Slashdot Mirror
Using Palladium to Secure P2P Networks
user555 writes "The RIAA and MPAA have seen Palladium as a way to prevent piracy. But this article argues that ironically Palladium may actually make P2P piracy more widespread (PDF). They argue that the security features of Palladium could be used to create P2P networks that are more resistant to attacks from content owners."
That's awesome man, just awesome!
Looks to me like a cleverly planted story to attempt to stem the tide of ill-will toward the "Next Generation Secure Computing Base," a.k.a. "the lockdown technology formerly known as Palladium."
It's a long read, but i think the conclusion sums it up nicely To thwart piracy the entertainment industry must keep distribution costs high, reduce the size of distribution networks, and (if possible) raise the cost of extracting content. However, if 'trusted computing' mechanisms deliver on their promises, large peer-to-peer distribution networks will be more robust against attack and trading in pirated entertainment will become safer, more reliable, and thus cheaper. Since it will always be possible for some individuals to extract content from the media on which it is stored, future entertainment may be more vulnerable to piracy than before the introduction of 'trusted computing' technologies.
"I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
..and get sued under the DMCA.
Perfect!
Palladium score:
Good: 1
Evil:50
Microsoft might just hobble Windows ulnder palladium, so that it can't do certain things without RIAA/MPAA aproval.
This would be another win for Linux.
OS Software is like love: The best way to make it grow is to give it away.
"Palladium may actually make... piracy more widespread."
Yeah, piracy of Windows XP when no one wants to buy Windows Palladium Edition. It astounds me that the population in general is so ignorant and apathetic toward the loss of their rights.
barzelay.net
24/06/2002 - The Register... Starting with a Newsweek exclusive which wonderfully quotes His Billness as saying: "It's a funny thing, we came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." Which is cute, because it suggests that Microsoft's original plans to produce a secure PC that will protect the music companies' stuff from us have been spiked in favour of something much more positive and progressive.
That, and the authors give away their toadyism to the "content industries" by referring to P2P networks as "peer to peer pirate networks," as if they have no possible legitimate use save to board ships on the high seas, murder the crew, and plunder the vessels.
Another proud carrier of the $rtbl flag
Use Palladium for secure P2P? This is probably the only time you'll hear Microsoft say "That's not a feature, that's a BUG!"
[You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
the implementation of the evil bit! MUHAHAHAHA
The day it breaths air, I go underground... Who's with me?!
transmission_err
1. MS holds all the keys to Palladium. I'm sure its got backdoors (either because they write insecure code or they intentionally want a back door).
2. The APIs for this will probably be under lock and key. The next Jon Johansen wont have access to the API calls to interface with palladium.
3. Why use palladium when you can use waste or something similar.
The Doormat
If you're not outraged, then you're not paying attention.
Next Generation Secure Computing Base (NGSCB)
What a horrible thing NGSCB is. A computer where the employer can be assured that employees don't install unauthorized software or where a parent can be assured that their daugher is not chatting with predators on the Internet. Who would want that?
It astounds me that the general /. population is so ignorant and paranoid about technology that is not even available yet.
I guess I should know better by now.
First of all, it suggests that P2P networks are by nature about piracy. I am a huge fan of BitTorrent and have used it for nothing other than downloading cool movie trailers. While piracy has always been common online, you can't blame the cables for the content.
The second issue I take with this submission is the phrase "more resistant to attacks from content owners." I assume you're talking about the RIAA because security from artists who want to be paid for their work is not something most people ever want. Sure, cut the thieves in the RIAA out of the equation but few people will ever begrudge the artists their $1 or $2 per album. It's the oligarchy that is the RIAA that people are mad at.
Maybe because, for the average user, things propably wont change much? MS will make sure of that, because, if they don't, people will either not upgrade or change OS.
It could kick ass for servers. I could sign all the binaries my system runs using a secondary (unnetworked) system and then so long as i control all the keys then it becomes very difficult for someone to install backdoors, rootkits, and viruses.
I'm quite psyched about the control it provides. Sadly most of the public are probably too ignorant to even want that control.
In order for software to be 'trusted', Microsoft has to sign it (that's what Palladium is all about. Microsoft has a monopoly over what is or is not trusted). Microsoft is not going to sign software unless it serves Microsoft's agenda. If p2p software hampers Microsoft's plans to monopolize the online media distribution channel, they will either demand the software be crippled before they sign it, or simply refuse to sign it at all.
As the article in many more words states, It is not simple for DRM enabled sytems like Palladium to differentiate between whats actually illegal or not.
They require that the software that will interact with the DRM features actually be 'trusted'. Unless they want all software written for Palladium to be 'MPAA/RIAA' approved, anyone can write 'untrustful' code. Only one link in the chain has to be broken for it to fail completely.
So, write 'trusted' p2p file sharing.
I am afraid that someone like MS will require you to pay in the future to have the right to write 'trusted' code, or any code won't run at all.
Teamwork is a bunch of people doing what I tell them.
Repeat after me:
"Microsoft is not to be trusted."
Schechter, Greenstadt and Smith write that "to thward piracy the entertainment industry must keep distribution costs high, reduce the size of distribution networks and raise the cost of extracting content". While that may be a true statement, it is as useful as Saddam Hussein's military advisors recommending that Iraqui aviation enginners be sent to major American defense contractors to increase fuel consumption of US bombers and reduce the accuracy of their communication systems.
Since the entertainment industry does not own fiber, switches, PCs, or consumer CD burners they must take Schechter's advice and invert it to suit the networks that they do own.
I'll restate their conclusion as follows:
To thward piracy the entertainment industry must keep distribution costs low> , reducing the total cost for consumers to acquire legitimate content. When it takes less total effort (purchase price + effort) to acquire legitimate media the users will abandon piracy. This approach has been clearly demonstrated with Apple's iTunes product.
Why did this have to be published so early, now M$FT will neuter it. You know they will place either backdoors or restrict these features.
This stuff should have come out after Palladium was out there en masse.
First the RIAA IM bombs much of Kazaa, and now they support "trusted" P2P?
1 _m ult_336x280_18k.gif
Why that's like reading [this] Slashdot [article], and finding this ad
http://m2.doubleclick.net/viewad/790463/mrs0300
If a man's character is to be abused there's nobody like a relative to do the business. -Thackeray, William
Like I've argued before, no technology can be considered entirely good or entirely evil. Only the way it is used can be.
There's a technology out there that, in the US alone, costs people trillions of dollars a year from damage to property, and kills hundreds of thousands of people yearly - against, just in the US. Should such a technology be banned?
If so, then let's head back to the Stone Age, because you just outlawed fire! Sure, it can be used to kill people, but it can also be used for numerous good deeds.
So it is with even Palladium. Will it be used for evil deeds? Almost certainly. Does that make it evil in and of itself? Of course not.
I mod down anyone who uses M$ in their posts. I like to live on the edge.
