Slashdot Mirror
Microsoft Scales Down Palladium
bonch writes "Formerly known as Palladium, Next Generation Secure Computing Base (NGSCB) will not be fully available in Windows Longhorn after all. Instead, Longhorn will offer "the first part of NGSCB: Secure Startup," says Jim Allchin, Microsoft's group vice president for platforms. However, most hardware will not support this technology on release."
What, exactly, is Longhorn going to do? They seem to have dropped more features from it than there were in the first place!
Heck, Microsoft cannot even secure its own "proprietary" gaming console, why did we ever fear that they'd lock down all of our computers?!
Perhaps Microsorft have finally realised that such an invasive DRM system will cause a mass exodus of people from windows to Lenix. Microsoft seems determined to play into Lonis Torvaldez's hands with issues like these and I can't say that I'm ungrateful. Now if only WINE could play more games I'd switch straight away as the rest of my pirated material already works perfectly under linix.
Making the moon less necessary since 1998.
What exactly is Longhorn still bringing to the table at its release? I used to look forward to Longhorn when I ran Windows, because it was supposed to contain all these new and wonderful technologies, then I got tired of waiting and .... well, my .sig says it all really.
So rather than this being something pulled from Longhorn it's just being emphasised that having a system with the TPM chip isn't a requirement for running Longhorn.
You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
Microsft reports today that Longhorn will not be shipped at all. Instead, it would be shipping a stripped down version of Windows XP with an all new startup screen and bundled with features from late Windows 3.11
This is my sig. There are thousands more, but this one is mine.
Microsoft is totally dropping the ball. Not that I'm complaining. But giving previews of software that's so bad that they have to threaten those that publish screenshots? Dropping important features?
I tell you, if IBM sunk $1 billion dollars into making a single grandma-usable Linux distribution, it'd be the best $1 billion they ever spent. That's a pipe dream, but seriously, if nobody capitalizes on this, it's a total missed opportunity to break the Microsoft monopoly.
In my opinion, the software is ready. KDE is all set to go. We've got office applications, dtp, multimedia, internet, databases... If somebody could fix CUPS, make software installation simple, and populate all the most important configurations in one area and give them easy-to-use and consistently-designed wizards (that the experienced users could of course ignore), this thing would be ready. Not World of Warcraft ready, maybe, but ready enough. Hell, I'd buy it in two seconds.
The problem is, you need someone with deep pockets to finance all the boring aspects of making a unified-feeling distribution and fixing all the intricate bits (like CUPS or whatnot), but if they did, and slapped a big old IBM on the cover, it'd be dynamite. And having IBM on it would probably add a center juggernaut quality that might make hardware companies more interested in doing proper driver support.
Secure Startup protects users against offline attacks
? PHPSESSID=f6bfd6ada2877cbe69e8f281ef4ca487 that will help you out with that.
Gimme a break. Who needs security from offline attacks more than security from online ones? If that were such a stretch, there are products http://www.computersecurity.com/laptop/cables.htm
As an ACTUAL Windows user (and yes, I do use it; software investment, unfortunately) I'd love to see more ONLINE security: integrated firewall, antivirus, spyware, etc. That would more satisfy me.
When the going gets weird, the weird turn pro. ~~ Hunter S. Thompson
Is it just me, or is Longhorn increasingly beginning to resemble vapourware? We were sold the idea of a revolutionary next-gen computing platform, with all-new graphics subsystem, trusted computing (yuck, but at least different), enhanced security, relational filesystem, etc, etc, etc.
Now Avalon's being back-ported to XP, trusted computing isn't making it into the final product, WinFS has been pushed back to god-knows-when, and general security will likely be as god-awful and insecure as ever.
Against this background, what does Longhorn actually have to offer potential upgraders? Especially businesses?
Pretty Aero Glass UI? "Windows theme's always worked fine for us, thanks, and requires no user-retraining - why bother upgrading?"
But, it's all new! "Yeah, so we'll have to buy all-new hardware. And beta test it^W^W^W live with the inevitable but unfortunate 1.0 bugs.
Increasingly the reasons are "But, but, but, it's the new operating system from MS - you have to upgrade!", which is, obviously, no reason at all.
I was quite worried about LH when it was first announced - it sounded like a hell of a leap beyond anything Linux and Free Software had to offer (although, given time, I was sure FLOSS would catch up or surpass it).
Now, however, I'm having trouble retaining even mild interest - Microsoft hyped it so much, and are now so publicly failing to deliver on anything they've promised, that by the time it launches I wouldn't be surprised if they've Daikatana'd the thing practically to death.
Longhorn? Long-in-the-tooth, more like - a decrepit and crumbling shadow of it's former self that looks in danger of becoming irrelevent before it's even launched.
Of course, I may be condemning it unfairly here - are there any killer features that will save it from this downward trajectory?
Besides a billion-dollar marketing budget?
Everything in moderation, including moderation itself
Probably right about the virus-scan. Outside the machine, the drive probably will look like it is full of garbage.
