``You will lose some privacy and freedom, but most users won't care, since they'll get some glitter in return. Look at WinXP: (almost) nobody cares about the activation.''
Give it a little more time. I don't think that many XP users have gotten to the point where they've attempted to add or change the hardware on their PC and triggered the XP `you must reactivate' process. Once that starts to happen, I bet you'll hear more users begin squawking.
``So, it is possible that GPL software could get authorization to run on this platform,...''
But... remember that Microsoft has a patent applied for (awarded?) for an operating system with DRM built-in. What are the odds that they'll let a competitor sell or distribute a similar product? IMHO, slim to nil.
Re:Nice on-line FAQ for TCPA/Palladium
on
Coursey on Palladium
·
· Score: 4, Insightful
Ross Anderson's paper should be required reading. But then that's just my HO.
Just what is so untrustworthy of the PC platform? NOTHING! The platform itself is just fine for what it is supposed to be. It's the software that makes it untrustworthy. Or the people managing that software (who allow breaches through social engineering to occur). So adding a new bit of hardware is going to protect us from irresponsible people?
IBM's computers are not considered untrustworthy. Is it because of special security hardware? NO. It's because the operating systems are written with security in mind from the beginning and not bolted on afterwards. Similarly, other platforms have been considered trustworthy without requiring custom PKI hardware. Wasn't it a system running VMS that resisted all attempts to crack it at the last Defcon? No special security hardware is part of an Alphaserver.
Why has security, all of a sudden, become a hardware problem. Well, Microsoft tries to paint the PC platform as insecure and untrustworthy in an attempt to divert attention from the fact that it's been their software that has been the reason for all the security breaches. The hardware vendors go along with this because of the lure of future CPU and systems sales. IMO, the purpose of Palladium (and TCPA) is to solve an economic problem for some software and hardware vendors.
Remember, Microsoft decided that the best way to deal with the security problems with their software was to hire a lawyer to be their chief security honcho and not someone with extensive credentials in computer security. Rather telling, eh?
Ah... but at what frequency will you be generating this zero-amplitude silence? My patent is pending on `0 * sin (2 * pi * 256)' (middle C) so watch out.
...is what this is all about; R. Anderson's got that right. The lie about it making computing more secure for the consumer is merely to lull the public into supporting it. I'm surprised that they haven't dragged out the ``Protect The Children (tm)'' argument to save the innocent from the horrors of the Internet (Pr0n sites, politically-conservative web sites, www.nra.com, Open Source Software, etc.) but I'll bet that's coming.
Imagine the finger pointing that's going to go on when the public finally figures out that TCPA/Palladium isn't all it was cracked up to be. Intel supporters will point to all the other consortium members as being those at fault for the reduced capabilities in the platform. Microsoft supporters will do the same. (``Wasn't us. The hardware people were the ones with the hidden agenda.'') Sounds like they've learned something from the way the public overlooks politicians' getting away with backing away from campaign promises to, say, reform government or to reduce pork barrel spending: ``It wasn't my senator! It was all those other evil politicians!''
Ie:
``If we band together and blame each other, the public'll never catch on to who's really to blame.''
In other words, there's safety in numbers. Heck, if it works for politicians it ought to work for consortiums of corporations, right?
``The effect of targetted decoy tracks is to disrupt the activities of people who are specifically looking for those tracks (a DoS attack). The rest of the users (who are presumably trading recipes or something) shouldn't be affected.''
A packet associated with an RIAA DoS attack is still a packet. So the RIAA plants some dummy file on a computer that results in other computers sending out extra requests to other systems in the P2P network. How is this different from any other DDos attack? The effect is the same regardless of the intent. These redirected requests still cause collisions, interfere with the timely transmission of other legitimate packets, and suck up bandwidth. So now we're all supposed to hit the dirt when the RIAA decides to shoot it out with some suspected copyright violator? That doesn't sound right to me. Or am I missing something here?
What will the RIAA do when they discover that some clerk at whitehouse.gov has downloaded an MP3 of a copyrighted song. Would they unleash a DoS attack on that domain?
``This means the people administering your UNIX boxes really don't know what they are doing. The Solaris kernel, for example, can easily go under high load for a year or more.''
Agreed. I've seen too many junior admins coming from stints administering servers running other PC operating systems who, when they encounter any problem at all, resort to rebooting the system. Hey! Why not? It worked on the other systems.
