Slashdot Mirror
Cryptographers Find Fault With Palladium
FrzrBrn writes "Whitfield Diffie and Ronald Rivest raised concerns about Microsoft's Next-Generation Secure Computing Base (formerly Palladium) at the RSA Conference in San Francisco on Monday. They are (naturally) concerned about vendor lock-in and having computers turned against their owners. See the story at EE Times."
the fault is....it was made by microsoft
...Cancer researchers found fault with Marlboro brand cigarettes. More details soon.
then someone finds fault with it later.
And now we're supposed to trust 'Trusted Computing'?
You think that I'm crazy, you should see this guy!
Diffie and Rivest have always held the idea that personal privay (and personal security) is a fundamental right. Their comments at this forum pretty much express that.
They're cautious for a good reason. Making every PC an Xbox with push content delivery just opens up an ugly vulnerability in your system. I can't wait for the distributed Palladium cracking project!
From accounts of Microsofts other presentations they are there primarily to advertise the future of their technology rather than to actually discuss the future of security with others.
They are (naturally) concerned about vendor lock-in and having computers turned against their owners.
This will give the whole "man over machine" persona to Palladium, thus making it unpopular.
w00t!
That was the best troll I've seen in a while. Thanks. (But the ancient "No Shadows In Space" thread from the days of yore was still better.)
--Jimmy has fancy plans; and pants to match.
Diffie and Rivest had better watch out! Microsoft could easily hit them with DMCA violation charges for questioning Palladium's encryption!
Yeah, I'll be getting a computer with Palladium WinHEC freezes over!
Anybody know who Microsoft is targeting with this?
The benefits of Palladium in any market that currently demands a great amount of security are obvious, but I'm more interested in the scope of Microsoft's intended consumers - is this something they want not only in the office, but at home? Or does this fall into a similar category as 64-bit processing... intended for very specific markets with no real benefit yet to the end user.
Also, does the open-source world have any sort of response to this? Is there merely pure opposition, or are groups developing more standard-friendly alternatives.
I don't know much about Palladium, but I'm anxious to find out more - please share ideas/opinions.
...why the hell hasn't anyone tried to sway public opinion on the matter yet?
I say they should hand over the job to Intuit.
News Flash: "Blue screen of death kills computer and user, details at 9" - Kent Brockman
The inventors of the RSA algorithm (Ron Rivest, Adi Shamir, and Len Adleman) were awarded the Turing Award on Monday. This was announced at the opening of the RSA conference. More information can be found in this article.
I'll buy a MAC first, before I buy any hardware or software which incorporates palladium.
And for me, that's saying a lot.
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
Does anyone think Microsoft would have it any other way?
but due to DMCA laws cannot tell anyone about it, and therefore the faults will never be fixed, because the schmuckos the programmed the damn thing are too damn stuborn, and full of themselves to admit to there being faults in their code, and refuse to fix anything without proof of the faults first.
we now return you to your catch-22 free life . . . no we don't
It's just a matter of how.
FWIW, Palladium appears to me to be a way to get vendor lock-in on all kinds of digital content - movies, songs, etc. With that lock-in, Billy's Boys could charge whatever they wanted for Win9000SUX.
In Microsoft's NGSCB approach, users would have to consciously evoke a secure operating mode that would be turned off by default.
Now as we all can imagine, it won't take long before various applications will not work unless Paladium's controls are in effect. Anything that accesses potentially copyrighted works are the most likely to begin with. Windows Media player, E-Books, and later Office products will be the first to require this.
Microsoft is already pushing to get their media formats to be the default. Websites are frequently given discounted access to Windows Media creation software. Colleges and other low-budget places are frequently targets. They have to agree to use only those formats, not quicktime or MPEG, in return. This forces users to get Windows Media player to watch this content. Later MS will require these sites start saving in the newer, Paladium-only, versions, and we'll have our transition to lockout today.
What can you do to prevent this? Stay with open formats. Ogg-Vorbis. MPEG. XML/OpenOffice.org.
It'll be very interesting to see if this subtle push backfires or succeeds. Ten years ago, there's no doubt Microsoft would have been able to back us into any corner they wanted. But the last few has shown some strong distrust - people no longer take MS's word as law.
Let's hope that trend continues.
Which means it will only work on approved hardware - guess who profits from approving the hardware and drivers? Why would I need a secure framebuffer exactly when I'm already in full control of the code executed on my machine?
Seriously though, read the following:
"The right way to look at this is you are putting a virtual set-top box inside your PC. You are essentially renting out part of your PC to people you may not trust..."
Aren't people who download Kazaa already doing that, since Brilliant Digital's spyware is installed with the program and can use the computer's CPU cycles and hard drive space without warning? It seems that unless there is a big enough hoopla made about Palladium, unsuspecting customers will have no idea of "Trusted Computing"'s true effects and limitations on usage. Just ask a non computer geek Kazaa user if they're concerned that Brilliant Digital has so much control over their computer, and if they give you a response other than a blank stare accompanied with a "wha?" I'll give you a Gummy bear (It's warm from being in my pocket).
Whitfield Diffie, who holds the position of Distinguished Engineer at Sun Microsystems Laboratories is best known for his 1975 discovery of the concept of public key cryptography, for which he was awarded a Doctorate in Technical Sciences (Honoris Causa) by the Swiss Federal Institute of Technology in 1992.
For a dozen years prior to assuming his present position in 1991, Diffie was Manager of Secure Systems Research for Northern Telecom, functioning as the center of expertise in advanced security technologies throughout the corporation. Among his achievements in this position was the design of the key management architecture for NT's PDSO security system for X.25 packet networks.
Diffie received a Bachelor of Science degree in mathematics from the Massachusetts Institute of Technology in 1965. Prior to becoming interested in cryptography, he worked on the development of the Mathlab symbolic manipulation system --- sponsored jointly at Mitre and the MIT Artificial Intelligence Laboratory --- and later on proof of correctness of computer programs at Stanford University.
