glasses. In that same interview he also pointed out that he doesn't believe that utility software need necessarily have the exact same protection mechanisms as a novel or a painting.
As for his eating, he does get some return from sales of official copies of his writings (even though you can get them free, to some people it's worth the convenience), and if you have a software problem you need cracked you can hire him to do it (and by anybody's measure he's one hell of a software genius).
If you want to distribute it afterward you will have to release the source code, but if you really need the solution and don't intend to profit from shrink-wrapped sales of it that won't be a problem, will it? If your business requires that you keep the workings of the code secret, then you may not distribute it. You're also free to alter his code to better suit your needs, but you can't then sell the modified result except under the same conditions (this is where GPL differs from BSD licensing).
It's not at all as extreme a position as you make it out to be. The GPL only disables those business models predicated on distributing binaries while maintaining secrecy of source code; they're not the only ways of feeding the kids, and RMS considers them unethical.
It's no more extreme of him to refuse to engage in those business models than for the owner of Chick-Fil-A to refuse to vend his goods on the Sabbath. In either case, it is simply a matter of a business person having other concerns besides the hunt for the almighty dollar, and in both cases these men are pretty well off despite not trying to screw every last dime out of their customers/public.
Worse actually, I've worked with people that have quit firms that had the functional equivalent. Potentially incriminiating plans were only discussed verbally and outside of formal meetings until such time as they became fact.
Stickies (e.g. 3M's Post-It) have been a godsend to these types. All the incriminating or legally questionable information stays on a sticky until it becomes official enough. If the records are forced public, they do so minus the half pound of stickies.
Despite being a turbocynic myself, I admire your point of view. However, being a turbocynic, I have to say that this is not about what is practical, efficient, or even desirable, this is purely about what is technically possible.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
It's important that this is not clever namecalling like "Treacherous Computing", but the names convey accurate firsthand meaning.
TCPA:
Centralised Auhorisation.
"Microsoft want to control what files and programs you can use by placing a control chip in your computer. If enough people can be persuaded to use CA for its useful functions, they hope it will become as essential as oil is today."
DRM:
Access Constraints.
"Microsoft wants to sell Centralised Authentication to companies like record labels so that they can control what music you can use on you computer and how you can use that music. For example, the hardware could forbid you from making a tape from your car, or delete music you forgoet to pay rent on.
Another example:
As an artist, you will possibly need to pay Microsoft a tax before your music can be heard, unless the record companies pay a *larger* tax to Microsoft to make sure only they get to distribute music."
Xix.
"Everything is adjustable, provided you have the right tools"
If RMS really wants to tell the world that they should oppose "Trusted Computing" then he really should find a better outlet than an OSS online newspaper.
Theres nothing wrong with Newsforge per se, but if he wants people to actually sit up and take notice then he really should try and get his articles published in places with larger distributions (BBC, WSJ, FT, Business and Computing publications for example).
Avantslash - View Slashdot cleanly on your mobile phone.
But that is not always possible to enforce.
Consider your average bank branch. The machines are owned and administrated by the bank, but in daily use by employees, who are of variable trustworthiness. 99.9% of bank employees can be trusted, but for that 0.1%, you need mechanisms in place to thwart attempts to introduce foreign software that hasn't been vetted by the site administrator (N.B: the site administrator vets the software, not Micros~1 or the {MP,RI}AA).
For instances where the software needs to be updated, the site administrator has the digital certificate for all the machines under his/her control. After verifying that the software does what is expected, s/he signs the binaries with the certificate and ships them off to be installed site-wide. So legitimate installations happen without incident, and unauthorized installations are made NP-hard.
Schwab
Editor, A1-AAA AmeriCaptions
I wish you were right, but your simply incorrect. Europe and Asia will go as does America.
From a practical standpoint, this planet has only ONE consumer operating system producer. All of the PC manufactures in Europe and Asia need Microsoft just as badly as Dell and Compaq do.
In fact, unlike the rest of the planet, the US has a few companies that might be able to sell PCs without Microsoft's help: Apple (of course), Sun, and IBM. (Sony could give it a shot, but they've shown no inclination. They have enough to benefit from the content business that strong DRM will be right up their alley.)
All of today's Wintel-clone builders will move as a group to either accept or reject Microsoft's hardware demands en-mass. Any of them who lags- whose customers start returning computers because it was incompatible with MS Word 2004- will be dragged down into bankrupcy.