The really sad thing is when software vendors suggest rebooting as a solution to their products' faults. Which, I suspect, points to the reason that some people enjoy long uptimes on their Windows system: vendors build the applications with the idea that only their application is running on the system. (Which explains why we have a half dozen data centers in which so damned many single-purpose Windows servers have been installed that the power capacity of the each room has been maxed out. Wonder how many companies encounter this?)
``I think it was Einstein who said something along the lines of "what I have accomplished I have done by standing on the shoulders of giants"''
Actually, I believe it Isaac Newton (referring to men like Galileo) who said that. But Einstein probably at least thought it. (Heck, he thought about everything, didn't he?)
``I disagree, innovation != originality all the time''
Funny thing is that, in Microsoftese, ``innovative'' pretty much implies ``Microsoft invented this'' but in reality these innovations are rarely original. I'd liken their `innovations' to those of the Japanese electronics firms who took early transistor radios, copied them (and made them smaller which is something of an innovation; that `standing on the shoulders' effect you mentioned), and marketed the heck out of 'em. Financially successful but not terribly innovative and I'd say most people (well, maybe not all the Joes and Tillys out there) would agree. Microsoft banks, I suspect, on not too many people actually following developments in the field of computing and who did what first.
``I said that doing something like collecting data or any other breach of security you can think of would be caught by the techie community rather
quickly, that's why it would be such a bad idea for MS. That would be a PR nightmare not even they could recover from I think.''
Ugh. I sure hope you're not implying that this would be okay so long as the PR department could provide a way to sugar coat it. This sounds like Microsoft could or would do anything if they thought they'd be able to get away with it.
But they already have a PR problem:
The quantity of their security-related patch releases are (I believe) ahead of last year's in spite of (or because of; who knows for sure but hopefully it's the latter) the so-called `trustworthy computing initiative'.
Hiring a litigator as their top security official rather than an acknowledged technical expert in the field (perhaps they found it hard to find one that would knuckle under to the demands of the marketing department).
Microsoft's well known passion for `security through obscurity' and their frequent criticisms of any calls for `full disclosure'. If this plan has security concerns, wouldn't it make a lot of sense to be getting real security experts involved from the start? (If they are doing this you'd think they'd be crowing about it.)
Then there's the question: How is the tech community's having to discover the security flaws and information gathering after the software is in the field even remotely acceptable? It's not like just a few copies are going to be available and that the flaws would be found before the floodgates opened. Every pre-loaded PC for sale would have this product on it. There would be hundreds of thousands of systems sold in short order that would find their way into consumers hands before the tech community got a chance to examine this stuff. Those few advance copies that will be made available will go to the PC trade rags who will, of course, concentrate on the number of glitzy features that the new product has. Any negative aspects of security or privacy will be glossed over if they're covered at all. Or they'll be excised by Microsoft before publication is approved. (After all, we seen all this before with other vendors.) And what rag is going to piss off one of their biggest advertisers by publishing a review that put their new product in a bad light?
IMHO, Microsoft's view of security remains something to be concerned about and it's still very hard to mention -- in a serious way -- `Microsoft security' and `warm fuzzies' in the same sentance. Granted, they realize that they have a problem but they haven't even cleaned up their current act and they're already proposing something new. When are they going to learn?
``From all we've read about Longhorn and this "data anywhere" idea as I'll call it, it has always sounded like it will be your choice what you put out there.''
Uh, huh. When I can specify that storage place to be on a server in my home, running a non-Microsoft-supplied operating system, and behind a firewall then, perhaps, Longhorn would be more palatable. Maybe. And that's even if I wanted a piece of software making recommendations to me about how I spend my day.
``I don't think BillG wants to rule the world through some subversive conspiracy''
Nah. I'd say that secret's already out. (heh heh)
``If Microsoft pulls some crap, then Joe Sixpack and Aunt Tilly will look to YOU to defend them.''
Not so sure about that defend part but the open source community may be able to do something in the way of informing Joe and Tilly. Does Dan Rather read Slashdot? We could always use a bit more help to get the word out.:-)
``You'd think that a business magazine might attempt some analysis as to what is feasible...''
