A Lucid Explanation of Palladium

buro9 writes "Last week on the WMTalk list a heated debate raged on the rights of a consumer to rip their DVD's locally for more convenient playback later. As the debate started to border on a flameware an anonymous user managed to give the most clear description of Palladium and its implications to us as both users and developers."

wow

I give that guy's post a +5 Insightful.

Random thoughts

[RyoSaeba]

Pretty interesting article.
Even if the poster is obviously against MS & Palladium, (s)he does point out one of the most critical things : MS has to sign everything secured.
Now the question is: imagine (or dream ;-) MS publicily saying that they will make some association / trustee company, including people from FreeSoftware community, competitors, and so on, which would review software & sign it. Would that be acceptable ?
Though of course having a program / driver signed would prolly require money, and thus disrupt many FreeSoftware projects....
Also interesting the bit on the boss / email, good point to. Needs to be thought really clearly before implementing.

Now of course the big question is whether all those Palladium / security thingy are really required for personal computers. Of course it'd be cool to have the guarantee that the OS doesn't get destroyed by a virus thanks to the built-in safeguards, on the other hand MS's system seems to take away too much from users....

Re:Random thoughts

[edbarrett]

Now the question is: imagine (or dream ;-) MS publicily saying that they will make some association / trustee company, including people from FreeSoftware community, competitors, and so on, which would review software & sign it. Would that be acceptable ?

No.

I just whipped up my newest version of helloworld.c. How long is it going to take for you to sign it for me?

Did anyone think..

[override11]

Why not just get and update antivirus? What MS is saying is they will protect your system against virus's (who knows, maybe they are hiring people to write the dang things in the first place to scare everyone) in exchange for complete control over your media and how you use the information on your PC.

No thanks, I will upgrade up to the last chip before DRM, and then keep what I got. I can just see all 28,000 MP3's on my system 'expiring' and getting locked out of them... *shudder*

Re:Did anyone think..

[RyoSaeba]

Why not just get and update antivirus?
Well, what happens if you get hit by a just-released virus ? The AV definitions are obviously not uptodate yet, so your system gets trashed....
Also not realistic for most users who either don't use any anti-virus software, or don't upgrade'em.

Re:Did anyone think..

[override11]

Not realistic??? Cmon, is wearing a seatbelt not realistic?? Using a PC connected to the internet carries risks, nothing is going to change that. Now, the democratic way of thinking would be 'let the big company take the risks and secure my system regardless of what it costs me', but I personally would rather have the freedom of choice to protect myself how I wish too.

Re:Did anyone think..

[RCO]

I don't use an antivirus at home. Granted, I run linux mainly, but my point is there are other ways of protecting your data rather than handing your system over to some outside entity. The threat of a virus, does not cause me to want to hand over that kind of control of my equipment to somebody else. As a matter of fact, this threat seems very reminicent of some old films I've seen where Luigi comes walking into your shop carrying a ball bat and talking about how a fire could be a bad thing, and how you might want to look into some fire insurance.

Yes, I realize that viruses and worms and all the other stuff can be pretty bad, but I like my privacy. Oh, and just inanticipation of the individuals who want to believe that because I wish to maintain my privacy, I must have something to hide, therefore, I must be doing something wrong. Get over it, and think about this for a moment, when you use snail mail, why do you use an envelope? Most everything could be done with postcards, why use an envelope, and then take it a step futher and ask yourself why, you spend the extra money on the envelope that have the printing inside that makes it more difficult to read through the paper? The 'do you have something to hide' attitude is a very old government attitude, now being applied in other areas.

The market will kill Pd

[MacAndrew]

For their version of the story, here is Microsoft's description of Palladium in plain English.

As for Palladium, I don't see the advantage to me in buying it ... so I won't. When even ordinary consumers hear that a Pd computer is eunuched, I doubt they'll buy it any more than they would a VCR that couldn't record. Remeber the days when software vendors attempted "strong" copy protection with key disks and dongles and bizarre installation gymnastics? Consumers rejected these schemes, and they disappeared.

Microsoft has a long history of failures of nanny products (Bob anyone?). This will be another.

Also, MS could not possibly get away with monopoly control of new content on PC's. That would make their last round of monopoly litigation with the gov't look like climbing Mount Everest compared to a quick trip up the bunny slope. It's not that being a monopoly is necessarily wrong or illegal -- it isn't -- but that it would be impossible to manage such a monopoly without anticompetitive, anticonsumer effects.

So ... I see no problem with letting Pd go its merry way. You can not be forced to buy it, no matter how convinced you may be of the evil powers of government and microsoft. Let it die a pleasant market-driven death.

I know some will say this is somehow naive, but even as a pro-regulation liberal I firmly believe in the wisdom and power of the free market to deal wil 99.9% of situations such as this. If not, there will be plenty of time to kill it when it comes out; we don't owe Microsoft the favor of delivering a prelease death. I do not believe that Palladium will prosper, and even if it does that content providers will be able to resist catering to the market segment that rejects it. Look how many have "miraculously" continued to serve the "fringe" 5% Macintosh market -- for which I have heard of no Palladium plans. We welcome converts, BTW. :)

Re:The market will kill Pd

"As for Palladium, I don't see the advantage to me in buying it ... so I won't."

