Thank YOU! You've just pointed out the nightmare of Palladium. Wouldn't Microsoft love this: no more need for ssl certificates... no, no, no, now you'll need a registered and authenticated copy of IE (see one that the bank agrees with) to pursue a transaction with a particular bank. Of course this isn't going to happen and the Microsoft folks are not deluded enough to think anything of the sort. Thanks for pointing out the three ring circus Palladium could drum up, though:)
Let's be serious though, no bank is going to require such a thing. Microsoft has no illusions of this I'm sure. The fact is Palladium could theoretically be used for this purpose, but it won't. Even if the banks could be convinced of this (see: possibly a drastic loss in transactions VS a little bit of extra security), the legal implications remain. Microsoft understands that Palladiums bread and butter is DRM. No, Microsoft knows full well that Palladium will not protect against the stated scenarios unless everyone upgrades to Palladium enabled software. They'd love this, but its just not going to happen ( at the very least, not right away;)
In the end Palladium offers no _meaningful_ solution to the scenarios that Brian portrayed. The idea that software attestation is somehow a salve for these scenarios is naive at best and intellectually dishonest at worst. Brian is obviously a very smart guy. That is why I say he was not being truthful.
"The truth is Brian was being disingenuous when he described the nightmare scenarios that motivate the Palladium team."
Since you were there and had a higher opinion of all this, please tell me how Palladium would solve _any_ of the scenarios that are purportedly keeping Palladium developers up at night.
It is quite plain that Microsoft plans to make money off of Palladium from Joe Consumer not just the enterprise. They think if Palladium is a slam dunk with the large copyright holders then Joe Consumer will be forced to upgrade to a Palladium system. And I'm sure they plan on making all there main apps Palladium aware. More $$
Actually, 'trusted' applications do not run in a protected data space. 'Agents' run in a protected data space. If someone is able to spoof an agent or install a trojan agent, then Palladium goes to shit. Now, it might be more difficult to spoof an 'Agent' but you know someone will find a way.
I was not impressed at all with the mechanics of Palladium. I do not doubt there are some incredibly brilliant people working on it, but they are attempting to solve a hopelessly complex problem. Most of this complexity comes from the business rules that define Palladium. I have no doubt that these people are capable of building a fortress of an OS from the ground up, but the execs are putting an enormous amount of criteria on it ie, Palladium must run with legacy applications and third party legacy apps. That requirement alone makes Palladium look like a big pile of spaghetti.
No it is not simply 'duh'. Microsoft would have us believe that Palladium is primarily intended for the elimination of these virus/trojan.
"... if the user wants to run insecure applications, fine... "
If Microsoft is really concerned with these insecure applications then they could rewrite them without all of the obvious security holes. Palladium is not needed for this. It is _huge_ overkill. Come on, Microsoft says that Palladium will run with legacy applications and they also say that Palladiums primary purposes are security. But, unless you upgrade all of your software (not to mention drivers) to use Palladium then there is no security?! It is freakin obvious that Palladium has nothing whatsoever to do with 'security'.
Stop. Tell me how Palladium (or ANY form of encryption/security) "eliminates" fair use.
Palladium eliminates Fair Use because the large copyright holders will use Palladium to restrict copyrighted works from being copied. For Fair Use purposes or otherwise. This is not a matter of contention. Microsoft has admitted that DRM is one of the goals of Palladium. And the content companies have proven that they are willing to restrict copying altogether. They do not care about Fair Use!
How can you even argue this point. Palladium in the hands of these content companies will not allow a backup, in fact business models are being dreamed up where a consumer would have time limited access to the content. Please quit pleading ignorant. It is obvious from your other posts that you are simply a MS shill.
Sure, but then this is not a part of Palladium. MS offered _zero_ ways Palladium might defeat these attacks. Therefore, it is rightly understood that Palladium has absolutely nothing todo with what we normally think of 'security'.
Stop thinking like a medieval catholic zealot, and start thinking like a modern-day person.
What the hell are you talking about? Do you normally randomly spew incoherant phrases? What do you have against making sense?
... and be just as accurate as you saying that MS is driven by a desire to disallow fair use.
Were you at the talk? Are you aware that Brian admitted that the elimination of Fair Use was one of Palladiums goals? This is not in contention. What is in contention: Microsoft passing 'security' off as the primary goal.