Fortune magazine would be more interested in whether it's still feasible for investors to get rich by investing in Microsoft if they proceed with Longhorn. My experience with subscribers and other regular readers of Fortune is that they get almost sexually aroused at the mere mention of Bill Gates's bank account balance. They're not overly concerned about whether Microsoft's products are technically superior or inferior. Hell, most of them don't even use a computer for more than checking their stock prices.
Ah. I see now. You were only addressing the techies that are concerned about privacy. I was thinking more about the vast mass of users out there who might be concerned with their privacy. Get out more. There's a lot more of them than you might think.
I'd rather that something like Longhorn get nipped in the bud before it gains wide distribution and people find that information has been collected and have to holler about it. It's too late by then. Even if Microsoft were to stop distributing the software, what assurance would Joe Sixpack or Aunt Tilly have that whatever information that had already been collected wouldn't have been used in some way that they'd never have approved of or that that information had been destroyed.
And I found your comment `innovation (though not original)' terribly funny. IMHO, if it's not original, it's not innovative but, rather, a copy of someone else's innovation.
This cracks me up. But it's true. I know some people who've spent months trying to get MS Project set up to ease project management. Getting Project set up has become yet another project. So much for productivity.
``they are trying to give you ubiquitous access to any type of data from any location in a common fashion''
As did Digital and IBM back in the '80s. Trouble was you had to invest solely in their proprietary architecture in order to pull it off. And companies like Microsoft use the ``p'' word in their ads. Isn't it funny, now that Microsoft wants to do the same, it's called `innovative' and not proprietary.
``I mean, how hard is it to unplug your cable modem and throw a packet sniffer on the network to see what the OS is sending out?''
Yah, right. ``Hey, hon! Have you seen the packet sniffer? I left in on the end table next to the VCR remote and now I can't find it.''
``it will make computers more personal than ever. Equipped with Longhorn, your PC will keep track of how you work, whom you talk to, what sites you look at, how you make documents and whom you share them with, which data on the network are yours--making all those things easier.''
Um... with personal privacy being a fairly hot topic nowadays, why would I want my PC keeping track of all of my personal computing habits? Especially when it's via software created by a company with a past history of sending information from peoples' PCs back to the corporate headquarters and imbedding traceable, unique IDs in all the Words documents they create?
Remember: ``Ctrl-Alt-Del helps keep your password secure.'' (Hee hee!) Will Microsoft now extend that bit of humor to all my personal information? God help us.
... at the time that the ``Trustworthy Computing'' initiative was announced that it was all just another marketing ploy. Sure looks like the people who were thinking that were right on the money.
``going after everyone who dares bookmarks their exalted website?''
Yah, I wonder if they even know that everyone who's bookmarked NPR is in violation of their linking policy. Browsers like Netscape, Mozilla, and even IE save bookmarks as a local HTML file containing links to sites. (Well, in IE's case it's not really a web page but, rather, a specially-interpretted set of directories and files but it's effectively the same as a file.)
Slashdot Mirror
Give it a little more time. I don't think that many XP users have gotten to the point where they've attempted to add or change the hardware on their PC and triggered the XP `you must reactivate' process. Once that starts to happen, I bet you'll hear more users begin squawking.
But... remember that Microsoft has a patent applied for (awarded?) for an operating system with DRM built-in. What are the odds that they'll let a competitor sell or distribute a similar product? IMHO, slim to nil.
Ross Anderson's paper should be required reading. But then that's just my HO.
Just what is so untrustworthy of the PC platform? NOTHING! The platform itself is just fine for what it is supposed to be. It's the software that makes it untrustworthy. Or the people managing that software (who allow breaches through social engineering to occur). So adding a new bit of hardware is going to protect us from irresponsible people?
IBM's computers are not considered untrustworthy. Is it because of special security hardware? NO. It's because the operating systems are written with security in mind from the beginning and not bolted on afterwards. Similarly, other platforms have been considered trustworthy without requiring custom PKI hardware. Wasn't it a system running VMS that resisted all attempts to crack it at the last Defcon? No special security hardware is part of an Alphaserver.
Why has security, all of a sudden, become a hardware problem. Well, Microsoft tries to paint the PC platform as insecure and untrustworthy in an attempt to divert attention from the fact that it's been their software that has been the reason for all the security breaches. The hardware vendors go along with this because of the lure of future CPU and systems sales. IMO, the purpose of Palladium (and TCPA) is to solve an economic problem for some software and hardware vendors.
