Analyzing Palladium

apeir0 writes "The Register has a story which proposes an ulterior motive to Microsoft's new Palladium: a GPL-killer. 'It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.' Is this a valid point or just paranoia?" Ross Anderson has been writing about this recently; we covered his paper a few days ago, and he's now got a Palladium FAQ up. Another submitter sent in this interview with the Microsoft manager in charge of Palladium. The Washington Post has a column. Update: 06/27 22:43 GMT by T : Bob Cringely also has a column on Palladium up, in which he says that several of his fears have been realized by it.

Ignore them.

Our business runs Linux. We have depricated M$ and their products. We are fast. Our expenses went down hugely. Our services are reliable. We buy the best commodity components and build all our own machines. Life is good.

Re:Ignore them.

Congradulations!

However I can't ignore this. It does worry me since most of my clients only know MS. It is very difficult to get your avarage joe user to break the MS habit, and some clients believe the FUD being spewed/parroted by media.

We can't ignore it, MS have a monopoly and they are going to leverage to its fullest extent until it is (if ever) taken away.

I cheer on your use of linux, but we are a minority, a well informed minority, but a minority non the less.

Re:Ignore them.

However I can't ignore this. It does worry me since most of my clients only know MS. It is very difficult to get your avarage joe user to break the MS habit, and some clients believe the FUD being spewed/parroted by media.

The parent post to which you replied should never have been marked Troll, and I will enjoy ripping the moderator responsible a new one on meta.

That having been said, I disagree with his suggestion that ignoring this problem is the answer, but not for the reasons you say (or at least, not entirely for those reasons). This must be fought tooth and nail, as we are being attacked from two sides:

1) Microsoft, trying to leverage their monopoly to impose further, very detrimental, restrictions on the freedom of customers to deploy the correct technologies for their solutions under the guise of DRM.

2) The entertainment industry, that is trying to legislate the very same restrictive technologies and require them in all digital hardware.

We would be absolute fools to ignore this.

Having said that, fewer and fewer people care about Microsoft's proprietary protocols. Even offices that deploy Microsoft on the desktop are, in my experience, deploying open protocols in place of Microsoft's wherever possible to avoid the sort of nonsensical moving target and deliberate breakage MS service packs often result in.

The result, interstingly enough, has been a quiet movement on the part of several businesses away from Microsoft not just on the server side, but also on the desktop ... and in every case, it has been a very successful move.

This is why Microsoft is scared, this is why Microsoft is trying to impliment coercive technologies that will remove the last vestiges of customer choice, and this is why their unholy alliance with Hollywood will likely succeed in creating a Revelations-esque dystopia if we sit on our hind ends and do nothing to prevent it.

Unfortunately we as Americans are so thoroughly conditioned to not become actavists about any cause, no matter how much we care about it, that it is very possible we will do nothing about it in time.

BTW - As another person who works at a company that has completely depircated Microsoft products and deployed GNU/Linux widely throughout our enterprise I can echo the original poster's comments (that were so unjustly marked as a Troll): Life as a non-Microsoft shop is damn good.

Re:Ignore them.

The funny part about this is that if Hollywood and Microsoft get what they want, they will be the ones whining in a couple of years that they aren't making enough money.

This is a disabling technology and DRM management laws would be disabling laws. Take a look at prohibition to see what would happen. Most people will begin using computers illegally, black market devices and software will be developed, economic calamaty will eventually ensue due to the brakes being put on free commerce in many arenas, including Hollywood and Microsoft.

It will be one hell of an ecnonmic downturn. I alos predict that all the financial pundits will not key on DRM laws being the cause, but they will be.

Re:Ignore them.

"and some clients believe the FUD being spewed/parroted by media"

Which FUD are we talking about? This entire series by been a collection of FUD on both sides. In case you missed it Slashdot is also doling out large quantities of:
FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.
UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation.
DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?

As a community, we've not only grown a huge distrust for Microsoft, we've grown a love for their methods. Not only do we happily wage wars with FUD, we seem (as I look through the moderated up comments), apparently advocate licenses that prevent Palladium from working with "open hardware" (sorry, but that doesn't sound open to me, it sounds as exclusionary as Microsoft's standard tactics).

It's about time we returned to our core beliefs, before we lose them entirely and become what we claim to despise.

Between a valid point and paranoia

He makes quite a valid run through his logic. It's not impossible, so I wouldn't call it simple paranoia. However I still don't think MS finds the GPL or Linux that much of a threat to its entire business. They're putting way too much effort into Palladium if it were only to make the GPL useless. It's really all about control, as a lot of people said in previous /. articles. It's somewhat about money, but at this point it's about growing an empire and making it even stronger.