What the hell are you talking about?! I wrote the parent as soon as I came back from the talk. These are my own thoughts on the talk, nothing more. Why don't you try thinking before you speak!
It was definately an awkward situation, but RMS should be applauded that he is willing to put himself on the hook for something he believes in. Make no mistake, Palladium is an absolute nightmare and I'll bet Richard understands that better than most of us. Brian LaMaccia gave a pleasant talk, but he was also disengenious. Someone asked Brian how he felt about developing something that could be used for some horrendous purposes. He said that if and when that happened he would quit. Apparently he does not believe the elimination of Fair Use to be a horrendous purpose. Tells you a little about where these people stand.
I've recently attended Microsoft's Palladium talk at MIT. Brian LaMacchia, a former student, returned to his Alma Mater and gave a talk on some of the technical aspects of Microsoft's Palladium project. Brian began the talk with a quick overview of the goals of the project. He stated that Palladium's goal was to 'Protect Software from Software'. He went on to enumerate some of the nightmare scenarios that keep the Palladium team up at night, such as a virus/trojan that launches something worse than a Denial Of Service (DOS) attack. These included:
A virus/trojan that trades stock thereby disrupting the market
A trojan that activates and places an order on Amazon.com
A virus that publishes sensitive information such as private tax records
After this brief introduction, Brian went on to describe a hardware based software security system that would provide 'Fingertip to eyeball security.' This system would consist of a hardware Security Support Component (SSC) chip, a special security kernel called the 'Nexus' and user level security applications called 'Agents'. Palladium would also require alterations to the MMU for the curtailing of memory and USB for secure input/output.
Brian admitted that Palladium would offer no protection against DOS attacks and that Palladium would necessarily include a universal serial identifier (this would be provided by the RSA key burned into the SSC chip). He also promised that Palladium would run unmodified legacy applications and drivers.
Problems surfaced during the end of the talk when Brian began taking questions. Richard Stallman correctly pointed out that Palladium was being presented as a way of improving the security of personal computers. Indeed, according to Brian, this was the focus of Microsoft's Palladium project, but no where in his talk did he present any solution to the crucial nightmare scenarios that are supposedly keeping the Palladium team up at night. Indeed, as was pointed out by Stallman and others, if Palladium would run unmodified legacy applications, then how could Palladium thwart the legacy virus/trojans without upgrading Palladium enabled Outlook/IE/IIS?
The truth is Brian was being disingenuous when he described the nightmare scenarios that motivate the Palladium team. In all honesty, there are only two nightmare scenarios that are relevant to the Palladium project:
The nightmare scenario of the large copyright holders who fear the internet has ushered in the end of there ever ballooning bottom line
The nightmare scenario that Palladium will allow the large copyright holders to effectively eliminate the fair use rights of the public
With Palladium, Microsoft plans to solve the former by introducing the latter. To get to the heart of the matter, we have to ask _why_?
Brian says Microsoft is concerned that large copyright holders will refrain from publishing works in formats compatible with the Windows PC. My theory? Microsoft sees an opportunity to bolster there own bottom line. Palladium is meant to do for DRM what.NET was supposed to do for web services.
By providing the infrastructure, Microsoft hopes the content companies will write applications and release content only for Palladium enabled systems. Joe Consumer who wants to listen to the next Brittany Spears album on his computer will be forced to upgrade to the next release of Windows/DRM. Of course, it doesn't hurt that Palladium could provide quite a few wrench's to throw at Microsoft's open source competitors.
Bullshit. I don't care if it took a significant amount of work to make a transcript. The transcript is a _copy_! The transcript can not be copyrighted, because it contains no original content. In other words, the transcripters did not add any original work.
If they added commentary, then perhaps this could be copyrighted, but they did not. Merely identifying who said what in a conversation is not an original work and could not be considered such under even the most tortured of arguments.
No, they will support Palladium. AMD's update does not indicate that they won't, rather it says they will have an 'Opt-In' policy.
I hope that they define 'Opt-In' policy as a choice the consumer can make at purchase whether to include the DRM chip at all. I personally do not want any DRM chips on my future processors... disabled or not!