Remember, Microsoft decided that the best way to deal with the security problems with their software was to hire a lawyer to be their chief security honcho and not someone with extensive credentials in computer security. Rather telling, eh?
See this link. Or are you the grammar Nazi?
Ah... but at what frequency will you be generating this zero-amplitude silence? My patent is pending on `0 * sin (2 * pi * 256)' (middle C) so watch out.
...is what this is all about; R. Anderson's got that right. The lie about it making computing more secure for the consumer is merely to lull the public into supporting it. I'm surprised that they haven't dragged out the ``Protect The Children (tm)'' argument to save the innocent from the horrors of the Internet (Pr0n sites, politically-conservative web sites, www.nra.com, Open Source Software, etc.) but I'll bet that's coming.
Imagine the finger pointing that's going to go on when the public finally figures out that TCPA/Palladium isn't all it was cracked up to be. Intel supporters will point to all the other consortium members as being those at fault for the reduced capabilities in the platform. Microsoft supporters will do the same. (``Wasn't us. The hardware people were the ones with the hidden agenda.'') Sounds like they've learned something from the way the public overlooks politicians' getting away with backing away from campaign promises to, say, reform government or to reduce pork barrel spending: ``It wasn't my senator! It was all those other evil politicians!''
Ie:
In other words, there's safety in numbers. Heck, if it works for politicians it ought to work for consortiums of corporations, right?
One could easily argue that an MP3 of any of the numerous `boy bands' out there is already a dummy file. [rimshot] :-)
A packet associated with an RIAA DoS attack is still a packet. So the RIAA plants some dummy file on a computer that results in other computers sending out extra requests to other systems in the P2P network. How is this different from any other DDos attack? The effect is the same regardless of the intent. These redirected requests still cause collisions, interfere with the timely transmission of other legitimate packets, and suck up bandwidth. So now we're all supposed to hit the dirt when the RIAA decides to shoot it out with some suspected copyright violator? That doesn't sound right to me. Or am I missing something here?
This is totally off-topic but I just had to ask:
zaphod110676
Is that numerical portion your birthday? Or or there really 110,676 slashdot members fanatical about THGTTG?
:-)
What will the RIAA do when they discover that some clerk at whitehouse.gov has downloaded an MP3 of a copyrighted song. Would they unleash a DoS attack on that domain?
Well, maybe. But I'd sure avoid becoming an early adopter of the MS Warp Engine or MS Transporter products.
But, mrBoB, you forgot the one named after you!
Agreed. I've seen too many junior admins coming from stints administering servers running other PC operating systems who, when they encounter any problem at all, resort to rebooting the system. Hey! Why not? It worked on the other systems.
The really sad thing is when software vendors suggest rebooting as a solution to their products' faults. Which, I suspect, points to the reason that some people enjoy long uptimes on their Windows system: vendors build the applications with the idea that only their application is running on the system. (Which explains why we have a half dozen data centers in which so damned many single-purpose Windows servers have been installed that the power capacity of the each room has been maxed out. Wonder how many companies encounter this?)
I doubt it. The DMCA will be invoked and that person will wind up getting a first-hand education in today's legal system.
The underground will have to find some other means of communicating. Perhaps the use of the protocol described in RFC1149 will become more common.
Actually, I believe it Isaac Newton (referring to men like Galileo) who said that. But Einstein probably at least thought it. (Heck, he thought about everything, didn't he?)
Funny thing is that, in Microsoftese, ``innovative'' pretty much implies ``Microsoft invented this'' but in reality these innovations are rarely original. I'd liken their `innovations' to those of the Japanese electronics firms who took early transistor radios, copied them (and made them smaller which is something of an innovation; that `standing on the shoulders' effect you mentioned), and marketed the heck out of 'em. Financially successful but not terribly innovative and I'd say most people (well, maybe not all the Joes and Tillys out there) would agree. Microsoft banks, I suspect, on not too many people actually following developments in the field of computing and who did what first.
Ugh. I sure hope you're not implying that this would be okay so long as the PR department could provide a way to sugar coat it. This sounds like Microsoft could or would do anything if they thought they'd be able to get away with it.