In a previous article (with quotes from ron rivest?), it was pointed out that the question is whether or not people will be able to control the signed code that runs on their machines.
If you need an official MS signature on the code, things like p2p networks probably aren't going to fly.
Unfortunately, the knee-jerk "MS is the devil" reaction hurts everyone. Technology that allows other people to trust information coming out of your machine is useful. This paper describes a good example of an application for that technology.
The problem is going to be in the details -- specifically, as rivest (I think) pointed out, whether or not you need an MS signature to load the code on your machine.
Instead of saying "palladium is evil", we should be pushing for comparatively open implementations. Any system that runs trusted code on my machine ought to be under my control and transparent. I ought to be able to decide what I want to run, and how that code will communicate with the rest of the world.
Unfortunately, that's not going to happen, because everyone is taking a simplistic view of the issue. No one is engaging MS seriously on this, and because of that they're going to deploy a system that's not under user control, and that's not transparent.
The DMCA doesn't necessarily keep investigators from circumventing encryption when monitoring alleged pirate networks. Law enforcement can get a judge's approval to violate 17 USC 1201, in a document called a "warrant":
Will I retire or break 10K?
You can already do this with Windows XP and Windows Server 2003. There is a security policy that allows you to prevent the system from running any binaries that you didn't sign.
The downside is that you also need to individually sign the patches too, and that can be time consuming.
All they need is an offer they can't refuse and Microsoft will get in bed with the RIAA/MPAA and allow them to have priveleged access to Pallidium secured items.
e d()
If you were able to peruse the source code for Longhorn, you'd see function calls like:
__riaa_checkvalid_song()
__mpaa_is_movie_pirat
__xxaa_set_torture_flag()
and so on.
One thing academia can't account for is good old politics and strange bed-fellows.
I agree with this post.
I welcome our future overlords.
God bless Bill Gates.
I hope not. It is well known that the fundamental problem with P2P systems is the inability to trust the client. What does palladium offer? - an ability to trust the client. duh
Surely even Microsoft could have put the 2 together - this would not be news to them, or anyone else really (except journos).
I.O.U One Sig.
"Microsoft is not to be trusted."
Unauthorized copying (sometimes called piracy) is not the real threat against the __AA, but it is the easiest to defend. What they really fear is the ability of independents from creating and distributing their own content without their aid. They want to eventually force all technologies to only play content that was blessed by one of their sacred keys. Think about the CSS keys in DVDs...I am unable to produce a DVD containing my own content which is protected by CSS because I don't have access to one of the magic keys. But is my content which I own a copyright on any less deserving of full copyright protection under the law? Well, certainly the DMCA doesn't protect my content because I've been locked out of even using the popular circumvention technologies.
Well, Palladium and the like are the step towards eroding my rights as an independent creator even further. At least with DVDs, I could given enough capitalistic force create my own alternative to CSS with which I could protect my own content. But with an enforced technology, I don't even have that option open to me. Content creators will be forced to publish only through the evil media oligopoly.
BTW, on an unrelated crypto subject. What about an idea of taking advantage of what is traditionally viewed as fair rights. Say it's okay to just extract 3 seconds of media. I can then publish on a P2P network an article which includes an except of seconds 7.2 through 9.8 of a song. If enough different (and independenly-acting) people publish fair-use derived content with different 3-second extracts, one could in theory reproduce the entire original. There are also crypto techniques such as secret splitting, but the simple 3-second method may be more defendable in the interests of expression of fair rights as long as there is no collusion among individuals. Just a thought, not that I condone unauthorized copying.
Stop the Slashdot effect! Don't read the articles!
Who saw the article on WASTE the other day?
heh..
...and I've been there since 1997!
This is a scary thought... but have you actually looked at the slashdot concensus track record... it's a hell of alot better than any technical analyst I know of. Slashdot usually jumps to the most cynical conclusion about technology that even hints at restricting your rights... and they are usually right.
To thward piracy the entertainment industry must keep distribution costs low, reducing the total cost for consumers to acquire legitimate content.
Assume that the copyright owner and the pirates have the same cost per copy of distribution. In order for the copyright owner's supply curve[1] to be to the left of the pirate's supply curve, the copyright owner's average cost must be less than the pirate's average cost. This means that the cost of creating a work must be less than the cost of extracting a pirate master. In the days of $100-million-plus blockbuster films, that ain't gonna happen.
To defeat this argument, refute my assumption that copyright owners and pirates incur comparable costs of distribution.
[1] The copyright owner's supply curve is vertical only in the case of pure monopoly. The motion picture industry is not a pure monopoly but rather a set of monopolistic competitors because each product has a close substitute. For example, West Side Story competes with Romeo + Juliet, and The Adventures of Pinocchio with Jonathan Taylor Thomas competes with Walt Disney's Pinocchio.
Will I retire or break 10K?
I know that the RIAA itself does not have law enforcement powers, but what makes you think the RIAA is incapable of enlisting the Federal Bureau of Investigation?
Will I retire or break 10K?
Oh man, and I wasted my mod points earlier...
Trusted Computing != Palladium
"Sadly most of the public are probably too ignorant to even want that control."
Or, likewise, too ignorant to know that Microsoft can control them!
"Oh, Mommy, look, it's Shiny Video Game. Can we buy it?"
"No, darling, it says it only runs on Palladium, and we still run XP."
"But MOMMY, I WANT SHINY VIDEO GAME!"
Total cost of that trip to Best Buy?
People will buy whatever is being sold to them. They deserve it all, especially since they'll be trampling us on the way.John
Internet Explorer?
What do you think trusted means? It means the software has been digitally signed by a trusted authority (Microsoft), that the operating system has confirmed the software has not changed since it was signed, and that everything the software depends on (operating system, libraries, hardware) is trusted as well.
Whoever controls the private keys controls what is or is not trusted. I can assure you, the user will not control the private keys (that would defeat the whole purpose of trusted software. If the user controlled the keys, they could alter the software in any way they want, including removal of DRM). Since Microsoft can dicate who's keys to trust, I am confident either Microsoft or some entity controlled by Microsoft will control the keys.
Is it me or did they rush the conclusion? Some more details about how Palladium will help p2p would be nice...
Palladium may actually make P2P piracy more widespread
Good: 1
Evil:50
I'll assume you're placing P2P piracy in the Evil category, and something else in Good... right?
The coolest voice ever.
I believe the Content Providers will be able to coerce MS into providing the tools to carry this out. If not there are probably other ways for them to gain access to the trust network. You'd better count on law enforcement having access to such tools.
[Set Cain on fire and steal his lute.]
The $100 M blockbuster is a fixed cost that can be spread over all of the copies. So if you sell one hundred million copies (considering the global market of ~7 B people, not unreasonable) your cost per copy of media is $1. Now the pirate cost is still low, but in both cases "production cost" tends towards zero.