Re:Between a valid point and paranoia

But considering Microsoft, this could be an attack on many things, it's just a great bonus that they can use it as an attack on the GPL.

Check out this Yahoo! story [yahoo.com] for another angle. I imagine Bill is think "check and mate"....

Lots of problems ahead for MS

Look, lets not get our knickers in a knot. It may happen, but it's never going to be the only,
or even a high-level verification method. Obviously not, it's embedded in hardware.

I would think that an identification code embedded in hardware is going to be cracked, and in short order. What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique
identifier? And that he can't change that identifier without a new MOBO? Or that Microsoft is giving away his credit card number to anyone who can spoof his identity?

It's a common failing of software manufacurers to think that new hardware can solve problems that software cannot (CF pretty much every dongle ever made) Just let MS run with the ball until they realise that the same thing can be done in software at a fraction of the cost.

In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.

Re:Lots of problems ahead for MS

The only problem I see with this argument is the legal aspect. All governments want more spying powers. This is especially true of the American government and their war on everything which is not in their economic interest. The organisations lobying for DRM have a lot of money, and the inclination to use it to get their way; the RIAA & MPAA, Disney, Microsoft - these are the people making laws. Do you think that the government sees any merit in allowing teenagers to download and rip music instead of paying for it like the western economy requires? And do you think that anyone in government understands the technical merits or failings of a hardware-enforced, legally required DRM? Or that they care? In their eyes, there is only one way forward. Computers are not for entertainment - they are for making a few people a lot of money. The internet is there to connect those computers for the same purpose.
DRM is coming, and if people don't like it, they will have to move fast because with AMD and Intel promising support, there isn't much stopping DRM legislation - apart from some teenagers and some commie-hippy protestor types.
So get ready to wear the mark of the beast...

Re:Lots of problems ahead for MS

• I would think that an identification code embedded in hardware is going to be cracked, and in short order.

Sure. Remind me, where do I download the software hack for Xbox?

Sorry, you're just plain wrong on this one. Trying to impose security on an insecure OS with a dongle is wildly optimistic. But tying the hardware and the OS together is - demonstrably - not. Modding an Xbox requires a hardware hack, and Microsoft aren't idiots; they'll learn from the Xbox vulnerabilities and make sure that Palladium is harder to crack, or they'll have got their para-legal team hopped up and ready to take down any mod suppliers the instant they appear (note that one Xbox mod chip supplier went under today).

I'm not saying it'll be impossible, but I am predicting that it'll be damn hard and will require more than just a soldering iron and a cavalier disregard for your warranty, the EULA and the DMCA.

As regarding it dying in antitrust... well, we've seen how fast the DoJ moves on these issues. As for returning computers, what's your basis for believing that by 2006 you'll be able to buy a generic naked system without a Microsoft OS installed? And if we're talking about individual components, what will the market be for people who want to install a non-Microsoft OS but who won't realise that a stock consumer Intel/AMD chip won't talk to it? 2%? 1%?

This is a big deal. It's the Son of SSSCA, dressed up in pro-consumer clothes. It's not mandatory, just de facto (i.e. zero difference in practical terms). The response to any legal challenge will be that if you really want to run a non-Microsoft OS, you can pay extra for "server" or "pro" versions of CPU's (and whatever other components have jumped on the bandwagon). Fine, but how long before the anti-piracy argument gets leveraged to push through either a consentual or compulsory scheme to license access to non-Palladium parts? Six months? Less?

We can argue this until the cows come home, but let's agree to compromise. If you're right, you can say "told you so". If I'm right, I can say... well, whatever Bill allows me to say. Fair enough?

Where trust comes from

Call me crazy, but I think M$ just said that opening (some of) its source was the way to achieve trust.

Juarez: ... As a side note, we will publish the source code on that Trusted Operating Root. We will make sure that people have the opportunity to really go deep on that and kick the tires and know that what we're doing in there is what we say we are doing.

No big shocker here.

I can see this kind of technology being abused to the 1,000th degree. Imagine software that would automatically use your previous usage data to force you to buy individual features that you use the most, the next time your annual subscription fee comes around? Or deleting all your home movies because they didn't carry a copyright tag, and thus could be illegal? Or finding the cops at your door because little Timmy downloaded his favorite song on MP3 or Ogg?

