Slashdot Mirror
Microsoft To Demo 'Palladium' At WinHEC
1010011010 writes "According to Microsoft Watch, Microsoft will be demonstrating Palladium (also known as 'Next-Generation Secure Computing Base') at WinHEC in May in New Orleans. The 'trusted root' is now called the 'Nexus' by Microsoft. Developers wishing to write 'Nexus-aware' applications will apparently have to pay a licensing fee to do so. The product manager for Palladium, Mario Juarez, says, 'It's important to note that nexus-aware applications will not hinder any apps or anything else running in the regular Windows environment.' I'm sure you can all hear the word 'yet' at the end of that sentence. There's talk of phasing in Palladium, starting with Longhorn Server in 2005. I wonder how Microsoft will convince consumers that loss of control is a good thing, and how long the convincing will take. I, for one, am already planning to transition my company away from Microsoft software. Hopefully that won't get messed up by and dumb mandatory-palladium legislation from the Fritz types."
Let me be the first to point out the irony of someone called Juarez being in charge of an anti-piracy system.
Oh, and it does the opposite of setting you free.
"I wonder how Microsoft will convince consumers that loss of control is a good thing, and how long the convincing will take."
Tell them if they don't they'll be supporting terrorism.
Why yes I am paranoid! Thanks for asking!
After having bought MS Visual Studio C# .Net, not realising that the "Standard" version doesn't play with non MS databases, I can't wait for the day when my OS/Computer refuses to let me use MySQL via ODBC because the drivers aren't signed/Palladium compatiable. I'll be so happy to be secure and safe from subversive and dangerous open source technolgies.
One day I will boot up WinPalidumb and a ghostly image of Whoppie Goldberg will lure me to this place of pure happiness.
Of course, being cool as I am I will realize that it's all fake and as harsh as real life^H^Hnux is, that's where we belong...
And I will bring back William Shatner; possibly saving (enter)price(line)?
*ducks*
My life in the land of the rising sun.
I think right now, they are so unsure of where they are going with this that the show really doesn't matter. Since the testing began, i've seen rumors of home versions and the like. The final product will most likely dramatically change from what is shown at the show.
I don't like the part about the fees. Palladium does seem to have one strong point in making its applications hard to exploit (even the badly-written ones).
So won't this hurt Linux and Open Source software in general? High fees would keep Microsoft's good competitors (Apache, for instance) away from Palladium, and then we'd have all the unbearable boasting about how IIS is more secure.
That would be a cheap trick... but one to expect.
And when Nexus gets to version 6, will it be physically and emotionally indistinguishable from a human being? Will we have to hire Blade Runners to keep Tyrell Corpo...I mean, Microsoft's crazed creations off earth?
Nexus v.6: I want more life, fucker.
Bill Gates: Sorry. Planned obsolescence is a bitch.
Only in slashdot are posts of solidarity modded at -1 Redundant, while posts of antagonism are modded as -1 Flamebait.
While the idea of the technology isn't really all that bad, I question the intent of Microsoft in creating Palladium. If the technology is adapted in its "pure" form, Microsoft will be able to determine what you can and cannot do on your own personal computer - and they will make consumers pay for this "technology." It would be like adding the extra "feature" to an automobile that you can drive only to certain places - and charging more for this "technology." Where can you go today?
I wonder how Microsoft will convince consumers that loss of control is a good thing, and how long the convincing will take
The government's already convinced people that loss of control in the name of "fighting evil" is wonderful, and that it should be accepted openly.
Hopefully people don't follow suit with Palladium, or pretty soon, the government will see that regulation of a person's own computer can be done easily and effectively.
solution: we all start using Linux (or in some cases, use Linux more) and move to Canada (or in some cases, stay there)
note: entire solution does not apply outside of US or Canada, your mileage may vary, see dealer for details, sweepstakes ends 11/05/72. Linux portion of solution applies to all humans, again, see dealer for details.
That gives us about 2 yrs to get linux ready to take over. Can we? Because if not, it will be vary bad. This is our chance. Once people are tied into palladium, they're stuck.
Now MS can candidly tell consumers how they intend on outright controlling all of your data and even charge developers for the "privilage" of being able to conform.