That's really quite short-thought.

Take Internet Explorer. Nobody really wanted to use Internet Explorer when it came out (versions 1,2 and probably 3 were really crappy and couldn't compete to Netscape). But they shipped it with every version of Windows and Office and Media Player and on all the service packs, and when version 4.0 came out, which finally was a usable browser at least, it soon was on every PC out there. And the average home user just used it, because downloading Netscape Navigator or Opera just didn't seem convenient. Now, most people infact use Internet Explorer (even many sysadmins don't bother installing Mozilla anymore, although they should know the shortcomings in terms of security).

Take Windows Messenger, for example. In the older days, people just downloaded ICQ and were happy with it. Now XP comes with Windows Messenger and among my friends I see the same thing happening with Messenger vs. ICQ. They tell me, they now have XP and use that cool Messenger thingy and they won't bother to download ICQ, because "why should I". They even don't (want to) know about the privacy implications.

The same will happen with palladium. You will just get it with Windows Longhorn or your next update to Media Player or your next service pack to Office (or together with that patch that fixes the recent 37 buffer overflows in MS' TCP/IP stack), and you may not even notice that the MP3s you save won't be playable on Linux and the MS Office Documents you save won't be readable by OpenOffice anymore.

Re:The market will kill Pd

[Ummagumma]

As for Palladium, I don't see the advantage to me in buying it ... so I won't.

While I agree, with you, and will not be purchasing any pd hardware/software etc, I feel as if it may be all in vain. We, as geeks, really don't matter. All that will matter is when Gateway/Dell/Compaq/etc. all ship 100% of thier hardware with pd - the unwashed masses will have no clue, and pd will become more and more widespread. "Normal" hardware will become harder to find, and more expensive, driving up the prices for you and me. Then, we have to deal with the specter of not being able to browse to sites we used to, not being able to use the new technologies that are being developed, etc.

At least that is one way this can play out. Our challenge is to educate the unwashed masses, then pd will fail.

Re:The market will kill Pd

[shunnicutt]

Remeber the days when software vendors attempted "strong" copy protection with key disks and dongles and bizarre installation gymnastics? Consumers rejected these schemes, and they disappeared.

I see this example trotted out from time to time, but never has anybody using it seemed to consider that the consumers of computer software at the time were far more sophisticated and knowledgeable. They knew how to get around copy protection and make it a losing proposition for software vendors. They didn't boycott protected titles, they hacked them.

That wouldn't happen today. Most consumers aren't talented enough to break it themselves and aren't aware of tools to obtain hacked copies. It's no guarantee that today's market will reject these new protections, and if a significant number of people accept these systems, it will become harder for the rest of us.

Re:The market will kill Pd

[zero_offset]

...I doubt they'll buy it any more than they would a VCR that couldn't record.

They're called "DVD players".

Re:The market will kill Pd

[MacAndrew]

I was among the legendary "consumers of computer software at [that] time" and believe me, we weren't all that sophisticated. What we rejected was crap like paying $500 for a software package and then not being able to use it after misplaced the &@^%&! thingamabob required to use OUR OWN software. Resentment, especially among commercial buyers, was great, giving the companies that didn't worry about these things a competitive advantage.

Even now -- and just one example -- the difference between "activating" OS X (press "install") and activating Windows XP is noticed, and this is traded on at my neighborhood Apple Store (more than half their walk-ins are PC users, and they like this stuff). The most restricted product I have is Photoshop, which quite mildly use serial numbers to make sure another copy isn't running elsewhere on the network. Pretty convenient, although easy to hack (post serial #'s on the internet). They are the premier product, yet they do just fine without Palladium.

In my original note, I should have emphasized that huge fraction of "consumers" that are savvy institutional and corporate buyers. They are going to look at Palladium long and hard, and say forget it -- this benefits you far more than us.

What happens down at Best Buy with the newbies won't decide the outcome. For Pd to succeed, everyone needs to sign on, and any holdouts such as Macintosh, not to mention the many millions of legacy machines of all types, will destroy the interoperability the market segments require.

Sure it could happen, but I think it's implausible that it will, and will stake money on that ($50? :).

Re:The market will kill Pd

[MacAndrew]

The analogy to software is weak. For one thing, the software markets are easier to break into than hardware (this is a reason to fear Pd). On the other hand, Explorer and Messenger prosper because they are free and easy and work with everything else (a reason Pd is doomed). MS's repeated efforts to co-opt public standards -- far more modest moves than Pd -- have met with absolute failure, and any attempt to leverage their monopoly will be met with lawsuits, such as the ones it has fought against Justice and now Sun. The chances of the market again falling for monopolistic proprietary standard like Windows are dim indeed, esp. large buyers who don't want to put oup with this crap or figuring out how to integrate all their legacy machines.

You will just get it with Windows Longhorn or your next update to Media Player or your next service pack to Office (or together with that patch that fixes the recent 37 buffer overflows in MS' TCP/IP stack), and you may not even notice that the MP3s you save won't be playable on Linux and the MS Office Documents you save won't be readable by OpenOffice anymore.