Since 1993, Diffie has worked largely in public policy, in the area of cryptography. He has testified twice to the House and twice to the Senate. His position --- in opposition to limitations on the business and personal use of cryptography --- has been the subject of articles in the New York Times Magazine, Wired, Omini, and Discover. The subject has also been covered on the Discovery Channel, Equinox TV in Britain, and the Japanese TV network NHK.
Notariety has provoked a number of awards, including: IEEE Information Theory Society Best Paper Award for 1979, IEEE Donald E. Fink award for 1981, the 1994 Pioneer Award, given by The Electronic Frontiers Foundation for contribution to the quality of life in cyberspace, the 1996 National Computer Systems Security Award given jointly by NIST and NSA, the 1997 Louis E. Levy Medal from the Franklin Institute in Philadelphia, the First ACM Paris Kanellakis Award for contribution to theory and practice in computer science, the IEEE Information Society Golden Jubilee Award for invention of the Diffie-Hellman key exchange protocol.
To understand why this is not a good thing, imagine if a commercial company had the monopoly of passport and driving license production, and were able to prevent you from using the ID they issued to verify who you were except in "microsoft approved" shops and venues (or countries).
IDs and trust systems should be standards based, not proprietary. They should be secure, and openly peer-reviewed or audited. And the ID should be under the control of the person being identified (or at least issued by a "neutral" government body, as passports are now).
But I've just started thinking about this... so I might change my mind some more. Would that make me a bad slashdotter?
Paul "Say no to feeping creaturism"
From the title, you would think there is some technical flaw in palladium, but the article just goes on about some thing about not having control of your PC etc...
/. spreads propaganda through misleading comments.
Im not saying there isnt a technical flaw, just
I.O.U One Sig.
Palladium simply brings this 'innovation' (in the grand tradition of Microsoft 'innovation') to the U.S.
Great.
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
Wittfield Diffie is an engineer at Sun Microsystems, one of the only corporations that can be considered a Microsoft competitor. Ron Rivest is a professor as his day job, but gets quite a bit of cash from RSA, and Microsoft isn't using any of the code that RSA provides (BSAFE, etc) in Paladium, so that's a big chunk of change that won't be coming his way.
We here on slashdot may realize that Rivest and Diffie are actually quite excellent individuals in their field, but these kinds of conflicts of interest are frequently what will be pulled out to counter an argument, rather than working from the facts themselves.
In Microsoft's NGSCB approach, users would have to consciously evoke a secure operating mode that would be turned off by default. New instructions in the CPU as well as changes in the memory controller would help carve out a protected space in main memory to load a small, secure operating system kernel.
RAM required: 4 GB minimum (16 GB recommended)
Kernel Features: DVD player, Internet Explorer, Age of Empires 3 preview, Outlook, and Windows Movie Maker
The headline of this story is misleading. Some people disagree philosophically with Palladium's goals, not its technical merits. It just happens that these people are famous cryptographers. At the moment, the technical details seem sparse, so we'll just have to wait until they are released (if ever) to see if the goals that are mentioned are actually met.
According to MS, Palladium will provide a set of applications and features that will work independantly of the operating system. These features and applications would theoretically not allow a virus to install itself on the system, simply because it is running as an admin account, because it would not be a "trusted" application.
The major bone of contention is that who gets to decide who can develop "trusted" applications?
Well, Microsoft of course!
All your security are belong to us. ha ha ha ha ha.
If this article confuses you, don't worry. It was posted yesterday in a much clearer fashion.
Didn't Asimov write up a list of directives for robots, and wasn't one of them that robots should always be subservient to humans?
1. Is palladium optional for the SO? Could Linux or Winshit98 be installed on a Palladium box w/ no ill effects?
2. Is palladium optional for developers? Can "Joe Shareware" still release his software w/out paying an evil corporation for the right to sell it?
3. Is there any way whatsoever in which this would help Joe User or Joe Hacker(not to be confused with Joe Cracker)?
4. Will this be integrated on Sparc and PowerPC or just PCs? Is AMD accepting this BS or just Intel?
5. Who will be in charge of licensing keys for palladium software?
You can't judge a book by the way it wears its hair.
I can think of plenty of CONSUMERS that find fault with this...
if foreign governments are having misgivings about using Windows because it is closed source, they surely won't accept Palladium if MS has undue influence and control over the architecture.
smd4985
Optional as in you won't need it if you don't want to watch any new movies, listen to any new music, play any new games, or use any new software.
Just as a note, contrary to what most people's initial reaction is, the article does not talk about any cryptographic flaw in the system. Diffie is arguing the merits(or lack thereof) of a system that the user doesn't hold the key to; Palladium itself hasn't been proven insecure(yet).
It's not much of a change from now: you don't own your copies of windows nor do you own your XBOX
I hate to take this stance, but the above says it all. Just like the vast majority of /. that would rather post than write to their representatives, Palladium will simply be buzzworded and adopted by the masses. Regardless of how the technical community kicks and whines, the forces of market domination will likely persevere.
"Sic Semper Tyrannosaurus Rex."
Computers have been turned against thier owners for quite some time now.
Why do you think all the latest M$ software from Bill says 'My Computer' ?
It's Christmas everyday with BitTorrent.
Didn't know Microsoft sold shoes...
You missed Part Two: you can't get your hardware approved if you don't agree to keep the operational specs under lock & key. So, in order to sell display devices to the monopoly market, they have to be Microsoft-only display devices. Et cetera.
Lacking <sarcasm> tags,
We need this why again? I love how there's this crisis that requires microsoft to have access to my computer's execution. What's so wrong with the current model of computing that requires something to literally shake it to it's core? Why can I not be trusted with the keys to my own computer?
"No."
