Slashdot Mirror
LaGrande, TCPA, and Palladium
An anonymous reader writes "Intel's Paul Otellini gave a talk to developers where Intel's project called "LaGrande" was mentioned. This project is aimed to create a "safer computer environment", that would consist of an advanced TCPA implementation. Some of the features it has deal with physically "protected execution, protected memory, and protected storage". When talking on LaGrande, Otellini said "it's a core technology that things like the Microsoft Palladium initiative can take advantage of to build much more stable platforms.""
However the most negative single feature of TCPA and Palladium is the nature of Palladium and the philosophy that has driven Microsoft's development and promotion of Palladium. I think this is probably the scariest part of the whole deal. They recognize what could happen but they press forward regardless.
Most people who hear about these projects don't really understand how little control or privacy these projects will leave us. As far as stable, thats just funny...These projects will not give us more stable software, just buggy software that will let us do less. Next they will be telling us about CPUs and HDs that require MS to work correctly. and I have the first coherent post on this subject :)
"/. =
A world withought hackers, were the only people who can allow software to be installed on your computer is the nice folks at Microsoft and intel, wait did i forget myself in that list? this is a joke all it will be is Microsoft schemeing to prevent "fair use", open source, and easy government computer spying and restrictions is all that palidinium will be used for. Sounds like the future of the wounderfull digital restrction management is comeing.
come comment on the madness at http://slashdot.org/~phreak03/journal/
"Security is mostly a superstition. It does not exist in nature... Life is either a daring adventure or nothing." -- Helen Keller
This was the quote on the bottom of the page... what irony!
Hey, man, if this is what it takes to allow M$ to release an OS that's actually stable, I'm all for it. Once that little OS detail of being stable is out of the way, maybe they can put some time into security...
In the classic LucasArts adventure game Monkey Island 2, there is a character called Largo LeGrande. When we first meet him, IIRC, he tells Guybrush (the protangonist) that this island isn't safe, and then procedes to turn him upside down and shake all the money out of his pockets. Also, he has an oppressive embargo on the whole island (The Largo Embargo).
:)
Couldn't think of a better name, myself.
Such a price the gods exact for song: to become what we sing - Pythagoras
Nobody is going to force users of Palladium enabled systems to actually use Palladium. If you are offended that RIAA decides to distribute music that can only be played on Palladium enabled systems, refuse to buy the music. Meanwhile, consider the benefits:
I'm runing hundreds of different programs on my windows machine. If any one of these programs is subverted by a malicious user, all of the information on my machine is vulnerable.
With Palladium, etc. it will become possible for programs to keep especially sensitive data safe from malicious programs operating on the same machine. Now an attacker will have to not only subvert one of the programs that I have trusted, it will also have to defeat the Palladium system.
This is much more difficult than it sounds. It is easy to find a security hole in a machine that is runing hundreds of programs, because only one program out of hundreds has to be defeated. With these trusted computing platforms, software atackers will only have a few possible points of attack, and these have been subjected to much more strenuous security analysis because:
1. There are only a few places that the effort has to be focused and:
2. They were specifically designed for security (unlike just about everything else about Windows).
I don't see how this can be a bad development. At worst its neutral. At best, Palladium will allow me to do all sorts of things on my computer that I wouldn't dream of doing today because of security concerns.
Imagine a beowulf cluster of these babies!
I hear that the designers of Palladium used 'ls' once in a while. Perhaps it should be called GNU/Palladium?
our freedoms are being forsaken to line the pockets of congressmen
They're using their grammar skills there.
Bill Gates is my hero!
1. Create an insecure operating system
2. Profit
3. Blame computers for your insecurity
4. Profit
5. Get hardware vendors to make changes to compensate for YOUR buggy software
6. Profit
7. Prevent any software except yours from running securely
8. Profit (by others demise)
9. Take away everyones choice.
10 Profit
11. Blame the computers some more, as you take away more freedom
12. Profit. Profit. Profit.
When there is a wolf guarding the hen hose, why on earth would I need the shotgun named Linux?
I was as afraid of palladium as the next guy before the details started to come out, but I think we ought to try to avoid the knee jerk reaction and think this stuff through more carefully.
A lot of people are opposed to any scheme that can be used to thwart piracy. But in my view that's an extreme and unreasonable position, even when fair use issues are taken into account.
For a long time it's seemed to me that the thing we ought to be working towards is an open system of distribution, one that can't be dominated by large media concerns, something that gives a guy who makes music at home the same sort of access to the market as the big record labels.
To me, the issue is not whether or not my computer is capable of running some sort of protected DRM system -- the issue is whether or not it's capable of running alternative systems, if the existence of a palladium aware media player will break my mp3, ogg, and divx players, or my entire open source operating system. As I read these proposals, that's not the case, they won't break things.
Microsoft has said explicitly that one of the key design goals of palladium was that it shouldn't break existing software.
In my view, these sorts of services are useful, and we ought to be talking more about "how" then "if" they are implemented.
In particular, we ought to be sure that software that will run under linux can provide the same sorts of services as a palladium enabled version of windows. I know that the applications themselves couldn't be truly open source (or at least you'd have to use a signed snapshot of an application that was developed using open source methodologies). But I don't think that's enough of a reason to pull back from this stuff.