It seems that we, the mass public, are expected to give up the idea than when we buy something, it's ours. Now that even seems to include our hardware, not just our software.

Devices hostile to 3rd party peripherals

From the article:

> For example, some mobile phone vendors use challenge-response
> authentication to check that the phone battery is a genuine part
> rather than a clone - in which case, the phone will refuse to recharge
> it, and may even drain it as quickly as possible. Some
> printers authenticate their toner cartridges electronically;
> if you use a cheap substitute, the printer silently downgrades
> from 1200 dpi to 300 dpi.

I wonder if there's a list of printers and/or phones that perform in such a manner. I'm not sure if the law would deem such behavior as "anti-competitive", but I as a customer certainly find it so, as well as offensive.

MS is Silly

The notion of hard-wired authentication rings alarms for conspiracists who sense a plot by which Microsoft might exert even more control over what kind of software could run on future computers. The Redmond behemoth dismisses such talk as silly.

Apparently the US government does not think it's silly. Nor did the judge in the case who ruled against them.

Masters at work

Whilst Microsoft does not produce the most robust software in the world, they have repeatedly proven that they are masters of strategy and marketing. Getting into games consoles, PVRs and just about every other major electronic device that you use is just a prerequisit to being able to make this successful. Palladium is something to be feared.

How are Microsoft experts?

They have failed, miserably, in the PVR market. They have failed, miserably, in the game console market... twice (WinCE in the Dreamcast, Xbox). They have failed, miserably, in the personal accounting market (Intuit has repeatedly cleaned their clocks). Their entrance into the handheld market has been anything BUT a runaway success, though they leveraged confusion at Palm to grab a nice chunk of the market.

They have 4 major successes. They took the OS monopoly granted them by IBM (as a result of IBM facing an antitrust suit) and built a successful empire. They leveraged internal knowledge of "Chicago," (Windows 4.0/95) to get Office 95 on release and establish a near monopoly on desktop office suites. They leveraged their OS and finances to establish a near monopoly of Internet web browsers. They also used financial muscle to clip Borland off at the knees and establish a near monopoly in development software.

However, in the cases of their successes, they really leveraged a critical mistake by their competition. Even NT Server's rise was a combination of marketing and boneheaded moves by Novell. Novell has let everyone believe that they are dead, so NT ate a lot of their market. Linux is now a huge portion of the market.

I really don't understand why everyone believes that Microsoft is invincible. Look at how WordPerfect, Netscape, and Novell dropped the ball. Also look at how Apple dropped the ball.

Microsoft is great at release early and release often. They put out near beta code quickly to establish a beachhead. They then keep running at you, hard. Fail to innovate (Netscape and Real) and they will clobber you. Keep running ahead, and you can be the Intuit of the world.

Microsoft has a LOT of failures. MS SQL Server has NOT defeated Oracle and DB2 for the Enterprise "mass" market of databases. MS SQL Server gets most of its success from MS Shops that web deploy apps with VBScript ASPs. Low end web publishing uses MySQL+PHP, while the higher end does Java+JSP+Oracle. Those of us in the technically complex world without the heavy Enterprise backing do either PHP (or Perl) with PostgreSQL in the Unix camp OR ASP with MS SQL in the NT camp.

MSN has never defeated AOL, despite its early predictions (and 7 years of being pushed in MS's monopoly Oses). You're insane if you think that Xbox is competitive with the PS2 or Game Boy Advanced. It has been running even with Nintendo's Gamecube in 1 of the 3 major markets (trounced in two others) while Nintendo hasn't released a major title yet.

UltimateTV was a total flop. There are lots of failures, not just Microsoft Bob.

Get a grip people,
Alex

No, it still won't work.

I can add at least one more reason this darn Palladium thingie won't work (for the previous reasons I mentioned, see the previous discussion on Palladium):

• Economics & the rule of profit.

Think about it for a second: a lot of people, though not the [MP|RI]AA, are going to be royally pissed off about this.

Therefore, they will be tempted to do something about it. So, we'll see one of these solutions:

• Clever hacks, designed to completely fool the Palladium/DRM solution into thinking some software/hardware combination is legit and acceptable. This is highly possible, given the fact that no secuity is foolproof, and the abysmal track record of Microsoftin security and stability.
• The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs. For instance: small computers, based on accepted -- and fairly open -- industry standards such as IDE, PCI, USB and ARM processors.
• The fact that somebody, somewhere is bound to remark that this whole Palladium thingie hurt sales, profits and image. When enough PC builders realize their mistakes, they'll backtrack faster than you can say "GNU/Linux kernel" back to non-DRM, non-Palladium (non-MS?) machines.
• All of the above!!