Besides, the "OneWorldGovernment" thing is happening- its not coming from traditional governments though, but from multinational corporations. They influence the political process of each state to maximize their profits, molding the "developed world" into a conforming shape. (Laws which don't directly business profits will be left alone for a while, so nations will retain distinctiveness on "irrelevant" things like gun control, abortion, and taxation patterns.)
Pseudo-governmental entities like G7, IMF, and WIPO drive this conformity forward. WIPO tries to convince all nations to increase their intellectual property laws- they promoted some kind of "copyright duration parity" as support for the Sonny Bono act, for instance.
The citizens of the world CANNOT sit back and laugh at the hapless American consumers who are locking themselves into subjugation- soon the tendrils of DMCA-equivalency laws will penetrate their homelands, bootstapped as conditions of Favored Nation trading status, or by more insidious means.
I'm being pessimistic here- maybe Germany et all will be smart enough to read the fine print on some of these treaties before their parliaments rubber-stamp them- but its safer to assume the worst, and spread the warning about it.
Most of the music and films (by total sales) do come from the US, but more importantly, even countries that create their own recordings will be willing to duplicate the US's laws in order to continue getting the US's products. And then the local works will be restricted in the same way.
- - - - -
I don't have to remind anyone that the Chinese government isn't exactly freedom loving. They don't want to be restricted by Microsoft (enemy of my enemy), but they're happy to restrict anyone else they can. Turning to the biggest bastion of fascism to protect your own freedoms isn't just ironic, its dangerous.
They aim to control the speech & thought of their own citizens. The free internet is an irritant to them- so far they've been unable to effectively block it. The only way they could make that work is to have code on the client side to scan your browser cache and send reports back to the police. And the only way to stop people from tampering with the monitoring software will be- dahdahdum- hardware recognition of signed binaries!
Something very similar to Palladium, or possibly even worse. China will either copy the Palladium technology directly (and become their own signing authority) or roll out a cheap clone (fixing any holes left in the Microsoft version).
Comment removed based on user account deletion
Comment removed based on user account deletion
Do you really think that if Intel and AMD implemented Palladium, that they would have much of a choice? Where else are they going to go? Sure, there may be other processors out there, but do you think that people will change? "Trusted Computing" sounds great to people who don't really know what it is. And somehow people outside the US have a clearer picture of all of this? Uh-huh.
The TCPA may be the end of free computing in America (though I doubt it), but the rest of the world will continue on its merry way. Get over yourselves!
Sorry, but if the American economy tanks, I think it will have an impact on the world. The US is a big player in the global economy. I know better than to think that we control everything, and our way is best. I do know that if "trusted computing" takes hold, even if it is only in the US, that it could have dire consequences for everyone. If the American stock markets tank, the world will feel it. We import and export a lot of things to the rest of the world, and if that stops, the rest of the world will notice. I am not suggesting that Palladium will cause those things to happen, it is definitely a worse case scenario. But it is possible.
The point is, we are all in this together. Trusted computing is BAD, and it is bad for everyone. Maybe other countries wouldn't feel it as immediately, but you would feel it. I suggest you get over yourself, and stop thinking about things in such a nationalistic way. Why do you think that the rest of the world is somehow above having these restrictions imposed on them? So exactly WHY is the rest of the world so impervious to things like this? Oh, every other country must be free of greedy corporations and corrupt politicians, which would let something like this happen.
My beliefs do not require that you agree with them.
What would the effect of a computer professional / geek strike be?
Does anyone think a massive nationwide geek strike could even be organized?Would you actually do this?
Until MS takes palladium off the shelf, and Intel and AMD cancel DRM-on-CPU plans...
It would have to be cross-border, OSS, MS, BSD... Who is even in the right place, politically to organize a strike? Would international support matter, or is this strictly a US problem?
How big would it need to be to make a difference - 5% or 10%? Are thier margins tight enough that a 1% strike could freeze them? Could it infect non-geeks, grassroots style?
If nothing else, it could raise public awareness when the president came in to make us all go back to work. :)
Would you do this?
It still does not require Palladium/TCPA hardware support. The site administrator needs a password that only they know and the employees do not know. Palladium/TCPA is entriely designed so that MicroSoft alone knows the password. If the site administrator knew the password they could defeat DRM, so they will not be allowed to, so the site administrator would have to do the same thing they do now.
Speaking of propaganda, take a look at your own post.
Palladium is not 'restrictive hardware'. Everything piece of software that you can run now (with a few obscure exceptions) will be able to run on a Palladium based system. You will still have your precious MP3s. The end user still has final say in what is trusted and what is not trusted.
