Slashdot Mirror
A Lucid Explanation of Palladium
buro9 writes "Last week on the WMTalk list a heated debate raged on the rights of a consumer to rip their DVD's locally for more convenient playback later. As the debate started to border on a flameware an anonymous user managed to give the most clear description of Palladium and its implications to us as both users and developers."
Pretty interesting article. ;-) MS publicily saying that they will make some association / trustee company, including people from FreeSoftware community, competitors, and so on, which would review software & sign it. Would that be acceptable ?
Even if the poster is obviously against MS & Palladium, (s)he does point out one of the most critical things : MS has to sign everything secured.
Now the question is: imagine (or dream
Though of course having a program / driver signed would prolly require money, and thus disrupt many FreeSoftware projects....
Also interesting the bit on the boss / email, good point to. Needs to be thought really clearly before implementing.
Now of course the big question is whether all those Palladium / security thingy are really required for personal computers. Of course it'd be cool to have the guarantee that the OS doesn't get destroyed by a virus thanks to the built-in safeguards, on the other hand MS's system seems to take away too much from users....
Tsuyoikoto ha taisetsu da ne, dakedo namida mo hitsuyousa (Strength is an important thing, but tears too are necessary)
Why not just get and update antivirus? What MS is saying is they will protect your system against virus's (who knows, maybe they are hiring people to write the dang things in the first place to scare everyone) in exchange for complete control over your media and how you use the information on your PC.
No thanks, I will upgrade up to the last chip before DRM, and then keep what I got. I can just see all 28,000 MP3's on my system 'expiring' and getting locked out of them... *shudder*
No I didnt spell check this post...
For their version of the story, here is Microsoft's description of Palladium in plain English.
... so I won't. When even ordinary consumers hear that a Pd computer is eunuched, I doubt they'll buy it any more than they would a VCR that couldn't record. Remeber the days when software vendors attempted "strong" copy protection with key disks and dongles and bizarre installation gymnastics? Consumers rejected these schemes, and they disappeared.
... I see no problem with letting Pd go its merry way. You can not be forced to buy it, no matter how convinced you may be of the evil powers of government and microsoft. Let it die a pleasant market-driven death.
:)
As for Palladium, I don't see the advantage to me in buying it
Microsoft has a long history of failures of nanny products (Bob anyone?). This will be another.
Also, MS could not possibly get away with monopoly control of new content on PC's. That would make their last round of monopoly litigation with the gov't look like climbing Mount Everest compared to a quick trip up the bunny slope. It's not that being a monopoly is necessarily wrong or illegal -- it isn't -- but that it would be impossible to manage such a monopoly without anticompetitive, anticonsumer effects.
So
I know some will say this is somehow naive, but even as a pro-regulation liberal I firmly believe in the wisdom and power of the free market to deal wil 99.9% of situations such as this. If not, there will be plenty of time to kill it when it comes out; we don't owe Microsoft the favor of delivering a prelease death. I do not believe that Palladium will prosper, and even if it does that content providers will be able to resist catering to the market segment that rejects it. Look how many have "miraculously" continued to serve the "fringe" 5% Macintosh market -- for which I have heard of no Palladium plans. We welcome converts, BTW.
Reading the article, it came to me that in the "Windows PC" we crossed the Rubicon long ago. I don't know exactly when, and it would be interesting to determine.
...
An appliance is a machine that performs some number of functions, usually predefined. A blender is an appliance that does one thing, at various speeds. A Kitchen Aid is another appliance that can do multiple things, using attachments, but it's fundamentally a mixer. A GameCube is an appliance, with plug-ins to allow multiple faces on its basic function.
A personal computer is a general-purpose machine. It traces its roots back to the Universal Turing Machine, with a heavy emphasis on "Universal." From a calculation point of view, it's ready to do *anything*, and express that through a flexible peripheral interface.
A "Windows PC" is a step between a general-purpose computing machine and an appliance. For most usage, it's really a glorified GameCube. But the real appliance side of its nature comes when you start to see the "sneakware" that comes along with the software you buy. The end user has clearly lost control of what's running on the machine. At the moment, that control lies with the software provider, meaning today it's total anarchy, with essentially everyone but the end user vying for control. It's possible for the end user to regain control, but it's also really hard. Personally I don't know enough about Windows to truly regain control, myself. I can only exercise control by being darned careful about what I let on the machine in the first place.
