Slashdot Mirror
Palladium Changes Name
thelinuxking writes "According to this CNET article, Microsoft has changed the code name of its highly controversial 'trusted' computing platform from 'Palladium' to 'next-generation secure computing base.' Microsoft claims that the name is being changed to reflect the fact that Microsoft is 'embracing this technology in terms of folding it into Windows for the next decade.' Also, an unnamed small firm has claims to the trademark of 'Palladium'. Microsoft denies that they changed the name due to the criticism 'Palladium' has recieved, and released the source code to the core part of the software to show that the software is secure and does what they claim." Notice the PR diversionary tactic: it's being criticized because it does what they claim, not because it doesn't. :)
Why is it that a $300 billion some company isn't able to hire someone who check the with the trademark office to see if any of the crap they are using is already trade marked?
http://www.archive.org/details/ThePowerOfNightmares
They can run, but they can't hide from /.
Palladium Books, maker of fine pen-and-paper role-playing games.
Maybe they changed it because no-one had a clue what palladium actually is...
Joe Sixpack - "Muuur, pall-ad-ium? What's that?"
Joe Fourpack - "I think it's food. I eat it."
Bill Gates - "No! That's an xbox 2, with trust built in so you can't watch VCDs, DivX, or listen to mp3s on it!"
Joe Fourpack - "Tastes like chicken."
-Mark
Good news everybody! We have free videos and MP3s! "Secure" computing base? Why are they sabotaging themselves, now this thing has the word "security" attached to it, and you know how MS's track record with security is!
What time is it/will be over there? Check with my iPhone app!
Try saying that fast ten times in a row?
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
Watch this,
Now Microsoft will change Windows XP to Windows NGICI (Next Generation Insecure Computing Interface) thats pronouced ni-ji-se
Help I'm a rock.
" Microsoft claims that the name is being changed to reflect the fact that Microsoft is 'embracing this technology in terms of folding it into Windows for the next decade.'"
Why does my stomach get a queezy feeling when I read this??
Hey, I got karma to burn...
The race isn't always to the swift... but that's the way to bet!
Because all our next-generation secure computing base are belongs to them.
In other news, Ikea has changed its name to Good Luck Putting This Stuff Together.
(inspired by Harland Williams)
...oOOo..'(_)'..oOOo...
All your next-generation secure computing base are belong to key signer.
If you cannot convince them, confuse them!
"There is no teacher but the enemy."-Mazer Rackham
My Palladium sucks T-shirt is now worthless and I don't think a "next-generation secure computing base sucks" T-shirt will cut it.
The race isn't always to the swift... but that's the way to bet!
at least it's catchy
"Microsoft denies that they changed the name due to the criticism 'Palladium' has recieved, and released the source code to the core part of the software to show that the software is secure and does what they claim."
Released the source to who? I don't remember seeing this anywhere and a little googling comes up with nothing. Seems like you would want to post it to slashdot since open source users are the ones most concerned about the ramifications of pallad... Err next generation secure computing base.
Because everybody want's a secure computing platform, right?
I mean, who wouldn't want a computer that has all its data secure, is immune to hackers, and runs only Microsoft products?
CitrusTV (http://www.citrustv.net): the Nation's Oldest & Largest Entirely Student-Run Television Station
... still has thorns. :-))
Honestly, people ... Next-Generation-Secure-Computing-Base is not DRM. This is only a tool that will allow computer users more security over important documents. Just because Pallad...Next-Generation-Computing...can be used to build DRM does not mean that it should be lumped in with it. Save the knee jerk reactions for IBM and TCPA.
...or maybe she could just borrow a few thunderbolts from Zeus.
They just changed the name so that it would be harder to remember and search for. They could have made up a new term to refer to their new DRM, or got the rights to the name, but they have opted to use the vague "next-generation secure computing base" instead.
You can easily find stuff about Palladium. But searching for next-generation secure computing base turned up a lot of people using these keywords, and with quotes as of yet has turned up nothing.
However Linux doesn't seem to require an integrated hardware/software Palladium or similar technology. MS is trying to stay in the $. I'm sure over the next Decade Linux can get an interface as integrated and user-friendly as Windows and Macs (look at OsX on FreeBSD). Then what will you choose as a computing platform? .. An integrated Windows/hardware/software secure system that you pay through the teeth for, or a less restrictive but equally friendly, cost-effect Linux desktop system? ... especially if you are deploying hundreds or thousands in a corporation. The future can be bright. MS might just force themselves into harder competition by this secure computing strategy. Here's hoping, because it's always nice to have more than one on the playing field.