Now, back to distribution.
Assuming the pirate and the legitimate product have identical distribution and identical production cost, there is still the playback cost to the consumer. I claim that pirate material is MUCH more expensive to playback than legitimate. However, this cost is better measured in hours used than dollars spent.
(1) Pirate CD/VCD media -- often the pirate media simply does not work. If the failure rate is 50%, your $2 pirate metallica disc now costs $4 on average. Now add in the time it took you to bring the disc home, put it in to your cd player, discover it does not work, return to the vendor and buy a new disc. You can save time brining a discman with you, but now you have to carry a discman and spend a minute or two trying to listen to the disc. Suppose 15 minutes of effort here.
(2) Kazaa -- Take five minutes to look for the track you want, take another ten to download. You have spent 15 minutes acquiring a song which may be corrupt. Now burn drop it into winamp or burn it to CDR. Kazaa doesn't have a built in burning tool yet, so add in the cost of Nero -- either in dollars or the time it takes to obtain a pirate copy.
(3) Bittorrent Video -- Take ten minutes to locate a torrent for your video of choice. Note that this video must be a recently released video or otherwise popular in the pirate world. Now take 8 hours to download the video. Spend another half an hour burning it to CD(s) so you can play it.
So in case (1) you pay $4 for the pirate disc plus 15 minutes of your time. In case (2) you still contribute 15 minutes of time, but probably closer to $0.25 for CDR media. In case (3) you spend over eight hours acquiring the media.
Now the class of consumers who have unlimited time or otherwise undervalue their time is limited to those who are either unemployed or employeed beneath some poverty line (in this case, defined for the benefit of this example). While a tiny fraction of thses unemployed consumers are independantly wealthy, we can ignore them. The remaining pirates steal because they cannot afford anything.
Now the digital piracy is not the same as real world piracy. The architypical poor guy who takes a loaf of bread is actually depriving the hard working employed guy of his hard earned meal. In the digital case, the bread is still there, so the hardworking consumer may still benefit despite the theft.
This does not mean that the industry will stop caring about piracy -- after all, the hardworking guy needs a good reason to believe that he should actually pay for his media. But it is clear that it is more efficient for the recording industry to build efficient distribution systems and spend minimal effort complaining about theft.
Are you kidding? Most of these kids are the technological equivalent of the Taliban.
They don't like *anything* unless it was personally pissed on by Dennis Ritchie in 720 AD. It's the fucking religious right of computing, and they've got their King James bible: C/Unix, Perl (awk v2), X11 -- there's nothing better to this crowd. The more savage and primitive the better, so long as it doesn't cost them a dollar.
... how would you get the P2P application ON palladium? I thought one of the big ideas behind it was that it would only run trusted code. Why would MS let a P2P app into the pen?
You only have control over your own computer*. You can't prevent someone else from running unsigned binaries on their computers. In other words, signing your own binaries will make no difference in a p2p network. It is not your machine that you need to worry about. It is everyone else's.
*With Palladium, Microsoft will have control of your computer (and everyone else's). That changes everything since Microsoft can prevent everyone else from joining the network with untrusted software.
..the section on how 'Trusted Computing' can defend P2P is far too short. They dont explain a lot of things such as how protected memory and storage would be ued in P2P. Or who would own the security keys that lock all this up? As soon as a P2P network sprang up the RIAA/MPAA/bad corpde jour would track down the key owned and sue their ass dave
Question though... what's to keep MS from trusting a piece of software that I don't? ex. Bonzi Buddy, Xupiter, Save Now...
It just so happens that I don't trust those apps. I don't really care for anyone to tell my computer that I trust these programs. Because I really don't.
But legally, can Microsoft only trust who they want? Wouldn't they have to trust almost everyone? Can they legally say "We're not going to sign your programs as trusted" to anyone? Wouldn't that be anticompetitive, almost?
It isn't okay to run spyware/adware/malware on my system.
Is is okay to run programs that I have written myself.
So why has MS done the exact reverse of this!?
Stop the Slashdot effect! Don't read the articles!
It's a research paper. For school. It's not journalism, not a "cleverly planted story," it's a bloody academic essay. It is sitting in a student's directory on a Harvard server. The only "planting" I see is the link Slashdot provided to it in the first place.
The coolest voice ever.
Damn, if only I had mod points for you, AC.
In Soviet America the banks rob you!
This is alway the good question. When data is being traded the protective shield drops to the level we can do now.
The Xbox is forcing the development of faster and faster ways to break encryption that exists now. Now this is a war with one team putting up a wall and the other team working flat stack to bring it down. Basicly unless micrsoft software can change it protective means it will be stuffed. I am suprised that no one is realizing that the XBox has failed. If you use microsoft XDK on top of the Xbox project you have a fully working linux install on the XBox. Note people breaching security of networks are all ready breaking the law what is a bit of licence breaking to them.
If this new tech is ment to give protection then they are stuffed. This only stops the people who follow the law not the theif.
Basicly closed source security is Will fail. Unless microsoft ships diff encyption tagged programs. The reinstall disk would have to be for that machine only of max protection. The encryption would have to mult types so the hacker can not say this machine with have this type of encryption we can now break it. The sigs on the apps would have to for that machine only. Basicly now you have a problem. Cost would get against you.
Now linux with a few teams creating patches that allow access to this tech. Users could pick the encryption. The tags to load the app can be changed in kernel. Then Apps are distro sent as source and object system. Now hacker has to get into the complier as a nomal user would not have access to create high level apps. With the techs harddrive protection we now have the hardest defenece you could ever think up.
A team testing and passing/failing linux apps would be a good addition the the linux world.
The obvious flaw here is that the RIAA can take legal action against certification athorities for facililitating the sharing of copyrighted materials. If networks respond by allowing anyone to become a certification athority, then this opens the loop hole of trust all over again. Furthermore, the whole idea of trusted computing (as outlined in this paper) is fundamentally flawed, because you could still have a virtual machine from the BIOS on up, and who's the wiser?
The greatest short coming I see with Pallidum is that the end user has to have that type system. It'll be a cold day in hell before I buy a Pallidum system and I'm sure these music/movie/software pirates wont buy these systems if they are crippled. So whats the problem? Pallidum might stop the average P2P user but the more technically advanced user still will have no problem trading stuff.
There is a huge difference between this and what a Palladium based system could potentially do. Software Restriction Policies in XP and Win2003 are not bulletproof. They can protect users from accidentally running a trojan/virus but they cannot guarantee that somebody hasn't modified the OS itself.
This is a fundamental problem with traditional (non-Palladium based) systems. OS can give you some protection but to guarantee the integrity of the OS itself you need some kind of hardware support.
Okay, in summation:
How to attack a P2P network (aka, find 'em, fake 'em, and kill 'em):
1. Find 'em: Break the confidentiality. If you can sniff the network, and gain access to it, then you can find who has stuff being shared and thus sue them out of existence.