No, I'm not going to buy a Palladium computer. Vote with your wallets on this one, and it'll sink into the historical curiosities bin with Divx. Apple, hopefully, will have nothing to do with this, but if they get sucked in, then I can guess there's going to be one hell of a demand for pre-palladium computing devices. Joe consumer isn't as stupid as he/she appears, sometimes. I don't see any win here for me, and I see big wins for Wintel. Uh-uh.
"No."
Or does that make me a terrorist?
..don't panic
I'm glad to hear this!!
Let's trash it before it starts!
Palladium should be exploited six ways to Sunday and every exploit found should be spam mailed to everyone on planet earth! Just as should DeCSS code.
Let's cut this draconian 1984 crap off at the root.
Surely, no vendor is going to shut out this sector of old technology. So what's inevitable is that you will end up with a complicated system that's backwards compatible to a simpler one, thus obviating the need for it in the first place!
In a few years, Microsoft will tighten the thumbscrews by dropping support for its current flagship O.S's (XP,2K...) Perhaps then, Linux and Lindows will have its day of reign (if not sooner)
Is there any way whatsoever in which this would help Joe User or Joe Hacker(not to be confused with Joe Cracker)?
The excuse given for the CBDTPA, which may apply to Pd as well, is that more authors would be willing to publish works in a digital restrictions management system than in a system that grants all fair use rights by default.
Will I retire or break 10K?
I think whoever modded this flamebait is being more than a touch anal. Did MS get mod points again?
First, before I point it out, I must say that I merely re-iterate what someone else posted on another thread.
Exploiting a buffer overflow in the XBOX game save-up routine resulted in complete control of the machine, even while running trusted code. MS will have a hard time patching all of their bugs before proclaiming that palladium effectively is secure.
-Marton
Now I know a lot of you would say "I'm nobody's bitch!"..BUT, if things got ugly and the computers ended up turning the table and became our master overlords.
.. you know you'd sell out.. ;)
I wonder how many of you would crumble, swallow your pride, and be the first little network slut monkey in line.. {mouse coard just SWINGING}
Yea
In other news:
(hint: $ man 7 signal)
Escher was the first MC and Giger invented the HR department.
The fact is, there has never been enough damage to home computer systems to warrent any sort of cryptographic systems such as that which microsoft is describing. How many people could say that because of some random person on the net or in a chat room they lost all of thier data? The worst offenders in these regards are COMPANIES, spy-ware, ad-ware, crappy patchs that break the system, and yes, even DRM schemes are the cause of most of our headaches. So microsoft's proposed solution is to say that they as the worst offenders of crapping out our systems are the only ones who should hold the keys to fix it? Microsoft who gets into bed with the RIAA by extolling the virtues of how great the copy protection systems of windows is, they expect us to trust that they won't lock us out first chance they get? Microsoft who has thier windows media player try to "phone home" through OUR lines without paying us for it, sending our personal data...we should trust these people with their "trusted computing" ??? This is madness, if MS tries to impliment this, i'm going 100% linux because i'll have no choice, if pentium and amd refuse to offer a chip which is not palladium or a similar system compatible, then i will refuse to upgrade for as long as humanly possible, or i'll attempt to get a hold of another type of chip. I don't know if the rest of slashdot has cottoned on, and for those of you that post in the RIAA and in Microsoft's denfense, this is war you know, there are no guns, and there are no bullets, but they're attacking our minds, they are going to chain us up and throw away the key, we see example after example after example. I can't beleive how lightly this is going over, think 50 years down the road of us laying down and taking this...where will we be? are they going to start bar-coding us and deducting 50 dollars directly from our pay cheque because of our alleged piracy? You say "no, that's being stupid" well considering what they've done already, and what's in the works that we know about, can you really say that it is all that dumb? These are scary times, and we need to fully wake up and realize exactly what sorts of things are happeneing around us.
It is well worth a read giving an insightful historical perspective and with translations to a number of other languages available.
Trusted Computing FAQ | Free Dawit Isaak!
Optional as in you won't need it if you don't want to [use any new copyrighted works]
You assume that all authors would switch over to a digital restrictions management system. This may be true of the studios in the Motion Picture Association of America, but there remains a thriving community built around limited free sharing of copyrighted works, especially computer programs.
And if you claim that free software won't be allowed to boot on future computers, I don't find that substantiated. What I've read of the Palladium specification states that Palladium comes into play only when the system is booted with Palladium support turned on in the BIOS, and only for those processes that import palladium.dll. From Microsoft's marketing material: "A 'Palladium'-enhanced computer must continue to run any existing applications and device drivers." And the TCPA TPM FAQ (pdf) states that "The trust model the TCPA promotes for the PC is: the owner runs whatever OS or applications they want".
Will I retire or break 10K?
The main thing is that this can't be something spearheaded by Microsoft but needs to be an open standard everyone has input into. I felt like puking when I heard Microsoft wants to license this. It will shut out Linux.
Volunteer Mozilla developer, RPI Student.
Going to a DRM OS will change how personal computers work. People aren't always happy with change, and if forced to, they will review their options. That would be the perfect time for a Linux distro that does a painless install/conversion for Windows users, and installs a "best of breed" set of packages that are either compatable or equivilent to MS Office and friends. (If you really want 101+ different editors, make it an option.)
With the right package at the right time, the MS DRM "trusted" OS could be Microsoft's PS/2.
One line blog. I hear that they're called Twitters now.
"Whitfield Diffie, a distinguished engineer at Sun Microsystems Laboratories, said an integrated security scheme for computers is inevitable, but the Microsoft approach is flawed because it fails to give users control over their security keys."
What does he mean by this? I can see a couple of alternatives:
a) there should be no way of asserting anything about the integrity of the channel between the an applicaton and the hardware, or about the environment in which an application executes; or
b) the user should "have control" over what assertions are made about the software/hardware interactions.
