Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Looking at Alternatives to Palladium

Posted by CowboyNeal on from the trust-and-distrust dept.

An anonymous reader writes "Some folks at Stanford have been looking at an alternative architecture for doing trusted computing (ala Palladium) based on using Virtual Machines. They presented a brief paper describing their work a couple weeks ago at the USENIX Workshop on Hot Topics in Operating Systems . In their paper they also discuss a bunch of non-DRM applications of Trusted Computing such as distributed firewalls, improving P2P security, preventing DDOS, and even strengthening civil liberty protections."

24 of 221 comments (clear)

  1. There's nobody stoping... by Anonymous Coward · · Score: 5, Insightful

    Anybody from trusting anybody else now. We could create distrib-firewalls if we wanted to.

    The fact is DRM takes away the PEOPLES' rights to choose who to trust.

    1. Re:There's nobody stoping... by Keeper · · Score: 3, Insightful

      That's a backwards statement.

      DRM lets you send stuff to people you don't trust, because you trust that the software will prevent the people you do not trust from taking actions you wish to prevent.

      It has nothing to do with defining who YOU trust.

    2. Re:There's nobody stoping... by interiot · · Score: 3, Insightful

      DRM in the hands of monopolies is a way to take things away. DRM in the hands of corporations who value control above anything else is a way to take things away.

    3. Re:There's nobody stoping... by Geek+of+Tech · · Score: 3, Interesting
      DRM lets you send stuff to people you don't trust, because you trust that the software will prevent the people you do not trust from taking actions you wish to prevent.

      Well ya, you're right, but in the case it's be used, we are the people the RIAA, MPAA and everyone else doesn't trust. We, being anyone with any form of access to a computer.

      So the question (or just one of the main) is, Why should I invest in a platform that will keep me from copying/burning/reading/deleting/modifing/anything else you could possible ever want to do you data? Do I want to plainly accept the fact that people selling me content dont trust me to get out the Wal-mart parking lot without trying to steal their intellectual property?

      Digital Rights Management is nothing of the kind. In all honesty, it is Digital Rights Prevention.

      --
      Stop the Slashdot effect! Don't read the articles!
    4. Re:There's nobody stoping... by Jordy · · Score: 4, Insightful

      No, corporations want to control what you do with the works they sell you, something copyright nor first sale doctrine does not give them the right to do.

      For instance, a book publisher can not sell you a book you're not allowed to resell. They also can not forbid you from reading a book more than once or reading the book to your child.

      DRM enables copyright holders to completely eliminate used sales and move the entire world to a pay-per-view world. Even more, it allows the copyright holders to have a perpetual copyright; one that will never expire for as long as the work is encrypted.

      You will not "own" anything. Sure technically you own your DRM'ed digital music downloads, but just try to resell them.

      The "value" of DRM'ed goods is significantly less than physical goods, but people won't realize that until laws get put in place forcing retailers to mark these goods as such.

      --
      The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
    5. Re:There's nobody stoping... by Amazing+Quantum+Man · · Score: 4, Interesting

      No, I want to talk about the RIAA and MPAA. Specifically the MPAA.

      I saw an ad for a DVD that said "Own [some movie] today on DVD". It did not say, "License [some movie]".

      Therefore, they are selling me a copy of that movie. By the doctrine of First Sale, it is mine to do with as I wish, including cracking the CSS or region coding, folding, spindling, or mutilating, reselling to someone else.

      The only thing that I may not do is reproduce it for other people, since I don't hold the copyright.

      --
      Fascism starts when the efficiency of the government becomes more important than the rights of the people.
  2. DRM is not automatically bad! by Thinkit3 · · Score: 3, Interesting

    One good example is the google puzzle contest I'm sure many tried. You downloaded the .pdf before, and got a password when the time started. While nobody should go to jail for cracking the password, it was an example of a good (not evil) use of DRM.