2. Fake 'em: Break the data's integrity. Basically, shove in tons of fake data to piss off other users.
3. Kill 'em: Break the availability of the network. Screw with the protocol, drop packets, generate thousands of fake clients, flood off other clients with search requests.
How to defend a P2P with something like Palladium:
Basically, it breaks down to not letting untrusted clients into your network. Since you can now trust that the hardware is secured, and since every client has to be vouched for in order to get in, you can stop all three of the attacks dead in their tracks. A P2P can be trusted in that other clients it tries to connect to will be able to verify that trust mechanism using the very same secure computing methods that this stuff gives you.
Think of it like this. I trust Bob, so I let Bob connect. Bob trusts Cathy, so I can get a network of trust relationships going. Obviously, somewhere, someone could break that trust chain, but the existence of the trust chain is a new thing that hasn't been implemented yet. Combine it with encryption to prevent sniffing the network or at least make it way too difficult, and I can build a trusted network over which anything can be shared, *and* know that nobody is hacking my clients on either the software or hardware level, such that they can see or send things that they shouldn't.
Find 'em breaks down simply by going through enough nodes to make it impossibly difficult to track down where the hell the data actually is. This is already a nearly solved problem anyway, with stuff like FreeNet's method of ensuring that even the clients don't know what they're sharing.
Fake 'em is broken by the trusted architecture. I can trust, to some degree, anyone on my network because of the chain. I can trust the client isn't doing shit it ain't supposed to be doing. I can trust that the hardware hasn't been modified to some degree. I can revoke clients by breaking the trust links to them or creating an "antitrust" kind of link that other clients might use as well. If someone injects fakes onto the network, I put down that I don't trust them, and voila, that propgates to those who trust me and so on. Creates a closed circle.
Kill 'em is broken by the same trust relationship to some extent. If the client can't get into the network, he can't inject things onto the network. Once someone doesn't trust that client, it finds that nobody trusts him anymore. If someone is attacking via flooding, obviously there's not much you can do except block them down the pipe, but the trust chain lets me tell others on the network that this guy is a jackass and thus they don't trust them either.
And so on.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Using Palladium to secure P2P would be a nice idea if, and only if, anybody could create applications that took advantage of the Palladium chipset. MS gives everyone the impression that this will be possible by saying things like "everyone will benefit from this technology", but the truth is that Palladium will be very protected by heavy, restrictive licencing. That's pretty much guaranteed.
After all, this is one of the most important parts of the plan. You have to pay to write apps that use it, and this will hurt the only competition MS has: software that doesn't cost any money.
Does anyone think they'll really allow a P2P network to tap into its secure computing resources? I don't think so. They'll be really careful about who they license it to, no matter how much money's involved, because once you get viruses, Bonzi Buddies and spyware that's so secure that removal programs can't get them, or if the users start using Palladium in a way the big labels can't intervene, they'll have a huge problem.
The $100 M blockbuster is a fixed cost that can be spread over all of the copies.
So is the cost of extraction of the pirate master.
often the pirate media simply does not work. If the failure rate is 50%
Fifty percent? Has that failure rate been observed in practice? And if so, is it any better than the legitimate route? I've experienced some pretty high failure rates when renting DVD videos, where "failure" == "disc is so scratched up that playback stutters in a key scene".
You have spent 15 minutes
I wasn't staring at the status bar for 15 minutes. I was reading Slashdot for a lot of that time.
acquiring a song which may be corrupt.
If a particular rip is widely shared, it's likely not to be corrupt.
Kazaa doesn't have a built in burning tool yet, so add in the cost of Nero -- either in dollars or the time it takes to obtain a pirate copy.
Most PCs come with a CD burner plus software nowadays.
Now the class of consumers who have unlimited time or otherwise undervalue their time is limited to those who are either unemployed or employeed beneath some poverty line
This is quite a large class, even ignoring the fact that the American economy is in the toilet. Assuming that the number of minors with a work permit is equal to or less than the number of adults enrolled full-time in university, at least as many Americans are unemployed or underemployed as are under 18.
Will I retire or break 10K?
Wouldn't you like to be the person who says to the 'man':
Remember when you shutdown our project that was intended for legal use but potentially had illegal uses?....
You see, it's funny because they created something to slay a monster, but it just became a bigger monster! Laugh!
It's 10 PM. Do you know if you're un-American?
Its the AWESOME man!
AWESOME!!!
The difference is who has control. In the office, the sysadmin deserves to have control over who can run what. At my house on my computers, only I deserve control. I'd better be able to do anything I damn well please on my own equipment. The security policy in Windows XP and Server 2003 lets this happen. Palladium/NGSCB, on the other hand, puts this control in Microsoft's hands. It's their security, not ours. I think "trusted computing" should be me trusting my computer to do what I say, not Microsoft or the *AA's trusting my computer to be crippled enough for their DRM crap. MS's view of "trusted computing" is way off base.
About signing patches, I think Microsoft should make one of Software Update Services' features be automatic signing of patches that the sysadmin has chosen to be installed.
It's an operating system, not a religion.
The threat from Free software is only going to get more serious for Microsoft, and pirated software is their covert way of fighting it. They can get fat enough off the rich people who don't want to bother pirating and the corporations that don't want to risk it.
So basically, I don't think piracy channels bother Microsoft very much. Piracy guarantees that MS remains the global standard, and it drives up the demand for computers, so MS profits in the big picture.
Sorry, but dem's da breaks. The artists need "encouragement" to abandon the RIAA as well. No one forces them to sign contracts. "Think of the artists" has replaced "think of the children" - and it's still just as trite.
...that on a system with Palladium hardware, if the machine doesn't boot with a trusted OS, the crypto service is locked down. This means that it's useless for someone running, say, Linux to try and join such an encrypted P2P network. So you can have your free files, in exchange for having them on a computer that won't allow you to do anything with them. Fun fun fun.
These three students must be some of those new "grassroots" Microsoft has been trying to buy on campuses. Harvard, that's almost as costly as Tulane, so these three must have been expensive to confuse or corrupt.
Anyone who uses the term "piracy" for unauthorized file violation is clueless to begin with. Other midless gems from these three include:
The author's research is lacking. They reference 17 works, mostly popular press articles with one or two intersting texts. One reference they omitted is Microsoft's EULAs which require forced upgrading and Microsoft's right to search your files and delete those they considercopyright infringing.
Anyone who considers the control Microsoft now demands of it's user's computers could not think that Microsoft would ever extend "protection" to user content or clients programs. They promise to do it now, despite a lack of tools. Chances are that Microsoft will delete all peer to peer client programs they find.