There are useful applications for this stuff.
About a decade ago, one of the hot topics among crypto types was digicash -- cryptographic protocols invented by a guy named Chaum that try to mimic cash, especially its anonymity and security.
One of the big problems was how to make microtransactions work when you're disconnected from the net. Imagine two palm os devices doing a transaction over infrared. Chaum's answer was to use tamper proof chips.
Sure, on some level nothing is tamper proof, but it ought to be possible to make tampering difficult enough, expensive enough, and to cap the size of the transactions possible and the rate at which they can be made, in a way that would give people reasonable security. The NSA could hack the micropayment system, but they'd have to spend a million bucks, and all they could get back would be $50, or something like that.
It seems to me that this kind of hardware could be seen as a more flexible kind of tamper proof chip.
I think the goal should be that whatever hardware comes out should work with arbitrary operating systems. The trust chain should be decentralized.
In other words, if I develop an electronic music distribution system, I should be able to develop apps for whatever OSs I choose to support, and I should be able to make my system recognize whatever signatures I feel are trusthworsthy. It ought to be possible for *anyone* to develop such a system, and to use the hooks into the hardware.
The thing that worries me is that if all we say is "no, palladium is the devil" we won't have any voice in this stuff.
for Intel and M$ that nobody has claimed the intelectual property rights on idiocy (yet).
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
I thought they were just talking about implementing this, but I've recently started looking into buying a laptop - To my utter dismay, IBM's laptops (all of them from what I can tell), come already hardware equipped for this.
Well, I guess IBM is going to lose about $4000 CDN in sales to me. Sorry guys, maybe make something the consumer wants and I'll buy it!
LaGrande eh, named after Largo LaGrande from Monkey Island II no doubt, he's the guy who steals all of Guybrush Threepwoods money.
So, they start this initiative now, hardware filters slowly through the system and in some 10 years or so, the **AA corps finally have a market?
I'm not losing any sleep over this. Who is going to buy DRM encoded media anyhoo?
I am the Barber of Seville.
'Apparently' in a final nihilistic existential-phenomenological act the French have surrender reality.
...they sure are good at marketing.
HELLO?!?!? McFLY?!?!?!?!? You guys act as if Intel is the only CPU maker in the world. AMD?!? PowerPC?!?!?
1-2-3-4-5-6-7-8-9-10-...-55259285-55259286-5525987
That is quite a high on the bullshit-o-meter scale.
I'm never going to buy hardware that forces me to be restricted in my use of the hardware. As a consumer, I don't want some software developer using protected hardware instead of really good and solid coding techniques. I don't care how much it creates stability in the hardware, if this influences just the average joe who isn't concerned with having a website up accessed by a million people a day (or whatever people need more stability for), than this solution is going too far. I could see this being used in a corporate environment, no prob, but it should never be extended to the end user. It's like using a nuke to kill a deer. Senseless. ok that was a stupid comparison, but, hopefully my point is understandable. Once companies start protecting me "for my own good", they are victimizing me and taking power away from me, and as a citizen, I will resist it to the fullest.
When will Icaza show us the new Mono-Palladium???
Check out IBM's new ThinkPad notebooks, "now with better 'security'"!
I saw an ad on TV for one of those. Kinda made me cringe. I'm curious as to what kind of TCPA stuff it's got.
"The ultimate goal, the thing that we at Intel are working for -- and let me take a stretch and say the things I think that all of us in the industry should be working for -- is really bringing computing to everyone anytime, anyplace in the world."
Ummm...no it's not, or if it is they sure have a funny way of going about achieving this goal. How does hardware that restricts the use of software and data increase the availability of computing to people who can neither afford the hardware nor the software?
Time is what keeps everything from happening all at once.
DIVX.
Not the codec, but the DVD-ish format introduced by Circuit City. It flopped because average-Joe consumer saw it for the fraud that it was, and you can bet that the same will be true when consumers have the choice between a crippled DRM version of something and a non-crippled version of the same.
DRM will NEVER, EVER catch on with John Q. Public...which is why the effort to implement it via legislation MUST be stopped.
"If at first you don't succeed, lower your standards."
Suddenly Apple and MacOSX are looking a _LOT_ more attractive. I currently own both, but I may be forced to get rid of _ALL_ M$ and Intel products.
Seriously, if they keep this up, I will not buy any more M$ or Intel products.
We are the consumer, lets show them we mean business with our pocket books!
The "caring software" argument is an interesting spin. I agree, that Linux et. al will not limit users the way MS OSes will (Apple BTW, is making a stand). However, there is still *a lot* to be worried about.
Consider that once the thing is there on the chipset, people (namely RIAA and friends) will want to use it. With the DMCA and other such laws already on the books, might not be to hard to *require* Linux to use LaGrande (via legislation) and limit your rights. Any supportted, big distro will be forced to add the stuff in or be shut down.
Once the genie's out of the bottle, it's hard as hell to get him back in again.
C'mon... reading that article was less informative than a longterm weather forecast, no need to read too deep here, it's mostly fluff.