However, I don't think replacement will become impossible. If the machines won't allow replacement disks, this means that a disk failure will result in a useless machine; this will probably also get in the way of people wanting to add disks -- and the people wanting to put Linux on a second-hand machine will cry foul -- so this is going to fly as well as those boat-anchors those machines would become.
And this iteration of Longhorn at least will not require these chips... you won't have to buy new motherboards just now. But, perhaps further down the line this may become a required peripheral for Longhorn, but this will not be until most motherboards have it in place.
It looks like mostly a way of keeping stuff on hard-drives secret. As such this is not so bad in view of how frequent notebook-theft is, or how big the security problems of second-hand equipment are.
SIGBUS @ NO-07.308
I wonder if Secure Startup will be able to distiguish a linux installation from a hard drive "compromise". I would be sad if there was such a bug. Imagine how enthusiastically MS would leap into action to get it fixed.
Don't let THEM immanentize the Eschaton!
Who backs them? What is their official reason for existing? What is their real reason for existing? (This last question cannot be answered by merely reading this groups home page; you need to consider the motives of those directing or controlling this group.)
My guess is that their official reason this group exists is "to promote safe environments by protecting users from various malicious computer exploits" or similar sounding goodness.
In contrast, my guess is that their real reason for existing is "to strip users of their existing rights to use the programs and data on their computers so that copyright holders can dictate if, when, and how users may access them".
If Microsoft was going to start naming operating systems consistently, then... let's see...
Windows 2000 -> Windows NT 5.0
Windows XP -> Windows NT 5.1
Longhorn -> Windows NT 6.0 or Windows NT 5.2?
Or maybe even Windows NT 5.11?
Is anyone here keeping a list of things that were supposed to be in Longhorn but aren't gonna be?
Exercise caution when modding this message up: the author acts like a jerk when his karma is excellent.
You are probably hearing "security" and "trust" and falsely assuming this means YOUR security, or YOU being able to trust your computer.
In fact you, the user, are not the intended beneficiary of "trusted computing" at all.
The problem now is that people have too much control over their computers. From the perspective of somebody trying to limit what other people do, this is insecurity. If you write a computer program and sell it to someone, why, there's no guarantee at all that people will use it the way you wanted. People may find ways to trick your program into doing things it didn't intend, or even start to fiddle around with it and its innards, or use the files they made in your program in competing applications. It's as almost as if these people believe that just because they bought a copy of your software means they [i]own[/i] that copy. Something must be done about this. Vendors, like Microsoft, want to be able to "trust" your computer not to let you do things with it Microsoft doesn't want you to do. Hence, palladium.
Trusted boot is the first step in that. It convinces people that a piece of hardware in your computer that when switched on limits the ability to write to your hard drive to "trusted" pieces of code (and not scary things like Knoppix rescue cds) is a good idea. Somehow.
DEVELOPER RANT: don't use if (win_version == nt5.1) use if (win_version >= nt51).
DEVELOP RANT: don't use OS version tests if you can use feature tests instead.
Not a comment specifically directed at you, I don't know if you do this, but I keep running into software on all platforms that doesn't run on older versions even when patches, service packs, hotfixes, software updates, backported libraries, or compatibility fixes have removed the dependency on the specific OS version they hardcoded into the application.
One of the nice things about the Amiga is that all the developer documentation showed code checking library versions instead. Not perfect, but much better than OS version checks. Palm provided hooks to do functional checks down to the entry point level, but then spoiled it by shipping example code doing OS version checking.
This program is to be released next year, and will probably be delayed a few more times. MS' spinmeisters are just trying to keep it in the news, so they create 'news events' that are no events at all. Even negative attention is better than no attention at all. But is it worth the attention? No, not for me, I use Linux exclusively since 2001, and so can you.
;-)
Not only MS is guilty of using this vaporware tactics. All the media are lapping it up too, without even a single note of critisism. It seems we not only need the icbm adress of MS, but those of it's minion news outlets too
This space is intentionally staring blankly at you
Secure startup is making remote attestation of the software configuration possible.
:
...) will be able to enforce that policy. IE-only will be enforced by the hardware inside your computer itself, and it will not be circumventeable.
What does it do ?
If a remote website asks your pc "do you run windows Longhorn ?" it will not be possible to lie. You can not give an answer at all if you choose not to, but you cannot claim you run windows longhorn without actually running windows longhorn.
Why is this useful ? DRM. The way to avoid DRM is to (for example) run a display driver that captures images and prints them out. So now the remote website can ask you "what version/configuration of windows are you running, please specify your display driver."
You can choose to respond in 3 ways
-> not at all -> access denied
-> you can lie -> lie is detected -> access denied
-> you can tell the truth -> access granted
Obviously, in the last case, you are totally at the mercy of their software, which is obviously the whole point of Secure startup.
With secure startup websites that only want microsoft browsers visiting them (your bank, your employer,
With OS X, Apple bit the bullet and made a clean break with their crufty past. They had the Carbon API for a couple of years prior to release which made quite a few apps "OS X ready" from the gitgo. There is the Classic virtual machine for the apps that haven't gotten with the program and everything else is all new and quite a bit saner.
MS should do the same. Chuck the current hopeless mess into a virtual machine and start all over.