Not on my Mac I won't. :)

Practically speaking, counterculture Jobs would not go with Pd, just as he has rejected encumbering copying with iTunes; and if he did his loyal customer base ("the market") would murder him. Don't tell me we'll just go extinct. If we were going to do that, we would have done it by now. Or to be more precise, the market would have killed us by now.

Re:The market will kill Pd

[MacAndrew]

I still have a VCR that records, for time-shifting -- don't you? :) The VCR won't go away (until there's affordable recordable DVD) so long as there's demand and profit -- plain old boring market forces.

Re:The market will kill Pd

On the other hand, Explorer and Messenger prosper because they are free and easy and work with everything else (a reason Pd is doomed). MS's repeated efforts to co-opt public standards -- far more modest moves than Pd -- have met with absolute failure, and any attempt to leverage their monopoly will be met with lawsuits, such as the ones it has fought against Justice and now Sun.

First, these lawsuits just have no effect. It may be good for Sun's ego if they made Microsoft to include Java in XP, but with several million copies of XP already sold without it, Java use in websites will decrease.

I really will not comment on "[Microsoft programs] work with everything else". No, really.

Re:The market will kill Pd

[zero_offset]

I do still have a few VCR's, but only because they haven't broken yet. For "time shifting" I have a TiVo. Granted, the VCR hasn't gone away yet, but it's days are numbered: top-end consumer VCRs are now more expensive (barely) than the bottom-end recordable DVD drives. It's only a matter of time.

Veering back to the main point though -- I hope you're right about the market killing Pd, but I don't have that much faith in the average consumer to question what they're buying that closely. Hopefully I'm wrong.

Re:The market will kill Pd

[MacAndrew]

I think Microsoft is taking a wrong turn. I only hope they blow a lot of money over it. Notice how they're backing off on .NET, their plan to take over the Web?

TiVo -- I thought of that after I hit "submit." That is very, very promising, especially coupled to a DVD burner for long-term. Unless they get these copy-protection flags they want as a DMCA thing. I doubt it would work though. But these DMCA ideas I think are much more threatening and provides far less time to act than Palladium -- via DMCA "they" do have an opportunity to ram things down our throats, as with the CD's that suddenly won't play in computers. There, too, consumer pressure is helpful, because MP3 players are getting enough market share in advance that people will protest ... and, better yet, refuse to buy the stuff, out of practicality if not principle. Again, the market's invisible hand.

(Disclaimer: I am a liberal fascinated with market breakdowns like monopoly, so though I like the market I realize it is not always self-executing. And I still have a lot to learn about economics. But then, so do most economists. :)

Re:The market will kill Pd

[zero_offset]

I agree, I've had some concerns about big media taking down the PVR companies, and they are certainly prowling around looking for an angle. However, I never watched ANY television prior to buying a TiVo, and I've gotten more than my money's worth out of it already, so from a purely selfish personal perspective, if they do... well, it won't be a very big loss to me. In that respect, I'm the perfect example of somebody who will take my "business" elsewhere.

.NET was never a plan to take over the web, except perhaps in a last-minute marketing sense. .NET was a combination of COM v3 and "Next Generation Windows Services" (NGWS) right up until it's release, and is primarily a new API for writing applications. The object remoting features (part of which are web services) are only a small part, and it's unfortunate that the whole thing is being so poorly represented by the half-conscious dweebs in marketing. Ignoring the anti-MS paranoia (justified or not), .NET itself is nice if you do Windows development -- and MOST of us do (just a statement of fact, nothing more).

MS is backing off from .NET because uptake was slower than they planned. In short, the marketing dweebs got it wrong, but I believe this happened because the NGWS initiative was started more than four years ago, and frankly they expected more pre-installed support based on their dominance at the time and the then-seemingly-boundless growth rate in the now-stalling PC retail marketplace. Backing off on the .NET marketing has nothing to do with how much the marketing cost them. They got their message to the only group they ever really wanted to reach -- developers. EVERY Microsoft developer I've ever met (and I know many hundreds) is chomping at the bit to use .NET, and not because of web services, and not because of the silly reasons ZDNet dreams up each week.

Palladium, on the other hand, isn't nice no matter how you look at it, but then, we agree that it's a Very Bad Thing, so there isn't much point in rambling on about that.

I have to say though, I can't think of a good reason to *expect* them to spend a lot of money on Palladium. They might if they had a reason, but I don't see the reason. In the public marketplace, it's really best if they keep it quiet. Their true "market" is big media companies, and selling to them isn't expensive compared to general-public media campaigns.

On the other hand, I *can* see them spending a lot of money pushing the trusted computing thing. It's easy to put a happy-land shiny-people spin on a term like "trusted computing", and while they insist they aren't connected, it's pretty easy for any half-competent geek to see how a trusted computing platform could support an essentially un-hackable media-restriction facility like Palladium. (Unhackable in theory, of course.) It all depends on how deep the hardware support is, which leads to the one major flaw in your faith in the marketplace -- government intervention. Judging from your replies so far, I suspect I don't have to go into any detail on THAT nasty subject...

Re:The market will kill Pd

[RzUpAnmsCwrds]

" the difference between "activating" OS X (press "install") and activating Windows XP is noticed"

Really?

Activation is the most hated feature of Windows XP.

I am constantly changing the hardware in my computer. Sometimes this causes Windows to deactivate.