Sure, many of us including myself have extreme pause in trusting the Trusted Computing Initiatives being pushed by wintel. But, this particular article provides no new insight and is just pep-rally talk and should not be taken all too seriously.
Maybe this article is good to raise the issue for CTO's to get some reports drafted on Alternative OS/Hardware means. Apple, though still on the higher end of the price factor is strongly against much of the DRM and "trusted" computing alliance.
And with more focus on "Office Killers" for Linux and other OS's I think that by the time TCPA and Co. hits the streets there will be plenty of other solutions available. Time however, will tell just how many there will be.
Im actually looking forward to TCPA and Palladium. No, really i am. It will lighten the load of my job, being a support engineer.
What im saying of course is it will have its place, on the business desktop, on the childs computer, on public accessable computers etc etc. They have already stated that there will be a option to turn it off, and to be honest all of those who say "Well yes, but what about when they remove that option?" are just scaramongering. Yes true they can remove it in the future, but will it be that easy? I dont think so, there will be too a big outcry, and there will still be large numbers of eastern computer manufacturers making PCs as we know them now.
As i said at the beginning of my post, i am looking forward to this. Especially if systems administrators will be able to control it (and i bet they will be able to), as this creates a whole new set of security barriers to wouldbe theives etc. Imagine what the outcries were like when the first user account was created on an OS which didnt have full rights to all the system. This is jsut the same.
Last I heard, AMD was on board. They're not really in a position to fight MS and RIAA at the moment.
Apple, on the other hand, is not on board, so, unless things have changed last time I looked (and who knows now-a-days?) you're half right.
This could be both good or bad. On the good side, it might support multiple virtual machines a la VMWare without the horrid hacks needed to make that work. On the bad side, it could mean that you can't develop code that will run on consumer machines without permission from Microsoft.
they have plenty of prior art.
There is a great body of software to due a lot of hard work being done over the passed several years, and as long as congress doesn't do anything unconstitutional by outlawing legacy systems, this new Intel position may be more for the rubber knife crowd. But we will see.
Dawn of the Dead
One component that seems to be missing in the whole Open Source realm is hardware control. I wonder if it would be viable or even possible for the Open Source community to co-develop, or at least be able to provide specifications to hardware manufacturers.
Many hardware vendors are finally waking up and embracing Open Source, e.g. (3ware, Adaptec, Intel, AMD), but it seems as if the community is always fighting with hardware. If worst came to worst, we could all boycott a particular vendor and pledge as a community to buy non DRM (Digital Restrictions Managemet) devices from a competitor in volume.
After all, DRM is NOT LAW! (Well at least not until Microsoft donates $20,000 to a couple of congressional campaigns).
Open Source should have Open Hardware!
Also, I am not worrying too much about Palladium or other "copy protection" type devices. They will be defeated just like every other type of "copy protection" that has ever been invented. In fact reverse engineering Palladium in compliance with the DMCA will probably be a sourceforge project.
I've got a bit of insight on this, since I've worked at Intel on these sorts of R&D technologies in the past, and know how the company works and thinks.
I was critical of this and other Intel programs designed to limit the abilities of the PC, and in general, give businesses more control over a users PC then the user himself. I'm sure that had a BIG reason in my being "let go".
Even Andy Grove spoke out against LaGrande, but unfortunately was trumped by now more influential voices on the board.
What Intel is hoping (and knows) is that all of you WILL be forced to buy a Palladium PC. Of course, you'll have it sitting right next you your NON-palladium PC. You'll probably have a KVM switch right there, able to switch between Palladium and Non-Palladium and the press of a button.
Hell, manufacturers will probably design a way to put two PC's in one box...and Intel will have sold twice the CPU's.
I always considered this plan very short sighted on Intel's part. Intel NEEDS to realize that people purchase PC's because of its abilities to be the greatest tool ever invented. The more you limit the abilities of the PC, and the more you allow the RIAA and film industry to turn the PC into just another sales channel, the less value the PC has overall.
Here is a question for you: If MS/Intel made a PC that could only playback DVD movies, why would you EVER watch a DVD on a PC?
Now there's no public list about who's on TCPA and who's not... we just can't know
VIA is also not in the TCPA alliance. Maybe their CPUs are weak tea now, but the roadmap for the CIII architecture and beyond suggests that it can be extended and enhanced well beyond its current capabilities.
Knowledge is power. Knowledge shared is power multiplied.
it's that fucking genius kid again.
Caveat: The article had almost as little info as the slashdot story. ("demo begins and ends"? Huh?). So I don't really know what it is really about. But if Microsoft can use it to implement palladium, we can do some real cool stuff with it. too.
This seems to be about getting better hardware suppoort for separation of different kinds. This is good stuff. That might mean stuff like:
In multics they had a small piece of the kernel in the "center", called the hardcore, and everything else in the kernel interfaced with that much in the same way that userland interfaces with the kernel now.
I have never seen such a freaking luddite reactoin to new tech here at slashdot. Geez... Were you guys this upset when they added memory protection to the 386 too? This is more of the same.
"An object declared as type _Bool is large enough to store the values 0 and 1." -- 6.1.2.5, C99 standard.