I just can't see how so many pointy-hairs can examine Microsoft and it's products and decide that it would a good idea to spend so much money on it. Microsoft sales people are truly adept at their trade.
... Just sit back and wait and see what MS does. If you just take it for what it says now there isn't much of anything to go nuts over. Yes maybe something will come up that makes it Evil, though with something like this what one considers evil others consider good. If It turns out to be just as MS says it is going to be, what do you have to fear? You don't like the paying? sure that might not be so great, but then again this is most likely going to apply to major windows apps. You know the kind written by companies that people go out and buy. So adding a few cents to the price won't matter to anyone. I don't think anyone is going to go and pay to have there Hello World app 'Next-Generation Secure Computing Base' certified.
If your afraid of how it works or don't like it don't use it, don't use windows. With just what MS has said most all of what people go on about has no bases and is just stuff from tin foil hat people. Yes MS has done bad things. Maybe they will with this. But give them a chance with it, let them screw up before you chastise them.
Developers wishing to write 'Nexus-aware' applications will apparently have to pay a licensing fee to do so.
And, I suppose it will only be a matter of time before Palladium dictates that only Nexus-aware programs will run. Nice business model.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
Microsoft is taking the control out of users hands for just the same reason (and for anyone in denial, try to log in as "Administrator" on a WinXP machine). It wouldn't make sense for anyone to be able to bypass the mandatory access controls on a military mainframe, and if they can they have to be very very trusted.
I hear you out there! Screaming that your home computer isn't a shared, let alone military, machine. Well, here's a message for you: it's shared with all the people who write software for your computer. That's right, software has owners and when their software is on your computer they think they should have a say over how it is controlled. For better or worse, your choice to share your computer with the owners of this software is what is driving this effort.
Not that sharing is bad. It makes sense to share. You have the choice of who you share your computer with. I've chosen to share my computer with people who have similar views to me on what is a fair. These people write software that they license under so called "liberal" licenses -- the GPL and the BSD licenses for starters.
How we know is more important than what we know.
This seems to me like pretty clear trademark dilution of the Lexus-Nexus trademark. I don't know what "Lexus-Nexus" means, but i know it's what comes to mind when someone says "Nexus-aware."
Anyone agree or disagree on that?
This reminds me of the time MS decided to demo Win98... I think the conversation went something like:
/me is using Gentoo Linux!*
demo guy: Well, Bill. You just hook up the scanner and Windows will automatically find and install the drivers for it.
Bill: That's great!
demo guy: Yes. It is one of the great features of Windo- Oh, boy. That's not supposed to happen.
*BSOD appears on a 3 story screen*
*audience laughs*
*/me shudders after thoughts of the future run through my head*
I can see it now...
demo guy: You plug in your printer and WindowsPA automagically detects it and installs the printer drivers.
Bill: That's great!
demo guy: Yes. It is one of the great features of Win- Oh, boy. That's not supposed to happen...
*BSOD fills 3 story screen*
BSOD: All you data are belong to Microsoft.
*Audience laughs*
*/me laughs becasue
Okay, I'll bite. IN THEORY, that is in a perfect world, the idea of programs/documents needing authentication is a good idea. It would be great for administering desktops in an office environment for example. That is if I (as the admin) get to control the authentication server. IN PRACTICE, i see this as a move towards a closed development model (not as in closed-source, as in closed dev like consoles for instance where everyone needs to go through nintendo/sony/MS to publish software) where MS controls access. I could be wrong though, and the idea that we could finally stop idiot employees/customers etc from installing gator or emailing out confidential information by mistake is a nice one.
Jeremy
One of our developers has already approached RMS but apparently he mumbled something about "GNU/trusted computing" before the developer hung up the phone.
________
Open source hosting @ $3 / Month - Cheap Web Site Hosting
Shouldn't this story be in the "Your Rights Online" page? Considering that clicking on Pallidum's EULA will be just like signing your soul over to the devil....I'll take an open source solution thank you very much.
"Some fight for law. Some fight for justice. What will you fight for? One day, you will see."