If (a), I don't see how he reconciles his statement with the premise that integrated security is "inevitable". If (b), he doesn't understand Palladium -- by design, it's use is completely under the user's control. You can (essentially) either turn it off or simply ignore it's existence entirely. Is he asking for finer grained control? To what end?
I'm willing to admit that there might be some third option that doesn't make Diffie just look silly, but I'll be darned if I can figure it out. I'll happily send a crisp $1 bill to anyone who can give me a reasoned explination of what he is claiming to want, and for an additional $1, how this hypothetical system would work differently than Palladium does.
Oh, and spare me the "DRM is inherently evil" speaches. I'm interested in a technical discussion.
Yes, I'm one of those lost souls who would not switch to Linux. But quite frankly, I see absolutely no reason to upgrade to anything beyond Windows 98. At a time when people I know still use Win 3.1 and WordPerfect 5, I found that Win98se with Office 2000 and a few other applications I need for normal functioning simply have everything I need. I can't even imagine further iprovement in such applications beyond some minor interface changes. There are three consoles for games, so I don't even see a reason to upgrade my PC every two years. So why should I get excited about Palladium? Until they wire computers straight into our heads, I have everything I could wish for with my Pentium III - 750MHz. I may get a faster computer, wipe out the hard drive and install Win98 just before Palladium hits the shelves, but other than that, Microsoft hasn't given me a single good reason to upgrade.
From what I have been reading this stuff is just blatant garbage... The idea of locking out the user is a totally STUPID idea.. for one, it would kill the open source movement.. because behemoth companies such as microsoft would just lock out the competition (bye bye sun). the government would even back this lunacy because its the law. so even cracking it would be illegal under the fascist DMCA. so whats next? Well, for us to combat this as a whole.. the first thing that would have to happen is all of us slashdot geeks get together and decide to actually vote and protest against this stuff and boycott against companines which support "you rent our equipment" and if the riaa gets in front of us, maybe we will need to strike them down... like with a chilling boycott (im talking tv ads to go with it) we can and we will win.
Your pal,
Jusus H. Christ
but you sure got Best Post.
It's just another chip, if the OS doesn't use it. If you boot into an insecure OS, you will never notice the difference. Do you think they'd suddenly stop selling x86 hardware that can possibly run linux? good grief. No, Palladium hardware is useless without palladium software. read:OS. As in microsoft.
Now, you're paying for that chip, and non-palladium chipsets might be cheaper...
But the point is that palladium hardware won't affect linux. or bsd. or openXYZ.
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
it won't take long before various applications will not work unless Paladium's controls are in effect.
Not just applications. One of Palladium's features is a feature where web browsers can advertise which browser and which version of Palladium the user is using. This is optional, but becuase of cryptographic signing it is impossible to advertise yourself as "I am using MSIE and Microsoft Palladium" unless you actually are. This leads to the hypothetical situation where those not using MS' implementation of Palladium become essentially second-class netizens..
SCENE: SOMEWHERE IN THE WB, 2007.
[Web Geek] So here is the new "Buffy: The Next Generation webpage, it has some ads and a trailer and here is a section with pictures from the show
[Executive] Wait! You mean we're giving away video captures from the show? For free?
[Web Geek] Well yes, it is to promote interest, they could just see that on tv anyway
[Executive] Well, yes, but those are digital media, right? If people downloaded those they could do anything with them, put them on webpages or trade them on p2p networks! I remember with the last show there were pictures of sarah michelle gellar all over the internet
[Web Geek] Well it's all in flash so they can't copy out the images, but i suppose they could take a screenshot or something
[Executive] Can't you stop them from doing that?
[Web Geek] Well, i can, but only if they are using the Microsoft implementation of the Palladium system
[Executive] OK. Good then. Make it so they can't use screenshots and don't let them view the page unless they're using Palladium.
[Web Geek] But that will mean anyone using MacOS or an older version of windows will be unable to view the site
[Executive] Well, what percentage of our users is that?
[Web Geek] Uh, about 40%
[Executive] That's acceptable. Require MS Palladium to view the site.
Whitfield Diffie lol... mt. dew out the nose, roflmao, slapping knee, etc. etc.
Ahh those brits... gotta love 'em. Only problem is, they muck up my gaydar big time. I can never tell if they are either very very gay or just very very british. lol.
Look at who wrote the paper and where they get their money. Sun? RSA?
C'mon, this Microsoft bashing has gotten so out of hand that Slashdot is losing what little credibility it had as a community of tech-minded people.
Hmmm, so this wasn't about the strength of the algorithm itself, it was about the political ramifications? Lame.
in SOVIET RUSSIA trusted computing TRUSTS YOU!
I, know this is getting old.
There are two rules for success:
1. Never tell everything you know.
If they are unwilling to upgrade, what makes M$ think they're going to spend more money for a PC that restricts them from doing what they want?
"Our solution is to do nothing. We prefer to just complain about anything that MS will do."
Manipulate the moderator system! Mod someone as "overrated" today.
How will Palladium stop me running Linux ?
If it can then it will flop.
Mind you, its bound to be cracked before they release it giving us all a reason to laugh alot.
"We should be watching this to make sure there are the proper levels of support we really do want," said Rivest. And they forgot to mention the unwanted Help Support Account in XP.
Money issues aside--- Is it possible for the public to form an internet of our own? I know companies have their own intranets that can span areas larger than the building or state they are in---are these simply virtual networks implemented across the internet or do they own and operate (indirectly or directly) the fiber? This (super-) DMCA, Palladium, stuff is getting out of hand, and it seems like it's going to be very hard to reverse. The people making the rules usually don't know anything other than what their contributors tell them and the non-commericial enthusiast community can come off as unprofessional and therefore may seem like a less than optimal source.
Basically...what defines a telecommunication? is it over large public networks, or do two soupcans and some string constitute telecommunications.