    --
    -Libertarian secular transhumanist
  3. a Good Thing by trans_err · · Score: 5, Insightful

    Rather this alternative to Palladium does or doesn't work at the fact that OTHER companies are looking into creating this kind of system makes the future of Palladium-esque systems look a lot better. Competition is a Good Thing and handing the reigns to microsoft with out look bad is a bad thing, microsoft or not a company should not have that much power. If this market becomes more diversified we will see better products, rather from microsoft or not, and people will start listening to the peanut gallery ranting for a better system.

    --

    transmission_err

    1. Re:a Good Thing by Knife_Edge · · Score: 4, Insightful

      "microsoft or not a company should not have that much power"

      Microsoft does have the power to do whatever they want with their operating system. Yet, for some reason that does not matter to me. I am not forced to use it, see? As long as there are some alternatives (and there are right now if you are willing to learn), I will be fine. More people need to be made aware of the alternatives, is all.

      And to everyone who says, but what if Microsoft and some media companies get together to make some kind of system that ensures that content distributed in this system could only be used in extravagantly restrictive ways?

      Well, darn, I guess I will not buy that content. I suppose I will just continue consuming media in all the other ways it is available to me that are easier and cheaper.

      Some guy asked a better 'what if' recently in another discussion on Palladium. What if systems using this technology are required to access the Internet?

      Oh, Microsoft controls the Internet now?

      This is just another silly copy protection scheme, nothing more. As are any alternative silly copy protection schemes. Take the tinfoil hats off, folks.

  4. Too bad... by PS-SCUD · · Score: 4, Insightful

    One is proposed by some folks in Stanford, the other is proposed by Microsoft and Intel.

    Guess which one is going to matter?

    --


    "Much work is lost, for the lack of a little more." -Edward H. Harriman
    1. Re:Too bad... by Knife_Edge · · Score: 3, Insightful

      "One is proposed by some folks in Stanford, the other is proposed by Microsoft and Intel.

      Guess which one is going to matter?"

      Neither.

    2. Re:Too bad... by El · · Score: 3, Insightful

      So, that's why we're all running Microsoft Bob instead of the X Window System -- 'cause a big bad corporation can set a standard, while a Univerity can't?

      --

      "Freedom means freedom for everybody" -- Dick Cheney

  5. Vulgar Slang by jabbadabbadoo · · Score: 3, Interesting
    palÂlaÂdiÂum2 ( P ) Pronunciation Key (p-ld-m)

    1) A safeguard, especially one viewed as a guarantee of the integrity of social institutions: the Bill of Rights, palladium of American civil liberties.

    2) A sacred object that was believed to have the power to preserve a city or state possessing it.

    I believe that city is called Microsoft.
    "Bill of Rights"... whaaaahahaha.
    ---
    At any rate, I have only one more word to say about Palladium. You can read all about that word here

  6. Faking out Palladium? by Asprin · · Score: 4, Interesting


    Moreso, would it be possible to fake out Palladium-dependent software by running it in an emulator that simulates the undelying Palladium subsystem?

    What does a program REALLY KNOW about where it lives?

    Wow, This is JUST like "The Matrix".

    --
    "Lawyers are for sucks."
    - Doug McKenzie
  7. Viva la Alternatives by curtlewis · · Score: 3, Interesting

    With all the security patches MS has each week, I must admit I found it rather amusing that they were propsing a secure computing standard with Paladium.

    Personally, I don't think they can pull it off. But with Stanford looking into an alternative now, this means we'll at least have choices down the line. And I'm sure that both sides will look at what each other does and rip off the good ideas.

    Security is important and a verifiable identity is as well. Not just for e-commerce applications, either. Even such simple issues as banning some nimrod that wants to post stupidity on your board can be solved by a solid identity model.

    Hopefully, one of em will pull it off.

  8. Palladium,DRM = no trust or rights by AtariAmarok · · Score: 4, Insightful

    What misleading terms they are. How can Palladium have anything to do with "trust" when they violate trust and anything else by intruding into my computer and controlling my content?

    How can DRM "protect rights" when it denies basic rights of fair use?

    --
    Don't blame Durga. I voted for Centauri.
    1. Re:Palladium,DRM = no trust or rights by .com+b4+.storm · · Score: 4, Informative

      How can DRM "protect rights" when it denies basic rights of fair use?