True. But if there are _no_ boats without holes and to make the analogy correct, no boat can be guaranteed to be bulletproof, then you accept the safest boat. Remember the Titanic was supposedly indestructable.
Once again, this proves nothing. Yes linux has security flaws and potentially destructive virii. This does not mean that security is black and white and it's only the responsibility of the system admins.
If you were going to sea and had a choice of two boats... One with a number of small leaks and one or two large ones OR a boat with a huge amount of small leaks and quite a bit of very large ones... you would still pick the boat with the least amount of leaks... It's just common sense people!
The fact is Microsoft has not revealed _any_ patents or patent applications for what Mono is doing. There is nothing there.
They _have_ shown patents on a number of other technologies and boasted how they would 'enforce' there 'IP' (ewww I hate that word). I ask again, should we stop working on Samba or OpenGL?
If you don't want to put your company at risk then you're going to have a hard time in the technology business, because undisclosed patents can exist on virtually everything. The patent office is a joke. There is no way around that.
"So we can reuse all the research and development done by Microsoft on these ideas" -- Miguel de Icaza.
And why not? They have published there design in a free and open standards group. You can have a look at these designs just like the mono developers. I have seen _no_ licensing guidelines for this so it is freely given. How can anyone think this is 'stealing' even if you think 'intellectual property' is actual property which it's not!
According to Microsoft, theirs. As for real examples, if their lawyers decide its 'real' then you have those very examples.
What does this mean? Nothing. It is an empty statement that contains _no_ information. If microsoft has a problem with some specific use of it's copyrighted or patented material, well none of us has heard a thing about it.
Not quite as free as you think. See this piece [slashdot.org] for example.
This contains no useful information. Speculating on patents that might or might not exist, patents that might or might not be relevant, patents that might or might not be enforced is ridiculous. Microsoft has a huge patent portfolio. Many of these patents could be construed to cover all kinds of OS/FS stuff. Should Samba stop developing or how about OpenGL? Mono is in the same boat as far as this as any other tech where MS might or might not try and enforce some unknown patents.
Once again, if you have any specific information about Mono's technology and how it conflicts with MS's licensing/patents then please put them forward. Otherwise you are just blowing smoke.
Quit smoking crap would you. Miguel has _never_ said that Mono participants are stealing MS 'intellectual property'. Exactly what 'intellectual property' do you think Mono is stealing?? How about some real examples??
Ximian has used freely available information to implement Mono and that has nothing to do with MS's 'intellectual property'
The analogy to documentation is errorneous. Qt# is a software application not documentation. Just because it is written in C# does not give it some kind of special standing as regards the GPL. Are you claiming that a C# application is not awnserable to the GPL, because a C# application is not really 'linked' (according to your definition) to Mono's corlib either... I say it is linked because the program would fail to function if the corlib were not there. Similaryly, a Qt# applications intended purpose would not be accomplished without Qt/C++. So in my mind, they are definately linked.
IANAL either, but I am 99.999999% positive you are _wrong_! Just because we link at runtime doesn't get around the GPL. Please, can someone who is a lawyer respond to this so it doesn't become a meme!
hehehe, you get that with these bindings. They are true CLR bindings so you can use MonoBasic to write Qt applications and eventually you can use MonoBasic to write KDE applications. Of course MonoBasic is the same as MS's Basic... We don't have the IDE yet though...:-)
Nope... we just keep track of QObjects. When Qt/C++ calls a QObject dtor, we know it and delete the corresponding C# QObject and all of it's children. We mimic the Qt/C++ way of doing things. We also have a way of making the GC deallocate unmanaged resources so it's all good!
Sure! well about as much as any OS/FS development has a plan...;-)
But, yes we will work on a SWF wrapper eventually. In fact if you really want to see it happen then come join us on irc.openprojects.org #qtcsharp and help us out!
Well, we are in the middle of changing our license to the LGPL so Qt# will not hinder proprietary apps, but you'll still have to license Qt from Trolltech and you should because they've made an excellent toolkit:-)
I am glad to hear that you are excited and we'll continue to try and make these bindings as solid as possible.