Finally, I think the US .gov could go along with this hare-brained scheme, but do you think the EU will? And what about most third-world countries who, even as we speak, are flocking to open-source solutions in droves?

Again: I believe M$ is just testing the waters here. It's probably either a marketing test balloon or vaporware, designed to please the US government in these post-9/11 times.

Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.

YMMV, IANAL, Standard::Disclaimer and so on and so forth.

The Cartel Problem

Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.

This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart. Initially, people might go for it. When an economic disadvantage is passed on to consumers - designing this, after all, isn't free, and developers who can't or won't pay the fees required to have their code "Certified" will be unable to develop for that market - and consumers of Palladium PC's will be unable to use their wares.

This will result in a incentive for a manufacturer of CPUs or motherboards to produce a non-Palladium product. People will move to those platforms for a variety of reasons, producing an incentive to produce non-palladium products, springing up a non-MS taxed industry. It probably would motivate a lot of busy people like me to start working on GPL products to fight against the mark of the beast. Sooner or later though, a hardware manufacturer will spring up to produce hardware to meet the demand. That's inevitable.

This, frankly, sickens me to think about. I'll become physically ill if Apple announces they're going to soil their OS X and Powerbooks with this platform.

Re:The Cartel Problem

This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart.

Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC? It may not have the strength it used to, but it still has a tremendous amount of control over oil pricing. I hope you're right on this one, but it's not a given.

Absolutely Right

Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC?

Absolutely right.

Then, lets not forget cartels like the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), who have successfully lobbied for and purchased legislation to enshrine their oligarchy into US law.

These are the very people who are pushing for this sort of nonsense, and a software monopoly as a result would be fine with them (indeed, perhaps even preferable to a free market, since it is only one point of pressure/influence they would require).

We are absolutely kidding ourselves if we do not think this is a serious threat to Free Software, the GPL, and our very freedom as human beings.

Re:No, it still won't work.

The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs.

That might have worked in the 1970s or even 80s, when chipmaking systems had "reasonable" prices (say in the 50 million USD range), there were many companies making chips, and there was competition among microprocessors.

Today, chipmaking systems cost in the billions of USD. No one is going to start a garage shop to fabricate these things - they will have to come from established (read: large) manufacturers. Large companies are very susceptible to government pressure: "no DRM instructions in your new CPU? I guess we will have to cancel that big secret contract with the NSA, and also sic the SEC on your financial statements."

Similarly on the CPU side: Intel and AMD are really the only games in town now. Any new systems would have to "play ball" with one of those two. And again, as large organizations (in Intel's case with large US Government contracts) they will fall into line if pushed.

sPh

Re:No, it still won't work.

Sorry, I have to disagree here: RISC chips could be the perfect answer to that problem.

One of the most successful chipmaker of all time is ARM. The first version of the ARM chip (a 16-bit RISC chip) was created by just two people, with no money, no help and no support from the main company (Acorn, at the time). If I remember well, these two people did not even have a lot of experience in chip design.

The great-grandchildren of this chip can now be found in millions of devices all over the world. iPaq, Nokia, HP, you name it: they all use it (even Palm, in its latest models).

Even when ARM1 came out, it was touted as more powerful than anything Intel had to offer at the time. It was also easier and cheaper to produce and consumed less power than all other CPU models.

And there are ARM clones out there, including one on Open Cores.org [opencores.org]. Not that I think that desiging an ARM clone is necessarily good, just that that designing a cheap RISC CPU can be done.

So, designing a complete "GNU Hardware" system is possible, and it could even be a way of ditching the mess which is the PC architecture.

Think about it:

• No Palladium, no DRM, no Micro$oft. Ever.
• A new, open architecture, open CPU core, based on open standards and free for everyone to take, copy and reproduce.
• Your choice of operating system: Linux, NetBSD, OpenBSD, you name it. Plus, a huge amount of quality software that will stay free for ever, thanks to the GPL.
• Can't produce it in the US? Ask European firms! No luck? Try Taiwan, or China, or Korea or whatever.

Let's face it: some people (including me) would pay good money for a "no-Palladium" system. Especialy if I have no choice!

Operating Systems such as Linux are a commodity -- but a commodity that break M$ monopoly. I think it's time for the hardware itself to become a "free speech" comodity as well. And Palladium could push the Open Source community to do just that...