It takes five minutes on the phone to fix the problem. The CSRs have always been polite and prompt and I have never been accused of anything.

Most people will never have any problems - it takes two seconds over the internet. Those who do have a problem can resolve it easily.

My point is this: activation is not a big deal. Most people don't care. Those who do are usually the same people who installed one copy of Windows on all of their PCs.

Re:The market will kill Pd

[MacAndrew]

Re gov't intervention, do you remember the Clipper chip? That was something the gov't really wanted bad, and that caught extreme heat for it. Its death is one of the things that reassures me of the political impossibility of a gov't mandate.

Pd is funny because it's all or nothing -- if they don't achieve a critical mass, it's dead in the water. They did it with Windows, I don't think they can do it again. As someone pointed out, if Pd docs are permitted to be readable on non-Pd machines, that's a huge security hole; if they're not, that's a huge pain in the ass. .NET -- I could swear there was a darker edge to that. :)

Re:The market will kill Pd

[jbolden]

That wouldn't happen today. Most consumers aren't talented enough to break it themselves and aren't aware of tools to obtain hacked copies.

I'm gathering you weren't active with computers then. I don't know if home computer purchasers were really that much more knowledgeable. Remember the office drones 15 years ago used terminals and they didn't understand how their mainframe / mini worked any better than they understand their PCs today.

As for the people who bought systems let me just remind you they found DOS complicated. Now just consider how little say DOS 3 could do:

1) You could copy files copy x:\oldname y:\newname
2) You could delte files delete x:\filename
3) You could run a file (xyz.com or xyz.exe)
etc...

Working DOS was not exactly rocket science. Sure they might know GWBasic but today's consumer probably knows a bit of HTML (which is about the same level of difficulty).

People got around copy protection because everyone had all sorts of great apps designed to thwart copy protection. They were sold in stores and were consider part of the standard "tool kit". They didn't understand that copy protection worked by format a disk in an unusual fashion which threw off the number of sectors per track... rather they just used set the program to "bit copy" and off it went.

The only thing that has really changed is the DMCA. On the plus side we have the internet so controlling the spread of information / programs will be really really hard. People don't just get software from stores anymore and you can put large "howto" on a website.

In any case I really don't consider the copy protection of the 1980's to the right analogy with Palladium. Palladium is much more broad based involving hardware, drivers, OS and applications this is more like the capability systems of the 1970s. The consummers then did reject capability systems which is Unix is still around today and Multics isn't.

Re:The market will kill Pd

[zero_offset]

Excellent point about the Clipper chip. Heck, since it seems certain Palladium (or at least trusted computing) requires new hardware, it's really an improved Clipper (improved for "Them" anyway). Hmm. So, did it fail, or is Palladium merely Clipper 2.0?

You're right about critical mass, and I can only hope the same marketing blunders that resulted in them mis-judging .NET adoption time on the desktop has also clouded their Palladium projections. I get the feeling their marketroids don't learn very quickly.

Re:The market will kill Pd

[MacAndrew]

So, did it fail, or is Palladium merely Clipper 2.0?

At least Pd is about profit rather than the gov't snooping on its own citizens. A different THEM, and a differnt motive. Greed is more American then domestic spying, don't you think? :)

I respect the abstract principle of Palladium that has to do with enforcing licensing rights (the claim of preventing viruses and trojans is a PR joke). What I don't like is everything else about it.

Re:The market will kill Pd

> My point is this: activation is not a big deal. Most people don't care. Those who do are usually the same people who installed one copy of Windows on all of their PCs.

"Most people" being "you", or any larger sample than that? Recall that the parent poster was using the foot traffic in an Apple store as the basis for that post, not just a sample of one ("I don't mind, so no one else will, either").

The nature of the personal computer vs appliance

[dpilot]

Reading the article, it came to me that in the "Windows PC" we crossed the Rubicon long ago. I don't know exactly when, and it would be interesting to determine.

An appliance is a machine that performs some number of functions, usually predefined. A blender is an appliance that does one thing, at various speeds. A Kitchen Aid is another appliance that can do multiple things, using attachments, but it's fundamentally a mixer. A GameCube is an appliance, with plug-ins to allow multiple faces on its basic function.

A personal computer is a general-purpose machine. It traces its roots back to the Universal Turing Machine, with a heavy emphasis on "Universal." From a calculation point of view, it's ready to do *anything*, and express that through a flexible peripheral interface.

A "Windows PC" is a step between a general-purpose computing machine and an appliance. For most usage, it's really a glorified GameCube. But the real appliance side of its nature comes when you start to see the "sneakware" that comes along with the software you buy. The end user has clearly lost control of what's running on the machine. At the moment, that control lies with the software provider, meaning today it's total anarchy, with essentially everyone but the end user vying for control. It's possible for the end user to regain control, but it's also really hard. Personally I don't know enough about Windows to truly regain control, myself. I can only exercise control by being darned careful about what I let on the machine in the first place.

Palladium finishes off the general-purpose PC, and really turns it into a more flexible GameCube. With Palladium in charge, your PC truly is an appliance. It may even be more stable than just Windows, because Microsoft will be in control, not competing with Earthlink and Kazaa and ...

But Linux gives me control limited only by my learning. Not only that, but the community shuns the spyware stunts common in Windows.