Does Intel like losing European Union Sales? All the countire sin this union have expressed the desire to refuse to allow TCPA in their computer systems..They hate oppression by big us companeisand they hate Intel and MS..
Don't Tread on OpenSource
Hopefully that means that Guybrush (RMS? Alan Cox? Bruce Perens?) will get a voodoo doll and kicks his ass!
While many of you may say "I'll just not buy Pallidium-Enabled PCs", that just won't work. Eventually, every PC will be Pallidium enabled, and the only choice will be to run old hardware, and to be unable to run any new or improved programs. Sure, you'll still be able to run Linux on that Pentium 4; but all the new programs will require a Pentium 6. And if they don't, Linux won't be able to take advantage of new hardware; you are damned wether you buy Pallidium PCs or not. And the general, Windows running populus will buy Pallium boxes; they don't care as long as Word, Excel, and the rest run, and run well.
The only hope for the /. community, and hackers in general, is that we all form a lobbying group, and lobby for Pallidium to be made unconstitutional (And for that to happen, code must be labeled "Free Speech", and there is a precedent against that. But remember, precedents can be overturned).
While many of you are against lobbying, the only way to beat this thing is to use the power that our government allows us to have. If we don't, we're dommed to a Pallidium Controlled Future.
Don't say I didn't warn you; the only glimmer of hope for me is my cute little iBook. The concept of a (somewhat) major computing company basing their major product on OSS shows there is hope. But who knows; even Apple may succumb to the power of DRM.
Not likely, because the idea of DVDs that expire a few days after purchase was so bad that even Joe Sixpack wouldn't buy into it.
If you want to give the keys to your computer to anybody but yourself, fine. Publish your static IP address, turn off your firewalls, deinstall your anti-virals, and announce here that you've done this and I'm sure your box will be 0wn3d in a few minutes. Maybe you'll even still get to use it afterwards.
The rest of us obviously have a lot more sense and a lot less trust than you do. Are you new to the Internet? Do you actually buy products that spammers sell? Is your "herbal Viagra" working?
"Trusted Computing" is intended to protect the vendors, not the users. We are the ones that are expected to pay for these boxes. I can't think of any actual benefits which DRM-enabling will give me in actual practice.
If you want to buy it because it's k3wl n3w t3cHn0l0gy, go for it. And post about your experiences, in the post DRM climate, those of us still in the USA will need all the laughs we can get, and those of us who aren't probably deserve some chuckles at US expense as well.
Tech Public Policy stuff
History is replete with Bad Things imposed by powerful entities (be it governement, warring factions, religious institution, corporations, etc). Usualy, those entities attempt to reduce resistance to those schemes by publicising them as good, advantageous, desirable even.
Censorship is a reccuring favorite. "It would be bad to let the counter-revolutionnaries / heretics / competitors to speak against the System". Another common theme is "We have to protect the weak / children / people against harm and/or themselves".
This is, however, the first time that I see something so obviously nefarious portrayed in such a positive light!
The only raison d'tre of Palladium (and the underlying mechanisms) is to prevent people from using their tools to process the data of their choice in the manner they choose. Be it to prevent the "evil pirates" from listening to their CD on their computer, or *gasp* using such-and-such technology without the "safe" and "approved" program (how much are you willing to bet that "approved" software will always be commercial, proprietary and expensive?)
This would be horrible enough to get even the general populace to react and protest... if it wasn't described as an "enhancement". "Safer" They say (for whom?). "More reliable" (at what?).
My OS and computing environment are safe enough for the tasks I give them as it is. I don't need "help" protecting me against myself!
We need to cry, shout and yell loud enough to be heard. The CDA was nothing compared to this, because our computer remained ours, we could always choose to obey the law or not.
They are trying to take that choice away from us.
-- MG
I work for a South-Africa company that developes ultra-low-cost educational computer labs for schools. We have cut the cost of a computer-extended education by over 75% allready.
Nigeria, Zambia and Namibia are allready starting to use this. We are a profit company, but we all (including the owners) work for salaries and the net profits go into cutting the system cost even lower.
We work in close relation with non-profits and we are really doing something good to improve the quality and availabillity of a proper education in the developing world.
We achieved this by combining a low-cost broadband approach (satelite) with thin client systems. The children work on old 486 and p1's but the software actually runs on powerfull servers.
Everything we did is possible ONLY because of Linux. If we were using a windows based solution, our labs would cost more than eight times their current price to build - that's just the licensing. Add the problem of windows requiring newer hardware than Linux and the cost at least doubles yet again.
I know what I am talking about - I do this for a living.
The point then - we have to stop paladium.
This is but one example of how the developing countries are slowly starting to turn their economies around and breaking the cycle of destruction that started post-colonialism by using open-source systems to utilize their resouces better.
If we cannot run Linux and open office anymore - what can we do ?
OK so we have no plans to upgrade these pc's in the next few years anyway but what happens when we have too ?
What will we do if none of the over 2000 labs running on this system can send mail to anybody else anymore ?
What will we do if the internet becomes so blocked up that our thin clients fail ?
For that matter we will not be able to upgrade our servers to paladium level because we are talking about litterally hundreds of users needing access to the SAME programs and the SAME documents on the SAME machine - and none of this is illegal not even under the US DMCA.