Yes : Palladium was a 'good' name. It encouraged people to talk about it. It was a Name against which people could league them together. Now it's another dull acronym nobody is willing to talk about ...
perhaps even to think about...
believe me, this is the most 'clever' idea from microsoft since June. by the way, this technique is getting pretty common in the area. There were already the dmca, tcpa, sssca, cbtdpa....
I urge people here to find it a catchy nickname before it is too late (it will be to late when the hype about palladium will be over, which means soon). "Big Brother" is maybe not original enough... and also not enough specific (there are other related issues in america, like the tia and the tips).
War doesn't prove who's right, just who's left.
I believe this move pretty much defines "obfuscation." It's easy to oppose, single out, and criticize "Palladium." It's a lot harder to oppose, single out, and criticize "secure network of corporate jargon and words that are put in to make the name longer initiative lemur".
:)
(If you're tempted to mod this "redundant", think about giving me some mercy points for using a nickel word like "obfuscation.")
Secure Computing Base
...and sell them Windows and Office.
The Next Generation
Cyberspace- the final frontier.
These are the voyages of the monopoly: Microsoft.
Its continuing mission- to seek out new life and new civilizations...
graspee
I keep hearing that TCPA is NOT the death of Free software. But how can that be?
Here's how I understand Palladium. It is implemented beginning at the hardware level. The hardware refuses to execute a boot sector that has not been digitally signed. Therefore, only "trusted" boot loaders will work.
From here, the trust is handed to the software, and the trust keeps expanding as more software is loaded. Some future version of Windows, let's call it Windows Secure User eXtensions, or for short, just Windows SUX, would be designed to cooperate with this trust model. The boot sector for WinSUX would be digally signed. So the hardware would load and execute the boot sector.
The boot sector loads an OS kernel from disk, the WinSUX kernel. Now the boot sector will not execute the kernel unless it is digally signed. So once the boot sector checks the signature, it passes control to the loaded kernel. The trust keeps expanding. Once the kernel is in control it can run only digitally signed device drivers, thus ensuring security of the hardware, and that only trusted hardware is used. WinSUX can also only run trusted applications, such as Windows Media Player, thus ensuring DRM. Untrusted applications could be run within a sandbox by WinSUX - with certain API's and raw access to the hardware being off limits. Thus only trusted DVD players, media players, etc. will run. There will be no CD audio rippers, because they, being unsigned and untrusted, won't have access to rip the raw bits from an audio CD.
Just as WinXP requires registration to use, WinSUX can do likewise. But with WinXP there are already numerous hacks to defeat the registration mechanism in WinXP. Not so with WinSUX. If you tamper with the code, you invalidate the digital signature, and the boot loader won't run the OS. Or if you didn't tamper with the kernel, then whatever trusted DLL or application you had to tamper with won't get run by the kernel because it's digital signature will now be invalid.
Being able to trust that WinSUX is trusted also allows Microsoft to ensure things that they cannot ensure today. They really could make WinSUX expire after two years and refuse to run. You could not patch WinSUX in order to continue running the OS you paid for.
So it seems like WinSUX does give security to Microsoft and to Hollywood, but not to the user. There still could be remote root exploits in WinSUX, thus allowing hackers to compromise running systems, steal credit card numbers, deface web pages, plant remote monitoring software, launch remote attacks, etc.
So far my analysis has not mentioned open source. Some would say, "If you don't like Palladium, then don't run WinSUX." But this ignores the fact that Palladium begins at the hardware. In order to run any bootloader, it must be signed.
There is no way that Microsoft is going to sign a bootloader like, say, LILO, the boot loader for Linux, unless it is trusted. Now LILO is open source, and Microsoft could say they will sign a "trusted" version of LILO. That is, if LILO is patched so that it will only execute a digally signed Kernel. So, LILO is patched, it is open source, Microsoft inspects the source, compiles it, and signs it. Now you can use the LILO boot loader and only execute signed Kernels. But all we've done is move the problem. Now I can only run signed Kernels. Maybe major distribution kernels such as SuSE, Red Hat, etc could have signed kernels. But what about Joe User who wants to compile his own kernel? What about developers who compile thirty kernels a day?