Shame on Harvard. I've got to give this student paper an A for effort and the fluent ability to state the obvious but an F in research and critical reasoning. The music and film industry blinders these students wear prevent them from exploring the use of P2P for anything but "piracy". The whole idea of "trusted computing" aiding "piracy" is a juvenile conivance of wishful thinking. It lacks all the things Universities are supposed to be full of, honesty and critical thinking.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Since when is palladium needed for this? Seems like SSL and PGP are doing just fine...
:o) [1-3] - yEnc "1st.jpg.pgp" (0/1) 20-MAY-03 alt.fan.yardbird 1.91k Roadrunner :o) [1-3] - yEnc "1st.jpg.pgp" (0/1) 20-MAY-03 alt.fan.yardbird 2.17k Phoenix Risen :o) [1-3] - yEnc "1st.jpg.pgp" (0/1) 20-MAY-03 alt.fan.yardbird 696 B Roadrunner@blackhole.riot.eu.org (Roadrunner a.k.a 'A Fast Bird') :o) [3-3] - yEnc "3rd.jpg.pgp" (1/1) 20-MAY-03 alt.fan.yardbird 91.89k Roadrunner@blackhole.riot.eu.org (Roadrunner a.k.a 'A Fast Bird') :o) [1-3] - yEnc "1st.jpg.pgp" (1/1) 20-MAY-03 alt.fan.yardbird 57.9k Roadrunner@blackhole.riot.eu.org (Roadrunner a.k.a 'A Fast Bird') :o) [2-3] - yEnc "2nd.jpg.pgp" (1/1) 20-MAY-03 alt.fan.yardbird 83.88k Roadrunner@blackhole.riot.eu.org (Roadrunner a.k.a 'A Fast Bird')
Anyone wanna guess what's in most of these?
Search all usenet binaries groups for string "PGP"
Search results page 1 of 3,500 results per page. 1,171 files displayed. (0 files hidden by filter )
[ 1 2 3 ]
up the checked files into queue Use New Window
Subject Date Group Size Poster
alt.binaries.images.pgp.count-draculol 16.26m SecretSantaHornyBastard@jAckonJill.cum (The Horny Bastard)
!RP for Sharpie - [01of18] - "FA-01.pgp" yEnc (01/10) 9064906 bytes 22-MAY-03 alt.binaries.images.pgp.count-draculol 8.64m SecretSantaHornyBastard@jAckonJill.cum (The Horny Bastard)
!RP for Sharpie - [1of3] - "LPr-1.pgp" yEnc (1/7) 5823482 bytes 22-MAY-03 alt.binaries.images.pgp.count-draculol 5.55m SecretSantaHornyBastard@jAckonJill.cum (The Horny Bastard)
!RP for Sharpie - [12of18] - "FA-12.pgp" yEnc (1/9) 8262559 bytes 22-MAY-03 alt.binaries.images.pgp.count-draculol 7.88m SecretSantaHornyBastard@jAckonJill.cum (The Horny Bastard)
!RP for Sharpie - [11of18] - "FA-11.pgp" yEnc (01/11) 10227689 bytes 22-MAY-03 alt.binaries.images.pgp.count-draculol 9.75m SecretSantaHornyBastard@jAckonJill.cum (The Horny Bastard)
!RP for Sharpie - [16of18] - "FA-16.pgp" yEnc (1/6) 5302264 bytes 22-MAY-03 alt.binaries.images.pgp.count-draculol 5.06m SecretSantaHornyBastard@jAckonJill.cum (The Horny Bastard)
!RP for Sharpie - [15of18] - "FA-15.pgp" yEnc (1/8) 7091399 bytes 22-MAY-03 alt.binaries.images.pgp.count-draculol 6.76m SecretSantaHornyBastard@jAckonJill.cum (The Horny Bastard)
!RP for Sharpie - [18of18] - "FA-18.pgp" yEnc (01/10) 8925679 bytes 22-MAY-03 alt.binaries.images.pgp.count-draculol 8.51m SecretSantaHornyBastard@jAckonJill.cum (The Horny Bastard)
!RP for Sharpie - [05of18] - "FA-05.pgp" yEnc (01/10) 9163291 bytes 22-MAY-03 alt.binaries.images.pgp.count-draculol 8.74m SecretSantaHornyBastard@jAckonJill.cum (The Horny Bastard)
Re: PING>Yard, YCL.....PGP 11-MAY-03 alt.fan.yardbird 2.35k Yardbird
PING>Yard, YCL.....PGP 11-MAY-03 alt.fan.yardbird 1.06k "unclesticky"
Pingy Yardy (PGP) 15-MAY-03 alt.fan.yardbird 18.01k Anonymous-Remailer@See.Comment.Header (FatShiney)
Re: For \/\/Mr Yardbird\/\/
Re: For \/\/Mr Yardbird\/\/
For \/\/Mr Yardbird\/\/
For \/\/Mr Yardbird\/\/
For \/\/Mr Yardbird\/\/
For \/\/Mr Yardbird\/\/
What's more astonishing that you would claim the general population is so ignorant, yet advocate the thing you fear. Then again, three harvard students bought into this whole bogus notion. This is my review of their article.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Chat: everybuddy, gaim, jabber. I prefer gaim with its nifty account modules (it even checks your hotmail for you!).
P2P: limewire and other gnutella clients
games: neverwinter nights, quake3, unreal tournament, (coming soon) doom3, all the really truly major titles, not to mention winex...
Music: xmms, freeamp, alsaplayer (xmms and alsaplayer are both my favorite)
video: mplayer, xine, ogle, vlc/vls (there is no other tool like vlc+vls available to everyday joes), mythtv, freevo
Yeah?
Instead of saying "palladium is evil", we should be pushing for comparatively open implementations.
No, Palladium is evil. You can't get around the fact that Microsoft's planned hardware domination is evil by wishing it did things it won't. M$ does not deserve to be "engaged" because, as a condition of using their software, they have demanded the right to seach through your files and delete those they feel violate copyright. The intent is in the EULA now. If you want authentication, look to kerbos and other real efforts. M$'s efforts are so clumsy paranoid and lock down centric, it's doubtful their machines will even run, much less be useful or trusted.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Agreed, there is a gigantic difference between a software feature and a hardware enforced software feature.
However, if a sysadmin wants a moderate confidence that a junior admin hasn't installed software that shouldn't be running, or that a user hasn't installed unauthorized games on a critical system, the Software Restriction Policies are a good additional safety feature that can be used in addition to other security techniques.