Top-posters are idiots

[Rev+Snow]

Why is it not a surprise that the lucid message is the one that isn't top-posted?

Signing authorities

[Gerry+Gleason]

MS has to sign everything secured. Now the question is: imagine (or dream ;-) MS publicily saying that they will make some association / trustee company, including people from FreeSoftware community, competitors, and so on, which would review software & sign it. Would that be acceptable ?

The only really acceptable policy would be to allow for multiple signing authorities. The use should be able to control who they trust to write and update their system software.

The problem with this is that it could open a hole in DRM that you can drive a truck through. The essence of the problem is that DRM has the goal of implementing a system that third parties can trust, not the users. It would be very difficult to maintain the chain of trust necessary for a content vendor to maintain control unless you can control all of the drivers, but I can see how it would be possible to make sure that managed content is only handled by managed drivers. On the other hand, this would be pretty complex. The content provider has to have a way to specify acceptable signing authorities, and the system must keep track of the "trust domains" in the system as well as the "trust requirements" (or level?) of any content (data).

ugh!

[nightherper]

What in the world is coming next? A TV that shuts off when you mute or flip channels during commercials or even more likely - refuses to let you do so?

Hearing this makes me glad that I'm finally getting around to building my own computers. That way I can buy older hardware. I'll gladly miss out on the fastest cpu to avoid that garbage. It's almost like buying pre-ban gun parts - wonder if the unprotected cpu's will jump in price when these come out....
Although, it's probably already in my new Dell, just waiting to be enabled...... Bastards

Something else crammed down everyone's throats by Microsoft... People will actually buy it too. Ugh.

Re:ugh!

"What in the world is coming next? A TV that shuts off when you mute or flip channels during commercials or even more likely - refuses to let you do so? "

No, what's next is a tv that refuses to let you go to the bathroom during the commercials

Palladium and "The Matrix"

[etymxris]

There has been a problem that has plagued philosophy for some time. It goes like this. Suppose you were just a brain in a vat, and that all your experiences were simulated. Could you possibly know it? This problem was dramatized quite well in the movie "The Matrix". The answer is that we could never tell the difference. This may not have an important impact on our lives. After all, a hamburger tastes just as good whether it's a perfect simulation or real.

But this does have impact on software. How does the software "know" that it is running on a trusted platform. It must go through APIs that tell it this. These APIs can be subverted and replaced to always say "Yes, you are running on a trusted platform!"

Maybe it doesn't go through an API. Maybe there is a DRM instruction that gets directly executed on the processor. We can't replace the API in this case, because there is none. But we can run the program through an emulator. How will the program know whether its instruction are directly running on the chip or just being emulated by another program. This emulator could be simple, it pipes most assembly instructions directly to the chip, but any DRM related instruction gets subverted to avoid limitations of DRM.

Now, I'm not saying that such a task is easy. It's also not easy (perhaps not even possible) to make a human experience a simulation that could be mistaken for reality. But the possibility cannot be ruled out. But it is important to realize that, no matter how much software manufacturers try, they simply cannot gaurantee that their program is only being run a certain way on machines that they have no access to.

Re:Palladium and "The Matrix"

[Green+Light]

Ah, but there's the rub: the Palladium machine would never allow the "emulator" to run at all. When all machines have DRM built in, you have no choice at all...

Re:Palladium and "The Matrix"

[malakai]

You're missing the fact the Pd uses hardware which contains key pairs for public key cryptosystems. The content you are trying to run, the data you are trying to load, everything, is encrypted until the hardware decrypts and runs it.

Imagine is Nero had a chip in his head which wouldn't acccept unauthenticated un-encruypted sense streams. Everything his brain processes is encrypted with the public side of the private key.

Other hardware tricks make sure you don't try and sniff the data out of memory banks or straight from the bus. (ie, to keep the annoying analogy, they can't use some high definition MRI to read the electron states of all the atoms in Nero head and determine what he's seeing, or vice versa and tell him what to see)

IBM's been working on this stuff for awhile. The government is a big fan. Honestly though, like any encryption system it's not perfect. But it's perfect enough for them to stay well ahead of the current computing curve. By the time we can easily crack this, or have the equipment in our basements to disect and read the data straight from a Xghz bus, the technology will have adapted.

Honestly though, who the hell cares.

I really could care less. I hope my parents will run on a TPM/Pd platform, same with my grandparents, and my eventual children. I will always have an alternative PC to play with, but i wouldn't mind a TPM/Pd machine. I really want to purchase digital content. I really want some company to suceed and let me have any thing i want for the right price. Feel like watching Episode X of Show Y, I wannt pay my money and watch it now.

Honestly, i have some of this capability now, with Time Warner Movies on Demand, and the different "On Demand" channels. TPM/Pd would bring this capability to my computer. Afterall, what do you think is inside the new cable boxes? Public/private key encryption and all the same jazz they want to bring to desktop.

The authors fears of email being closed off to him, and other non-transactions is annoying slippery slope rhetoric.

So you can't buy digital content and have it streamed to your machine unless you in Pd mode. big deal. Not like most open source users _would_ buy digitial content. You think peer-to-peer is going away? If anything, this makes the 1% who understand computers better than the rest and _31337_ again.