Slashdot Mirror
Well then you are doing something wrong. Get thee to a political fund raiser :)
Thank YOU! You've just pointed out the nightmare of Palladium. Wouldn't Microsoft love this: no more need for ssl certificates ... no, no, no, now you'll need a registered and authenticated copy of IE (see one that the bank agrees with) to pursue a transaction with a particular bank. Of course this isn't going to happen and the Microsoft folks are not deluded enough to think anything of the sort. :)
;)
Thanks for pointing out the three ring circus Palladium could drum up, though
Let's be serious though, no bank is going to require such a thing. Microsoft has no illusions of this I'm sure. The fact is Palladium could theoretically be used for this purpose, but it won't. Even if the banks could be convinced of this (see: possibly a drastic loss in transactions VS a little bit of extra security), the legal implications remain. Microsoft understands that Palladiums bread and butter is DRM. No, Microsoft knows full well that Palladium will not protect against the stated scenarios unless everyone upgrades to Palladium enabled software. They'd love this, but its just not going to happen ( at the very least, not right away
In the end Palladium offers no _meaningful_ solution to the scenarios that Brian portrayed. The idea that software attestation is somehow a salve for these scenarios is naive at best and intellectually dishonest at worst. Brian is obviously a very smart guy. That is why I say he was not being truthful.
"The truth is Brian was being disingenuous when he described the nightmare scenarios that motivate the Palladium team."
Since you were there and had a higher opinion of all this, please tell me how Palladium would solve _any_ of the scenarios that are purportedly keeping Palladium developers up at night.
It is quite plain that Microsoft plans to make money off of Palladium from Joe Consumer not just the enterprise. They think if Palladium is a slam dunk with the large copyright holders then Joe Consumer will be forced to upgrade to a Palladium system. And I'm sure they plan on making all there main apps Palladium aware. More $$
Actually, 'trusted' applications do not run in a protected data space. 'Agents' run in a protected data space. If someone is able to spoof an agent or install a trojan agent, then Palladium goes to shit. Now, it might be more difficult to spoof an 'Agent' but you know someone will find a way.
I was not impressed at all with the mechanics of Palladium. I do not doubt there are some incredibly brilliant people working on it, but they are attempting to solve a hopelessly complex problem. Most of this complexity comes from the business rules that define Palladium. I have no doubt that these people are capable of building a fortress of an OS from the ground up, but the execs are putting an enormous amount of criteria on it ie, Palladium must run with legacy applications and third party legacy apps. That requirement alone makes Palladium look like a big pile of spaghetti.
No it is not simply 'duh'. Microsoft would have us believe that Palladium is primarily intended for the elimination of these virus/trojan.
... if the user wants to run insecure applications, fine ... "
"
If Microsoft is really concerned with these insecure applications then they could rewrite them without all of the obvious security holes. Palladium is not needed for this. It is _huge_ overkill. Come on, Microsoft says that Palladium will run with legacy applications and they also say that Palladiums primary purposes are security. But, unless you upgrade all of your software (not to mention drivers) to use Palladium then there is no security?! It is freakin obvious that Palladium has nothing whatsoever to do with 'security'.
Stop. Tell me how Palladium (or ANY form of encryption/security) "eliminates" fair use.
Palladium eliminates Fair Use because the large copyright holders will use Palladium to restrict copyrighted works from being copied. For Fair Use purposes or otherwise. This is not a matter of contention. Microsoft has admitted that DRM is one of the goals of Palladium. And the content companies have proven that they are willing to restrict copying altogether. They do not care about Fair Use!
How can you even argue this point. Palladium in the hands of these content companies will not allow a backup, in fact business models are being dreamed up where a consumer would have time limited access to the content. Please quit pleading ignorant. It is obvious from your other posts that you are simply a MS shill.
Sandboxes and an agent watching the mail spool.
... and be just as accurate as you saying that MS is driven by a desire to disallow fair use.
Sure, but then this is not a part of Palladium. MS offered _zero_ ways Palladium might defeat these attacks. Therefore, it is rightly understood that Palladium has absolutely nothing todo with what we normally think of 'security'.
Stop thinking like a medieval catholic zealot, and start thinking like a modern-day person.
What the hell are you talking about? Do you normally randomly spew incoherant phrases? What do you have against making sense?
Were you at the talk? Are you aware that Brian admitted that the elimination of Fair Use was one of Palladiums goals? This is not in contention. What is in contention: Microsoft passing 'security' off as the primary goal.