I have allready begun rallying our non-profit partners and will continue to do so - our collective voice does get heard at the UN level (they in fact have paid for many of those labs). Africa cannot survive if paladium goes through.
Bill Gates may not give a shit about that, but I do - this is my home !
For all those here who have been telling us this is a good thing(tm) - spare a thought for Africa. We are trying to save our home - don't destroy it for the sake of the unholy wood.
"Semper in excretum set alta variant"
True, you can turn it off, but then you won't be able to view TCPA encrypted media...
So, "secure" data using TCPA transmitted between people or companies will require trusted apps to read it.
Now, do you suppose free software will be able to become "trusted"? Given that it's constantly changing and often has little or no funding? I'm thinking that if TCPA becomes widly used, it's going to have a huge negative impact on free software... not that MicroSoft care.
--
Hollywood representatives have publicly stated that skipping commercials is "stealing."
When companies invest R&D money into bigger hard drives, faster CPUs, video gizmos, and slicker GUI interfaces, we all understand the motivation -- increased sales.
From what I have heard about "LaGrande" and "Palladium", there are benefits for the "gatekeepers", but no benefit for end users. Nobody is projecting increased sales because of these lovely DRM "features". Indeed, many are wondering if people will buy this stuff at all. This would be like McDonalds working on a way to make greasier french fries, because it would help the lard industry.
So my question is this: "Who is bankrolling this operation?" If Intel/AMD/M$ are really spending their own money on this, it's a mass outbreak of corporate stupidity. Is Saddam Hussein attacking our tech industry with some kind of "dumb-down" bio-warfare weapon?
My conspiracy theory is that the "LaGrande/Palladium" boxes will be blown out at firesale prices, subsidized by someone who really wants this stuff to be deployed -- kind of like Xbox on a massive scale. The payback will have to come from the victims^h^h^h^h^h^h^h^h customers -- endless fees and hidden surcharges built into everything they do.
For protecting from malicious (or more likely buggy) programs, everything Palladium promises is there right now. But machines are contuously hacked (Linux as well as Windows). Why? Because of a thing called bugs. Palladium is not going to stop bugs. It will instead sign bugs and say they are "trusted". Big deal!
Palladium's purpose is to make sure the owner of the computer can't insert "bugs", and the user cannot fix "bugs", no matter how hard they try or want to do it.
Well, I feel good that I'm running on AMD at least. Next best thing will be when I can switch to Apple equipment.
A slip of the foot you may soon recover, but a slip of the tongue you may never get over. -Benjamin Franklin
From what I understand, all that will basically happen (besides a few hardware changes to accomodate) is that new commands will be added to the Intel CPUs to allow a portion of memory to be designated as "protected", and I assume possibly even only accessable with a public key perhaps? So, a program can allocate a hardware-locked portion of RAM.
This would not stop Linux from running. Linux would simply not utilize the feature (or, it could even be added to Linux), and run it's own memory management scheme with software as it does now.
It will not stop your MP3s from playing. They'll just play in a protected address space. Or maybe they won't depending on your player software.
This will not stop your DVD ripper from ripping. An alternate driver and ripping program designed to simply not use a feature designed to provide hardware security for applications is not a violation of the DCMA (even if the ripping of a DVD is, which is a different question).
This will stop someone from using an external program to cheat at a game (the game locks off its memory, the cheat program cannot change the data).
This will prevent someone from, say, running a malicious program which essentially "core dumps" your RAM at a specific time, maybe when opening your e-mail reader?
This will possibly stop things like Outlook viruses, as Palladium/LaGrande-aware applications are hardware-isolated into their own address/execution space and cannot interefere with other applications.
Did I miss something? Should I really believe M$ is dumb enough to make a move which will cause outcry and backlash from the most tech-savvy of users all the way down to the e-mail granny, at a time when the DOJ, along with every man, woman, and l33t-preteen on the planet is breathing down their necks in anger?
C'mon people, I hate MS too, but they where smart enough to get this far, even if they did hire Balmer...I think that's an obvious move to NOT be making, if they value their asses (assets?) at all.
Please correct me if I'm wrong, and please post links.
CAn'T CompreHend SARcaSm?
Paranoia! Palladium does not stop Africans from using Linux. It would make more sense to complain about Rambus making computers more expensive.
I don't care what they say.. if the hardware I buy, or the OS, or the software for that matter is 'protected' I WILL NOT BUY IT!
It's MY MONEY.
I get to choose what to buy. Now, I've been using PCs (windows mainly, some Freebsd, some linux) for over a decade. If I face the future where a "PC" MUST be hardware protected then I would easily buy a Mac. There is no question what is worth more to me: MY privacy vs THEIR restrictions.
This is absolute crap! In the future I'll have two machines, or 1 machine with two configurations:
Config/Machine 1: This machine will never in its entire life see the net. It will be able to see a machine that is linked to the net but it itself won't connect at all (oh, Norton 2002 users: You're screwed here. Buy the software, and the damn thing won't work without an internet connection. Take it back, and the shop says that it works)
Config/Machine 2: This machine will have access to the net. It will have (at least) a working and configured _personal_ firewall (ie: local firewall like Tiny Personal Firewall that blocks individual programs). This machine will be setup with 3 disks/partitions in it.
