I won't acuse Moft of lying, but they do change their minds quite often...
On their FAQ about Palladium they say several interesting things:
A nexus, what we used to refer to as a "nub" or "trusted operating root," is essentially the kernel of the "Palladium"-isolated software stack.
so that would make it somewhat of the BIOS for the hardware Palladium features.
Anyone can write a nexus for "Palladium," but the user always has the ultimate authority over what nexuses are allowed to run on top of the "Palladium" hardware.
That would mean very soon we have 'null-nexuses' out there that say "shhhhuuure RIAA, I'll encrypt and sign that CD I just ripped."
And last and probably also a lie:
The users are always in control over whether "Palladium" is enabled on their PC and what nexuses have access to specific "Palladium" functions.
All of these and more on:
http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/news/PallFAQ2.asp
In these articles, destined at the general public, they state things like:
But it will also refuse to play certain content if it is not digitally signed by Microsoft or an authorised party.
I'm still very perplex by these assertions, since really, playing an mp3 has no tie to the kernel (you decode in user mode, you send to a wave device).
That implies that a) the chip will restrict access to the wave device, b) it will restrict access to files...
Both sound kinda ludicrous to me... Would that mean games will have to digitally sign their sound fx? If not, will the kernel have some way of knowing *what* a file contains (semantically)?
CPUs are simple devices, they don't do stuff like "POUR cupofcoffe in eax IF coffeemaker = full"... no they do simple stuff like "INC eax".
I really think there will be ways to circumvent this thing pretty fast. What scares me is the fact that they think having such a chip will somehow assert the OS currently running has not been tampered with, and hence it can't be a malicsious OS... and at that point send in work loads from different users (basically making a big trusted network). This is just an invitation for mass viruses and global chaos.
As much as I hate to say this: if that company didn't exist in the first place, Kary Mullis wouldn't have invented PCR.
It's an dellusion we have (and I too am part of this group of people) to think that an invention is only the idea. It's the fostering of the idea, it's the resources... it's the risk. That's what capitalism is all about: having capital. Risking capital.
Now, do I believe in this form of labour. No, but that's another story.
Can you show your VISA card as an identification piece when entering a country? Would you show it to the police when you get stopped for speeding?
Would you equate your VISA card to your identity?
I have 2 VISA cards. Even that breaks the principle of single sign-on.
Insecure and border-line fascist...
on
Passport vs. Plan 9
·
· Score: 2, Interesting
I agree with the insecurity thing of single point of failure. But I personally think the issue at hand is much greater here: the fact that one single entity (company) has the power to sign you on to anything on earth from Subway cars (a-la retina scan in Minority Report) to your home computer just rings the bells of fascism to me.
The saying goes: deviate and inch, and lose a thousand miles. If we let this kind of centralization intrude our lives now (early on, while we still have some say over it), we eventually might never be able to break loose of it.
We use NDS in our current project, it's just like anything else. You administer it, it logs you on.
It doesn't change the fact that it would be a single point of failure.
In fact, the problem goes beyond single point of failure... the fact that one single company has the power to sign you on to anything on earth from Subway cars (a-la retina scan in Minority Report) to your home computer just rings the bells of fascism to me.
I'm looking for both your opinion and what the court rullings thought (or didn't think of thinking about):
My personal belief on 'pirating' software is that it's 'really bad' if I make a profit out of the product of the software (such as creating website designs with Photoshop and selling them, or say writing software with MS Dev Studio and selling it)...
Big companies like Alias|Wavefront are now giving out free personal learning editions of their software (full blown software)... and they definitely aren't being affected by it. So what's the rational?
This obviously doesn't apply to certain products like DVD players, and games, but I doubt those are the real reason why these people have proverbial guns pointing at hackers. And OSs are a special case too... (and I admit I don't really have a clean ethical POV for that).
What's your thoughts, and did the court even consider such a thing?