Of course, I'm sure Microsoft will find ways to make their own internal kernel developers lives easier. In fact, this becomes one way in which Microsoft can make external OS developers lives more difficult, and give their own developers an advantage.
The fact remains that the only way you're going to get a Kernel signed is if it is trusted. This means inspecting the source to make sure it doesn't have any naughty bits, and promises not to ever execute any other naughty bits. Signing kernels also becomes a new revenue stream for Microsoft.
But some would say: "But Palladium is optional, if you don't like it, just don't use it." Do you really expect me to believe that it will be optional? If it is optional, then all of its benefits completely disappear.
If Palladium were optional, then the following scenario would be possible. Put LILO into boot sector of hard drive. Boot up a specially crafted loader which loads the WinSUX kernel, patches it to bypass its security, and then start execution of the compromised WinSUX operating system. Once a compromised WinSUX can be executed, then all security bets are off. I could compromise its ability to run only signed device drivers. I could compromise its ability NOT to run an MP3 ripper. Compromise its registration mechanism, thus allowing pirated copies of WinSUX. Compromise its ability to quit running when it has reached the expiration date. It would even be possible to compromise WinSUX to allow the reading of material which Microsoft might consider "subversive", such as what you are reading right now.
Does anyone really believe Microsoft would go to so much trouble to ensure security only to turn around and make it optional? Optional means that the entire security of WinSUX and other future versions of Windows could be defeated. (Of course this is true on any non-Palladium hardware, such as a hardware emulation like Virtual PC.)
Let's continue with the analysis of getting open source programs to be "trusted". Maybe Microsoft runs a service where they will inspect another OS kernel to make sure it is trusted, and then they will sign it, so that the trusted LILO will run it. A trusted Linux kernel would have to be trusted not to execute any naughty code. Linux is trusted as long as it does two things: (1) only executes signed LKM's (Linux Kernel Modules), and (2) keeps certain API's off limits to untrusted user space programs. (You'll note that this is just how I previously described WinSUX.)
A Visual Basic programmer could write his own toy programs. But he could never write code that did anything naughty, such as play DVD's. Or he could do so only through secure COM components. System level programming would now become something that only a special "guild" could do. Ditto for device drivers.
Would Microsoft relax these restrictions? If I could run arbitrary LKM's, then all bets are off. I just write a Linux Kernel Module that holds interrupts, wipes memory clean, loads WinSUX, patches it, and then starts the compromised WinSUX running on the hardware. The LILO-Linux-LKM just becomes a means to an end of running compromised patched WinSUX code.
So in short, Palladium cannot be optional. If it were optional, then why bother at all? It guarantees nothing to the user. It only makes guarantees to Microsoft and to Hollywood. By making it optional, then these guarantees disappear.
If Palladium is not optional, then who holds the keys to sign programs? If just anyone can get any arbitrary program signed to run on the hardware, then the entire point of Palladium disappears. (I just need to get a special loader-patcher signed to compromise WinSUX. Or get some other program signed that will run my loader-patcher on the raw hardware.) If only trusted Open Source operating systems can run, then this effectively destroys open source. But Microsoft gets to play the PR game of saying that Open Source is welcome to participate in Palladium.
How can they pull this off? Just require all hardware to implement Palladium in order for it to run WinSUX. Most users will happily buy a computer with WinSUX preloaded. So the public will not understand that by allowing Palladium hardware to become widespread that they have just cemented Microsoft's control over what software that you can run on your computer.
I'll see your senator, and I'll raise you two judges.
Next-generation secure computing base? As opposed to the previous generations of secure computing bases?
"Hot lesbian witches! It's fucking genius!"
how much vaporware do they have floating around?
doesn't it seem that they have more expertise in changing their product names, than actually making useful software?
is it just me, or has the marketing dept. been on a rampage for three years now?
they have grown to the point where the left hand doesn't want to know what the right is doing (we know /yank what it's doing).
i think its just a matter of time before the m$ bubble bursts at this rate. they are losing sight of reality at a rapid pace these days.
well, at least by the time they release Windows .Net Smart Server Phone 2006 featuring a Hailladium Security chip, the last of the Code Red, Klez and SQL bugs will be worked out. . .