There will always be some guy in a basement that spends half the day ripping songs (from a digital jack) and movies (god knows what from) no matter how secure digital _content_ is.

Don't worry, you'll still see LoTR III before everyone else, and you'll always have your free pr0n.

-malakai

Re:Palladium and "The Matrix"

[chriso11]

Well, you trust RIAA, Blockbuster, MPAA, MS and other companies a lot more than I do, that's for sure.

As for not being able to send/receive email; I wouldn't discount that either. Basically, that annoying anonymonity will disappear. Of course, to you, that would probably be ok, since everyone knows the only people who have anything to hide are hackers and terrorists.

If you're not doing anything wrong, what do you have to hide? Hemmoroids, when (if you are a woman) your period is or if you are pregnant or if you had an abortion. Or who you are sleeping with (n/a to geeks - for geeks it would be the number of hit die that your barbarian has).

Re:Palladium and "The Matrix"

[Sloppy]

There has been a problem that has plagued philosophy for some time. It goes like this. Suppose you were just a brain in a vat, and that all your experiences were simulated. Could you possibly know it?

Yes, if you know God's public key. Form a prayer and encrypt it with God's key, all in your mind. (Beware MiTM attacks! Use a key that came built into you, not one that you found somewhere.) Then transmit the prayer (i.e. pray) and wait.

If your prayer is answered, then you are living in a Trusted Universe, not a brain in a vat.

If there is no answer (or an ambigious "bluff" answer), it's because the emulator couldn't decrypt your prayer (nor sign an answer). You're in a vat. Sorry.

The main difficulties are: the math is hard (remember you have to do all this in your head -- no scratch paper!!). You have to have somehow come into existence with God's verified public key already in your head.

The next time you start a universe, please keep this in mind. Give your little Sims(TM) inherent knowledge of your key, and make them smart enough to do RSA in their heads. That way, they won't be distracted and waste a lot of time on the brain-in-a-vat problem.

Re:Palladium and "The Matrix"

[jbolden]

Palladium machines will allow anything to run. It just runs untrusted. But for the emulator that's OK. Palladium is not requiring every app to be trusted but rather offering trusted apps security.

Re:The nature of the personal computer vs applianc

[Gerry+Gleason]

Personally I don't know enough about Windows to truly regain control, myself. I can only exercise control by being darned careful about what I let on the machine in the first place.

It's not you, computer systems are too complex for any one person to be able to understand what it is really doing and prove that it isn't doing things you wouldn't want. You have to trust your vendors, and they are (in your words) "vying for control", and often at your expense. The market helps to some extent as people become aware of what tricks are being played, and talk about it (thanks, slashdot).

But Linux gives me control limited only by my learning. Not only that, but the community shuns the spyware stunts common in Windows.

Of course even open source isn't a guarantee here, but at least it gives the user and the community the information they need. The community values are also a big help with this, as any break with community values gets publicized and shunned quite quickly.

Netscape and ICQ died because they suck.

Not because of what Microsoft did.

Netscape 4 was pure crap compared to IE 4.

ICQ is now bloated and buggy (it was fine before), while MSN Messenger is not.

And Mozilla, well, I think people just haven't heard of it.

But how will Palladium protect us from Microsoft?

[ConceptJunkie]

Palladium sounds well and good for Microsoft's stratgey of global domination, user oppression and maintaining its own security and power, but the biggest reason that viruses and trojans exist in the Windows world is Microsoft's software itself. It is not without reason that Microsoft Office is sometimes referred to as the Microsoft Virus Developer's Kit.

How will Palladium protect me against opening a Word document with a malicious macro in it. Since Microsoft allows all applications access to the whole OS, how can it protect against viruses created with its own tools? Must macros now be signed? If so, then the only macros will be the stock ones created (and signed) by Microsoft.

How will Palladium stop a user from clicking on an attachment that runs a batch file that deletes files from his system (I'm sorry, Microsoft will never pull off a version of Windows that can't be crippled or ruined with a well placed "echo y | del *.*"). Must batch files now be signed?

If a virus trashes all my user data (which Pd may or may not protect), but the OS is still intact, how does that actually help me, the user, except that I probably won't have to reinstall Windows?

Will compilers be completely banned? Or perhaps Microsoft will allow compilers on their system to only generate code that runs in a sandbox like Java and has no significant access to Win32? Will end users be limited to the useless little widgets, like the ones that seemed to be the only products of Java for the first several years?

Given Microsoft's track record on pricing, not only will Free Software be endangered or destroyed, but so will shareware, and perhaps small software companies. I guess everyone will disappear except the large power software vendors (and then only those Microsoft chooses to play with).

If Microsoft decided to play unfair again, will we have to wait another 10 years and then sit through years of pointless litigation only to have a judge wag his finger at MS and frown, while repeating "Bad company, don't do that again.", swat their behind playfully and send them on their way?

Recall that Microsoft created their Windows monopoly by actions taken starting in the early 90's (and earlier!) and well-publicized for years and years before the government got involved (and then got involved over matters that were peripheral to the real reason Microsoft was a monopoly in the first place). Bundling the browser was peanuts compared to the undocumented nature of the most powerful parts of Windows 3.1. Strongarming OEM's was bad, but it doesn't hold a candle to the fact that no one, except Microsoft, could write decent office software or software development tools for Windows for years because of Microsoft's secrecy with information on how to correctly use their OS.