The poster has missed the point and has confused two seperate issues into one. (DMR and machine security). If the poster had actually read the microsoft link from his own link he would have come up with the following quote"
" "Palladium" will not require digital rights management technology, and DRM will not require "Palladium." "
DMR is not the focus of Palladium (at least intially.... I say this with a grain of salt as you never know what they future will hold), but rather a seperate microsoft initiative spearheaded by the windowsmedia group and the Office group. I would be far more concerned about what these groups do than what Microsoft has outlined for Palladium.
Palladium is (or at least what is hoped, again i say this with a grain of salt, we'll only really know once the deliverables are shown) a combination of two big ideas. The first is to provide a system in which a user can trust stuff and allow it to run with sensitive information (eg, user data) and provide a sandbox where they can run stuff that they don't trust and know it won't do anything of consequence.
The second is to bring the PC hardware/Software to a more sofistated level, bringing up the bar as it would to what is now held by some of the mainframes. This serves two fold a purpose, one to weed out old hardware and hardware manufacturers that people keep using over and over that perhaps just don't have proper drivers which haul down the machine. Secondly, give greater credibility to the Wintel platform in all they're little political/business/OSS/User heart battles. At the end of the day, any time a user/admin/whomever sees something not function correctly (eg, system crash, failed performance of hardware eg... scanner won't scan) the first impulse is to blame Windows reguardless what caused the problem. I'm all for the improvement of the overall improvement of windows as any system that is improved makes a cost saving in both time and money at the end of the day.
There has been much speculation as to what Pallium will actually be. Most of it has been nonsense runned off by people with FUD as they're agenda. Little is known about what exactly will Pallium eventually encompase.... But what I do know is this. If it turns out that user restrictions are placed and people suddenly stop beind able to do certain things... then Microsoft will get a hit to they're bottom line and OS's like Linux and Mac OSX will suddenly have a massive inflow.
Give the public a little credit... The market doesn't have an absolute hold on them and if windows doesn't suit they're needs they'll jump off as though the ship is on fire. It's not like there aren't other capable alternatives. If there wasn't windows would have been regulated long time ago just like the telcos. But do you really think microsoft would alient people that much (or abolish competition for that matter) to be able to hurt themselves? I think not.
I wonder how Microsoft will convince consumers that loss of control is a good thing, and how long the convincing will take.
I must have forgotten when they convinced me that Clippy was a Good Thing before forcing^H^H^H^H^H^H^Hintroducing it.
Seriously, do you really think they're going to even try to convince us? What's the point of having a monopoly if you can't (ab)use it?
It's worth nothing that the behemoth apps (Outlook, Word, Excel etc) are signed, they will probably keep their embedded superscripting features, so viruses will still happily run on them.
I am curious about buffer overflows. Stack checks are not infallible, code is not read-only and and I can't imagine the palladium system checking the signature for each 4k block as it runs (since if decent encryption is used it will be quite expensive in CPU time). So, will we have signed apps that might still have such bugs ?
I dont have anything to hide....
except probably your username?:)
I agree with your fears, but even your best-case scenario sounds like a pain for perhaps 70% of computer users.
The risks far outweigh the benefits from a company that has shown itself repeatedly to be untrustworthy.
The comment about preventing employees installing software is misleading. NTFS and Unix permissions can prevent this (though it's tricky to get the balance on NTFS if people actually have to use the computer for more than a few specific tasks. I have been called out several times to fix people's new XP systems that will only run programs as the Administrator. Ironically enough, Microsoft games seem to be the worst offenders.
Regarding emailing out confidential information - that's a total red herring. If people have the ability to send email without physical human monitoring, the best you can have is a keyword search. Palladium would do nothing to prevent people leaking information, unless it was by preventing them installing an email client (which again is something that can be handled by permissions.)
The first thing i thought was: "So, it starts."
... It keeps getting better all the time.
Then I read some comments. You gotta pay to write software for windows. What crap! They have the desktop computer section by the balls, and they keep squeezing for more money.
But the more they squeeze, the more people get sick and leave. So in part, I welcome this. Maybe a few more people will get the idea and switch to something freer....something that ends with "ix"
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
I wonder how Microsoft will convince consumers that loss of control is a good thing, and how long the convincing will take.
Oh that's easy! All you have to do is convince everyone that having control over your computer just helps terrorists.