"You never want a serious crisis to go to waste." - Rahm Emanuel
I've often thought about how much "damage" a mole could do. Let's say I go to work for MS with the intention of putting in little bugs and/or giving confidential information to the open source community.
Slashdot 's editors are dickheads
Microsoft claims that the name is being changed to reflect the fact that Microsoft is 'embracing this technology in terms of folding it into Windows for the next decade.'
I find it simultaneously amusing and annoying that Microsoft will still be in business for the next decade, thus having that much more time to make our IT lives a living hell with even more codenamed software to trample over privacy rights and innovation in the name of protecting privacy rights and innovation.
All our efforts to get "palladium = bad" into the heads of non-techies are wasted.
"next-generation secure computing base = bad" is a more complex a message that does not make a neat soundbite
A pizza of radius z and thickness a has a volume of pi z z a
But this new name just doesn't have the same ring to it. How do you make up a catchy slogan -- any slogan -- containing the inconceivably awkward phrase "next-generation secure computing base"?!
The resistance needs catchy terminology, even if the Evil Empire doesn't.
I suggest, as a start, that "next-generation" is superfluous: Perhaps even the word "base" is as well, as long as the "Microsoft" is still in there: This presents the problem, however, that people may confuse the already-meaningful phrase "secure computing" with digital rights mangling.
One safe route, perhaps, is to insist on calling it "DRM", even as that phrase takes on an increasingly negative connotation and Microsoft attempts to disown it.
Now if they had changed the name to something like "Athena: super-dimensional fortress of security" then victory in the market would be assured.
[Set Cain on fire and steal his lute.]
You know what I think? I think the net has suffered enough DDOS attacks, Worm Spreads, and Virii for the last 10 years because of OS's from MS the this next "Secure" release should be free to anyone who was made unsecure before from MS.
So I want to mail them a copy of Windows 98 and I want this new "Secure" version for free because I already paid for an operating system which was supposed to be more "stable and secure" and now what? This should be free to everyone who had to suffer data loss from the fault of MS.
Or I guess I could get an upgrade to a secure OS for free ... www.openbsd.org ...
Ignore the "p2p is theft" trolls, they're just uninformed
"next-generation secure computing base" or, as it is known in-house, "Bend Over(tm)"
Rumagent
Calling it ' next-generation secure computing base' is a great way of hiding Palladium as a feature on the box of the next Windows. Say I was going to retail to pick up MS Windows' next version. On the box there is either listed in the features which would look more appeasing to consumers?
.NET ?
1) 'next-generation secure computing base'
2) Palladium
From the article "To address the criticism, the company has decided to release the source code of the core part of the software, known as the nub or nexus, so that others can verify it is secure and is doing only what the company has claimed."
Question: What about
In a similar vein, Intel's hardware implementation could be called "Big Brother Inside" or "Gestapo Inside" or somesuch.
Yesterday you were saying Palladium and TCPA are basically the same thing, and bashing them both. With these skills, your karma will go far.
...but other than saving the riaa, what is "next generation secure computing" going to fix security-wise? am i correct to assume that this scenario can take place?
::crash::
NGSCserver: incoming request! are you a NGSC computer?
NGSCcomuter: why, yes. as a matter of fact, i am!
NGSCserver: great! what can i do for you now that i know you are a trusted platform?
NGSCcomputer: i would like to exploit one of your bugs, causing you to blow your brains out and bring you to a screeching halt.
NGSCserver: okay! youre the boss!
Gentlemen...BEHOLD!
-Dr. Weird
How do you make up a catchy slogan -- any slogan -- containing the inconceivably awkward phrase "next-generation secure computing base"?!
This is absolutely the point. As anyone who follows the abortion issue knows (ex-- is it "Pro-Life" or "Anti-Choice?"), much of controlling a public debate is about winning the "terminology" war. How better to obfuscate a debate by blurring the way the topic is labeled and discussed? Is anyone in the general public really going to read an article which refers to Microsoft's dull-sounding "next-generation secure computing base"? Who wants to be "anti-security" anyway?
Notice that "NGSCB" is unpronouncable and hard to wrap your head around. Where as people can rally around a fight against something called "Palladium" there is no easy "brain-handle" in NGSCB to grab onto. They've chosen a bland nothing-name.
The Federal government had a similar problem with "Carnivore" which just sounds ominous. So what did they do? They changed the name to something bland-- DCS1000...something that sounds boring and innocuous, like the model of a breadmaker.