Couldn't you do this now with an SSL style connection?
force all users to register with a central service (yeah I know central point of failure, but you might also be able to do this in an incremental fashion) that assigns client SSL certificates that are then used in all P2P connections to verify the clients identity.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
We all know how well Microsoft security works. All this mechanism does is give a cracker a new tool to hose a system that's insecure by design and incompetence. Between Excell playing sound files linked in from the web (hypothetical flaw based on Outlook's doing the same) and Windoze updater, there is no security on M$. Paladium is simply going to be another set of inconveniences to the user that do little else than get in the way of working and enjoying media files and running free software.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
And it may take a damn WEEK to download a movie over a modem, but that doesn't mean the user is sitting there at the PC pulling the bits in with a teaspoon. In all I find it takes longer to organize the files on my PC than it takes me to initiate a download, edit the tags and change the filenames to the format I use in my database. And I may spend a few hours finding stuff I want, but so what? That's what hobbies are for - and at least I actually FIND stuff I want whereas visiting the local wal-mart is going to present me with a whole lotta nothing when it comes to choice (and forget about the CD stores - they're all but gone now and the only one within 100 miles that would allow "previews" of music went away years ago).
Four bucks? I download stuff a CDR at a time - that is, everything I pull in goes into a single encrypted volume sorted by date; when it gets filled (usually every 4-5 days) I burn the PGD file to a CDR and create another - thus, I have a dated archive in the unlikely even I even need to access it again. In the meantime I set the ID3s and filenames to my choosing and move them to the filesystem on my "media drive." The whole process takes very little time and a blank CD sure don't cost two bucks! Sheesh, even at wallyworld a pack of 50 CDRs is less than $25. Out of a stack I may burn five coasters, which bumps the incremental cost to something like 60 cents per unit (i.e. about a buck a week to backup all my data). And at the rate things are going with hard drives, it'll soon be even cheaper than that to keep it all on a portable magnetic drive.
Ironically, it takes more of my time (and can be considerably more of a nusiance) to rip a "real" CD than it takes me to download the damn thing from someone who has already done it for me.
Excuse me, but isn't it already illegal to attack computers you don't own, even if you are the content owner? Nor, except for a few fake files, is it even happening?
So it will be harder to do something that already is illegal, and already isn't happening.
Boy, I just can't wait to upgrade my processor and OS to get all those benefits.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
They deserve it all, especially since they'll be trampling us on the way.
Well put...
Excuse me, but doesn't Nullsoft's W.A.S.T.E. (see /. a couple days ago) already accomplish this without special handware -- and without Microsoft?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Simplistic view? In the past, M$ has proven they will lie, cheat, and steal to control their users and to try trapping everyone into using their product. It is like working with Hitler. Making a compromise or alliance with such people is suicide. Just ask Stalin.
What good would "open implementations" of DRM do? Allowing others to control what your computer does with their file/data is the entire point of DRM. When that fails, M$ and the MPAA will create a censorship system under the guise they need to delete infringing files. To do so, a M$ controlled DRM system will need to be in place--to trap everyone into only using M$ systems, and/or to hide the fact they are censoring people.
An open implementation would defeat the entire purpose. An open implementation would not even be good for most of the other purposes touted for DRM. Anyone would be able to counterfeit Eca$h, or copy those secret emails. A trusted third party would be required to control your computer. I will never trust M$, only a fool would.
It's alittle too late to get modded up but maybe one or two people will see this
:D
a few days ago I found a new p2p it uses SSL, proxys and tunnels though port 80. lots of other ways to trick the RIAA/ISP's from finding out what we'...ahem YOU are sharing.
Unfortuanatly right now it only works on windows so i was hoping for some slashdot press so we could bug them to death with e-mails
here is the site: http://www.earthstation5.com/homeweb.html
if anyone has more information on this id like to hear it, all I know is what the developers want me to think since word of mouth hasn't spread yet.
-- "of course thats just my opinion, I could be wrong." --Dennis Miller
Marginal. Marginal. Marginal cost is defined as the amount that total cost goes up by producing one more unit. So in fact, a large studio would have significantly lower marginal costs than a copyright infringer, since your average war3z d00d doesn't have access to massive CD/DVD presses but has to burn them one at a time.
Marginal.
All's true that is mistrusted
the author clearly has NO IDEA what palladium is all about. despite microsoft and AMD both releasing enough info publicly at a recent conference to prove that palladium will only allow code that has been audited and paid a hefty signing "protection fee" will be able to run under the new content protection level. (ie: consumer "rights" restricted video and music players/decoders)
palladium has no other uses. its not being designed for that. in fact while your computer is not running rights-restricted code the entire palladium kernel will unload itself and get out of the way of the OS (it'll impact performance due to trapping a lot of common io/dma/page table accesses to prevent breaking the security boundary without a memory bus analyzer).
Actually, slashdot is a bunch of paranoid, whiny losers who fear the loss of rights that generally never existed in a legal sense, that are actually privileges. Some of the things slashdot readers seem to fear the loss of are illegal anyway, like copying stuff regardless of the copyright. Other things, like palladium, are not even close to coming to pass.
At all times the paranoia manifests itself most by grossly exaggerating the effect that whatever technological restriction measure being considered at the moment is going to have on everyone's lives. Especially considered that most of them only affect computers, which are hardly the sacred source of our most valued liberties, like freedom of assembly, speech, the press, weapons, and movement. Shit, you think things are getting bad in the world when we can log onto a site like this and say anything we want without fear of government reprisal? The cynicism found here is disgusting, and unjustified. I conclude that if anyone could see through schemes like the supposed massive restrictions palladium will put on computer users so easily, the probability of them having such far reaching consequences is terribly low. People here consistently overestimate the power of big companies and the government, and also, in their arrogance, the stupidity of the populace.
I've been blocking Your Rights Online from my frontpage for a long time because it is just a bunch of ranting lunatics who see oppression by more powerful forces everywhere because they feel powerless over their own lives. Their paranoia is just a viewpoint, and their constant fear is hardly the most rational take on things. Such people need to own up to the fact that if they feel trapped in a hopeless situation, odds are that it is because of their own actions, not some other entity that forced the circumstances upon them, through trickery or brute force or some other unfairness. Sadly, this is the last thing they would ever do, because they prefer to claim victimhood rather than failure. If they cannot make positive changes in their lives, it is because such a thing is impossible, not because they are deficient in real desire or ability.
I would also like to question the reliability of past consensuses on slashdot, in addition to all the Chicken Littles here. Remember the cynical conclusion Slashdot reached about the iPod when it was first released? Slashdot said, 'That's stupid' (collectively I might add) and was collectively wrong. Consensus on this site means nothing, it just means the herd is moving in the same direction, not necessarily the way the wind is blowing.
The paranoid people, in predicting an impending effect from a restrictive technology, are wrong proportionately to the severity of the effect. I know this because I don't even bother reading Your Rights Online, and despite all the gloom and doom predictions made there, my life has not changed at all. In any way. Even concerning computers. That it might is irrelevant, the sky might fall as well...
I don't know about you, but big media doesn't run my life, they just amuse me for a small portion of it. The idea that they could leverage the value I find in that amusement in order to control my behavior in a broader sense is absurd. Especially since it is such a non-essential product. I saw some post saying everybody was going to switch to palladium systems because their kid would want to play video games. Sometimes I think slashdot believes everybody not only has a kid like this, but IS a kid who just wants to play video games or something.
