Slashdot Mirror
LaGrande, TCPA, and Palladium
An anonymous reader writes "Intel's Paul Otellini gave a talk to developers where Intel's project called "LaGrande" was mentioned. This project is aimed to create a "safer computer environment", that would consist of an advanced TCPA implementation. Some of the features it has deal with physically "protected execution, protected memory, and protected storage". When talking on LaGrande, Otellini said "it's a core technology that things like the Microsoft Palladium initiative can take advantage of to build much more stable platforms.""
However the most negative single feature of TCPA and Palladium is the nature of Palladium and the philosophy that has driven Microsoft's development and promotion of Palladium. I think this is probably the scariest part of the whole deal. They recognize what could happen but they press forward regardless.
Most people who hear about these projects don't really understand how little control or privacy these projects will leave us. As far as stable, thats just funny...These projects will not give us more stable software, just buggy software that will let us do less. Next they will be telling us about CPUs and HDs that require MS to work correctly. and I have the first coherent post on this subject :)
"/. =
A world withought hackers, were the only people who can allow software to be installed on your computer is the nice folks at Microsoft and intel, wait did i forget myself in that list? this is a joke all it will be is Microsoft schemeing to prevent "fair use", open source, and easy government computer spying and restrictions is all that palidinium will be used for. Sounds like the future of the wounderfull digital restrction management is comeing.
come comment on the madness at http://slashdot.org/~phreak03/journal/
"Security is mostly a superstition. It does not exist in nature... Life is either a daring adventure or nothing." -- Helen Keller
This was the quote on the bottom of the page... what irony!
Nobody is going to force users of Palladium enabled systems to actually use Palladium. If you are offended that RIAA decides to distribute music that can only be played on Palladium enabled systems, refuse to buy the music. Meanwhile, consider the benefits:
I'm runing hundreds of different programs on my windows machine. If any one of these programs is subverted by a malicious user, all of the information on my machine is vulnerable.
With Palladium, etc. it will become possible for programs to keep especially sensitive data safe from malicious programs operating on the same machine. Now an attacker will have to not only subvert one of the programs that I have trusted, it will also have to defeat the Palladium system.
This is much more difficult than it sounds. It is easy to find a security hole in a machine that is runing hundreds of programs, because only one program out of hundreds has to be defeated. With these trusted computing platforms, software atackers will only have a few possible points of attack, and these have been subjected to much more strenuous security analysis because:
1. There are only a few places that the effort has to be focused and:
2. They were specifically designed for security (unlike just about everything else about Windows).
I don't see how this can be a bad development. At worst its neutral. At best, Palladium will allow me to do all sorts of things on my computer that I wouldn't dream of doing today because of security concerns.
Palladium may have some good points, but the problem is that it will lend itself too easily to doing some really bad things. This is made significantly worse by Microsoft being a monopolist.
If Microsoft decides to "Palladize" all Office documents, competitors like Open Office can forget about ever reading an Office document ever again.
In that same vein, if M$ decides to make IIS require a Palladium-enabled client on the other side for all its contents (even if you can turn that 'feature' off) you can kiss accessing the web with anything else than IE goodbye.
Palladium has too much potential for abuse to be allowed to continue - especially given M$ black-as-coal track record for monopoly abuse. The potential harm clearly outways the potential gain.
Theoretically, if anyone doesn't like this-or-that DRM enabled feature of a product, they just shouldn't buy the product. But there's a flaw in this reasoning--just as everyone here who screams bloody murder about TCPA is probably going to have to buy a TCPA computer at some point (because that's the only kind they'll sell). Large well-organized corporations simply have vastly more negotiating power than individual consumers in deciding these sorts of things. You deciding not to buy the latest songs from the record companies doesn't phase them, but if large corporations decide not to sell products with feature X, then you'll just do without feature X, period.
Which means, left to its own ends, the marketplace will encourage software/hardware suppliers to set anti-fair use restrictions once DRM is common. Basically they'll turn their paper EULAs into draconian DRM restrictions.
Now, one can get on a high horse and just say "well I'll just run Linux and not purchase DRM content and never have to put up with any of that!" Yeah, we'll see how long that makes sense once all music, all movies, and many e-mails require Palladium. Most people use computers for communication--so if they refuse to buy the kind of computer that allows them to send and receive information from the kinds of computers other people buy, then your computer is going to become very useless. Palladium has far more potential to make this a reality than Microsoft Office file formats or Internet Explorer ever could. Remember, in a world of network effects, you're only as free as your neighbor.
So, while it may be true (if we're lucky) that TCPA can be used from any OS (though as you say, applications and content would need to be re-written to support it), from a utilitarian view things are going to start sucking for ordinary users unless one of two things takes place:
1. The government or some other entity outside the marketplace has veto power over allowable DRM policies, and uses it liberally.