I'm sure the Department of Justice's Total Information Awareness will be renamed shortly to some anagram with no vowels like the "next-generation secure nation base 2003LJFBF". When you see they've changed the name, remember you saw it here first.
Incidentally, Time has a good article about how the White House is trying the same kind of thing by reterming thinning of trees as "management-caused changes in vegetation". While they can't do an all-out assault on the environment...
"They are rejecting the full-frontal-assault approach that gets a lot of media attention in favor of death by a thousand strokes of the pen," contends Stoermer. The Republicans are also learning how to spin environmental issues in their direction. In a confidential document distributed to G.O.P. Governors and members of Congress just before last November's elections, Republican pollster Frank Luntz advised party members to refer to themselves as "conservationists." The document said, "The first (and most important) step to neutralizing the [Republican environmental] problem and eventually bringing people around to your point of view on environmental issues is to convince them of your 'sincerity' and 'concern.'"
It's all about baby-steps and controlling the debate through language. As far as I'm concerned, whatever Microsoft now calls PALLADIUM, we and the press should not let them get away with it.
W
-------------------
This is my SIG. There are many like it, but this one is mine.
I don't want a key locked to my machine, because it becomes useless if I switch machines, if the old one breaks, or I simply want something better.
Why is it so hard to understand that what is wrong with private keys is that I don't have complete control over them? If it's my private key, it's mine, not something hardware generated that I can't keep or delete or copy at my whim. When it goes out of my control, it's somebody else's, not mine, and I don't want it!
Infuriate left and right
"Notice the PR diversionary tactic: it's being criticized because it does what they claim, not because it doesn't. :)"
It is being criticized by people who care about freedom... but the people who pose a more serious barrier are European and other governments.
The PR is focussed at the SERIOUS objections... not what you or I might find uncomfortable or politically objectionable.
Don't call it <long winded mumblefrotz>, call it "The Technology Formerly Known as Palladium".
I can explanate how to administrate your network. You must configurate and segmentate it, so it can computate.
To all those of you who have published pages with a realistic/pessmisitic view of the Palladium security platform: Update those page's META-tags NOW include any or all of the new terminology created by the Microsoft Marketing Department (r). Or else those search-engines will fail miserably to find anything relevant when those company executives tries to find information about the-next-great-thing from Microsoft which has been told to be oh-so-secure.
Jakob Breivik Grimstveit
"I love deadlines. I love the whooshing noise they make as they go by."
Somewhere, in a dark and smoky Redmond meeting room, an internal Microsoft slogan is born...
All your next-generation secure computing base are belong to us
The DRM previously known as Palladium.
Ad Majorem Dei Gloriam
Interested in AI? MACR
Catchy name, eh?
How about Palladium? Many people already know what it means, and it's (somewhat) memorable.
Just because Microsoft declares the name to have been changed, doesn't mean anyone needs to listen.
Microsoft has changed the code name of its highly controversial 'trusted' computing platform from 'Palladium' to 'next-generation secure computing base.'
Someone mis-filed this under "Microsoft".. is the "It's Funny.. Laugh.." category broken?
S
Satan, the Prince of Darkness, has changed his name to "Stan, the Democratically Elected Official Overseeing Things That Really Fall Into A Grey Area... Seriously, It's Not Evil."
Don't be so bothered about gcc3.2. It frickin BITES. If you are using XFS you are f*cked - it is incapable of compiling any kernel with XFS support. No doubt there are other things wrong with it beyond this one.
You are better off with a compiler that works. Stick with gcc-2.96. It's dependable and the same kernel that gcc3.2 choked on compiles fine with gcc2.96.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
We will never know what percentage of the too-numerous-to-count security holes are actually caused by malice.
Even if they caught the person, they would have a very hard time proving it wasn't just ineptitude. MS code being so bloated doesn't help. Lets assume Windows is 1GB of source, which isn't unlikely, that's about 25 million lines of code.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
In other news, does anyone else think it interesting that they are releasing the source code to part of Palladium? Cnet was a little thin on details about that though.
common star-trek go claim trademark of next-generation then they have nothing to stand on
/. what not
sig.
If you can't dazzle them with brilliance, baffle them with bullshit!
~REZ~ #43301. Who'd fake being me anyway?