As I mentioned in my earlier post, Peter Biddle, Product Unit
Manager for Palladium, very publicly and unambiguously stated during
Wednesday's panel at the USENIX Security conference that the Palladium
team, [...] knows of no way in which Palladium can be utilized to assist
this end.
Ha ha ha! I know someone who's going to get whipped 100 times in front of all the employees for making Moft lose their chance at arguing for that patent.
Going from our 'digital' encryption schemes to quantum encryption will most likely be like the leap between analog to digital (multi band-pass filters for example don't make any sense in the digital world - at least not the way they were implemented for analog).
In the same way, the tools will most likely change radically when it comes to security. And I don't know if they'll even be called encryption at that point... maybe more like 'Eisenbergification'...
There was an interesting article a while back about a mathematician who proposed that if we could generate a constant stream of truly random bits (quantum helps here), and have that stream be broadcast around the world (in synch to everyone), that it would be possible to have unbreakably encrypted communications (basically the "throw-away pad" idea on a mass scale). (sorry, I don't have time to look up the link)
So bottom line is, probably current technology will become obsolete, but that thing those nerdy scientists are cooking up in all of those 'hoakey' 25 dimension universes called abstract/pure physics/math will probably generate some brilliant ideas.
As a disgruntled programmer (disgrunteled against people like you), all I have to say is that people who are against IM are probably the people who've never heard of the 'mythical man-month' argument, and who believe that if working 20 hours produces 100 lines of (bug free, clean) code, working 40 will produce 200 lines of (bug free, clean) code.
<rant> I also believe it's because of that lurking illusion in the industry that software these days is so poor... because the reality is, working 60 hours actually produces 400 lines of (buggy, unmaintainable, insecure) code. Especially if the programmers aren't gurus (which probably accounts for at least 80% of the professionals out there). </rant>
Slashdot Mirror
On their FAQ about Palladium they say several interesting things:
A nexus, what we used to refer to as a "nub" or "trusted operating root," is essentially the kernel of the "Palladium"-isolated software stack. so that would make it somewhat of the BIOS for the hardware Palladium features.
Anyone can write a nexus for "Palladium," but the user always has the ultimate authority over what nexuses are allowed to run on top of the "Palladium" hardware. That would mean very soon we have 'null-nexuses' out there that say "shhhhuuure RIAA, I'll encrypt and sign that CD I just ripped."
And last and probably also a lie: The users are always in control over whether "Palladium" is enabled on their PC and what nexuses have access to specific "Palladium" functions.
All of these and more on: http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/news/PallFAQ2.asp
But it will also refuse to play certain content if it is not digitally signed by Microsoft or an authorised party.
I'm still very perplex by these assertions, since really, playing an mp3 has no tie to the kernel (you decode in user mode, you send to a wave device).
That implies that a) the chip will restrict access to the wave device, b) it will restrict access to files...
Both sound kinda ludicrous to me... Would that mean games will have to digitally sign their sound fx? If not, will the kernel have some way of knowing *what* a file contains (semantically)? CPUs are simple devices, they don't do stuff like "POUR cupofcoffe in eax IF coffeemaker = full" ... no they do simple stuff like "INC eax".
I really think there will be ways to circumvent this thing pretty fast. What scares me is the fact that they think having such a chip will somehow assert the OS currently running has not been tampered with, and hence it can't be a malicsious OS... and at that point send in work loads from different users (basically making a big trusted network). This is just an invitation for mass viruses and global chaos.
That still doesn't make sense.
It's not like a company is this open play house where people do what they feel like.
You invent what the company really wants you to invent. You have timelines, deliverables. You're being paid (as salary) to do this.
It's exactly the same deal with software... you are being paid to create ideas.
As much as I hate to say this: if that company didn't exist in the first place, Kary Mullis wouldn't have invented PCR.
It's an dellusion we have (and I too am part of this group of people) to think that an invention is only the idea. It's the fostering of the idea, it's the resources... it's the risk.
That's what capitalism is all about: having capital. Risking capital.