Microsoft releasing Palladium is like Bill Clinton moving into a college girls' dorm. Microsoft can declare all the good intentions they want, but at the end of the day, the tempation to abuse, and the advantages of abusing, this power will be overwhelming.

Taking bets!

[Mirkon]

Ten bucks says that post is purged by sundown.

"We're sorry, the page you're looking for could not be found. Perhaps you'd care to sign up for MSN 8?"

(on a side-note, the below link is another explanation of Palladium, likely less lucid, as it was written by myself)

User/software authentication...yeah, we do that...

[SillySlashdotName]

Instead of creating a system where the OS must decide whether or not a piece of software may access system files based on whether or not it carries MS's digital signature, the OS could keep a list of approved signatures, modifiable by the user, that would grant a program proper permission to modify OS code and data.

Sounds a lot like *nix user authentication to me.

Microsoft wins anyway

[mattboy99]

listen, microsoft knows consumers do not want the lockdown. However, no one seems to be bringing up the real problem here, and it's not that Pd will be making it impossible for startups to get their software out (that will never happen). It's that this thing will be running in every office in the country around 2010. Everything you work on will have to be signed by the system and will only open up with that same signature. Your company will make sure it happens because they can finally keep their projects underwraps. If Apple or Linux don't play along, you can bet microsoft won't bow down to them.

Microsoft is just clamping down of their OS in a way that enforces their dominance, yet they're going to market the virus protection and DRM as a market distraction, much as .NET Passport was a distraction of them trying to rewrite Java for themselves. They're not going to stop a startup company from sending an App out on the web for you to try. Microsoft def wants developers on their side. They just want another way to rule in the OS market and by "owning the processor" they're basically locking out the other choices without directly doing it.

I think your history is off

[jbolden]

I don't mean to defend Palladium which I consider a potential disaster for human freedom. OTOH I think your history is off.

Microsoft starting shipping I.E. with the operating system starting with I.E. 2.0. When I.E. 2.0 was free people still were willing to buy Netscape communicator because it was a vastly superior product (which disproves your main point). With I.E. 3.0 while I.E. was inferior it was getting "good enough for free" with I.E. 4.0 I.E. was a better product than Netscape 4 (at least half the people who used both thought so). Why would someone use a pay product when there was a freely available and faster one which was also likely to become a standard.

By I.E. 4.5 I.E. was far and away the best browser on the market and it was cross platform (Unix versions and Mac versions were also freely available). I have no trouble seeing why Microsoft won the browser wars, they had a better product at a better price. Over the last few years they haven't improved I.E. very much and the compitition is starting to / has caught up.

This behavior is typically why Microsoft wins. When they face compitition offer a product that is:

a) Almost as good at a much lower cost
b) As good at a lower cost
c) Better at the same cost

The important thing to understand about beating Microsoft in markets where they are now dominant is that to beat them the product actually has to meet criteria a, b or c. ICQ will need to be genuinely better than Windows Messanger for people to go the trouble to use it; not just as good. OpenOffice will need to be almost as good as MSOffice before free is going to be enough (and no it ain't even close yet just ask any of the office power users).

Re:I think your history is off

First, quality of products is something that is a matter of taste, especially in the consumer market where things like Office's Clippy matter much more than revolutionary new data files that are saved in XML. I agree that at IE3/4 times Netscape wasn't able to catch up with the multimillion-dollar project IE (remember, MS doesn't have to make money with IE or any other product except Windows and Office to survive), in both terms of "quality" (whatever that means) and development speed. But f.e. IE has always been much more insecure than any other browser. But the threat of viri et al. is usually only noticed by the average home user after their system has already been screwed up (and even then, 95% just reinstall Windows 98 and that's it).

But the main flaw (IMHO) in your post is that you totally neglect the power that Microsoft has because you cannot avoid certain "bundles". You just have to install IE, if you want to use Outlook. You cannot avoid installing Messenger with XP. At many retailers you even have to buy Windows together with the PC (or nothing at all).

This just cannot be compared to the (real kind of) competition that takes place between Mercedes and Audi or between Mozilla and Opera.

Re:I think your history is off

[jbolden]

First, quality of products is something that is a matter of taste, especially in the consumer market where things like Office's Clippy matter much more than revolutionary new data files that are saved in XML. I agree that at IE3/4 times Netscape wasn't able to catch up with the multimillion-dollar project IE

Right my point was that it was the IE project producing a better browser (which simply meant the customers liked it more nothing deep) not the bundeling that made the difference. People tossed the free bundled IE 2 to replace it with Netscape.

(remember, MS doesn't have to make money with IE or any other product except Windows and Office to survive),

True. And when the gained their office market share they used Windows + Dos revenue. There is no question that Microsoft's willingness to lose money in the medium term is a huge part of their success. Even companies with deep pockets (like IBM in the OS/2 2.0 - 3.0 days) have proven unwilling to do this. But that is not a flaw of Microsoft's but rather a flaw in their opponents. I should note that today Netscape isn't making money on the browser, or the webserver of the webservices. My guess is that had they been willling to lose money 1-2 of those areas they still be making in the other 1-2.

in both terms of "quality" (whatever that means) and development speed. But f.e. IE has always been much more insecure than any other browser. But the threat of viri et al. is usually only noticed by the average home user after their system has already been screwed up (and even then, 95% just reinstall Windows 98 and that's it).