I'm going to make an island in international waters and commute to work.
piss poor whoring. adds absolutly nothing to the conversation.
here's what i'm gonna do, pink boy. saved your page. next time i get mods and they're about to expire, i'm using 'em to mod your stuff as 'overrated' so they don't show up on metamods.
kind viewers, i encourage you to do the same. before your points expire, use them to fight the fuckwads. mod their stuff as 'overrated' which will never get meta moderated.
Ten years ago, there was virtually no Windows application base and Apple was still a strong competitor.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
In spite of the imagined throngs of doe-eyed deer-in-the-headlights otherwise thoughtless "consumers" out there, it's going to come to pass that Microsoft and their greed will overextend itself. The lock-out we-control-your-security methodology will only work until even the more moronic people have been bitten by it. Perhaps too late for their immediate circumstances, even the most ignorant and go-with-the-flow types will realize they have to leave this Microsoft environment. I believe what we are seeing is two things (a) desperate paranoia-fueled greed and (b) the beginning of the end for anyone so foolish to be so exclusive to the world's computing community. Here on this forum, I keep hearing people talking in little boxes about Intel, Microsoft, AMD, Linux, PCs and all of this shit in this little world we have encased ourselves into. I used to be one of those people. While now I'm working much of my time in Linux (although Windows world stuff still pays some of the bills and mainframes pay the rest) I have gone to a point from being immersed in the Microsoft environments to now being largely outside of them. People? Notice that we are the majority. And we can choose whether or not to be consumer cattle thoughtlessly following the loudest noise. We can choose our own directions. But mental and philosophical freedom is hard work. Not going with the large groups of clueless cattle to slaughter means a lot of effort. If this philosophy of "security" is a bad thing, and I sincerely believe "Palladium" is a very bad thing, don't follow it. Just. Don't. It will have some nice bells and whistles, but recognize a gilded cage and a machine under perpetual remote control and remote authorization for what it is. Don't sit there whining about how Windows 98 or Linux is your favorite OS of choice--please get your egos out of this and start working on some of the deeper principles of your liberty and facility with your own data on your own computers. If it means developing GPL-equivalent hardware, open design microprocessors, and a true open and truly standard machine architecture, done somewhere in the world, then accept this as the direction. Locking people out means locking yourself from them. We have a greedy minority of producers locking out and constricting a vast majority of consumers. Linux demonstrates that we as people can produce, but most of us are in the software or user spheres. People? If they are so intent on locking us out with these obviously evil "security" schemes--let them! But don't let yourself ever be locked in. Linux and OSS is one way to freedom (like Richard Stallman's idea of Freedom as liberty--not lack of cost or price). But perhaps leaving Microsoft, Intel, "Wintel", and going to newer, more open and honest architectures is the way to go. Wintel is rotting and dying. Linux and it's philosophies of openness will succeed because they allow people freedom and the proliferation of new and open idea. Wintel is like the dinosaurs in a sense of being widespread and formidable in the small computer market. This chapter of overreaching greed is the first few pebbles of the beginning of a meteoric shift. Look for freedom and reject this and all attempts to hijack and tyrannize computing.
...
It's a miracle! I'm cured!!
I can read again! And I can write! And... oh God, I'm reading slashdot! FUCK MEEEEEEEE!!!!!!!!
OK. So explain to me how a tiny OS that boots *after* the host OS has booted prevents the host OS from booting!! Do you folks have a clue? Take a hint, get a clue stick, apply repeatedly.
7 April 2003 An updated public release of SELinux was made today. Some highlights of this release are listed below: * Added ARM port of SELinux. * Added Mainline 2.5-based SELinux. * Updated the base 2.5 kernel version to 2.5.66. Note that 2.5.66 mainline includes the remaining non-networking hooks required for SELinux. * The base 2.4 kernel version remains at 2.4.20, but the 2.4 LSM patch and SELinux module have changed since the last release. * Added a separate CONFIG_SECURITY_NETWORK option for the socket and networking hooks. * Separated core policy and started audit/reduction. * Improved setfiles logic. * Fixed bug in SELinux swapoff hook. * Fixed bug in SELinux ptrace checks. * Merged contributed usermod/group patch. * Merged updated versions of contributed policy tools. * Merged contributed policy patches.
More than happy to. Just tell me your UID.
Microsoft is infact targeting the home users as well, but through content/service providers. Basicaly they are trying to provide a securied (for the provider mind you, not the end user) platform/enviornment where a provider of say, music files, or films for example can be sure that only software aproved by them will be running and able to use (play back) the data they provide.
For example company big$co wants to sell data file D to john doe. big$co gives a copy of D encrypted with the secret key on john doe's Palladium enabled comp to john. (notice i dont say John Doe's key as this is not the case. thats exactly what Rivest and Diffie are, rightly IMHO, complaining about.) The secret key in the box can only be accessed through the trusted OS (nexus) which in turn makes sure that only trusted software (i.e. some app provided (and sold) by big$co). Since the pladium part of the system will only boot if the nexus is trusted (i.e. hasnt been tampered with, and thus hashes to a predefined and stored value) and the nexus checks that only trusted software talks to it, the enviornment is controled by big$co and Redmond.
The reason i say this is how they are targeting the end user is because they are trying to create an environment which is favorable to content providers such as big$co. Thus there should then be more such companies, more offers, and more content. This in turn should provide some kind of killer ap (should as far as Microsoft is concerned ofcourse). And thus the end user now HAS to get a palladium comp, if they want all the content.
one problem with this setup which is partly what rivest and deffie were argueing, is that if john doesnt own his key, what if say he buys a new computer or his old one just plain breaks for example. all his payed for content becomes worthless. this is ofcourse mearly one example of what is so grossly wrong with all of this, never mind the moral issues that u dont own ur computer anymore.