If you are like that as an adult, somebody else is already running your life anyway, and your paranoia and resentment of the situation will not help you. Stand up, look around, take control of yourself, and you will be free.
Unless they are hacked, and then they won't be allowed to run on a Pull-a-DRM machine.
Ever since DRM first reared its ugly head, I have been (hysterically, at times) hollering about how this is about 'content' control. Monopolizing the *abillity* to publish. (Subscribers can find many posts of mine dealing with that, amongst all the trolling I do ;)
P2P will NOT be 'secure' on a Pull-a-DRM. It will not work! Even if the Pull-a-DRM system is broken by 3 lines of script, those who use the 3 lines will be sued or charged under some **IA brokered law. Sharing will be *restricted* to what the **IAs allow through their 'special' keys.
Sure, copy, share, rip mix burn the newest crap as pushed on Clear Channel, but try and nab a homemade mix of some band you saw last night or a little video from your friend on vacation and it just won't work.
Maybe MS has got it all figured out - somehow Pull-a-DRM just *knows* that Billy's video email is ok, but somehow I doubt it. Remember, YOU DON'T GET TO DECIDE - you are NOT TRUSTED.
Everyone needs to realize that Pull-a-DRM will KILL what the net has done for independent musicians, filmmakers, artists, writers, and coders.
It will be a cancer, slowly spreading. Mom will get the new PC "MSN 10" with the 'Super-Security'(for the kids). Things won't run, she'll bitch, more crap will be made to work ONLY with DRM. Boil the frog. It's what's for dinner!
DRM is NOT YOUR FRIEND
Which is cute, because it suggests that Microsoft's original plans to produce a secure PC that will protect the music companies' stuff from us have been spiked in favour of something much more positive and progressive.
.doc format once and for all - MS Word Palladium files will not be readable with any other software, period. Positive and progressive my ass!
What the hell are you smoking? You realize that the application to email is making messages that your computer won't allow you to quote, copy, filter, or print (spammers will love that - it has nothing to do with secure communication since that doesn't require anything user hostile) and that the application to documents is fixing the reverse engineering "problem" with the
1) Pirate media: Malaysia, 2003 about 5% failure rate on a DVDs that cost 1/10th of what they do at home, mostly original Chinese DVDs (with English soundtrack). Or so all the rest I traveled with tell me ;)
;)
2) KaZaA is the biggest disaster area in the world. More likely scenario: Connect to good DC hub, set a dozen or more albums on download, will all be good and downloaded when you wake up. Or Usenet.
3) Bittorrent, well I sleep while downloading and watch it off HDD. And if it takes you 10 mins to search google for "bittorrent [movie title], well... Same as above: Find good P2P net/Usenet/internal network/irc servers, set a bunch of files for download, go to bed and have many gigs of video when you wake up. Also funny that I burn a DVD-R in half the time you burn a CD
I'm not trying to brag about my l33t warez finding skills, but I think 99% of the slashdot community are computer-savvy enough to find stuff much cheaper than the time and effort put into it.
Also nevermind that the bandwidth is increasing, so you get increasingly better download speeds, and that the evolution of P2P nets is huge. As a few things, I can mention swarming downloads, hash signing, hash trees, trust mechanisms, anti-leech algorithms, anonymous routing and encryption.
Which is not to forget all the "old" ways of doing stuff. FTPing with your friends? Sure, I got 200gb, you got 200gb, he got 200gb and together we have pretty much all we want, with built in QA. Not to forget the old CD/DVD swap.
And, in maybe a decade people will start to have "enough" bandwidth, meaning that many people can download things faster than they could see or listen to. At which point, they got bandwidth to spare for anonymous routing such as Freenet etc. Which would make it even more difficult to hit P2P nets.
Kjella
Live today, because you never know what tomorrow brings
Chill Napoleon. That entire blurb was cut/paste from the article that I quoted elsewhere....follow that link and go postal over there, if you really want to stomp someone, ok? :)
:)
Or is this some tribal territorial coming of age thing, where you just lash out at the nearest shadow and the naked-to-the-waist women react with approval at your prowess? Because if it is, then I'm on your side, and I'll act all put down and stuff so you can get some later in the tent...it's cool...just tell me, 'cause I can recall what it was like to be all young and stoopid and stuff
But you'll still owe me an apology!
TCPA & Paladium are evil
...which is....which is...which is.
Oh hell, I forget what I was going to say. Damn viagra!
BTW, Palladium is neither a technology nor an application. It is an initiative encompassing a suite of applications and hardware specifically designed to provide localized content control and administration according to industry choice and desire.
You need some sleep, friend.
WARNING: This sig does not contain a joke
There are other flaws with this concept, but the main one is that the content being traded over P2P networks will also be DRM-ed into uselessness. In other words, if you're running Palladium (or NGSCSBSDCSN or whatever today's rename is), your machine is producing DRM-crippled MP3s, WMVs, and other files of intereste in this scenario. You can secure-P2P them to anybody you want. Or just e-mail them for that matter. The files won't play on the other end, because the MPAA/RIAA/XXAA already 0wns your box.
Slashdot quality declines as the number of hot grits posts decreases. - Provolt's Law, Apr-09-2005
Just bull spread by people like M$ to make palladium look better
Slashdot - The one stop shop for procrastination
Thgere is one thing that seems to be missing in the article. Even If Ross Anderson is on the acknoledgements they have eluded two quite clear points in the strategy of how the trust system works.
Keys are issued and can expire not only for content but also for software.
So lets imagine: I with a group of friends decide to implement a P2P system that runs on trustworthy platforms. Fine, we write the code, debug, test - several thousands of beers later - we want to release it. If we want to have it available for download and for it to run on all other computers a key has to be supplied. So we scratch our pockets and go see Bill and try to ge the software validated - Valdation mechanism is pricy yet simple for any normal vendor.
We are lucky, we say its not for file sharing but for officeware collaboration, only the amount of files at your disposal is kind of unlimited and there is no real restriction on who you connect to.
Ok we put it out to the mirrors and people and their grand-mas start using for P2P filesharing.
M$ can revoke the key at any time!!! So even if we get to that stage: We can't do anything if they hold the keys, and the music industry stands behind them.
I have read we should not consider TCPA evil. Well its the closest I was planning to get on this earth.
Where is my mind?
"who fear the loss of rights that generally never existed"
... chocolate (for real)
Rights like playing my *bought* CD's in my car-player, or my DVD-player. Which is also blocked by their copy-protection.
The cynicism found here is disgusting, and unjustified"
It is this kind of cynicism that questioned the motivation of Bush to invade Iraq (their illusive biochemical weapons). Yet, now that the control the country, they still fail to show even a single microb of those weapons. They did find Sadams private stock of
Thing like this might be an unpopular stance, certainly when the media keeps reporting one-sided views, but that doesn't make that stance wrong.