Partition 1: Main OS (assume 1 OS atm)
Partition 2: Data (may also have data on another computer on the network)
Partition 3: Restore partition
Basically, partition 1 will be backed up (ghosted
So.. some dick writes a new worm or virus? FINE. reghost partition 1 in the morning.
This situation assumes that I'd still like to use windows. FreeBSD is a much better alternative. Trust me.
Palladium is not a scheme for Microsoft to archive your crypto keys. Your crypto keys will on your motherboard where only you can get them. Microsoft wouldn't want the responsibility of holding keys for people.
Comment removed based on user account deletion
This is the most incisive post I have seen on the issue of Palladium. This is a post for the history books!
Great job man!
people stupid enough to buy it. It won't be the Financial industry or the HealthCare industry, M$ has seen to that. The University clients seem to be wiser and discovering Linux faster than anywhere else, what market do they have to 'penetrate' beyond the average AOL user ?
errr....umm...*whooosh* *whoosh* Is this thing on ?
Why don't these engineers ask, "why are we doing this?" There's got to be more important work that needs to be done somewhere.
Check out this scary faq about Palladium:
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
it is this simple. ... bottle ....Genie.
Computers coupled with the Internet puts too much
communications power in the hands of the people.
Our centralized power structures ( aka the powers
that be ) have being trying to geld this ever since they realized it had snuck past them.
Back... in...( huff,puff..strain.) the
you damned
Comment removed based on user account deletion
this is "the man" (whitey) keeping us down.
this is whitey, trying to keep information from us.
knowledge == power.
whitey wants to keep his power.
whitey wants more power. it has to come from somewhere.
it will come from you.
dont give whitey more power. forget about laws and politics and money. see it as a human. you are one person, and other people are trying to keep information from you, so that they can have power over you. intellectual property is a joke, it is only a means of gaining more power. power power power. coming out of your ass.
why cant mankind rise above this garbage?
Most slashdot post look at this from the "Disney is coming for my computer, and Microsoft is bringing them there" angle but I see no reason for Microsoft palladium to be the only application of TCPA. Much as I would like to point out practical possibilities, I cant make heads or tails of the TCPA spec, but at least a "Asymmetric encryption co-processor" and hardware random generator sound useful for most normal (as in non-disney) crypto projects like openssl, gpg and fast-ipsec. Imagen a gigabit Ethernet ipsec enabled router of of the shell hardware with no extra costs as the extra logic comes with the processor at a "normal" price with development paid for by Disney! Even distributed crypto cracking projects might benefit. Ofcourse fun projects are only possible as long as the security and randomness can be proven, no need to directly trust Microsoft, Disney and hpaq yet. But keeping in mind Disney will not like it when Intel and friends make mistakes, excidental or otherwise, things may go very smoothly ;-).
Also there might be a real political benefit here as well, no politician will go and ask for TCPA power and import/export to be regulated just so worldwide snooping agencies have an easy way in, and even if one does, Disney backed politicians will fight them with Disney money backed campaigns to "safe the future of digital "entertainment""! This might even improve export control on other crypto products. Also by the time normal crypto projects are developing this hardware is likely to be so widespread that fighting it is no longer possible. (A sidenote on the snooping agency thing, if distributed cracking with normal Intel/amd chips is works they will probably be first. [insert tinfoil hat level comment here on the "bania" (low energy x86, perhaps all engery to the crypto part mode is posible in the next chip?) being mostly developed by Intel in Israel, the Israeli government increasing funding for Intel which may or may not be part of the settlement politics and the spooky history of Israeli high tech companies selling stuff with military/spying applications to the civilian market without going bankrupt here, and add an imagen a beowulf of these line])
I don't see all the implications of the whole "protected storage"/"protected execution environment" and these may be the parts that prevent people not trusted by disney from using this stuff. However they may also make cheap certificate authorities possible. TCPA might keep the root cert and signing code secure/temper resistant and make sure nothing funny is going on in the rest of the system (OS and hardware).
Its nice to know that these new enabled devices will cost more, because they will be "new" and advertised no doubt all over. When we buy a DVD player (or DVD disc), what percentage of the total price i pay is going towards retarding (also known as encrypting and scrambling, storing keys) the DVD format? They have to pay licenses to use these things, or otherwise they won't be protected.
I like how lately the new concept in America (and countries that support this) is guilty until proven innocent. We are all going to pay more for this new special hardware and software, because it is assumed we will all pirate, and do insecure things with our PC's. Last time I checked, I can still buy a knife and use it using my own descretion, I can still buy a marker and do whatever I want with it.
These assumptions are horrible to make, because people have legit uses for these things, and their computers as well, and what I do in my house is fine, as long as I do not get caught. They might as well put us all under house arrest and handcuffs as soon as we're born, at the rate things are going.
And has anyone noticed that people migrating from older systems will have issues bringing their old data from their older PC to the new enabled TCPA technology enabled machines? Or has this been addressed already?
A trusted PC interface means that those-that-publish will be able to do so electronically without knowing that it's going to be pirated the next day.