Microsoft rarely does true innovation. Most of their innovation is rehashed ideas from other companies/people with an MS spin on it. That aside, I don't see Palladium stopping virii and worms. How would a Paladium-enabled Outlook run unsafe macros, you ask? Well, how would Outlook determine the "safety" of a macro? Signed by MS? Ok, so then how would a user create his own legit macro for ? Would Outlook automatically "sign" the macro you create. Then I am sure someone will be able to take advantage of that in some way.
There is ALWAYS a way. Proven over and over by the crackers out there.
Some guys with no credibility to lose, think they know better than the experienced and widely-known software professionals and security experts that created the world's most popular OS? Microsoft are the experts who came up with the idea of the world's most popular web browser, MSIE, which is so powerful that it can run a program on a web page, and is capable of secure internet connections to web sites! They make a very popular email client, and very, very powerful spreadsheet and word processor apps. They make a web server of which nearly thirty percent were completely protected from a rampaging worm a couple years ago -- think about how many thousands of computers withstood that malicious attack, and what might have happened to them if Microsoft hadn't been there with their valuable security patches.
That two nearly-anonymous net.dweebs nobody has ever heard of, would arrogantly say they know more than Gates, Balmer, and their crack team, is just preposterous.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
"In Microsoft's NGSCB approach, users would have to consciously evoke a secure operating mode that would be turned off by default. New instructions in the CPU as well as changes in the memory controller would help carve out a protected space in main memory to load a small, secure operating system kernel. "
Correct me if I'm wrong, but hasn't *nix been doing this for oh say 30 years?
Do a little research (here's one for you: TCPA FAQ and then let us know if you still think that it's just MS bashing.
The number of bits in the key is not the issue. In fact, most secure protocols like SSL use a decent size so that brute forcing is not worthwhile.
The point actually is that any theoretical construct like a cryptographic scheme or a TCP protocol needs practical implementation in code. And this is where the bugs creep in. And with things like Microsoft, those bugs are as common as snow in Greenland. And so all these hackers/crackers out there working their fingers on their keyboards and peering into bright screens into the fading night can 'hack' Palladium.
Microsoft has taken on itself to make errors wherever possible and remain as human as any one of us. Trust them to repeat their humanity and come up with enough holes in their Palladium implementation to let most hacks through.
This sig is empty.
Ummm, exactly WHY do you think the NSA seems to have suddenly stopped contributing code to the NSA security enhanced linux project?
;)
I suppose the NSA stopping all development on SE Linux is the reason that they just posted updates one week ago to SE Linux, as well as in January 2003, December 2002, and October 2002, all of which took place after this article reported them dropping the project (August 2002).
Not to flame, but just check your sources first next time
**AA: a bunch of mindless jerks who'll be the first against the wall when the revolution comes
Ten years ago was 1993, not 1988.
Mr normal User rocks up to the local PC shop. "Hi i'am looking at replacing my old P3 running WinME, what you go and how much."
;-)
"Well Sir here we have the latest ofering from Dell, P5 3 GHz, 1 GB Ram 120 GB HDD, and running the lastest Windows OS with 'Trusted computing' and all for $1500"
"Will it run my existing copy of Paintshop and MYOB?"
"Er yes, but you wont be able to run the MS Works supplied with it, if you want to run those older programs."
"Why?"
"Well because the 'Palladium' infrastructure will need to be turned on to run Works, and with it on the older versions of the software you have won't work. But you can upgrade those Apps?"
"How much?"
"Photoshop V XX is about $1050 and MYOB will cost about $2400"
"So the upgraded hardware will cost $1500 but I will also have to send another $3450, to get it to do what I can already do on my old PC?"
"I'm sorry sir, but yes"
"I haven't got that sort of Money. Sorry sir, you've just lost another sale...."
Will the marketing Dept. see this sort of exchange when they're pushing the lastest pup from MS? I can see it.
Oh well. Thanks christ for Apple. Wait a sec, oh F*^K.
RSC
Just wait 'till Mom hits the "revolt" switch. Then you'll know the terrible power of the monopoly!
All it takes is *ONE* useful program that requires Palladium for every user to switch it on permantly.
However, even if Palladium is switched on in the BIOS, it will not affect operating systems that do not use it, and it will not affect Windows applications that do not import palladium.dll. I was replying to an AC who seemed to imply that all new programs and all new non-program works would require Palladium.
Will I retire or break 10K?
You'll still be able to install linux on your PC. You just need to by a copy of that 007 game, modify your saved game file, flash your eprom, and you're go!
# (/.);;
- : float -> float -> float =
When you read that the user doesn't hold or control or own the keys to his computer, you naturally assume that someone else does. This is not true. No one owns the keys.
The keys are generated internally in the secure hardware. They are public and private keys, and the private keys never leave the chip. Neither Microsoft nor the user nor the chip manufacturer can get at those keys.
These keys are used by the secure hardware to lock data and to report a hash of an executing "secure" program. Because no one else has the key, neither the user nor Microsoft, no one can forge such a message (modulo the issue of breaking the hardware security).
This is how Trusted Computing has to work. If anyone could get access to the secure keys, then they could misuse them and make false statements with them, and there would be no trust and no security. Only by embedding the keys in a well-defined piece of hardware, with predictable and known behavior, can the keys serve to transfer trust to other software.
So when we see these complaints about the users not controlling their own keys, keep in mind that the point is not to put control in someone else's hands; it is to make it possible for the hardware to make trustworthy and believable cryptographic statements. The keys can't be owned or controlled by anyone, for this to work.
I find it very ironic that when people wake up that most are likely going to switch to the company where there really are no other options but run Mac OS X (Ask mom about Yellowdog). Lehnucs? huh?
Funny thing is that while Microsoft is now trying to make x86 their territory, Apple has shown recently that you are basically free to do whatever you want on your Macintosh as long as you have purchaced one.
It's a good Linux strategy for Microsoft though i am afraid.
Can't compete with free? Own the platform. Look what happened to BeOS on PPC. I am betting that Microsoft has learned from this. It will happen.