What the hell are you talking about?! I wrote the parent as soon as I came back from the talk. These are my own thoughts on the talk, nothing more. Why don't you try thinking before you speak!
It was definately an awkward situation, but RMS should be applauded that he is willing to put himself on the hook for something he believes in. Make no mistake, Palladium is an absolute nightmare and I'll bet Richard understands that better than most of us. Brian LaMaccia gave a pleasant talk, but he was also disengenious. Someone asked Brian how he felt about developing something that could be used for some horrendous purposes. He said that if and when that happened he would quit. Apparently he does not believe the elimination of Fair Use to be a horrendous purpose. Tells you a little about where these people stand.
former student, returned to his Alma Mater and gave a talk on some of the
technical aspects of Microsoft's Palladium project. Brian began the talk with
a quick overview of the goals of the project. He stated that Palladium's
goal was to 'Protect Software from Software'. He went on to enumerate some
of the nightmare scenarios that keep the Palladium team up at night, such as
a virus/trojan that launches something worse than a Denial Of Service (DOS)
attack.
These included:
After this brief introduction, Brian went on to describe a hardware based
software security system that would provide 'Fingertip to eyeball security.'
This system would consist of a hardware Security Support Component (SSC)
chip, a special security kernel called the 'Nexus' and user level security
applications called 'Agents'. Palladium would also require alterations to
the MMU for the curtailing of memory and USB for secure input/output.
Brian admitted that Palladium would offer no protection against DOS
attacks and that Palladium would necessarily include a universal serial
identifier (this
would be provided by the RSA key burned into the SSC chip). He also promised
that Palladium would run unmodified legacy applications and drivers.
Problems surfaced during the end of the talk when Brian began taking
questions. Richard Stallman correctly pointed out that Palladium was being
presented as a way of improving the security of personal computers. Indeed,
according to Brian, this was the focus of Microsoft's Palladium project, but
no where in his talk did he present any solution to the crucial nightmare
scenarios that are supposedly keeping the Palladium team up at night.
Indeed, as was pointed out by Stallman and others, if Palladium would run
unmodified legacy applications, then how could Palladium thwart the legacy
virus/trojans without upgrading Palladium enabled Outlook/IE/IIS?
The truth is Brian was being disingenuous when he described the nightmare
scenarios that motivate the Palladium team. In all honesty, there are only
two nightmare scenarios that are relevant to the Palladium project:
internet
has ushered in the end of there ever ballooning bottom line
holders
to effectively eliminate the fair use rights of the public
With Palladium, Microsoft plans to solve the former by introducing the latter.
To get to the heart of the matter, we have to ask _why_?
Brian says Microsoft is concerned that large copyright holders will refrain
from publishing works in formats compatible with the Windows PC. My theory?
Microsoft sees an opportunity to bolster there own
bottom line. Palladium is meant to do for DRM what
for web services.
By providing the infrastructure, Microsoft hopes the content companies will
write applications and release content only for Palladium enabled systems.
Joe Consumer who wants to listen to the next Brittany Spears album on his
computer will be forced to upgrade to the next release of Windows/DRM. Of
course, it doesn't hurt that Palladium could provide quite a few wrench's to
throw at Microsoft's open source competitors.
Nightmare scenarios indeed!
Bullshit. I don't care if it took a significant amount of work to make a transcript. The transcript is a _copy_! The transcript can not be copyrighted, because it contains no original content. In other words, the transcripters did not add any original work.
If they added commentary, then perhaps this could be copyrighted, but they did not. Merely identifying who said what in a conversation is not an original work and could not be considered such under even the most tortured of arguments.
Exactly! I think the interesting prediction is how long this hype over web services will go on before everyone realizes it's a bust.
For me the best prediction in the article was this: "The Internet will ultimately be more about information than transactions."
I think the IT sectors current fling with web services is just another dot.bomb waiting to happen.
No, they will support Palladium. AMD's update does not indicate that they won't, rather it says they will have an 'Opt-In' policy.
I hope that they define 'Opt-In' policy as a choice the consumer can make at purchase whether to include the DRM chip at all. I personally do not want any DRM chips on my future processors... disabled or not!
True. But if there are _no_ boats without holes and to make the analogy correct, no boat can be guaranteed to be bulletproof, then you accept the safest boat. Remember the Titanic was supposedly indestructable.
