A Lucid Explanation of Palladium

buro9 writes "Last week on the WMTalk list a heated debate raged on the rights of a consumer to rip their DVD's locally for more convenient playback later. As the debate started to border on a flameware an anonymous user managed to give the most clear description of Palladium and its implications to us as both users and developers."

Random thoughts

[RyoSaeba]

Pretty interesting article.
Even if the poster is obviously against MS & Palladium, (s)he does point out one of the most critical things : MS has to sign everything secured.
Now the question is: imagine (or dream ;-) MS publicily saying that they will make some association / trustee company, including people from FreeSoftware community, competitors, and so on, which would review software & sign it. Would that be acceptable ?
Though of course having a program / driver signed would prolly require money, and thus disrupt many FreeSoftware projects....
Also interesting the bit on the boss / email, good point to. Needs to be thought really clearly before implementing.

Now of course the big question is whether all those Palladium / security thingy are really required for personal computers. Of course it'd be cool to have the guarantee that the OS doesn't get destroyed by a virus thanks to the built-in safeguards, on the other hand MS's system seems to take away too much from users....

The market will kill Pd

[MacAndrew]

For their version of the story, here is Microsoft's description of Palladium in plain English.

As for Palladium, I don't see the advantage to me in buying it ... so I won't. When even ordinary consumers hear that a Pd computer is eunuched, I doubt they'll buy it any more than they would a VCR that couldn't record. Remeber the days when software vendors attempted "strong" copy protection with key disks and dongles and bizarre installation gymnastics? Consumers rejected these schemes, and they disappeared.

Microsoft has a long history of failures of nanny products (Bob anyone?). This will be another.

Also, MS could not possibly get away with monopoly control of new content on PC's. That would make their last round of monopoly litigation with the gov't look like climbing Mount Everest compared to a quick trip up the bunny slope. It's not that being a monopoly is necessarily wrong or illegal -- it isn't -- but that it would be impossible to manage such a monopoly without anticompetitive, anticonsumer effects.

So ... I see no problem with letting Pd go its merry way. You can not be forced to buy it, no matter how convinced you may be of the evil powers of government and microsoft. Let it die a pleasant market-driven death.

I know some will say this is somehow naive, but even as a pro-regulation liberal I firmly believe in the wisdom and power of the free market to deal wil 99.9% of situations such as this. If not, there will be plenty of time to kill it when it comes out; we don't owe Microsoft the favor of delivering a prelease death. I do not believe that Palladium will prosper, and even if it does that content providers will be able to resist catering to the market segment that rejects it. Look how many have "miraculously" continued to serve the "fringe" 5% Macintosh market -- for which I have heard of no Palladium plans. We welcome converts, BTW. :)

Re:The market will kill Pd

"As for Palladium, I don't see the advantage to me in buying it ... so I won't."

That's really quite short-thought.

Take Internet Explorer. Nobody really wanted to use Internet Explorer when it came out (versions 1,2 and probably 3 were really crappy and couldn't compete to Netscape). But they shipped it with every version of Windows and Office and Media Player and on all the service packs, and when version 4.0 came out, which finally was a usable browser at least, it soon was on every PC out there. And the average home user just used it, because downloading Netscape Navigator or Opera just didn't seem convenient. Now, most people infact use Internet Explorer (even many sysadmins don't bother installing Mozilla anymore, although they should know the shortcomings in terms of security).

Take Windows Messenger, for example. In the older days, people just downloaded ICQ and were happy with it. Now XP comes with Windows Messenger and among my friends I see the same thing happening with Messenger vs. ICQ. They tell me, they now have XP and use that cool Messenger thingy and they won't bother to download ICQ, because "why should I". They even don't (want to) know about the privacy implications.

The same will happen with palladium. You will just get it with Windows Longhorn or your next update to Media Player or your next service pack to Office (or together with that patch that fixes the recent 37 buffer overflows in MS' TCP/IP stack), and you may not even notice that the MP3s you save won't be playable on Linux and the MS Office Documents you save won't be readable by OpenOffice anymore.

Palladium and "The Matrix"

[etymxris]

There has been a problem that has plagued philosophy for some time. It goes like this. Suppose you were just a brain in a vat, and that all your experiences were simulated. Could you possibly know it? This problem was dramatized quite well in the movie "The Matrix". The answer is that we could never tell the difference. This may not have an important impact on our lives. After all, a hamburger tastes just as good whether it's a perfect simulation or real.

But this does have impact on software. How does the software "know" that it is running on a trusted platform. It must go through APIs that tell it this. These APIs can be subverted and replaced to always say "Yes, you are running on a trusted platform!"

Maybe it doesn't go through an API. Maybe there is a DRM instruction that gets directly executed on the processor. We can't replace the API in this case, because there is none. But we can run the program through an emulator. How will the program know whether its instruction are directly running on the chip or just being emulated by another program. This emulator could be simple, it pipes most assembly instructions directly to the chip, but any DRM related instruction gets subverted to avoid limitations of DRM.

Now, I'm not saying that such a task is easy. It's also not easy (perhaps not even possible) to make a human experience a simulation that could be mistaken for reality. But the possibility cannot be ruled out. But it is important to realize that, no matter how much software manufacturers try, they simply cannot gaurantee that their program is only being run a certain way on machines that they have no access to.