*Your* life might not have been visibly changed in the last time, but that doesn't mean there is no change. I live in Europe, and I saw a couple of things change recently. For one, a large percentage of the new CD's I buy are crippled, and I'm unable to play the original in a normal way. Secondly, the blank CDR's I buy to make my system backups (real backups, as a Free Software user I have no need for pirated copies) got 20-25% more expensive to pay royalties (for my OWN data???).
The only way I can buy a PC without Windows (I run Linux and FreeBSD exclusively) is to buy all the parts and put it together myself!
"Stand up, look around, take control of yourself, and you will be free."
Quite right, that's why some of us plan to resist Pallidium and other schemes. That's one of the main reasons I run Linux.
Is there an Anti-palladium/TCPA initiative, either technical or polictical ? By this I mean ..
1)Can we still have programs that would be untouched by Palladium/TCPA ? I hope there are.. and I hope Palladium/TCPA is made to look like a magnanimous waste of time and money. I have half a mind to start a website to brainstorm these ideas.
2) Arent there any polictical people opposed to Palladium ? I really dont trust the politicians, as their political campaigns are funded by these companies.
Here is a good article about how secure palladium/TCPA is and will be. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
It isn't the people they are after. It is the companies. The company I work for is a fortune 50 company. They just announced that we are all going to be standardizing on one platform, XP. I was talking this over with my boss, and questioned the move. He started in telling me how it is much more efficient to standardize on one platform, and ... I interrupted him, and asked "Why XP?". .......
Because it has been proven to be stable.
"But why not Win2K? It has proven itself."
Because XP is the next generation OS, Win2k is 3 years old. Going to XP will also minimize the time when we have to upgrade the standard.
"But what does XP offer that Win2k doesn't? We don't use multimedia stuff at work."
They want to standarize the office suite and the OS together, and we are going to Office XP.
"OK, what does Office2k not do that we need it to do?"
They probably got a license deal on XP and Office XP.
"Bingo. It isn't necessarily better, it is what we are told to buy."
Look, there isn't anything wrong with it, standardizing on one platform will help our IT department and
Nobody cares*. Companies want the best deal, and they get that by toeing the MS line. Everyone else doesn't care, they want to get to use the latest OS for free, and burn a copy for home.
* Not that some people don't care, but statistically, it is virtually noone.
My beliefs do not require that you agree with them.
Not people, consumers. Personally I wish news organizations would stop referring to citizens as consumers, as if they were some sort of swarm consuming all in their path. But the citizens you are referring to would clearly be labelled correctly as consumers.
the tighter that you grasp the more consumers will slip through your fingers
seriously this is probably not going to get very far off the ground. It will cause an uproar and having your customers hate you really does not go well for any company. Even if M$ does somehow get this through there hasn't been a security measure that has not been cracked. It willl only be a matter of time.
I'm quite psyched about the control it provides.
I'm quite worried about who gets the control it provides.
Sadly most of the public are probably too ignorant to even want that control.
You're probably too ignorant to even care who has the control.
It's fun how insults can work both ways.
I'll see your senator, and I'll raise you two judges.
One more thing... Supposing someone technically smart, but without too much common sense decided to write a virus. A virus that would exploit some serious bug in the OS (been several in every version so far). Great. They save up enough money and then try to get their program keyed. Could Microsoft legally, and would they bother, not keying this virus?
Eventually a bug will be found within palladium. Someone will figure out a way to make a program appear to be keyed. Most likely a virus.
The whole idea of trusted computing is good in theory, but in practice it wont work. As soon as a flaw is discovered in one link, the entire chain falls apart. If a malicious program breaks the chain, my computer might think that W32/Klez.palladium is a trusted piece of software. That's crazy!
Stop the Slashdot effect! Don't read the articles!
But you're right, they're consumers, and all that implies. Nice "swarm" metaphor, by the way.
John
Suppose I design a new P2P protocol. It includes all the l33t features. SHA1 hashes of each file. Reputation management. End to end encryption. BitTorrent like swarming. Other features to make traffic analysys more difficult. (You can't hack the trusted client, but you can still packet sniff the p2p traffic. So who provided the file?) Etc. etc. features.
Assumption: Let's assume for the moment that Trusted Computing might turn out not to be evil. That is, I, me, anyone can sign an executable. The person who downloads it can authorize it to run trusted, and thus tamper resistant on their computer.
I provide an implementation of my client. Signed and trusted.
Now my protocol design and client really take off. Popular.
My client and design are open. Others want to implement clients in other languages and for other platforms.
Who signs these other new clients to make them trusted? I would assume that I would have to sign these other clients. Or alternately, all clients would have to recognize a certian set of signed clients as being trusted. If My client, Joe's client, and Jane's client are all trusted, then only me, Joe and Jane can build clients. Any other new clients must be signed by me, Joe or Jane, because all existing clients only recognize our three signatures.
I'll see your senator, and I'll raise you two judges.
I have several computer interested friends who probably sits at the comp 1-2 hours a day at least and still have no idea what Palladium is. I don't think the general public is even aware it exists.
I'll risk a comment on the main topic too (despite I didn't bother to read the pdf). I thought the point of Palladium is that Microsoft will certify what programs can run on your computer. I don't see MS letting a program that can be used for piracy through.
Plus, we're talking Computer Science here. Harvard's reputation in Computer Science is comparable to, say, MIT's reputation in athletics...
I mean, Harvard has a Bill Gates Chair in Computer Science, fercrissakes. I look forward to their announcing the Ken Lay MBA Program, the Arthur Andersen Chair in Mathematics, and the Henry Kissinger School of Peace Studies.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Marginal.
Some performers have contracts for x% of the gross, and paying such royalties increases the marginal cost to the copyright owner. And according to the article, Palladium does reduce the marginal cost of piracy, which includes reducing the marginal probability of legal action.
However, marginal costs are not everything. Fixed costs help determine whether or not a producer enters the field.
your average war3z d00d doesn't have access to massive CD/DVD presses
I understand that the following anecdote is atypical, but George Harrison was a war3z d00d who had access to a CD press through his label. He accidentally pirated "He's So Fine" written by Robert Mack when he wrote and performed "My Sweet Lord". What steps can any other songwriter take to avoid accidentally pirating one of the millions of published songs?
Will I retire or break 10K?
Excuse me, but doesn't Nullsoft's W.A.S.T.E. (see /. a couple days ago) already accomplish this without special handware -- and without Microsoft?
Yes, but you could do it in a somewhat more robust fashion than WASTE does. And you still can't trust the hardware with waste, nor the software for that matter.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
... had this feature in their -3.6 release of 1925.
i.
i - This sig provided by
Maybe at kernel compile time you generate your key pair, and the kernel will only run
Of course, that's probably slightly easier to write about that to do but...
Get your own free personal location tracker