Once again, this proves nothing. Yes linux has security flaws and potentially destructive virii. This does not mean that security is black and white and it's only the responsibility of the system admins.
:-)
If you were going to sea and had a choice of two boats... One with a number of small leaks and one or two large ones OR a boat with a huge amount of small leaks and quite a bit of very large ones... you would still pick the boat with the least amount of leaks... It's just common sense people!
Cheers
I am oversimplifying nothing.
The fact is Microsoft has not revealed _any_ patents or patent applications for what Mono is doing. There is nothing there.
They _have_ shown patents on a number of other technologies and boasted how they would 'enforce' there 'IP' (ewww I hate that word). I ask again, should we stop working on Samba or OpenGL?
If you don't want to put your company at risk then you're going to have a hard time in the technology business, because undisclosed patents can exist on virtually everything. The patent office is a joke. There is no way around that.
Please read the above post before you reply.
We can ask what if questions about all OS/FS projects. MS could own a patent on any one of them. Does this mean we should stop developing OS/FS?
"So we can reuse all the research and development done by Microsoft on these ideas" -- Miguel de Icaza.
And why not? They have published there design in a free and open standards group. You can have a look at these designs just like the mono developers. I have seen _no_ licensing guidelines for this so it is freely given. How can anyone think this is 'stealing' even if you think 'intellectual property' is actual property which it's not!
According to Microsoft, theirs. As for real examples, if their lawyers decide its 'real' then you have those very examples.
What does this mean? Nothing. It is an empty statement that contains _no_ information. If microsoft has a problem with some specific use of it's copyrighted or patented material, well none of us has heard a thing about it.
Not quite as free as you think. See this piece [slashdot.org] for example.
This contains no useful information. Speculating on patents that might or might not exist, patents that might or might not be relevant, patents that might or might not be enforced is ridiculous. Microsoft has a huge patent portfolio. Many of these patents could be construed to cover all kinds of OS/FS stuff. Should Samba stop developing or how about OpenGL? Mono is in the same boat as far as this as any other tech where MS might or might not try and enforce some unknown patents.
Once again, if you have any specific information about Mono's technology and how it conflicts with MS's licensing/patents then please put them forward. Otherwise you are just blowing smoke.
Quit smoking crap would you. Miguel has _never_ said that Mono participants are stealing MS 'intellectual property'. Exactly what 'intellectual property' do you think Mono is stealing?? How about some real examples??
Ximian has used freely available information to implement Mono and that has nothing to do with MS's 'intellectual property'
Can someone who is a lawyer shed some light?
The analogy to documentation is errorneous. Qt# is a software application not documentation. Just because it is written in C# does not give it some kind of special standing as regards the GPL. Are you claiming that a C# application is not awnserable to the GPL, because a C# application is not really 'linked' (according to your definition) to Mono's corlib either... I say it is linked because the program would fail to function if the corlib were not there. Similaryly, a Qt# applications intended purpose would not be accomplished without Qt/C++. So in my mind, they are definately linked.
IANAL either, but I am 99.999999% positive you are _wrong_! Just because we link at runtime doesn't get around the GPL. Please, can someone who is a lawyer respond to this so it doesn't become a meme!
hehehe, you get that with these bindings. They are true CLR bindings so you can use MonoBasic to write Qt applications and eventually you can use MonoBasic to write KDE applications. Of course MonoBasic is the same as MS's Basic... We don't have the IDE yet though... :-)
Nope... we just keep track of QObjects. When Qt/C++ calls a QObject dtor, we know it and delete the corresponding C# QObject and all of it's children. We mimic the Qt/C++ way of doing things. We also have a way of making the GC deallocate unmanaged resources so it's all good!
Sure! well about as much as any OS/FS development has a plan... ;-)
But, yes we will work on a SWF wrapper eventually. In fact if you really want to see it happen then come join us on irc.openprojects.org #qtcsharp and help us out!
Well, we are in the middle of changing our license to the LGPL so Qt# will not hinder proprietary apps, but you'll still have to license Qt from Trolltech and you should because they've made an excellent toolkit :-)
I am glad to hear that you are excited and we'll continue to try and make these bindings as solid as possible.
Have a nice day,
Adam