      Ah, but there's the rub. It's not about protecting YOUR rights, it's about protecting the rights of the big corporations. Well not so much their rights as the "rights" they want - i.e. control over your computer and everything you use it for.

      --
      "Wow, you're like some kind of superhero able to ward off happiness and success at every turn."
      -- Ryan Stiles
  9. Which would you choose. by xA40D · · Score: 4, Insightful

    So from MS we get Trusted Computing where "trusted" means trusted by big corporations who want to sell you stuff without any chance of copying.

    From these guys we get Trusted Computing where trusted means trusted by the guys building the network.

    So, which would you choose?

    --
    Do you mind, your karma has just run over my dogma.
  10. Real meaning of trusted computing! by AtariAmarok · · Score: 5, Insightful

    Why is it called "trusted computing" after all, when it violates trust?

    The problem is we are looking at the wrong definition of trust. Most of us have in mind the primary definition: "Firm reliance on the integrity, ability, or character of a person or thing" or "Custody; care"

    You have to look down the list to find the definition of "trust" that fits perfectly with Microsoft, RIAA/MPAA and the Palladium idea:

    "A combination of firms or corporations for the purpose of reducing competition and controlling prices throughout a business or an industry."

    Might as well called it "monopolized computing". Means the same thing.

    --
    Don't blame Durga. I voted for Centauri.
  11. You forgot a BIG part of computer history by AtariAmarok · · Score: 4, Interesting

    "Computers started out simplistic, under the user's complete control..."

    No, they started out controlled by men in white coats in clean rooms.

    The microcomputer and PC revolution changed all this.

    The regressive trend back to "Master Control" started with Scott McNelly of Sun Microsystems. I remember when he first laid out his grand vision of returning everything to central control via the Internet. Java was part of this. Microsoft copied the rhetoric, announcing a time when your Word app and even your Word docs would all be on Microsoft's central servers.

    --
    Don't blame Durga. I voted for Centauri.
  12. One posible alternative is ... by bigjocker · · Score: 3, Interesting

    ... not to use any DRM at all ...

    --
    Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
  13. MPAA refuses my money by AtariAmarok · · Score: 4, Insightful

    "If the Riaa and Mpaa do not trust people with the media, why show it? They, in effect, release the idea to everybody when they put some show/song in mass media."

    Not only that, but the MPAA commonly encourages piracy.

    Let's say I want to see "The Two Towers". It is no longer in theatres, can't go there. It is a LONG time before they sell a DVD; so I can't pay them that way by buying a DVD. The only alternative is to obtain somehow a pirated DVD copy of "The Two Towers".

    No way should they whine about money-loss to piracy when they aren't selling it in the first place! There is a demand for their product, and in this example, they refuse to meet it in any way.

    --
    Don't blame Durga. I voted for Centauri.
    1. Re:MPAA refuses my money by murdocj · · Score: 4, Insightful
      Let's say I want to see "The Two Towers". It is no longer in theatres, can't go there. It is a LONG time before they sell a DVD; so I can't pay them that way by buying a DVD. The only alternative is to obtain somehow a pirated DVD copy of "The Two Towers".

      So if someone won't sell you something you want, it's ok to steal it? For God's sake, grow up! Learn to wait a couple of months for the dvd to come out.

  14. DRM != Trusted Computing by hughk · · Score: 3, Insightful
    DRM is just one application of a trusted platform. The others are benign, ensuring that only software that you trust can take certain actions like intercepting keystrokes or sending Email.

    The problem is that the trusted layer *must* be small so that it can be completely verified. Applications can't be so easily verified and it would still be possible to compromise Outlook, for example to send unwanted EMail. All the signature does is to say that the software hasn't been modified, but we know that applications don't need bad code to misbehave, they only need the right kind of bad data. Once the code has been signed, it must be signed again verey time it is patched. A far from simple logistical problem.

    OTOH, smaller code may be more easily verified - so a driver for a Smart Card reader could be protected, as could SSL. However a programmer can still make a mistake and allow the code to be compromised.

    --
    See my journal, I write things there