I guess i'll start saving some money and buy a lot of non-palladium parts soon. The opterons and the itanium are palladium certified aren't they?
From TCPA / Palladium / NGCSB / TCG Frequently Asked Questions:
This means that this whole Palladium/TCPA monstrosity requires support from both hardware and software. It is entirely up to the end-user whether or not he wants this. However, senator Fritz Hollings of South Carolina is working on getting a law that will make TCPA mandatory, see here. Until such time that this bill becomes the law:
1. Don't buy the hardware. Unless there is a compelling reason to do so. Well if you are working for the military then go knock yourself out.
2. Don't buy^H^H^H lease/rent/license/WTF the software. There is no compelling reason to do so.
It will only be compelling to use Palladium/TCPA software and hardware only if it becomes illegal not to use it.
Secure computing is not the aim of Palladium/TCPA. Its aim is to provide a way for software peddlers like Microsoft and content pushers like Disney to monitor what you run on your computer and assert control over your computer. In the long run, it will provide them a way to assert control over you.
Secure computing can be achieved through a combination of secure computing practices, secure operating systems running secure applications, and plain-old common sense.
If Intel, Microsoft and their cohorts push through with this stupidity it could spell the end for them. Just think, why in the hell would I want to run this sort of crap? Unless it's mandated by law, there's no reason for me to do so. With the recent slew of news about stupid laws being implemented in the U.S. it's a real possibility.
0xB00F, stands in front of Bill Gates, raises hand, extends middle finger.
Palladium whatever does not mean that the concept of using "software" on only one platform and you have to pay for on another platform is an open and shut case.
The CD's that I have I can play in my stereo, in my car, wherever. With media that is locked to one machine, I CANNOT use said media as I am used to.
Technlology like Palladium should be used EXCLUSIVELY to trusted computing (you know me and i know you..) I am master of my identity, media I buy should work on all my machines. Preventing this is an infringement of my rights and a denial of me as being my own master.
To put it in an scenario; I download (payed for) music, I burn a CD and I will be able to use it in my computer(s), stereo and car.
I am not my computer and my computer is not a customer.
Thanks,
Gerard
How come i don't have this now allready, more then two years ago virus-researchers claimed virusses would soon (within 3 yrs.) be able to evade scanning techniques.
...
Would this mean fewer 'blue screens', fewer crashes, fewer halts, fewer bugfixes, fewer patches, fewer servicepacks, fewer windows updates ? Or
God NO, this would mean MORE of them !
Also, does this mean i'll have to do some extensive upgrading on my computer again ? It's quite hard to believe such an all-round solution would not ever put some extra load on my computer system.
Now i come to think of it, will i need Palladium Certified Hardware ? Will older hardware apply as well ?
Or do i just stick to good configuration and good software ? Or revert to encrypted letters by post ?
free dom(inion) - free energy - free your mind - whee!
About time they realized their place in the world.
In Soviet Russia, our new overlords are belong to all your base.
...better win this one! Because loosing it will really encourage big brother.
Where can one join the guerilla troups?
In US-America Micro$oft owns YOU!
Uhm
We do not live in the 21st century. We live in the 20 second century.
Trusted Computing, says that
Microsoft, Intel, creative labs etc... all trust each other not to leave an unlocked path.
It's just a cartell.
thank God the internet isn't a human right.
I still get glazed eyes when I talk to mundanes about Linux and other Open Source software. They can't understand why I can't go to their favorite Site Enhanced for Internet Explorer and see jumping Saddams frolicking about. They just know that their stuff works fine, in between software crashes.
So it'll be an invisible battle that will require education of the mundanes before it gets the attention of the well-fed-on-corporate-money American legislators. The mundanes will be in their comfy chair, hands on remotes, watching whatever Mariah Carey clone shake whatever body part is popular that decade. They're not going to want to get up in arms over something they can't see, and that may get in trouble with their kids if the security system gets turned off.
Besides, by then it'll be illegal. Better stock up on unfettered mobos today!
DT
Is this thing on? Hello?
Its been what, almost 10 years, and they still havent gotten windows right? How are they going to pull this off any time soon? Please notify me when microsoft releases something that works the way it is supposed to, all the time :)
Where I post game reviews, my PSP backgrounds, podca
Year ago I would've agreed it's funny, but please think again. The DMCA has become the weapon to attack exactly this kind of things, and if you find Palladium design or implementation is flawed, what's stopping DMCA to be used to silence the talk about it? DMCA applies for this perfectly, it's what it was designed for.
Seriously.
They should start shipping TCPA hardware where the user controls the keys. Put that hardware in every box sold. Document the hardware thoroughly, even make Linux the first OS to support it with OSS drivers.
That way, there would be no legitimate reason to implement palladium, since users already have all the "trusted" stuff they might need, without submitting to bitchdom for microsoft.
Save your wrists today - switch to Dvorak
How long will it be before you can record digital video of a DVI connector? So they'll need a new display connector, too, and secure displays that authenticate with the graphics card. Can't really see that coming, though...
Heyyyy, that's great.
But what about this? . Really, don't be patting yourself on the back too much, or you will fall into the same pit that we have in the U.S. Some dumbass law will get passed wherever you live because your politicians are just as greedy as our politicians. They'll pass it under your nose, or through some back door, or right in front of your face. Then you will be just as screwed as we are.
People from other countries like to think that they are above laws like this. I hope you are right, because it will give me more options when I finally decide I have to leave this country. :-) Just make sure that while you are laughing at our stupid laws, the same ones don't get passed where you live.
Don't get me wrong, I was born here, but my eyes are open. Is the DMCA as bad as some of the human rights violations that occur around the world? No, of course not. But corporations run America, and there is little chance of that changing. I don't know how much longer I can take it.
My beliefs do not require that you agree with them.
YES! MUCH MORE SECURE!
No, it is SLIGHTLY more secure. It is a silly point anyway, since Windows security vs. Linux security is a battle for last place.