In fact, it can be argued that Palladium gives you more choice. Without Palladium or TCPA, most media companies have been unwilling to sell digital content for PCs because they fear piracy (however misguided this is is irrelevant to this discussion). Palladium will allow them to sell content without these fears. Now in addition to your current media files, new content will be available that was never available before.
Your argument is misplaced. Palladium and TCPA are not the things we need to be fighting- we need to fight overly restrictive DRM software and media companies trying to cling to an outdated business model. But as the parent said, we can easily fight this battle by voting with our wallets.
"The defense of freedom requires the advance of freedom" - George W Bush
Comment removed based on user account deletion
Comment removed based on user account deletion
Are we still talking about TCPA? Sounds like you're beating your chest over hypothetical events not related to the topic. Why don't you just say: "The world cannot go on without a properous American economy!" or "w3 o\/\/n j000000!!" You're just proving my point on the American EGO. Many other countries currently follow a different path than the US and this will continue.
Pardon my frankness, but stop acting like a dumbass. Yes, I was being hypothetical, that is all TCPA is right now. I am envisioning a worst-case scenario, where TCPA allows great harm to come to the US economy. Yes, the world will go on if something awful were to happen to the US economy, but my point is that we all work together, and the effects would be felt. If I had said something as utterly stupid as you did (putting words in my mouth) then that would be ego. I am trying to make a point about how TCPA is BAD for everyone. Just because it starts with us, doesn't mean that it wouldn't be tried elsewhere. If some other country that produced the processors and operating systems that most of the world used was trying to implement this, I would be just as concerned.
Canada's senate is reviewing a bill to legalize pot while US police are still jailing kids for possession. Canada has very few gun related deaths compared to gun wielding Americans running scared from a evil sniper armed with a gun you can't even buy in Canada. Can you see the differences here?
To quote you: Are we still talking about the TCPA? Who's beating their chest now?
Canada will never see the day of TCPA and a large volume of non-TCPA hardware will always be available for countries not honoring the TCPA. Why? Because if there is a demand, someone will supply that need. The only case in which TCPA products would replace or modify all current PC hardware/software is when every single country in the world fully enforces the TCPAs directives. It's a joke that anyone would assume they have such absolute influence on the rest of the world. Didn't you hear about the Chinese buring DVDs and CDs in International Waters to avoid copyrights? Do you really think it's impossible to envison a country that would harbour non-TCPA hardware manufacturers?
Dude, it has to start somewhere! Are you seriously saying that TCPA doesn't concern you? If they get in bed with the processor manufacturers, and Microsoft, that is a pretty friggin good start.
Oh, every other country must be free of greedy corporations and corrupt politicians No, but you're assuming these entities will follow a business path that aligns with US legislation. Wrong. The same capitalist needs that fuel the TPCA would create an industry of non-TCPA hardware; and trust me, the earnings would be lucrative.
Of course - but how can you deny the buying power of the U.S.? Come on, that is what we do. It would be more difficult for companies to support two different devices (TCPA and non-TCPA), so they would have to make a choice. We are a nation of consumers, and they might just make the jump to producing only TCPA. And if they see our corporations gaining control over our computer users, and making tons of cash, why woulnd't they do it as well? Greed is an evil thing, and I just don't think that we are the only ones who are capable of it. You seem to paint the world outside the U.S. as somehow radically different in that respect. Jebus, I don't want it to be like that, but I think that is how it is. Maybe I am naive.
Excuse me, I'm off to smoke a Cuban cigar.
That sounds good. I have a humidor full of them, maybe I'll have one too. ;-)
My beliefs do not require that you agree with them.
I know. Except I believe that it is wrong and should be stopped. That is what I was saying. You are saying "let it happen, it is only the U.S."
My beliefs do not require that you agree with them.
Comment removed based on user account deletion
Comment removed based on user account deletion
Funny, I just got back from seeing Michael Moore's movie "Bowling for Columbine". You should see it, it addresses this point quite well. Canada has 7 million guns, which is no small nnumber. So why does the U.S. have so many more gun related deaths??? I would recommend that everyone see this movie. One of the best I have seen in a very very long time.
My beliefs do not require that you agree with them.
I tend to draw a more definite distinction between "can it be done?" and "can it legally be done?".
I'm with you on your sentiment, but I still think source code vs. not ought to be irrelevant by now.
-fb Everything not expressly forbidden is now mandatory.