Palladium finishes off the general-purpose PC, and really turns it into a more flexible GameCube. With Palladium in charge, your PC truly is an appliance. It may even be more stable than just Windows, because Microsoft will be in control, not competing with Earthlink and Kazaa and
But Linux gives me control limited only by my learning. Not only that, but the community shuns the spyware stunts common in Windows.
The living have better things to do than to continue hating the dead.
The only really acceptable policy would be to allow for multiple signing authorities. The use should be able to control who they trust to write and update their system software.
The problem with this is that it could open a hole in DRM that you can drive a truck through. The essence of the problem is that DRM has the goal of implementing a system that third parties can trust, not the users. It would be very difficult to maintain the chain of trust necessary for a content vendor to maintain control unless you can control all of the drivers, but I can see how it would be possible to make sure that managed content is only handled by managed drivers. On the other hand, this would be pretty complex. The content provider has to have a way to specify acceptable signing authorities, and the system must keep track of the "trust domains" in the system as well as the "trust requirements" (or level?) of any content (data).
There has been a problem that has plagued philosophy for some time. It goes like this. Suppose you were just a brain in a vat, and that all your experiences were simulated. Could you possibly know it? This problem was dramatized quite well in the movie "The Matrix". The answer is that we could never tell the difference. This may not have an important impact on our lives. After all, a hamburger tastes just as good whether it's a perfect simulation or real.
But this does have impact on software. How does the software "know" that it is running on a trusted platform. It must go through APIs that tell it this. These APIs can be subverted and replaced to always say "Yes, you are running on a trusted platform!"
Maybe it doesn't go through an API. Maybe there is a DRM instruction that gets directly executed on the processor. We can't replace the API in this case, because there is none. But we can run the program through an emulator. How will the program know whether its instruction are directly running on the chip or just being emulated by another program. This emulator could be simple, it pipes most assembly instructions directly to the chip, but any DRM related instruction gets subverted to avoid limitations of DRM.
Now, I'm not saying that such a task is easy. It's also not easy (perhaps not even possible) to make a human experience a simulation that could be mistaken for reality. But the possibility cannot be ruled out. But it is important to realize that, no matter how much software manufacturers try, they simply cannot gaurantee that their program is only being run a certain way on machines that they have no access to.
Palladium sounds well and good for Microsoft's stratgey of global domination, user oppression and maintaining its own security and power, but the biggest reason that viruses and trojans exist in the Windows world is Microsoft's software itself. It is not without reason that Microsoft Office is sometimes referred to as the Microsoft Virus Developer's Kit.
How will Palladium protect me against opening a Word document with a malicious macro in it. Since Microsoft allows all applications access to the whole OS, how can it protect against viruses created with its own tools? Must macros now be signed? If so, then the only macros will be the stock ones created (and signed) by Microsoft.
How will Palladium stop a user from clicking on an attachment that runs a batch file that deletes files from his system (I'm sorry, Microsoft will never pull off a version of Windows that can't be crippled or ruined with a well placed "echo y | del *.*"). Must batch files now be signed?
If a virus trashes all my user data (which Pd may or may not protect), but the OS is still intact, how does that actually help me, the user, except that I probably won't have to reinstall Windows?
Will compilers be completely banned? Or perhaps Microsoft will allow compilers on their system to only generate code that runs in a sandbox like Java and has no significant access to Win32? Will end users be limited to the useless little widgets, like the ones that seemed to be the only products of Java for the first several years?
Given Microsoft's track record on pricing, not only will Free Software be endangered or destroyed, but so will shareware, and perhaps small software companies. I guess everyone will disappear except the large power software vendors (and then only those Microsoft chooses to play with).
If Microsoft decided to play unfair again, will we have to wait another 10 years and then sit through years of pointless litigation only to have a judge wag his finger at MS and frown, while repeating "Bad company, don't do that again.", swat their behind playfully and send them on their way?
Recall that Microsoft created their Windows monopoly by actions taken starting in the early 90's (and earlier!) and well-publicized for years and years before the government got involved (and then got involved over matters that were peripheral to the real reason Microsoft was a monopoly in the first place). Bundling the browser was peanuts compared to the undocumented nature of the most powerful parts of Windows 3.1. Strongarming OEM's was bad, but it doesn't hold a candle to the fact that no one, except Microsoft, could write decent office software or software development tools for Windows for years because of Microsoft's secrecy with information on how to correctly use their OS.
Microsoft releasing Palladium is like Bill Clinton moving into a college girls' dorm. Microsoft can declare all the good intentions they want, but at the end of the day, the tempation to abuse, and the advantages of abusing, this power will be overwhelming.
You are in a maze of twisty little passages, all alike.