Sigh. Now if only I were kidding.
--Rick "If it isn't broken, take it apart and find out why."
There are several other places to find it; I just googled it again. And get a dead-tree version for your Dad, too (that's where mine went).
Think, write, think, edit, think...then post.
Anyone else see this story title and immediatly think of a giant Palladium RPG session inside microsoft? Who knows, maybe it's just me. :)
"When will this FP stuff stop?" "After the great growing..." "The great growing?" "Yea, when people grow up."
While I love my mp3s, downloading free images, music videos, tv shows, even copying a DVD to divx here and there ;) ... I can see both sides to the conflict.
I was always one of the people saying the Internet would revolutionize the world... that Information should be free, etc etc. And that's what it comes down to... the real world is based on selling goods, trading services, etc. These goods and services are of limited quantity, so they have value. Media on the Internet can be copied infinitelly, and thus has no value.
I am stepping out on a limb here, but is it possible the dot.com boom of the late 90's failed because of people trying to charge for things that were inherently worthless? What if your wallpapers.com website sold quality wallpaper images, but that were signed and could only be used by the person who bought it. (think: When I buy a painting to put on my wall, I can't send a copy to all my friends for free, can I? Isn't it the _same thing_??)
So there's the problem. Do you want the benefits of a media-rich world, where people can actually make MONEY, and succeed, and continue? How many GOOD sites have shut down because of lack of revenue?
Would it be worth it, if it were properly implemented and restricted, to put such a system in place to give the internet an actual economy?
no comment
Why dont you people bash Microsoft anymore? It used to be so much fun.=)
... am I the only one who sees "WinHEC" and reads it as "WineHQ"?
;-)
'Cause I really did. I was all "What? Microsoft is embracing Wine? No wh-hay!"
"Times have not become more violent. They have just become more televised."
-Marilyn Manson
...that similar to the Xbox, which I hear is a sort of initial version of the Palladium/hardware security that we will be seeing... What will happen if this huge target does get cracked? Would it make it even more vulnerable than a target that is expected to be broken into every once in a while?
, for one, am already planning to transition my company away from Microsoft software
But this sort of thing is brilliant for companies, as it cuts down on the damage a employee can do on their PC. It also restricts what data a sour employee can walk out of your company with.
I for one would like to be able to see a OpenSource application that works like a central repository and customises documents via steganograpghy whenever an employee checks out a sensative document. Then leaks can be tracked down to who checked the document out, and investigations proceed from there.
In a press release addressed to the world from Bill Gates... "Hello citizens of the world. I would just like to congratulate all the owners of our Palladium-enabled operating system! You won't have to worry about viruses -- they won't run on your system. You won't have to worry about those nasty games such as Anarchy Online or Doom 3, either. We are only going to allow our operating system to run our software. Some of you have asked about the exclusion of 'Minesweeper' from this version of Windows. To be blunt, Minesweeper takes so much time and effort to produce, that we've decided to sell it as a separate product. That will be another $500, per computer, per user. That covers one year worth of updates. It will also require a CD-key and server verification! Once again, I'd like to thank the U.S. Government for helping us out, and you the people for voting with your dollars. Its clear that all the software manufacturers EXCEPT for Microsoft haven't lived up to your standards, so you'll never have to deal with them again!"
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Sad thing is, they laugh because BSOD's happen all the time. If they never happened they would look at the BSOD thinking "What's that? Never saw that before." but instead they laugh thinking "Hah I get like 3 of those a day it's so funny." Why do people think it's normal for a computer to crash every day? Then they go out and spend like $1,000 at best buy upgrading 2 things because their 1.5 ghz computer is too slow (which explains the crashing, of course...) and they needed a 3 GHz P4. And when that fails to fix any problems I get a phone call at around 9AM asking me to fix the computer :-/
Apple did it and it has only 5% of the market. Let that be a lesson.
(Disclaimer: Well, not really considering I have swtiched may laptop to an iBook and am loving the BSD-based little thing.)
I love the way that everyone is just flaming Microsoft, without any knowledge at all of what Palladium is or what the Nexus is or what the implications are of the system. I'm glad I'm not an open source sheep...
