Slashdot Mirror
LaGrande, TCPA, and Palladium
An anonymous reader writes "Intel's Paul Otellini gave a talk to developers where Intel's project called "LaGrande" was mentioned. This project is aimed to create a "safer computer environment", that would consist of an advanced TCPA implementation. Some of the features it has deal with physically "protected execution, protected memory, and protected storage". When talking on LaGrande, Otellini said "it's a core technology that things like the Microsoft Palladium initiative can take advantage of to build much more stable platforms.""
However the most negative single feature of TCPA and Palladium is the nature of Palladium and the philosophy that has driven Microsoft's development and promotion of Palladium. I think this is probably the scariest part of the whole deal. They recognize what could happen but they press forward regardless.
Most people who hear about these projects don't really understand how little control or privacy these projects will leave us. As far as stable, thats just funny...These projects will not give us more stable software, just buggy software that will let us do less. Next they will be telling us about CPUs and HDs that require MS to work correctly. and I have the first coherent post on this subject :)
"/. =
In the classic LucasArts adventure game Monkey Island 2, there is a character called Largo LeGrande. When we first meet him, IIRC, he tells Guybrush (the protangonist) that this island isn't safe, and then procedes to turn him upside down and shake all the money out of his pockets. Also, he has an oppressive embargo on the whole island (The Largo Embargo).
:)
Couldn't think of a better name, myself.
Such a price the gods exact for song: to become what we sing - Pythagoras
Bill Gates is my hero!
1. Create an insecure operating system
2. Profit
3. Blame computers for your insecurity
4. Profit
5. Get hardware vendors to make changes to compensate for YOUR buggy software
6. Profit
7. Prevent any software except yours from running securely
8. Profit (by others demise)
9. Take away everyones choice.
10 Profit
11. Blame the computers some more, as you take away more freedom
12. Profit. Profit. Profit.
When there is a wolf guarding the hen hose, why on earth would I need the shotgun named Linux?
I was as afraid of palladium as the next guy before the details started to come out, but I think we ought to try to avoid the knee jerk reaction and think this stuff through more carefully.
A lot of people are opposed to any scheme that can be used to thwart piracy. But in my view that's an extreme and unreasonable position, even when fair use issues are taken into account.
For a long time it's seemed to me that the thing we ought to be working towards is an open system of distribution, one that can't be dominated by large media concerns, something that gives a guy who makes music at home the same sort of access to the market as the big record labels.
To me, the issue is not whether or not my computer is capable of running some sort of protected DRM system -- the issue is whether or not it's capable of running alternative systems, if the existence of a palladium aware media player will break my mp3, ogg, and divx players, or my entire open source operating system. As I read these proposals, that's not the case, they won't break things.
Microsoft has said explicitly that one of the key design goals of palladium was that it shouldn't break existing software.
In my view, these sorts of services are useful, and we ought to be talking more about "how" then "if" they are implemented.
In particular, we ought to be sure that software that will run under linux can provide the same sorts of services as a palladium enabled version of windows. I know that the applications themselves couldn't be truly open source (or at least you'd have to use a signed snapshot of an application that was developed using open source methodologies). But I don't think that's enough of a reason to pull back from this stuff.
There are useful applications for this stuff.
About a decade ago, one of the hot topics among crypto types was digicash -- cryptographic protocols invented by a guy named Chaum that try to mimic cash, especially its anonymity and security.
One of the big problems was how to make microtransactions work when you're disconnected from the net. Imagine two palm os devices doing a transaction over infrared. Chaum's answer was to use tamper proof chips.
Sure, on some level nothing is tamper proof, but it ought to be possible to make tampering difficult enough, expensive enough, and to cap the size of the transactions possible and the rate at which they can be made, in a way that would give people reasonable security. The NSA could hack the micropayment system, but they'd have to spend a million bucks, and all they could get back would be $50, or something like that.
It seems to me that this kind of hardware could be seen as a more flexible kind of tamper proof chip.