Horseshit. This isn't what it's intended to do, and believe me, it won't do this. If I make a copy of your software using dd, I've copied the whole thing, encryption and all. Anyone who runs my dd'd copy will have perfectly functional software. Or did you think TCPA would suddenly cause all unprotected computers to disappear?
Neither do I consider a program being able to lock its own files a bad thing--since MS would be shooting themselves in the foot operatability-wise if it's impossible to tell the program to move the files to "public space."
Oh, FUCK. Are you kidding? This is Slashdot, I assume you've heard of open source. To get a program signed, you have to pay someone to use their code signing keys. Signing it yourself doesn't work, because the OS doesn't trust "your" keys. That means every piece of open-source software that wants to run on these platforms has to pay to move into public space. They won't do it.
The software I write is paid for by my organization, and I'm still running into the problem of code signing and paying to make something public. My project's task is to automate Office XP. Office XP won't run macros that aren't signed, which means I have to do one of two things: 1) pay to get a certificate to sign my code or 2) tell the user to install the self-signing certificate, ignoring the very loud warnings that blare when they attempt to do so.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Please mod the parent (Alsee) up.
The user still decides what software is trusted or not.
This is completely false. With Palladium/TCPA the corporations that produce restricted hardware, restricted software and restricted media decide what is trusted on consumers' computers and what it is not.
That is what Palladium & TCPA are indented for: To confine the consumers' abilities in respect to their hardware and software, by creating a system of restrictions, which they call it "trust" in order to fool consumers into buying restricted hardware & software.
Read the TCPA / Palladium FAQ here:
http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html
23. But isn't PC security a good thing?
The question is: security for whom? You might prefer not to have to worry about viruses, but neither TCPA nor Palladium will fix that: viruses exploit the way software applications (such as Microsoft Office and Outlook) use scripting. You might get annoyed by spam, but that won't get fixed either. (Microsoft implies that it will be fixed, by filtering out all unsigned messages - but the spammers will just buy TCPA PCs. You'd be better off using your existing mail client to filter out mail from people you don't know and putting it in a folder you scan briefly once a day.) You might be worried about privacy, but neither TCPA nor Palladium will fix that; almost all privacy violations result from the abuse of authorised access, often obtained by coercing consent. The medical insurance company that requires you to consent to your data being shared with your employer and with anyone else they can sell it to, isn't going to stop just because their PCs are now officially `secure'. On the contrary, they are likely to sell it even more widely, because computers are now `trusted'.
Economists have noted that when a manufacturer makes a `green' product available, it often increases pollution, as people buy green rather than buying less; we may see a security equivalent of this `social choice trap', as it's called. In addition, by entrenching and expanding monopolies, TCPA will increase the incentives to price discriminate and thus to harvest personal data for profiling.
The most charitable view of TCPA is put forward by a Microsoft researcher: there are some applications in which you want to constrain the user's actions. For example, you want to stop people fiddling with the odometer on a car before they sell it. Similarly, if you want to do DRM on a PC then you need to treat the user as the enemy.
Seen in these terms, TCPA and Palladium do not so much provide security for the user as for the PC vendor, the software supplier, and the content industry. They do not add value for the user, but destroy it. They constrain what you can do with your PC in order to enable application and service vendors to extract more money from you. This is the classic definition of an exploitative cartel - an industry agreement that changes the terms of trade so as to diminish consumer surplus.
No doubt Palladium will be bundled with new features so that the package as a whole appears to add value in the short term, but the long-term economic, social and legal implications require serious thought.
24. So why is this called `Trusted Computing'? I don't see why I should trust it at all!
It's almost an in-joke. In the US Department of Defense, a `trusted system or component' is defined as `one which can break the security policy'. This might seem counter-intuitive at first, but just stop to think about it. The mail guard or firewall that stands between a Secret and a Top Secret system can - if it fails - break the security policy that mail should only ever flow from Secret to Top Secret, but never in the other direction. It is therefore trusted to enforce the information flow policy.
Or take a civilian example: suppose you trust your doctor to keep your medical records private. This means that he has access to your records, so he could leak them to the press if he were careless or malicious. You don't trust me to keep your medical records, because I don't have them; regardless of whether I like you or hate you, I can't do anything to affect your policy that your medical records should be confidential. Your doctor can, though; and the fact that he is in a position to harm you is really what is meant (at a system level) when you say that you trust him. You may have a warm feeling about him, or you may just have to trust him because he is the only doctor on the island where you live; no matter, the DoD definition strips away these fuzzy, emotional aspects of `trust' (that can confuse people).
Remember during the late 1990s, as people debated government control over cryptography, Al Gore proposed a `Trusted Third Party' - a service that would keep a copy of your decryption key safe, just in case you (or the FBI, or the NSA) ever needed it. The name was derided as the sort of marketing exercise that saw the Russian colony of East Germany called a `Democratic Republic'. But it really does chime with DoD thinking. A Trusted Third Party is a third party that can break your security policy.
25. So a `Trusted Computer' is one that can break my security?
Now you've got it.
Please mod the parent up.
Wrong.
DIVX has failed because of poor marketing. Microsoft and other big corporations will unleash a massive marketing/PR/disinformation/advertising campaign that will make sure that Palladium/TCPA will succeed fooling people into buying restrictive hardware and restrictive software.