Nick...
IBM and Intel, and a few other hardware manufacturers, probably with support from Microsoft, tried something similar back in 2000.
Then it was called Content Protection for Recordable Media (CPRM). This was hardware based system that encrypted the data on hard disks. The idea was that they would sell hard disks with hardware based encryption and key management. The goal was to provide a platform for DRM. One description can be found at The Register.
There was a lot of noise in the press for a couple of months after the announcements as the public opposition was voiced. Then the initiative quietly died.
It's not surprising that CPRM dissapeared, since no one could force you to use CRPM based hardware. Why would customers go out and upgrade/replace their perfectly good hard disks with something that imposes (to the ordinary user) complex and difficult to understand restrictions? Particularly when when normal unrestricted hard disks would still to be available.
I suspect (and hope) that Palladium will suffer a similar fate. Most people resist forced upgrades. Over the years, Microsoft has tarnished its reputation by continualy forcing users to upgrade. As the Windows cost/ownership hassle has increased, the minority of non-upgraders has grown and now includes even a few major corporations. Worse, it's also caused some previously loyal customers to switch to Unix and Linux.
With Palladium, the upgrade will require a new Palladium enabled PC, not just more memory and a faster CPU. This, combined with the restrictions, will make people even more reluctant. If Microsoft actually forces the upgrade, say by discontinuing support and sales of previous Windows versions, they risk a customer revolt. Microsoft realizes this (as evidenced by the recent Palladium name changes and smoke and mirrors announcements) and is treading cautiously.
My personal belief is that DRM is an unreachable utopia. It only takes one person to crack an instance of DRM protected media or indeed the DRM system itself. Once this has happened, then there's nothing anyone can do, technically or legally, to stop distribution of the unprotected digital content. Given the financial incentives there are plenty of clever minds willing to devote a lot of energy to cracking DRM systems. I'm not saying this is legal/moral, I'm just pointing out that it's inevitable that DRM systems will be attacked.
In the end, forcing copy protection schemes on users doesn't solve the problem and just ends up annoying the users. Examples of failed DRM are all around us: DVD's, Adobe's e-books, etc. Remember 'dongles'? They failed too. As Bruce Schneier says, encryption doesn't stop anyone, it only slows them down.
Alan Hodgkinson
---- It won't be as bad as you fear or as good as you hope, but it will take twice as long as you plan.
I wrote what I consider to be a fairly informative article on Palladium and the impact on the anti-virus industry here:
p alladium.xml
... uh ... PR-ish ;-)
http://www.virusbtn.com/magazine/archives/200209/
Summary:
- It's foolish to expect it'll stop viruses
- Microsoft will have the anti-virus industry by the short and curlies
- Microsoft PR is impressively
Score:-1, Funny
"I wonder how Microsoft will convince consumers that loss of control is a good thing, and how long the convincing will take. "
Not long. A glimpse from the future...
Microsoft Windows XP2 makes your favorite operating system even more user friendly.
Tired of viruses, spyware, and popup ads that aren't from Microsoft? So are we, so XP2 utilizes a brand new technology called Palladium. You can now be confident that only Microsoft tested, and approved programs can run on your computer.
Security is a good thing (TM)
Back to the present...
--Joey
I darn you to WinHEC, a Fate Worse than Death!
Stick Men
Yeah, I know, OT but English is not my mother tongue. I thought, Fritz was some reference to the Germans but this does not really make sense here, does it? What does "Fritz types" mean?
I run Windows 98 for weeks on end (Web surfing, compiling programs, testing compiled programs) with hardly a BSOD, and when I do get BSOD's they are mostly attributable to something I did to an application during development, which I can track down with a lot of gnashing of teeth.
If you are BSODing 3 times a day, it is some or another software you are running. Yeah, yeah, it is Windows' fault because there is very little defensive programming (validation of parameters of API calls) inside Windows, but it has to be some application that is doing it.
The goal of Palladium is to prevent users from running certain software on their system, and as we all know MS Operating Systems are great at preventing things from running.
Is Palladium suppose to carry over to things off the computer? Because I know many businesses that wouldn't run if they used Windows.
Outdoor digital photography, mostly in New Engl