IMHO people talk about security but when it comes to security vs. price or security vs. features they usually side with price and features. Again "better" means fulfills customer's actual wants. I don't think people care about security they just claim to care about security.

But the main flaw (IMHO) in your post is that you totally neglect the power that Microsoft has because you cannot avoid certain "bundles". You just have to install IE, if you want to use Outlook. You cannot avoid installing Messenger with XP. At many retailers you even have to buy Windows together with the PC (or nothing at all).

This just cannot be compared to the (real kind of) competition that takes place between Mercedes and Audi or between Mozilla and Opera.

I don't neglect the value of being the default choice. There is no question it helps; and the default choice wins all other things being equal. Since in this case the default choice is also free; another free product will need to be moderately better, and a cost product will need to be much better. Most companies are not able to produce cost products that are much better than Microsoft's offering over the long term and that's why they win.

Flash

[jbolden]

As Microsoft pointed out Flash and Shockwave didn't have any trouble getting people to download their players. The reason people don't download Sun's Java player is:

a) Most people don't see Java adding to their web surfing experience and generally avoid java apps
b) Microsoft's JVM is a lot faster

I have a 4-5 versions of Sun's JVM on my machine both for compatability and because Oracle uses a few of them. When I browse my default is MSJVM; I just think it works better. And frankly I'm not happy about Flash, or Shockwave or Java on websites. 2400 Baud is much faster than I can read. If we were still using gopher....

Software store

[jbolden]

Strongarming OEM's was bad, but it doesn't hold a candle to the fact that no one, except Microsoft, could write decent office software or software development tools for Windows for years because of Microsoft's secrecy with information on how to correctly use their OS.

I worked for WaldenSoftware (200+ software chain now owned by EB) when Windows 3.1 was the rage. Microsoft didn't win on better products they won on price. Back then word processors, and spreadsheets were $495 (retail); databases and business graphics were $595. Microsoft invented the "competitive upgrade" and priced it ranging from $99-129. The terms were so loose that this amount to a price cut. Word and Excel had been catching up with WordPerfect and Lotus 1-2-3 for years. Yes early Windows integration helped then gain a few months but it was the price issue that put Microsoft way over the top. Eventually started offering the same pricing but then they started dropping the ball in terms of product improvement. Ami Pro 2 was a great product highly competitive with Word (which disproves your point about Windows 3.1 BTW); Ami Pro 3 wasn't much better and Word had improved a lot; and Ami Pro was out of the race.

Microsoft cheated a little but mainly they won because they offered either: a better product or a better price or both.

Re:Software store

[ConceptJunkie]

I can't speak for Ami Pro, but 1-2-3 never made the transistion to Windows effectively, and while Word Perfect, did, it took years, by which time Office was the de facto standard. From what I've heard, serious users prefer Word Perfect to Word by a light-year even now. I personally avoid Word whenever possible... but as a hard-core nerd who rarely deals with business correspondance, etc, WordPad has always been sufficient for me.

Borland also used the "competetive upgrade" strategy liberally, but they ended up trying to compete with Microsoft in all fields and spreading themselves too thin. Despite their problems, I had always preferred Borland's development tools up until around 1996. They've done some neat stuff since, but I stick with Visual C++ these days (version 6, not version 7).

Re:Software store

[jbolden]

If you remember 1-2-3 they had an alternate technology which used large numbers of icons and palates rather than menus. Certainly DreamWeaver (which uses a similar system) is succesful. What Lotus failed to do was make the icons reasonable reflect the activity. Alternately having text that came up when you moused over the icons would have worked. Neither solution wasn't implemented for technical reasons.

As for powerusers and WordPerfect... The big thing WordPerfect has/had was "show codes" because they use a single pallate model. Word oushed templates which allowed either graphical design or logical design and so "show codes" would have been much more complicated (you had layer upon layer of codes being applied). WordPerfect hadn't done anything major since their 4.x release (which ran well on dual 5 1/4 inch floppies). 5.1 for Windows was just like 5.1 for Dos. Pretty much WordPerfect stagnatted for years. At the time WordPerfect came out with WordPerfect for Windows almost everyone still used Dos based word processors. What killed them was the fact that Word was the number of features Word kept adding while WordPerfect added very little (again Ami was even further along).

And again WordPerfect was outselling Word by quite a margin before the price cut. I'm sticking with my original point that it was the price cut and not WordPerfect's (supposed) technical difficulties which led to Word becoming dominant.

Microsoft and security...

[trezor]

Microsoft has an excellent track-record when it comes to security, with the little exception of Outlook, MS-SQL and the Win32-platform in general.

I expect that the Palladium platform has a own root-level scripting language that will embrace synergy and Universal-Network-plug-and-play, not to mention VBscript. All this to enhance the user-experience.

Seriously, though. Trusting Microsoft to keep anything secure is a hilarious idea. Somehow, someone seems to be taking it seriously. And thats bad. Truly bad.