Now, do I believe in this form of labour. No, but that's another story.
Can you show your VISA card as an identification piece when entering a country? Would you show it to the police when you get stopped for speeding?
Would you equate your VISA card to your identity?
I have 2 VISA cards. Even that breaks the principle of single sign-on.
I agree with the insecurity thing of single point of failure. But I personally think the issue at hand is much greater here: the fact that one single entity (company) has the power to sign you on to anything on earth from Subway cars (a-la retina scan in Minority Report) to your home computer just rings the bells of fascism to me.
The saying goes: deviate and inch, and lose a thousand miles. If we let this kind of centralization intrude our lives now (early on, while we still have some say over it), we eventually might never be able to break loose of it.
But that's just me.
We use NDS in our current project, it's just like anything else. You administer it, it logs you on.
It doesn't change the fact that it would be a single point of failure.
In fact, the problem goes beyond single point of failure... the fact that one single company has the power to sign you on to anything on earth from Subway cars (a-la retina scan in Minority Report) to your home computer just rings the bells of fascism to me.
But that's just me.
Classics like these have to be watched at least twice.
And by the third time, you almost don't need the subtitles.
(You have no idea how big of a difference there is between original and dubbed - for me at least. For example Mononoke dubbed was purely painful.)
I'm looking for both your opinion and what the court rullings thought (or didn't think of thinking about):
My personal belief on 'pirating' software is that it's 'really bad' if I make a profit out of the product of the software (such as creating website designs with Photoshop and selling them, or say writing software with MS Dev Studio and selling it)...
Big companies like Alias|Wavefront are now giving out free personal learning editions of their software (full blown software)... and they definitely aren't being affected by it. So what's the rational?
This obviously doesn't apply to certain products like DVD players, and games, but I doubt those are the real reason why these people have proverbial guns pointing at hackers. And OSs are a special case too... (and I admit I don't really have a clean ethical POV for that).
What's your thoughts, and did the court even consider such a thing?
Ha ha ha! I know someone who's going to get whipped 100 times in front of all the employees for making Moft lose their chance at arguing for that patent.
Here's a link to the scheme I was talking about:
r es ting-people/200103/msg00056.html
http://www.interesting-people.org/archives/inte
Going from our 'digital' encryption schemes to quantum encryption will most likely be like the leap between analog to digital (multi band-pass filters for example don't make any sense in the digital world - at least not the way they were implemented for analog).
In the same way, the tools will most likely change radically when it comes to security. And I don't know if they'll even be called encryption at that point... maybe more like 'Eisenbergification'...
There was an interesting article a while back about a mathematician who proposed that if we could generate a constant stream of truly random bits (quantum helps here), and have that stream be broadcast around the world (in synch to everyone), that it would be possible to have unbreakably encrypted communications (basically the "throw-away pad" idea on a mass scale). (sorry, I don't have time to look up the link)
So bottom line is, probably current technology will become obsolete, but that thing those nerdy scientists are cooking up in all of those 'hoakey'
25 dimension universes called abstract/pure physics/math will probably generate some brilliant ideas.
Hey, is it just me, or have Lego's gotten ever so 'gimmickey'.
I remember when I was a kid, getting a non cubic shaped lego out of the box was one of the biggest joys of my life.
Now all I see is parrots and sharks with only one 'lego hole' to attach them with. It takes away from all the interoperability of it...
Oh well... that's just a trend these days I guess.
As a disgruntled programmer (disgrunteled against people like you), all I have to say is that people who are against IM are probably the people who've never heard of the 'mythical man-month' argument, and who believe that if working 20 hours produces 100 lines of (bug free, clean) code, working 40 will produce 200 lines of (bug free, clean) code.
<rant>
I also believe it's because of that lurking illusion in the industry that software these days is so poor... because the reality is, working 60 hours actually produces 400 lines of (buggy, unmaintainable, insecure) code. Especially if the programmers aren't gurus (which probably accounts for at least 80% of the professionals out there).
</rant>