I think the goal should be that whatever hardware comes out should work with arbitrary operating systems. The trust chain should be decentralized.
In other words, if I develop an electronic music distribution system, I should be able to develop apps for whatever OSs I choose to support, and I should be able to make my system recognize whatever signatures I feel are trusthworsthy. It ought to be possible for *anyone* to develop such a system, and to use the hooks into the hardware.
The thing that worries me is that if all we say is "no, palladium is the devil" we won't have any voice in this stuff.
for Intel and M$ that nobody has claimed the intelectual property rights on idiocy (yet).
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
LaGrande eh, named after Largo LaGrande from Monkey Island II no doubt, he's the guy who steals all of Guybrush Threepwoods money.
In case you haven't noticed, most of the big attacks that really impact ordinary users seem to be with code that the user has agreed to run--be it an email forwarding virus or spyware, the user instructed the computer to run the offending code. So how is Palladium supposed to help? If it blocks non-Microsoft endorsed code, it's as evil as Slashdot claims it is. If it runs the offending code, as instructed to by the Outlook or Internet Explorer user, then all of that fancy hardware security added up to exactly nothing.
Im actually looking forward to TCPA and Palladium. No, really i am. It will lighten the load of my job, being a support engineer.
What im saying of course is it will have its place, on the business desktop, on the childs computer, on public accessable computers etc etc. They have already stated that there will be a option to turn it off, and to be honest all of those who say "Well yes, but what about when they remove that option?" are just scaramongering. Yes true they can remove it in the future, but will it be that easy? I dont think so, there will be too a big outcry, and there will still be large numbers of eastern computer manufacturers making PCs as we know them now.
As i said at the beginning of my post, i am looking forward to this. Especially if systems administrators will be able to control it (and i bet they will be able to), as this creates a whole new set of security barriers to wouldbe theives etc. Imagine what the outcries were like when the first user account was created on an OS which didnt have full rights to all the system. This is jsut the same.
With Palladium, etc. it will become possible for programs to keep especially sensitive data safe from malicious programs operating on the same machine. Now an attacker will have to not only subvert one of the programs that I have trusted, it will also have to defeat the Palladium system.
Yes. This is a very good thing.
However, the problem becomes when Palladium is the de-facto standard. When you need Palladium on to run pretty much anything, including seeing grandma's last e-mail, because her system uses Palladium by default, then we have a problem.
Palladium is a bad company's wet dream. Enron's accounting books could be completely unreadable to anything except for the computer they were created on -- "Oops! It got wiped.. sorry sir.." Those pesky e-mails that pointed out exactly how MS was trying to lean on other companies? You certainly wouldn't be able to get hold of them under a Palladium system.. even the copies over at the Netscape office could be set to "expire" and auto-delete themselves after a certain amount of time.
Or here's a fun one, EULAs that automagically update themselves from headoffice with no warning whatsoever to the user. It's bad enough now when to download a *required* security update, you are forced to accept a change in licensing. If you don't download the update, you lose the ability to obtain support, but at least right now you have the choice. Palladium gives the content owners, (which in this case is the folks who presented the contract) the ability to change the content at any time. Do you really believe that every company out there will be willing to resist temptation?
Plus, when it's the defacto standard, you start losing the widgets and API's that allow new software to be built without Palladium. After all, if MS can simply discontinue support for W98, what makes you think that they can't discontinue support for non-palladium equipped systems?
"Your trying to use what API? Oh.. that was before Palladium. We deprecated that a while ago, just use our new Palladium enhanced version now. It provides better security and support. Open source developer? No problems with that. Just so long as you cough up a nickel for every person that tries to use your program, we'll be happy to set up a key for you."
Which brings us to a point where *all* software has to be licensed through a key provider - and also a point where if the key provider decides they want more money (name me a corporation that wouldn't) they simply increase the charges and/or invalidate current keys.