STOP. Can you audit the windoze code and then show me how the code backs up your claim that windows is as secure as Linux? Think again.
No, non-MS employees cannot. But I seriously doubt that YOU have, or ever will have, the skills to audit Linux code and then show anyone how the code backs up your claim that Linux is as secure as Windows.
They get coaxed into doing *research* (oh lord!) and then you are called less and when you are, you have less to do.
Yeah, good luck with that.
It doesn't produce Cold Fusion when used as an electrode in heavy water as advertised.
Eat at Joe's.
Its a L-o-n-g read through the document at ...
.NET, with MS in control of your Data or .....
MS or
Well, in five years time YOU will either be using x86, LOCKED into MS and
You MAY have made the shift to PPC with the OS ( or OSs ) of your personal choise.
It is really up to YOU; being a drone or a free person!
.
(David Bowman, EVA near HUGE Monolithic Win-PC in orbit around Jupiter) "My God - its full of Malware!"
In Microsoft's NGSCB approach, users would have to consciously evoke a secure operating mode that would be turned off by default. New instructions in the CPU as well as changes in the memory controller would help carve out a protected space in main memory to load a small, secure operating system kernel.
MS secure computing involves installing BSD on millions of windows machines?
This comment is fully compliant with RFC 527.
Within China, they mey very well. However, outside of China, they don't much care who reads what.
Joe Shareware, Joe User, Joe Hacker, Joe Cracker?? What about Joe Developer, Joe Microsoft Shill, Joe Cryptographer, Joe Mama?
A friend of mine recently switched to Linux and was confused at why a normal user couldn't open /etc/passwd with kedit. After I explained UNIX security to him, he understood the advantages.
NT's security is still balanced upon "the user is root" as a philosiphy, more so with 5.1 than ever before. This is a primary reason for why windows sucks.
The end result is that if I want to port VIM to Palladium Windows, I have to get it keysigned because it messes with files. Unsigned files have less freedom than an unsigned Java Applet, right? If so then screw palladium, I'll never buy a PC again!
(I should probably wait until after they release the chip to blurt this out, but Sun offers a PCI card that contians a PC processor and doodads. The Sun box uses that card to run PC software in realtime. Something similar could be made and then used as a "key generator" by bochs to fake what it hasn't reverse engineered.)
You can't judge a book by the way it wears its hair.
there was a thread yesterday wherein many farkers were talking about how this action by MS was frustrating, and that they wanted to switch.
here.
just a not-so geeky viewpoint there.
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
what about when i boot my non-ms OS, and run my non-MS programs? i have no need for TCPA or palladium. I can shut it off, and ignore it.
You might not have understood all of what i said. Palladium holds nothing for those that don't use it. If it's off, it's off. At least thats what everyone is saying right now. No doubt, if they could get away with it, MS would use it to "break" linux. But I don't think they could...so they won't. We are a little wiser now, perhaps. Maybe. But I do think it will be broken. I think it will be cracked. But that's another story.
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
Emphasis added.
Well, I DO own my computer as of right now though. Even if it came with Windows installed I can blow it right the fuck off of there and reuse every piece of my computer as a whole or as spare parts for other computers without needing Windows. Right now, my Windows partition can't take control over my computer and freeze me out or lock it down if I did something "questionable". Sure, it can BSOD any time it likes if I do something unstable *laugh* while digging into memory areas, programs, etc. but it can't decide I'm not trustworthy and that the huge lump of metal and plastic I've paid upwards of $2,000 for is no longer under my control. Under Palladium it could and that is, please let me be quite frank about it, BULLSHIT. I own that hardware, not Microsoft. I worked my ass off for the money to pay for that hardware, not Microsoft. Therefore, if anyone is going to lock up that hardware it damn well better be me. Err, you get what I'm saying :-p.
I'll use 10 year old computers before I'd ever use a Palladium "enhanced" PC. I'll give up my time and whatever else was required to help lead a digital revolution against this utter nonsense. Sure, it souds crazy but a digital revolution might be what it takes for the USA to wake up to the fact the individuals have the rights and should always have - the corporations should not. It really is past time we "digerati" woke up, started talking to our families, friends, and people we meet on the street in very no-nonsense language and in non-technical terms and explain what is going on in this and other countries and how it affects them with regards to technology and all that touches.
Whew. Sorry for the mini-rant but it really is time we, as a group, did stand up for our rights, those of our loved ones, and yes, even the rights of people we don't give a rat's ass about.
Dream as if you'll live forever.
Live as if you'll die tomorrow.
~Anonymous~
a HIPAA compliant palladium architecture....
But we will probably see a Palladium compliant HIPAA first!...
After all lots of places (Johns Hopkins?) have to be HIPAA compliant, yet still use W2K
(not compliant if you don't have the lastest patches, not compliant because of the EULA of the latest patches...)
So, you're saying that MS will buy out Intel, AMD, National Geode, WinChip (IDT, maybe?), Cyrix (are they even still around? Their CPUs are crap), and put Linux detection systems in the processor? Linux developers will have hacked it by then.
I'm NOT saying that a "buy out" is necessary.
I'm only saying that essentially the design of the majority of x86 CPUs is in the hands of MS, as is the design of the required motherboards.
"What if you were to hack your CPU, and it informed on you?"
.
(David Bowman, EVA near HUGE Monolithic Win-PC in orbit around Jupiter) "My God - its full of Malware!"
"Their stated goal is `a new computing platform FOR THE NEXT CENTURY that will provide for improved trust in the PC platform."
Oh, good. We don't have to worry about this until the Year 2101, then.
Easy solution - no internet connection! Although, that would SUCK.
I am also not buying anything with Palladium in it.
:)
(BTW if you're reading this, Saeko, I followed this post from your "RIAA msg's Kazaa users" article post
--- Grow a pair, liberals... stop letting the Republicans bully you!