U.S. Patent and Trademark Office:
Microsoft's patent on a Digital Rights Management Operating System
http://cryptome.org/ms-drm-os.htm
Microsoft Digital Rights Management Patent Applications Pending 2001-2002
Consumer Broadband and Digital Television Promotion Act
Security Systems Standards and Certification Act
Aha, RMS is the source of your confusion. RMS has his own personal reasons for hating Palladium. There is a long list of things that he hates. There is nothing in Palladium to keep Africans from using computers. It sounds like you are against any new technology because it might potentially add expense or be misused.
Comment removed based on user account deletion
German mag c't had an extremely good article about the technical stuff behind all this, at http://www.heise.de/ct/02/22/204/ - if you understand German, or want to try babelfishing it... and it's nice to see how critical they are of this, as it's one of the biggest and most respected IT magazines here.
When you think about it, this technology could be "hacked" because if you think about it... All you have to do is put some software on your Gateway (for example) that doesnt let the fritz chip send anything to Microsoft.
But you could make it send fake auth keys to the TCPA servers and all that stuff.
I also ditched XP because i am furious with Microsoft for this. And even if i like games that are not availible on Linux i decided to make a stand. People who can not make sacrifices are a bit selfish. And i will also switch from PC to Compaq Alphas, or Sparcs or somthing. Even if the PC was a cheap nasty peice of hardware. Actually, id probably go with a 2nd hand G4 for now, and upgrade it.
But heck; We all need to either protest or just make sacrafices to avoid this crap.
Note: I have nothing against Anti Piracy...
...However, there is still *a lot* to be worried about.
Consider that once the thing is there on the chipset, people (namely RIAA and friends) will want to use it. With the DMCA and other such laws already on the books, might not be to hard to *require* Linux to use LaGrande (via legislation) and limit your rights....
That has nothing to do with what intel is doing but what legislators are doing and that is a completely different story and irrelevent to what intel is implimenting.
I miss the Karma Whores.
What you say is probably what many believe, but it is also foolish. These things do not exist in a vacuum. What corporations do/want to do and what laws get passed (either via the legislature or from the bench) are, will be, and have always been tightly intertwined.
What is maybe less common, historically, but which is a fairly obvious possibility given the current political climate and policies of the government, is that capabilities introduced by technology will begin to drive legislation.
There are two primary factors that I see behind this. First, is the simple enablement. The government is less likely to pass laws (or interpret laws to the effect of) limiting peoples rights without a clear way to enforce the law. DVD encryption and the DMCA are an example of this. Why didn't the government do this with VHS? There was pressure to do so, but the industry could not propose any means of enforcement. If the government passed laws that were simple to break and impossible to investigate or prosecute, then respect for laws in general would begin to break down. Especially when there exists a strong and ever-present temptation to break the laws for immediate gain.
The DVD consortium, however, proposed a viable (albeit weak) mechanism to protect their medium and proposed a comprehensive plan to enforce it. There were holes, but it was enough to allow congress to do what they always want to do, help out corporations.
There were many other factors behind the DMCA, and I'm not saying that DVD encryption schemes and policies were sufficient, nor even necessary, but they were a factor, though probably not even the largest (at least not directly).
The other main drive, which has already been alluded to, is industry support. When large companies get together and commit to a technoloy, the government knows that the spin and marketing will get behind whatever it is they are doing. This allows them to do things that, without such support, would be largely unpopular and hurt their chances at getting re-elected. But, with all the money that the government knows will be put behind such self-serving efforts, they can have their cake and eat it to; that is, pass laws detrimental to the rights of their constituency for the benefit of their corporate backers, and still appear to be serving the public interest.
This is a very realy possibility with the LaGrande/Palladium/etc. effort. Besides the work of Intel and MS, the real effort is to make DRM (an misnomer which is already part of the spin and marketing campaign) is a larger effort supported by AMD, RIAA, Hollywood, Sony, etc. With all the money behind the thing, you can bet that not noly can congress be assured of billions being spent to alter or obscure the public perception of the truncation of their rights, but also in millions of dollars of campaign contributions, lobbyists, and outright bribes flowing into their pockets if they, the congress, plays ball with the industry effort.
So, to say that what Intel is doing has nothing do with what legistlators are doing, or that the objectives, goals, and actions of the two are irrelevant, is both short sighted and dangerous. In stating such a thing, you are failing to make even the first, and most obvious connections.
If nothing else, consider this: it is the goal of Intel/MS/etc. and (the bulk of) congressional reperesentatives/senators to increase their power/make money. LaGrande/Palladium/etc. is a mechanism by which they both can do precisely that. So, they will, at the expense of the people.
I am not saying that your assertions or conclusions are without basis. Not at all. They have a strong basis. But, what you fail to realize is that that basis is rooted in the governmental/corporate infrastructure itself, and so necessarily and naturally will bias the basis, and thus your perceptions, to serve it's own interests. You should be very wary of such entaglements.
You might want to look into the legal history of America, and critical thinking skills. If you would like, I would be happy to suggest a number of excellent titles in both areas.