2. We can encourage all consumers to say "palladium is the devil!", because even with the advantages you describe, it would still be a very bad thing from the users point of view.
You have obviously never been denied entry to a site because you are not using IE. What happens when you become a second class citizen on the net - because your machine is not TCPA enabled? The Open source development model that you describe is all well and good but what happens when I want to recompile my kernel? How is that possibly going to be compatible with a palladium like service? But I don't think that's enough of a reason to pull back from this stuff. If you break your own spine, you will probably never walk again, but don't let that knowledge cause you to 'pull back from this stuff'!
Wrong. DiVX never caught on because there were alternatives available. In this world, windows is the only show in town for most people. Forget linux, it's not even in their head, so they wouldn't think about it. Their business uses windows, their websites require windows, so why not just use windows? If it's the only show in town, you don't have much of a choice.
Does Intel like losing European Union Sales? All the countire sin this union have expressed the desire to refuse to allow TCPA in their computer systems..They hate oppression by big us companeisand they hate Intel and MS..
Don't Tread on OpenSource
History is replete with Bad Things imposed by powerful entities (be it governement, warring factions, religious institution, corporations, etc). Usualy, those entities attempt to reduce resistance to those schemes by publicising them as good, advantageous, desirable even.
Censorship is a reccuring favorite. "It would be bad to let the counter-revolutionnaries / heretics / competitors to speak against the System". Another common theme is "We have to protect the weak / children / people against harm and/or themselves".
This is, however, the first time that I see something so obviously nefarious portrayed in such a positive light!
The only raison d'tre of Palladium (and the underlying mechanisms) is to prevent people from using their tools to process the data of their choice in the manner they choose. Be it to prevent the "evil pirates" from listening to their CD on their computer, or *gasp* using such-and-such technology without the "safe" and "approved" program (how much are you willing to bet that "approved" software will always be commercial, proprietary and expensive?)
This would be horrible enough to get even the general populace to react and protest... if it wasn't described as an "enhancement". "Safer" They say (for whom?). "More reliable" (at what?).
My OS and computing environment are safe enough for the tasks I give them as it is. I don't need "help" protecting me against myself!
We need to cry, shout and yell loud enough to be heard. The CDA was nothing compared to this, because our computer remained ours, we could always choose to obey the law or not.
They are trying to take that choice away from us.
-- MG
It will not stop your MP3s from playing. They'll just play in a protected address space. Or maybe they won't depending on your player software.
I think you misunderstand the use of the protected area. Your MP3s will be encrypted. the keys to decrypt them will be stored in the protected area. Only "trusted" programs will be allowed access to the protected area, so only "trusted" programs will be able to get the keys and decrypt the MP3s. One requirement for "trust" will be that the player provides no way to save the unencrypted datastream anywhere. Possibly it might not even send the stream to a sound card unless that sound card was also "trusted".
The fundamental problem isn't even the word "trust", it's who can trust the computer. This whole thing isn't intended to insure that you can trust your computer or the software on it. It's to insure that other people (eg. the RIAA, MPAA, Microsoft) can trust your computer. Trust it, that is, to do only what they tell it it can do and nothing else. If you wonder why MS would want that, think back a couple of years to their floating of the idea of annual subscriptions for Windows licenses. Now imagine the glee when they discover a way to guarantee that, if they impose that, you the user can't do a thing to bypass their check of whether you've paid or not because the hardware won't let you touch that data.
*sigh*
What you want to do _is_ possible on current hardware. A current-day operating system _could_ implement a signature on executables, and then only allow access to your bank account info to the signed banking program. You don't need special hardware to do this.
Now obviously, the signature (=trust) on the application is worth nothing if you don't trust the operating system.
Now let's assume that you trust the operating system in the form that it was installed on your computer. Let's further assume that the OS has means of protecting itself from running applications if the OS itself is loaded. Those are fairly safe assumptions to make, actually.
So the only way that the OS could be turned malicious (trojaned, whatever) is by booting a different OS on the computer and manipulating the OS from there. However, that is only possible with physical access to the computer.
So what it boils down to: If your computer is reasonably physically secure - which is the case for virtually all home PCs at least - you can always trust your operating system. Even with current day hardware.
q.e.d, what you want to do is possible.
Now, the modified hardware changes one important thing. It can sign the operating system.
We've just established that this isn't necessary for any reasonable security objectives, right?
Then why do they want to implement a system which makes signing the OS possible? Well, it's quite simple I think. "They" want to be able to trust the operating system. But since "they" don't have physical access to your computer, "they" need a signature in order to be able to trust the OS. Once they have the signature for the OS, they can then trust the OS to establish trust of applications.
And the only reason I can think of that "they" would bother to trust your computer and the applications _you_ run is Digital Restrictions Management.