But they already have a PR problem:
Then there's the question: How is the tech community's having to discover the security flaws and information gathering after the software is in the field even remotely acceptable? It's not like just a few copies are going to be available and that the flaws would be found before the floodgates opened. Every pre-loaded PC for sale would have this product on it. There would be hundreds of thousands of systems sold in short order that would find their way into consumers hands before the tech community got a chance to examine this stuff. Those few advance copies that will be made available will go to the PC trade rags who will, of course, concentrate on the number of glitzy features that the new product has. Any negative aspects of security or privacy will be glossed over if they're covered at all. Or they'll be excised by Microsoft before publication is approved. (After all, we seen all this before with other vendors.) And what rag is going to piss off one of their biggest advertisers by publishing a review that put their new product in a bad light?
IMHO, Microsoft's view of security remains something to be concerned about and it's still very hard to mention -- in a serious way -- `Microsoft security' and `warm fuzzies' in the same sentance. Granted, they realize that they have a problem but they haven't even cleaned up their current act and they're already proposing something new. When are they going to learn?
Uh, huh. When I can specify that storage place to be on a server in my home, running a non-Microsoft-supplied operating system, and behind a firewall then, perhaps, Longhorn would be more palatable. Maybe. And that's even if I wanted a piece of software making recommendations to me about how I spend my day.
Nah. I'd say that secret's already out. (heh heh)
Not so sure about that defend part but the open source community may be able to do something in the way of informing Joe and Tilly. Does Dan Rather read Slashdot? We could always use a bit more help to get the word out. :-)
Fortune magazine would be more interested in whether it's still feasible for investors to get rich by investing in Microsoft if they proceed with Longhorn. My experience with subscribers and other regular readers of Fortune is that they get almost sexually aroused at the mere mention of Bill Gates's bank account balance. They're not overly concerned about whether Microsoft's products are technically superior or inferior. Hell, most of them don't even use a computer for more than checking their stock prices.
Ah. I see now. You were only addressing the techies that are concerned about privacy. I was thinking more about the vast mass of users out there who might be concerned with their privacy. Get out more. There's a lot more of them than you might think.
I'd rather that something like Longhorn get nipped in the bud before it gains wide distribution and people find that information has been collected and have to holler about it. It's too late by then. Even if Microsoft were to stop distributing the software, what assurance would Joe Sixpack or Aunt Tilly have that whatever information that had already been collected wouldn't have been used in some way that they'd never have approved of or that that information had been destroyed.
And I found your comment `innovation (though not original)' terribly funny. IMHO, if it's not original, it's not innovative but, rather, a copy of someone else's innovation.
This cracks me up. But it's true. I know some people who've spent months trying to get MS Project set up to ease project management. Getting Project set up has become yet another project. So much for productivity.
I think the plans to implement this are already in the works at Disney, Inc.
As did Digital and IBM back in the '80s. Trouble was you had to invest solely in their proprietary architecture in order to pull it off. And companies like Microsoft use the ``p'' word in their ads. Isn't it funny, now that Microsoft wants to do the same, it's called `innovative' and not proprietary.
Yah, right. ``Hey, hon! Have you seen the packet sniffer? I left in on the end table next to the VCR remote and now I can't find it.''
Get real guy.
Um... with personal privacy being a fairly hot topic nowadays, why would I want my PC keeping track of all of my personal computing habits? Especially when it's via software created by a company with a past history of sending information from peoples' PCs back to the corporate headquarters and imbedding traceable, unique IDs in all the Words documents they create?
Remember: ``Ctrl-Alt-Del helps keep your password secure.'' (Hee hee!) Will Microsoft now extend that bit of humor to all my personal information? God help us.
... at the time that the ``Trustworthy Computing'' initiative was announced that it was all just another marketing ploy. Sure looks like the people who were thinking that were right on the money.
Well... count at least one American who's sick and tired of it, too.
``Welcome to American Megastudios, new employees! Did you remember to check your creativity with the security guard on your way in?''
Hmm... Couldn't you just glean these from the web server logs?
Just a thought.
Yah, I wonder if they even know that everyone who's bookmarked NPR is in violation of their linking policy. Browsers like Netscape, Mozilla, and even IE save bookmarks as a local HTML file containing links to sites. (Well, in IE's case it's not really a web page but, rather, a specially-interpretted set of directories and files but it's effectively the same as a file.)
So eveyone out there on the Web: FREEZE! NPR!