Of course, the answer for all this is, "Well don't use it! Use Linux or something." Unfortunately, this assumes that we'll have the choice. The first attack on that choice is coming in the form of legislation. When hardware manufacturers are mandated to have security protocols in their hardware. The second attack is the weight of network effects. As I said, when even grandma uses Palladium, when every major company from here to Timbuktu uses it for the "security advantage", you really lose any choice to not use it. Oh I suppose you could try and be like those die-hards who still make use of FIDO, but beyond hobbyists, you completely lose the ability to connect to the world. This can go even further when major routing points start to use it to increase the security of the entire internet. Prevent DDOS attacks from those nasty non-Palladium machines out there by dropping their packets at the first router. Only Palladium Approved Packets will be accepted, thank you. At that point, even the die-hards will be forced to move to Palladium (or I suppose they could ressurect FIDO).
Now, will things get this bad? I don't know, this is kind of a worst case scenario, and we all know that it often doesn't get to the worst case. Unfortunately, I really don't see anything that would stop this scenario from happening.
Finally, on a side note, if you have even a minor knowledge about proper security precautions for your computer then your banking information is likely safer being on your computer than it is being in your wallet.
Kwil
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
When companies invest R&D money into bigger hard drives, faster CPUs, video gizmos, and slicker GUI interfaces, we all understand the motivation -- increased sales.
From what I have heard about "LaGrande" and "Palladium", there are benefits for the "gatekeepers", but no benefit for end users. Nobody is projecting increased sales because of these lovely DRM "features". Indeed, many are wondering if people will buy this stuff at all. This would be like McDonalds working on a way to make greasier french fries, because it would help the lard industry.
So my question is this: "Who is bankrolling this operation?" If Intel/AMD/M$ are really spending their own money on this, it's a mass outbreak of corporate stupidity. Is Saddam Hussein attacking our tech industry with some kind of "dumb-down" bio-warfare weapon?
My conspiracy theory is that the "LaGrande/Palladium" boxes will be blown out at firesale prices, subsidized by someone who really wants this stuff to be deployed -- kind of like Xbox on a massive scale. The payback will have to come from the victims^h^h^h^h^h^h^h^h customers -- endless fees and hidden surcharges built into everything they do.
From what I understand, all that will basically happen (besides a few hardware changes to accomodate) is that new commands will be added to the Intel CPUs to allow a portion of memory to be designated as "protected", and I assume possibly even only accessable with a public key perhaps? So, a program can allocate a hardware-locked portion of RAM.
This would not stop Linux from running. Linux would simply not utilize the feature (or, it could even be added to Linux), and run it's own memory management scheme with software as it does now.
It will not stop your MP3s from playing. They'll just play in a protected address space. Or maybe they won't depending on your player software.
This will not stop your DVD ripper from ripping. An alternate driver and ripping program designed to simply not use a feature designed to provide hardware security for applications is not a violation of the DCMA (even if the ripping of a DVD is, which is a different question).
This will stop someone from using an external program to cheat at a game (the game locks off its memory, the cheat program cannot change the data).
This will prevent someone from, say, running a malicious program which essentially "core dumps" your RAM at a specific time, maybe when opening your e-mail reader?
This will possibly stop things like Outlook viruses, as Palladium/LaGrande-aware applications are hardware-isolated into their own address/execution space and cannot interefere with other applications.
Did I miss something? Should I really believe M$ is dumb enough to make a move which will cause outcry and backlash from the most tech-savvy of users all the way down to the e-mail granny, at a time when the DOJ, along with every man, woman, and l33t-preteen on the planet is breathing down their necks in anger?
C'mon people, I hate MS too, but they where smart enough to get this far, even if they did hire Balmer...I think that's an obvious move to NOT be making, if they value their asses (assets?) at all.
Please correct me if I'm wrong, and please post links.
CAn'T CompreHend SARcaSm?
Comment removed based on user account deletion
Maybe not /. ers, but how much of your software do you buy from Walmart? Or hardware, for that matter? You might be part of the elite, but if you're outnumbered and you can't get non-DRM hardware then you're fucked.